CN102271331A - Method and system for detecting reliability of service provider (SP) site - Google Patents

Method and system for detecting reliability of service provider (SP) site Download PDF

Info

Publication number
CN102271331A
CN102271331A CN2010101963111A CN201010196311A CN102271331A CN 102271331 A CN102271331 A CN 102271331A CN 2010101963111 A CN2010101963111 A CN 2010101963111A CN 201010196311 A CN201010196311 A CN 201010196311A CN 102271331 A CN102271331 A CN 102271331A
Authority
CN
China
Prior art keywords
url
website
content
wap
subsystem
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2010101963111A
Other languages
Chinese (zh)
Other versions
CN102271331B (en
Inventor
梁春贵
王磊
姚琨
陈雅娟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Group Guangdong Co Ltd
Original Assignee
China Mobile Group Guangdong Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Group Guangdong Co Ltd filed Critical China Mobile Group Guangdong Co Ltd
Priority to CN201010196311.1A priority Critical patent/CN102271331B/en
Publication of CN102271331A publication Critical patent/CN102271331A/en
Application granted granted Critical
Publication of CN102271331B publication Critical patent/CN102271331B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a method and a system for detecting the reliability of a service provider (SP) site. A main technical scheme is that: the method comprises the following steps of: determining a uniform resource locator (URL) to be detected; acquiring wireless application protocol (WAP) contents provided by the SP site corresponding to the URL according to the URL, and detecting the WAP contents; and determining the reliability of the SP site corresponding to the URL according to a WAP content detection results. By the technical scheme, the WAP contents are not required to be audited manually, thereby improving network content monitoring efficiency and accuracy; moreover, content detection can be performed based on an access request of a user, and relatively higher real-time performance and universality are achieved.

