CN102624547A - Method, device and system for managing IM (Instant Messaging) online behavior - Google Patents
Method, device and system for managing IM (Instant Messaging) online behavior Download PDFInfo
- Publication number
- CN102624547A CN102624547A CN2012100498183A CN201210049818A CN102624547A CN 102624547 A CN102624547 A CN 102624547A CN 2012100498183 A CN2012100498183 A CN 2012100498183A CN 201210049818 A CN201210049818 A CN 201210049818A CN 102624547 A CN102624547 A CN 102624547A
- Authority
- CN
- China
- Prior art keywords
- file
- type
- characteristic
- transmitted
- transmission
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The embodiment of the invention provides a method, a device and a system for managing an IM (Instant Messaging) online behavior. The method comprises the following steps of: during a file transmission process, extracting a first characteristic from the transmitted part of a file, and acquiring a first file type of the file according to the first characteristic, wherein the first characteristic comprises file header information for distinguishing file types; when a second characteristic can be extracted from the transmitted part of the file according to the first file type, extracting the second characteristic from the transmitted part of the file according to the first file type, wherein the second characteristic comprises file structure information for identifying the file types; verifying whether the first file type is the true file type of the file according to the second characteristic; and when the first file type is the true file type of the file and meets a preset strategy, stopping transmitting the file, wherein the preset strategy contains file types the transmission of which is to be stopped. The method provided by the invention can be used for effectively filtering the transmitted file.
Description
Technical field
The embodiment of the invention relates to communication technical field, particularly a kind of method, device and system of instant messaging internet behavior management.
Background technology
Instant messaging (Instant Messenger; Abbreviation IM) software can be described as the highest software of present China Internet user utilization rate; No matter be the ICQ of old brand, or the Tencent QQ of domestic user's flow control one, and the MSN of Microsoft is the focus of public concern; They can let you promptly find your friend or work buddies on the net, can live talk and transinformation.And, the function of exchanges data that now many IM softwares are also integrated, voice-enabled chat, Web conference, Email.
At present; Two kinds of agreements that instant messaging is commonly used do; Transmission control protocol/internet interconnection protocol (Transmission Control Protocol; TCP) and User Datagram Protocol (User Datagram Protocol, UDP), the two all is two kinds of communication host-host protocols that are based upon on the IP agreement of bottom more.TCP is the form with data flow, will transmit data after cutting apart, packing, and through the virtual circuit of setting up between two machines, carries out FTP continuous, two-way, the strict guarantee data correctness.UDP is the form with packet, the priority arrival order of the data after splitting is not done the FTP of requirement.
Owing to can send message or file transfer to another user through instant communication software through the instant communication software user; Consider from safety and audit; In order to prevent that sensitive information or data from sending wrong reception object to through network; Make enterprise in information-intensive society, can guarantee the safety guarantee of vital strategic secrets data, do not influence work, professional normally carrying out simultaneously again, enterprise usually need manage the instant messaging internet behavior.
In the prior art, the mode that the instant messaging internet behavior is managed is normally judged through file extension the type of file to determine whether to transmit this document according to the collocation strategy scheme again.In the process that realizes the embodiment of the invention; In the method that the inventor finds to come the instant messaging internet behavior is managed through file extension judgement file type in the prior art; If artificial remove extension name or change extension name; Detection system just can't accurately pick out the authentic document type of institute's transfer files, thereby can't the file that transmitted effectively be filtered, and there is huge potential safety hazard in the protection of company information.
Summary of the invention
In view of this; The embodiment of the invention provides a kind of method, device and system of instant messaging internet behavior management; Can effectively identify the authentic document type of institute's transfer files in the instant messaging, thereby the file that is transmitted is effectively filtered, improve fail safe.
According to an aspect of the embodiment of the invention, a kind of method of instant messaging internet behavior management is provided, comprising:
In the transfer files process, from the part that said file has transmitted, extract first characteristic, obtain first file type of said file according to said first characteristic, said first characteristic comprises the file header information that is used to distinguish file type;
From the part that said file has transmitted, extract second characteristic according to first file type, said second characteristic comprises the document structure information of identification document type;
When can from the part that said file has transmitted, extracting second characteristic, whether be the authentic document type of said file then according to said first file type of the said second