Description

A kind of method and system that detect service provider SP website reliability
Technical field
The present invention relates to the data service technical field, relate in particular to a kind of method and system of the service provider of detection SP website reliability.
Background technology
Mobile Internet is based on portable terminal, and the Internet is a kind of network service of prototype.Along with popularizing of mobile phone users, mobile Internet also develops rapidly thereupon.At present, portable terminal and the Internet carry out data interaction mainly by WAP (Wireless Application Protocol, home control network communication protocol) gateway, the data interaction that realizes based on WAP gateway comprises text message, music download, Streaming Media, video, positioning service and inside data of enterprise storehouse etc.
The multimedia application of portable terminal has brought abundant entertainment way to the user, but in recent years, a lot of lawless persons utilize the convenient characteristics of mobile terminal Internet access, issue and propagate the content of pornographic, reaction in large quantities, make mobile phone users receive much to have and had a strong impact on picture, webpage and the mail etc. of pornographic and reaction content the user and lived normally.Especially along with the development of Time Technology, teenager's mobile phone users increases day by day, it is more easy to use the mobile terminal accessing wireless Internet to obtain Web content, cause part SP (Service Provider, the service provider) rely on WAP gateway to provide Pornograph to attract the user, steal the chain charge via the dream network service, the dream net form is resembled cause harmful effect.So, how to prevent that harmful information from producing and propagating by the approach of mobile terminal Internet access, improve managerial skills and service quality, become problem demanding prompt solution with the security requirement of satisfying the Internet to WAP site.
At present, operator release at the content monitoring of WAP business mainly by the testing review mechanism, promptly by the user capture of testing terminal simulation to obtain the content that the WAP website provides, determine harmful content by manual examination and verification.And along with the continuous expansion of Network and the continuous growth of Web content, in actual use, the mode that adopts testing to examine is examined business tine and is had many shortcomings, for example, owing to need manual examination and verification, working strength and workload are very big, and especially in the face of the mass network content time, the testing audit can not reach the purpose of effective monitoring; And the inefficiency of testing audit can't be realized having a large amount of supervision blind areas for comprehensive audit of Web content and audit in real time.
In sum, existing testing audit mode inefficiency lacks popularity and real-time, therefore can not monitor the SP website that Web content is provided effectively.
Summary of the invention
In view of this, the embodiment of the invention provides a kind of method and system of the service provider of detection SP website reliability, adopts this technical scheme, can monitor the SP website effectively.
The embodiment of the invention is achieved through the following technical solutions:
According to an aspect of the embodiment of the invention, provide a kind of method of the service provider of detection SP website reliability.
The method of the detection service provider SP website reliability that provides according to the embodiment of the invention comprises:
Determine uniform resource position mark URL to be detected;
Obtain the home control network communication protocol WAP content that provides with the corresponding service provider SP of described URL website according to described URL, and described WAP content is detected;
According to testing result, determine the reliability of the SP website of described URL correspondence to described WAP content.
According to another aspect of the embodiment of the invention, also provide a kind of system of the service provider of detection SP website reliability.
The system of the detection service provider SP website reliability that provides according to the embodiment of the invention comprises:
URL determines subsystem, is used for determining uniform resource position mark URL to be detected;
Content is obtained subsystem, is used for determining that according to described URL the URL that subsystem is determined is provided by the home control network communication protocol WAP content that provides with the corresponding service provider SP of described URL website;
Data process subsystem is used for that described content is obtained the WAP content that subsystem obtains and detects, and according to the testing result to described WAP content, determines the reliability of the SP website of described URL correspondence.
Above-mentioned at least one technical scheme that provides by the embodiment of the invention, at first determine URL to be detected, and obtain the WAP content that provides for the SP website with this URL according to the URL that determines, further the WAP content of obtaining is detected, and, determine the reliability of the SP website of this URL correspondence according to testing result to the WAP content obtained.Adopt this technical scheme, need not manual examination and verification WAP content, thereby improved Web content efficiency for monitoring and accuracy; And, can carry out content detection based on user's access request, have higher real-time and popularity.
Other features and advantages of the present invention will be set forth in the following description, and, partly from specification, become apparent, perhaps understand by implementing the present invention.Purpose of the present invention and other advantages can realize and obtain by specifically noted structure in the specification of being write, claims and accompanying drawing.
Description of drawings
Accompanying drawing is used to provide further understanding of the present invention, and constitutes the part of specification, is used from explanation the present invention with the embodiment of the invention one, is not construed as limiting the invention.In the accompanying drawings:
The method flow diagram of the detection SP website reliability that Fig. 1 provides for the embodiment of the invention;
The flow chart of the URL of definite SP website correspondence that Fig. 2 provides for the embodiment of the invention;
The URL that Fig. 3 determines for the basis that the embodiment of the invention provides obtains the flow chart one of WAP content;
The URL that Fig. 4 determines for the basis that the embodiment of the invention provides obtains the flowchart 2 of WAP content;
The URL that Fig. 5 determines for the basis that the embodiment of the invention provides obtains the flow chart 3 of WAP content;
The flow chart that sends a warning message to the user that Fig. 6 provides for the embodiment of the invention;
The system schematic one of the detection SP website reliability that Fig. 7 provides for the embodiment of the invention;
The system schematic two of the detection SP website reliability that Fig. 8 provides for the embodiment of the invention;
The system schematic three of the detection SP website reliability that Fig. 9 provides for the embodiment of the invention;
The network entity schematic diagram that the system of the detection SP website reliability that Figure 10 provides for the embodiment of the invention relates to;
The flow chart of the mapping table of safeguarding private network IP address and MISDN number that Figure 11 provides for the embodiment of the invention.
Embodiment
In order to provide the implementation of effective monitoring SP website, the embodiment of the invention provides a kind of method and system of the SP of detection website reliability, below in conjunction with Figure of description the preferred embodiments of the present invention are described, be to be understood that, preferred embodiment described herein only is used for description and interpretation the present invention, and is not used in qualification the present invention.And under the situation of not conflicting, embodiment and the feature among the embodiment among the application can make up mutually.
Method according to the detection SP website reliability of the embodiment of the invention, at first need to determine URL to be detected, and obtain the WAP content that corresponding SP website with this URL provides according to this URL, this WAP content is detected, according to testing result, determine the reliability of the SP website of this URL correspondence to the WAP content.Wherein, determine URL to be detected, can preferably include following dual mode:
Determine URL according to user behavior, promptly according to the request of user capture SP website, the URL that determines this SP website correspondence is URL to be detected; Or
Initiatively monitor mode promptly according to the active detecting SP website of default, determines that the URL of this active detecting SP website correspondence is URL to be detected.
In accordance with a preferred embodiment of the present invention, at first provide a kind of method of the SP of detection website reliability, this method is determined URL according to user behavior, and specifically as shown in Figure 1, this method mainly comprises the steps:
Step 101, according to the request of user capture SP website, determine the URL (Uniform Resource Locator, URL(uniform resource locator)) of this SP website correspondence.
The URL that step 102, basis are determined obtains the WAP content that this SP website provides.
Step 103, the WAP content of obtaining is detected.
Step 104, judge whether testing result to the WAP content obtained satisfies the requirement to the WAP content setting of unreliable SP website correspondence, if, execution in step 105, otherwise execution in step 106.
Step 105, determine that the SP website of this URL correspondence is unreliable, and classify this URL as unreliable URL.
Step 106, determine that the SP website of this URL correspondence is reliable, and classify this URL as reliable URL.
In the above-mentioned steps 105, can realize, after URL classifies unreliable URL as, this URL be joined in this unreliable url list, and can delete the URL information of preserving in this unreliable url list by safeguarding a dynamic unreliable url list; In like manner, in the step 106, can realize, after classifying URL as reliable URL, this URL be joined in this reliable url list, and can delete the URL information of preserving in this reliable url list by safeguarding a dynamic reliable url list.
In a preferred embodiment of the invention, in the step 101 of flow process shown in Figure 1, request according to user capture SP website, determine the URL of this SP website correspondence, promptly by obtaining the transmission control protocol tcp data bag between WAP gateway and the GGSN, by the tcp data bag is carried out protocol analysis and encapsulation process, determine the URL of SP website.Specifically as shown in Figure 2, comprise the steps:
The request of step 201, supervisory user visit SP website.
Step 202, monitor the request of user capture SP website after, obtain WAP gateway and GGSN (Gateway GPRS Support Node, Gateway GPRS Support Node) TCP between (TransmissionControl Protocol, transmission control protocol) packet.
In this step, may comprise the complete URL information of SP website in tcp data bag, also may comprise the part URL information of SP website.
Step 203, the tcp data bag that obtains carried out protocol analysis after, be encapsulated as HTTP (HyperTextTransfer Protocol, HTTP) packet.
In this step, the tcp data bag is carried out comprising in the HTTP packet that protocol analysis and encapsulation process obtain the complete URL of SP website.
Step 204, from the HTTP packet that encapsulation obtains, extract URL as the URL that detects this SP website.
In a preferred embodiment of the invention, when flow process shown in Figure 1 is applied to real network, can support monitoring, particularly, in step 101,, determine the URL of this SP website correspondence, specifically comprise according to the request of user capture SP website to a plurality of SP websites:
According to the request of a plurality of user capture SP websites, determine the URL of each SP website correspondence respectively;
Correspondingly, for fear of for same URL for the duplicate detection of the WAP content that provides of website, before carrying out above-mentioned steps 102, promptly before the WAP content that the SP website that obtains this URL correspondence provides, also comprise:
The URL that determines is filtered heavily processing,, remove the URL of repetition, only keep a URL and carry out the WAP content detection promptly for a plurality of identical URL.
In a preferred embodiment of the invention, in the step 102 of flow process shown in Figure 1, obtain the WAP content that this SP website provides according to the URL that determines, wherein, the WAP content of obtaining can comprise video file or/and picture as shown in Figure 3, specifically comprises the steps:
The URL that step 301, basis are determined enters the professional page of SP website.
Link on the professional page that step 302, scanning enter.
Step 303, enter the link that obtains of scanning, and obtain this and link video file under the corresponding page or/and picture.
In a preferred embodiment of the invention, for prevent the lawless person adopt steal the chain mode with unreliable content link under the page of reliable WAP website, as shown in Figure 4, after above-mentioned steps 303, can further include following steps:
Sublink under step 401, the scanning current page.
Step 402, judge whether to scan corresponding sublink,, if not, then finish if then execution in step 403.
Step 403, enter this sublink, and obtain video file under the corresponding page of this sublink or/and picture.
Whether the number of times of step 404, judgement scanning sublink reaches set point number, if not, then returns step 401, if then finish.
By flow process shown in Figure 4, can constantly scan sublink according to default, the number of times that does not comprise new sublink or enter sublink up to the sublink that enters reaches set point number.
In a preferred embodiment of the invention, in the step 102 of flow process shown in Figure 1, obtain the WAP content that this SP website provides according to the URL that determines, the WAP content of wherein obtaining can also comprise content of text, as shown in Figure 5, specifically comprises the steps:
The URL that step 501, basis are determined enters the professional page of SP website.
Step 502, obtain content of text on this business page according to the keyword of setting.
In a preferred embodiment of the invention, in the step 102 of flow process shown in Figure 1, when obtaining the WAP content that this SP website provides, also need to further consider the demand of SP website respective user login, specifically comprise following situation according to the URL that determines:
When the SP website need not the user and logins, directly obtain the WAP content that the SP website provides according to the URL that determines;
When the SP website needed the user to login, at first analog subscriber was logined this SP website, and obtained the WAP content that this SP website provides according to the URL that determines.
In a preferred embodiment of the invention, in the step 103 of flow process shown in Figure 1, the WAP content of obtaining is detected, comprises following process:
Respectively dissimilar WAP content (as video, picture or text) is detected, and be that the database that is used to preserve the testing result that dissimilar WAP content detection is obtained set up respectively in index with the type of WAP content;
The requirement whether information that this database is preserved is used to the testing result of determining the WAP content to satisfy the WAP content setting of unreliable SP website correspondence provides foundation.
In a preferred embodiment of the invention, in order to reduce the workload that the SP site contents is detected, can SP website that set the ULR correspondence be detected, preferably, obtain the content that the SP website provides according to the URL that determines before, before promptly the SP website being monitored, can further include the following step of determining SP website to be detected, that is:
Determine not obtain WAP content and the detection that the SP website provides before this user capture according to this URL; Or
Determine that the SP website of this URL correspondence is confirmed as reliable SP website before this user capture, whether the URL that promptly judges this SP website correspondence is in reliable url list, corresponding therewith, in the step 106 of flow process shown in Figure 1, when definite URL is reliable URL, can safeguard the tabulation (being Red List) of a reliable URL, can determine promptly by inquiring about this tabulation whether this URL is confirmed as reliable URL before this user capture.In like manner, in the step 105 of flow process shown in Figure 1, when definite URL is unreliable URL, can safeguard the tabulation (being blacklist) of a unreliable URL, can determine promptly by inquiring about this tabulation whether this URL is confirmed as unreliable URL before this user capture.
According to this embodiment, if when determining before this user capture that this URL is confirmed as unreliable URL, when promptly this URL is in blacklist, that is to say, this URL for SP website when when detecting last time, being confirmed as unreliable SP website, also comprise the steps:
The user of SP website to this URL correspondence of visit sends a warning message, the URL that promptly informs this its current accessed of user for the SP website be unreliable SP website.
In a preferred embodiment of the invention, determine that in the step 105 of flow process shown in Figure 1 the SP website of this URL correspondence is unreliable, after promptly this URL is unreliable URL, on the one hand this URL added blacklist list, also carry out following steps on the one hand:
The user of SP website to this URL correspondence of visit sends a warning message, the URL that promptly informs this its current accessed of user for the SP website be unreliable SP website.
Wherein, the mode to the user of SP website of this URL correspondence of visit sends a warning message as shown in Figure 6, comprises the steps:
Step 601, obtain RADIUS (RemoteAuthentication Dial In User Service, remote customer dialing authentication system) the protocol data bag between WAP gateway and the GGSN.
Step 602, resolve this radius protocol packet, obtain private network IP address wherein.
Step 603, determine MISDN (mobile comprehensive service digital network) number of user according to this IP address, and to sending a warning message with this MISDN number corresponding user.
In a preferred embodiment of the invention, can also adopt the mode of active detecting to determine URL to be detected, promptly according to the active detecting SP website of default, the URL that determines this active detecting SP website correspondence is URL to be detected, and further the content of the SP website of the URL correspondence determined is carried out active detecting, promptly need not under the situation about triggering by user capture SP website, according to setting cycle the content that the active detecting SP website of setting provides is obtained and detected, and determine according to testing result whether the SP website of this URL correspondence is reliable SP website, concrete handling process is consistent with the basic principle of the step 102~step 106 of flow process shown in Figure 1, repeats no more herein.
In the foregoing description, the WAP content of detection can comprise classifications such as text, picture and video, and is particularly, as follows at various types of other detection mode:
Text: carry out keyword coupling and semantic analysis according to content of text, detect bad text;
Picture: calculate picture feature, utilize feature database to detect picture and whether comprise flame; Promptly set up the flame feature database in advance, when picture is detected, at first calculate the picture feature of photo current, mate with this flame feature database then, determine according to matching rate whether this picture is imperfect picture;
Video: video is decoded, extract key frame, the two field picture that extracts is detected, judge whether comprise flame in the video according to the testing result that extracts frame; Wherein, to the testing process of two field picture and testing process basically identical, repeat no more picture herein.
Above-described detection technique is the detection technique that the preferred embodiment of the present invention adopted, and according to the embodiment of the invention, can also adopt other detection algorithms to detect, and is not described in detail herein.
Can detect the requirement of requirements set according to system to the WAP content of unreliable SP website correspondence, for example, the data volume that the content that provides when the SP of a certain URL correspondence website is detected as unreliable content is during greater than setting threshold, the SP website of then determining this URL correspondence is unreliable SP website, and also promptly this URL is unreliable URL.Certainly, this requirement can be provided with as required flexibly, for example, also can carry out key monitoring to the picture that the corresponding SP website of certain URL provides, when the quantity that is detected as unreliable picture surpasses its quantity that setting percentage of picture total quantity is provided or is detected as unreliable picture and reaches set point, the SP website of then determining this URL correspondence is unreliable SP website, enumerates no longer one by one herein.
Correspondingly, corresponding with the said method flow process, the embodiment of the invention also provides a kind of system of the SP of detection website reliability, and as shown in Figure 7, this system comprises:
URL determines that subsystem 701, content obtain subsystem 702 and data process subsystem 703;
Wherein:
URL determines subsystem 701, is used for determining uniform resource position mark URL to be detected;
Content is obtained subsystem 702, is used for determining that according to URL the URL that subsystem 701 is determined is provided by the WAP content that provides for the SP website with this URL;
Data process subsystem 703 is used for that content is obtained the WAP content that subsystem 702 obtains and detects, and according to the testing result to this WAP content, determines the reliability of the SP website of this URL correspondence.
In a preferred embodiment of the invention, URL shown in Figure 7 determines that subsystem 701 can determine that the mode of URL further is divided into a URL determining unit and the 2nd URL determining unit (not marking in the drawings) according to it, wherein:
The one URL determining unit is used for the request according to user capture SP website, and the URL that determines described SP website correspondence is URL to be detected;
The 2nd URL determining unit is used for the active detecting SP website according to default, and the URL that determines described active detecting SP website correspondence is URL to be detected.
According to the embodiment of the invention, if determining subsystem 701, URL determines URL by a kind of mode, then according to its mode that adopts, can include only an above-mentioned URL determining unit, or include only the 2nd above-mentioned URL determining unit.
In a preferred embodiment of the invention, an above-mentioned URL determining unit specifically is used for:
According to the request of user capture service provider SP website, obtain the transmission control protocol tcp data bag between WAP gateway and the Gateway GPRS Support Node GGSN;
Described tcp data bag is encapsulated as HTTP HTTP packet, and from described HTTP packet, extracts the URL of URL as described SP website correspondence.
In a preferred embodiment of the invention, URL shown in Figure 7 determines subsystem 701, specifically is used for:
According to the request of a plurality of user capture service provider SP websites, determine the URL of described SP website correspondence respectively;
Described system also comprises: data tandem subsystem is used for described URL is determined that the described URL that subsystem is determined filters heavily processing that the URL after filter is heavily handled offers described content and obtains subsystem.
In a preferred embodiment of the invention, content shown in Figure 7 is obtained subsystem 702, also is used for:
Before determining that according to described URL URL that subsystem 701 is determined obtain the home control network communication protocol WAP content that described SP website provides, determine before this user capture not obtain the WAP content that described SP website provides and detect according to described URL; Or the SP website of described URL correspondence is not confirmed as unreliable SP website before definite this user capture.
As shown in Figure 8, in a preferred embodiment of the invention, the system of detection SP website reliability shown in Figure 7 can further include:
Alarm subsystem 704, be used for content obtain subsystem 702 determine these user captures before the SP website of described URL correspondence when being confirmed as unreliable SP website, send a warning message to the user of the SP website of the described URL correspondence of visit.
As shown in Figure 8, in a preferred embodiment of the invention, the system of detection SP website reliability shown in Figure 7 can further include:
Alarm subsystem 704 is used for after data process subsystem 703 determines that the SP website of URL correspondences is unreliable, sends a warning message to the user of the SP website of this URL correspondence of visit.
In a preferred embodiment of the invention, alarm subsystem 704 shown in Figure 8 can only obtain subsystem 702 with content according to the function of its realization and be connected, and perhaps only is connected with data process subsystem 703.
In a preferred embodiment of the invention, alarm subsystem 704 shown in Figure 8 specifically is used for:
Obtain the remote customer dialing authentication system radius protocol packet between WAP gateway and the GGSN;
Resolve described radius protocol packet, obtain private network IP address wherein, and determine user's mobile comprehensive service digital network MISDN number according to described private network IP address;
To determining that with URL the MISDN number corresponding user that subsystem 701 is determined sends a warning message.
In a preferred embodiment of the invention, content shown in Figure 7 is obtained subsystem 702, specifically is used for:
When described SP website need not the user and logins, directly obtain the WAP content that described SP website provides according to described URL;
When described SP website needed the user to login, analog subscriber was logined described SP website, and obtained the WAP content that described SP website provides according to described URL.
In a preferred embodiment of the invention, content shown in Figure 7 is obtained subsystem 702, specifically is used for:
Link on the professional page of the SP website that scanning enters according to described URL enters described link and obtains video file under the corresponding page of described link or/and picture.
Further, in the present embodiment, this content is obtained subsystem 702, can also further specifically be used for:
Enter described link and obtain video file under the corresponding page of described link or/and behind the picture, scan the sublink under the corresponding page of described link, enter described sublink and obtain video file under the corresponding page of described sublink or/and picture, the number of times that does not comprise new sublink or enter sublink up to the sublink that enters reaches set point number.
In a preferred embodiment of the invention, content shown in Figure 7 is obtained subsystem 702, specifically is used for:
Enter the professional page of described SP website according to described URL;
Obtain content of text on the described professional page according to setting keyword.
As shown in Figure 9, in a preferred embodiment of the invention, the system of detection SP website reliability shown in Figure 7 can further include:
Index subsystem 705, be used for the process that detects in 703 pairs of WAP contents of data process subsystem, respectively dissimilar WAP contents is detected, and be that the database that is used to preserve the testing result that dissimilar WAP content detection is obtained set up respectively in index with the type of WAP content;
The requirement whether information that described database is preserved is used to the testing result of determining described WAP content to satisfy the WAP content setting of unreliable SP website correspondence provides foundation.
In a preferred embodiment of the invention, content shown in Figure 7 is obtained subsystem 702, also is used for:
URL according to default obtains the WAP content that the SP website corresponding with described URL provides.
In a preferred embodiment of the invention, URL shown in Figure 7 determines that subsystem 701 can be deployed in each WAP gateway.
Should be appreciated that only the logical partitioning of subsystem that above system comprises, in the practical application, can carry out the stack or the fractionation of above-mentioned subsystem for carrying out according to the function of this system's realization.And the function that system realized of the detection SP website reliability that this embodiment provides is corresponding one by one with the method flow of the detection SP website reliability that the foregoing description provides, for the more detailed handling process that this system realized, in said method embodiment, done detailed description, be not described in detail herein.
In order to understand the embodiment of the invention better, the more detailed ins and outs that relate in the embodiment of the invention are described below in conjunction with concrete the application:
The system of the detection SP website reliability that the embodiment of the present application provides, when being applied to the concrete network architecture, the prompting function that comprises bad WAP content, can use portable terminal GPRS (GeneralPacket Radio Service according to the user, GPRS) situation of visit WAP network is in time discerned its website of visiting and whether is had unreliable content.And, can also regularly carry out dynamic testing to the website of some FREE WAP sites, promptly the URL to some settings detects, determine the website that flame is provided and include blacklist in, the user reminds downlink short message when visit blacklist website, can also on the basis that scanning detects, some outstanding WAP sites be recommended simultaneously, can correctly guide the website of user capture health.
As shown in figure 10, the related entity schematic diagram of system of the detection SP website reliability that provides for the embodiment of the invention, the network entity that this system's (for sake of convenience, the back claims that this system is a detection system) that detects SP website reliability relates to comprises:
WAP gateway, GGSN, optical splitter and Short Message Service Gateway;
The reciprocal process of this detection system and above-mentioned network entity is as follows:
The user initiates visit WAP requests for content by its portable terminal, and this access request is transferred into WAP gateway by GGSN, and WAP gateway responds this user's request;
Optical splitter obtains the packet that transmits between WAP gateway and the GGSN and is submitted to detection system simultaneously;
Detection system is therefrom resolved the ULR that the user asks the SP website correspondence of visiting;
Above flow process is detection system is determined URL according to user behavior a process, in the embodiment of the present application, can also adopt the active monitor mode to determine URL, detection system also can be according to the active detecting SP website of default, the URL that determines active monitoring SP website detects, in below describing, emphasis is described in detail the process that the URL that determines according to user behavior detects, basic identical therewith for the process that the URL that adopts the active monitor mode to determine detects, difference is to determine the mode difference of URL.
The WAP content of obtaining corresponding SP website and providing according to the URL that determines detects, and determine unreliable URL and for the SP website, and when this is confirmed as the SP website of unreliable URL correspondence, send information to the user by Short Message Service Gateway in user capture.
In the practical application, if user A visit is when being listed in the website of blacklist (being unreliable URL) correspondence, then by behind the protocal analysis to network layer data, this test macro is then reminded the user A of illegal site access, wherein can pass through with lower interface:
By the Short Message Service Gateway interface, send information to the user, interface protocol is CMPP V3, short message service number can be 106586969;
By the network splitter device, the flowing of access of WAP gateway is copied portion send URL to and determine subsystem.Wherein, the uplink data that splitter just will comprise HTTP request is sent to URL and determines subsystem, does not handle the down link data that comprises http response.
In order to realize the purpose of user reminding, need obtain user A phone number information, because existing WAP gateway only sends the phone number information (MISDN number) of calling party to the white list address, the HTTP request that sends to the WAP website can not have user's phone number information usually.Therefore can only increase optical splitter at the front end of WAP gateway, user uplink is carried out integrated treatment to the request of WAP gateway and the mutual communication data between WAP gateway and the GGSN, could satisfy actual requirement.Particularly, when user A connected the GPRS passage at every turn, GGSN can distribute corresponding private network IP address to the user, notify simultaneously MISDN number of the WAP gateway user and the private network IP address distributed between mapping relations.When the user disconnects the GPRS passage, GGSN can notify WAP gateway to remove original MISDN number and the private net address that distributes between mapping relations.In order to obtain this mapping relations, detection system need be analyzed the communication traffic between WAP gateway and the GGSN, the mapping table that keeps a private network IP address and MISDN number, so just can find MISDN number of the user, thereby realize giving the purpose of user A transmitting short message prompting according to the private net address in the IP bag of user's request.Specifically safeguard private network IP address and MISDN number mapping table process as shown in figure 11, comprise the steps:
Step 1101, GGSN send user's request of chargeing to WAP gateway and begin packet (being the RADIUS message bag).
Step 1102, optical splitter obtain the charging request that GGSN sends to WAP gateway and begin packet, send to detection system.
Step 1103, detection system obtain the request of chargeing and begin behind the packet this packet to be resolved, up-to-date private network IP address that acquisition GGSN sends and MISDN number corresponding relation.
Step 1104, the IP that upgrades internal maintenance and MISDN number mapping table add mapping table to newly-increased mapping relations.
Step 1105, GGSN send user's request end data packet of chargeing to WAP gateway.
Step 1106, optical splitter obtain the charging request end data packet that GGSN sends to WAP gateway, send to detection system.
Should be appreciated that in the present embodiment packet that the not just above access request of initiatively being initiated by the user of the packet that optical splitter obtains produces, the packet that also has WAP gateway to produce by the analog subscriber visit.
Step 1107, detection system are resolved this packet, and the needs that obtain the GGSN transmission are removed the private network IP address of mapping relations and the corresponding relation of MISDN.
Step 1108, detection system are upgraded the IP of internal maintenance and the mapping table of MISDN, and the mapping relations that needs are removed are removed.
After the user was by visit WAP website detection trigger flow process, after detection system was determined accessed URL, when obtaining the WAP content and detect according to this URL, analog subscriber A visited corresponding SP website and obtains the WAP content and preserve.It doesn't matter substantially for flow process when this process and concrete business realizing, is not that the user initiates visit, do not need to charge, and do not need to carry out interface interchange.This detection system residing position class in real network is similar to WTBS, and function is to obtain all the elements of the WAP service that the SP website provides.Analyze after content is obtained and scan, analyzing link new on the page continues to grasp, the keeper can define the number of plies of extracting, when the page number of plies that grasps has arrived the numerical value of keeper's definition or do not had new sublink to grasp, stops automatically grasping.
In the practical application, content is obtained and can be realized by the network interface card of finishing in the server that URL determines subsystem function, after opening the promiscuous mode of network interface card, network interface card can submit to upper system to handle all packets that receive from Ethernet, the packet that network interface card is sent here carries out agreement identification, the tcp data bag that extracts wherein carries out agreement identification and encapsulation again, obtains the URL in the packet after encapsulating again, finishes the server that content is obtained subsystem function through URL filter heavy back submission at last.
In the practical application, bottom Transmission Control Protocol packet in the Ethernet is encapsulated, wherein HTTP, WSP and Radius agreement request packet format content are carried out analysis and filter, will analyze new URL address that the back obtains then and submit to content to obtain subsystem to carry out content and download and detect.Excessive for preventing data volume, whole system can realize overall URL filter heavy-duty machine system, avoids same URL to download for many times, and storage is impacted.
Analyze by this network layer, can solve the user and not pass through other channel visit harmful content page by the link of dream network service, original grasping system can't obtain the problem of its content, guarantees the content health of MDC machine room server.
When specific implementation, each subsystem that detection system comprises is disposed as follows in existing network:
(1) URL determines subsystem
URL determines that subsystem is deployed in detected WAP link place machine room, by the mode image data of TAP with the The data beam split of WAP gateway VPN-CMNET fire compartment wall link.
URL determines that subsystem is after opening the promiscuous mode of network interface card, network interface card can submit to upper system to handle all packets that receive from Ethernet, partly realize the network packet filtration by the netfilter that operates in kernel spacing, catch the data of detected link, send the message that captures with netlink multicast group (multicast group) to user's space, the message that sends to user's space is determined the subsystem seizure by this URL.
Particularly, URL determines that subsystem when employing is determined the mode of URL according to user behavior, can be divided into as lower module:
The network protocol analysis module: the packet to different agreement in the network traffics carries out dissection process, extracts HTTP request package information.
The uplink data that splitter just will comprise HTTP request is sent to URL and determines subsystem.Data (flow is very high) to down link do not deal with, and have both alleviated system's computational load, have avoided infringement privacy of user data yet.
The blacklist maintenance module: by the HTTP request of analysis user, comparison system blacklist sends the reminding short message request to the alarm subsystem in the time of in the URL of user capture pipes off, and sends to the user by the sub-subsystem unification of alarm by the Short Message Service Gateway interface.
Log pattern: the result writes daily record with data acquisition, supply and demand will the time inquire about, critical data provides encryption, the big data quantity data provide compression to handle.
Content address row is heavy: the URL to user capture arranges heavily processing, and all only write down once each accessed address, guarantees downloading efficiency.
(2) data tandem subsystem
Data tandem subsystem responsible receives the URL information that the URL that is distributed in each WAP gateway determines that subsystem transmits, and carries out secondary row and weighs, and unique URL information is submitted to content obtain subsystem.
(3) content is obtained subsystem
On the one hand, content is obtained the mode that subsystem can adopt web crawlers, periodic scanning URL determines the professional and independent WAP website of the dream net WAP that lists the active detecting tabulation in that subsystem is determined according to the active monitor mode, grasp text, picture, the video content of website, submit to data process subsystem and carry out analyzing and processing.
On the other hand, content is obtained subsystem responsible and is grasped the various information of website according to the URL that data tandem subsystem provides, and specifically comprises downloading task dispatch service module, is used for downloading task is dispatched; And data download cluster module, be used for downloading task is analyzed.
(4) data process subsystem
Data process subsystem is responsible for that mainly content is obtained the WAP content that subsystem obtains and is detected, and can be divided into as lower module:
Content analysis module (text analyzing, picture analyzing, graphical analysis) and data analysis module.Wherein content analysis module is responsible for text data is carried out index and content analysis; Data analysis module is in conjunction with the result of content analysis module, according to setting the URL that requires to determine Pornography Sites.
(5) data process subsystem
This data process subsystem user examines the WAP content, and particularly, this data process subsystem can be divided into following module according to the function of its realization:
Bad website administration module: by analysis, find bad website, provide administration interface for administrative staff's management to site contents.Confirm or content URL that analyzes automatically and website that through artificial can form the blacklist file in system, WAP gateway can regularly be inquired about synchronous blacklist storehouse.
Content auditing module: the WAP content of obtaining is examined, for example, judge the picture classification.A concrete review process is as follows:
The image data that WAP gateway is provided carries out the specific aim audit at WAP gateway content auditing, FreeWap content auditing or mobile dream network's content auditing;
By the screening on date being determined the image content in the problem website.If know concrete website, then, promptly import website URL and inquire its corresponding flame by inquiry of the domain name; Inquiry by date, then Query Result is n problem website and corresponding picture object information thereof.
Can be further combined with manual examination and verification, determining which class is that porny, which class are vulgar pictures, and record audit picture number and picture classification.
Content search module: by the picture of examining is gathered, inquire the problem domain name that all found pornographic and vulgar picture, and join in the blacklist at this, and in WAP gateway problem site, the audit of mobile problem content and the audit of FreeWap problem content, the picture of having examined is checked, the porny number of checking reaches certain value and not when the domain name in blacklist storehouse, add blacklist, the problem domain name that adds blacklist is synchronized in the blacklist storehouse.
The short message prompt module: the function that the function of short message prompt module mainly provides the contact staff that note is reminded is controlled, if user capture is website in the blacklist storehouse, then sends note and reminds; Or trigger alarm message automatically.
(6) index subsystem
Index subsystem can be divided into as lower module
The index generation module:
The result of content analysis is input to indexing component, carries out index by each field index device, generate indexed results, wherein, the field that is provided with in the field index device can be the classification of WAP content, as picture, video, text etc.
The index stores module:
Be equivalent to Virtual File System, have storage, read and interface such as modification, and concrete data storage method, memory location and compression algorithm are transparent for the indexing component on upper strata.
The index compression module:
Adopt advanced compression algorithm that the index that generates is compressed, compression and decompression speed is very fast, and supports the local solution compression, and the index size after the compression generally is about 50% of an original document.
The indexed search module:
Support the retrieval of multiple mode, can divide field search, by this mode, for the content or the keyword of burst, can be timely directed tracing in addition, guarantee the promptness of monitoring.
The index read module:
Specific implementation can be passed through Agent components, and the read-only access interface of encapsulation indexing component does not provide any interface of writing and revising, in case misoperation of users is destroyed index data
Above-mentioned at least one technical scheme that provides by the embodiment of the invention, at first determine URL to be detected, and obtain the WAP content that provides for the SP website with this URL according to the URL that determines, further the WAP content of obtaining is detected, and, determine the reliability of this SP and corresponding URL according to testing result to the WAP content obtained.Adopt this technical scheme, need not manual examination and verification WAP content, thereby improved Web content efficiency for monitoring and accuracy; And, can carry out content detection based on user's access request, have higher real-time and popularity.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.

Claims (14)

1. a method that detects service provider SP website reliability is characterized in that, comprising:
Determine uniform resource position mark URL to be detected;
Obtain the home control network communication protocol WAP content that provides with the corresponding service provider SP of described URL website according to described URL, and described WAP content is detected;
According to testing result, determine the reliability of the SP website of described URL correspondence to described WAP content.
2. the method for claim 1 is characterized in that, determines uniform resource position mark URL to be detected, comprising:
According to the request of user capture SP website, the URL that determines described SP website correspondence is URL to be detected; Or
According to the active detecting SP website of default, the URL that determines described active detecting SP website correspondence is URL to be detected.
3. method as claimed in claim 2 is characterized in that, according to the request of user capture SP website, determines the URL of described SP website correspondence, comprising:
According to the request of user capture SP website, obtain the transmission control protocol tcp data bag between WAP gateway and the Gateway GPRS Support Node GGSN, by described tcp data bag is carried out protocol analysis and encapsulation process, determine the URL of described SP website.
4. the method for claim 1 is characterized in that, obtain the home control network communication protocol WAP content that the SP website corresponding with described URL provide according to described URL before, also comprises:
Determine not obtain WAP content and the detection that corresponding SP website with described URL provides before this user capture according to described URL; Or
Determine that the SP website of described URL correspondence is not confirmed as unreliable SP website before this user capture.
5. method as claimed in claim 4 is characterized in that, also comprises:
If determine that the SP website of described URL correspondence is unreliable, then the user to the SP website of visiting described URL correspondence sends a warning message.
6. method as claimed in claim 5 is characterized in that, the mode to the user of SP website of the described URL correspondence of visit sends a warning message comprises:
Obtain the remote customer dialing authentication system radius protocol packet between WAP gateway and the GGSN;
Resolve described radius protocol packet, obtain private network IP address wherein;
According to the corresponding relation of described private network IP address and private network IP address and mobile comprehensive service digital network MISDN number, MISDN number of determining described user;
To sending a warning message with described MISDN number corresponding user.
7. the method for claim 1 is characterized in that, obtains the home control network communication protocol WAP content that corresponding SP website with described URL provides according to described URL, comprising:
Link on the professional page of the SP website that scanning enters according to described URL, enter described link and obtain video file under the corresponding page of described link or/and picture, scan the sublink under the corresponding page of described link, enter described sublink and obtain video file under the corresponding page of described sublink or/and picture, the number of times that does not comprise new sublink or enter sublink up to the sublink that enters reaches set point number; Or/and
Enter the professional page of described SP website according to described URL, and obtain content of text on the described professional page according to setting keyword.
8. a system that detects service provider SP website reliability is characterized in that, comprising:
URL determines subsystem, is used for determining uniform resource position mark URL to be detected;
Content is obtained subsystem, is used for determining that according to described URL the URL that subsystem is determined is provided by the home control network communication protocol WAP content that provides with the corresponding service provider SP of described URL website;
Data process subsystem is used for that described content is obtained the WAP content that subsystem obtains and detects, and according to the testing result to described WAP content, determines the reliability of the SP website of described URL correspondence.
9. system as claimed in claim 8 is characterized in that, described URL determines subsystem, specifically comprises:
The one URL determining unit is used for the request according to user capture SP website, and the URL that determines described SP website correspondence is URL to be detected; Or
The 2nd URL determining unit is used for the active detecting SP website according to default, and the URL that determines described active detecting SP website correspondence is URL to be detected.
10. system as claimed in claim 9 is characterized in that, a described URL determining unit specifically is used for:
According to the request of user capture SP website, obtain the transmission control protocol tcp data bag between WAP gateway and the Gateway GPRS Support Node GGSN, by described tcp data bag is carried out protocol analysis and encapsulation process, determine the URL of described SP website.
11. system as claimed in claim 8 is characterized in that, described content is obtained subsystem, also is used for:
Before determining that according to described URL URL that subsystem is determined obtains the home control network communication protocol WAP content that described SP website provides, determine not obtain the WAP content that provides with described SP website before this user capture and detect according to described URL; Or the SP website of described URL correspondence is not confirmed as unreliable SP website before definite this user capture.
12. system as claimed in claim 11 is characterized in that, also comprises:
The alarm subsystem is used for when described content is obtained subsystem and determined that the SP website of described URL correspondence is unreliable, sends a warning message to the user of the SP website of the described URL correspondence of visit; Or
When described data process subsystem determines that the SP website of described URL correspondence is unreliable, send a warning message to the user of the SP website of the described URL correspondence of visit.
13. system as claimed in claim 12 is characterized in that, described alarm subsystem specifically is used for:
Obtain the remote customer dialing authentication system radius protocol packet between WAP gateway and the GGSN;
Resolve described radius protocol packet, obtain private network IP address wherein, and determine user's mobile comprehensive service digital network MISDN number according to described private network IP address;
To determining that with described URL the MISDN number corresponding user that subsystem is determined sends a warning message.
14. system as claimed in claim 8 is characterized in that, described content is obtained subsystem, specifically is used for:
Link on the professional page of the SP website that scanning enters according to described URL, enter described link and obtain video file under the corresponding page of described link or/and picture, scan the sublink under the corresponding page of described link, enter described sublink and obtain video file under the corresponding page of described sublink or/and picture, the number of times that does not comprise new sublink or enter sublink up to the sublink that enters reaches set point number; Or/and
Enter the professional page of described SP website according to described URL, and obtain content of text on the described professional page according to setting keyword.
CN201010196311.1A 2010-06-02 2010-06-02 Method and system for detecting reliability of service provider (SP) site Active CN102271331B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201010196311.1A CN102271331B (en) 2010-06-02 2010-06-02 Method and system for detecting reliability of service provider (SP) site

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201010196311.1A CN102271331B (en) 2010-06-02 2010-06-02 Method and system for detecting reliability of service provider (SP) site

Publications (2)

Publication Number Publication Date
CN102271331A true CN102271331A (en) 2011-12-07
CN102271331B CN102271331B (en) 2014-12-10

Family

ID=45053461

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201010196311.1A Active CN102271331B (en) 2010-06-02 2010-06-02 Method and system for detecting reliability of service provider (SP) site

Country Status (1)

Country Link
CN (1) CN102271331B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102624703A (en) * 2011-12-31 2012-08-01 成都市华为赛门铁克科技有限公司 Method and device for filtering uniform resource locators (URLs)
CN102932448A (en) * 2012-10-30 2013-02-13 工业和信息化部电信传输研究所 Distributed network crawler URL (uniform resource locator) duplicate removal system and method
CN103795748A (en) * 2012-10-30 2014-05-14 工业和信息化部电信传输研究所 Method for downloading mobile internet website content information
CN104038390A (en) * 2014-06-24 2014-09-10 汪敏 Linux server cluster unified peripheral event monitoring method based on netlink
CN105024870A (en) * 2014-04-24 2015-11-04 中国移动通信集团公司 Dial testing realization method and system
CN105262730A (en) * 2015-09-14 2016-01-20 北京华青融天技术有限责任公司 Monitoring method and device based on enterprise domain name safety

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1980245A (en) * 2006-12-06 2007-06-13 中兴通讯股份有限公司 Business processing method of WAP net gate server
CN101286998A (en) * 2007-04-09 2008-10-15 中兴通讯股份有限公司 PUSH method and system based on WAP gateway
CN101309292A (en) * 2008-06-06 2008-11-19 中国联合通信有限公司 Wireless internet SP service URL recording method and system
CN101330406A (en) * 2008-08-01 2008-12-24 中国联合通信有限公司 System and method for monitoring WAP imperfect picture

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1980245A (en) * 2006-12-06 2007-06-13 中兴通讯股份有限公司 Business processing method of WAP net gate server
CN101286998A (en) * 2007-04-09 2008-10-15 中兴通讯股份有限公司 PUSH method and system based on WAP gateway
CN101309292A (en) * 2008-06-06 2008-11-19 中国联合通信有限公司 Wireless internet SP service URL recording method and system
CN101330406A (en) * 2008-08-01 2008-12-24 中国联合通信有限公司 System and method for monitoring WAP imperfect picture

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102624703A (en) * 2011-12-31 2012-08-01 成都市华为赛门铁克科技有限公司 Method and device for filtering uniform resource locators (URLs)
CN102624703B (en) * 2011-12-31 2015-01-21 华为数字技术(成都)有限公司 Method and device for filtering uniform resource locators (URLs)
US9331981B2 (en) 2011-12-31 2016-05-03 Huawei Technologies Co., Ltd. Method and apparatus for filtering URL
CN102932448A (en) * 2012-10-30 2013-02-13 工业和信息化部电信传输研究所 Distributed network crawler URL (uniform resource locator) duplicate removal system and method
CN103795748A (en) * 2012-10-30 2014-05-14 工业和信息化部电信传输研究所 Method for downloading mobile internet website content information
CN102932448B (en) * 2012-10-30 2016-04-27 工业和信息化部电信传输研究所 The URL re-scheduling system and method for a kind of distributed network reptile
CN105024870A (en) * 2014-04-24 2015-11-04 中国移动通信集团公司 Dial testing realization method and system
CN104038390A (en) * 2014-06-24 2014-09-10 汪敏 Linux server cluster unified peripheral event monitoring method based on netlink
CN104038390B (en) * 2014-06-24 2017-10-10 汪敏 A kind of linux server clusters based on netlink unify peripheral hardware action listener method
CN105262730A (en) * 2015-09-14 2016-01-20 北京华青融天技术有限责任公司 Monitoring method and device based on enterprise domain name safety
CN105262730B (en) * 2015-09-14 2018-07-17 北京华青融天技术有限责任公司 Monitoring method and device based on enterprise domain name safety

Also Published As

Publication number Publication date
CN102271331B (en) 2014-12-10

Similar Documents

Publication Publication Date Title
CN102045363B (en) Establishment, identification control method and device for network flow characteristic identification rule
CN105516165B (en) A kind of method illegally acted on behalf of, equipment and the system of identification charging fraud
KR101010302B1 (en) Security management system and method of irc and http botnet
US7185366B2 (en) Security administration server and its host server
CN111132120B (en) Method, system and equipment for identifying camera device in room local area network
CN102271331B (en) Method and system for detecting reliability of service provider (SP) site
CN101431434B (en) Content monitoring and plugging system and method based on WAP
CN100362805C (en) Multifunctional management system for detecting erotic images and unhealthy information in network
CN101005503A (en) Method and data processing system for intercepting communication between a client and a service
US20100027430A1 (en) Apparatus and Method for Network Analysis
CN103152352A (en) Perfect information security and forensics monitoring method and system based on cloud computing environment
CN104378283A (en) Sensitive email filtering system and method based on client/server mode
CN110083391A (en) Call request monitoring method, device, equipment and storage medium
CN106452955B (en) A kind of detection method and system of abnormal network connection
CN105868040A (en) Log collection method and collection terminal
CN104063633B (en) A kind of safety auditing system based on filtration drive
CN109561051A (en) Content distributing network safety detection method and system
CN113225339B (en) Network security monitoring method and device, computer equipment and storage medium
CN104182681A (en) Hook-based iOS (iPhone operating system) key behavior detection device and detection method thereof
CN113269531A (en) Cloud-end architecture-based multi-tenant internet access behavior audit control method and related equipment
KR102314557B1 (en) System for managing security control and method thereof
CN102754488A (en) User access control method, apparatus and system
CN109600395A (en) A kind of device and implementation method of terminal network access control system
CN103647774A (en) Web content information filtering method based on cloud computing
US9077662B2 (en) Service linkage control system and method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant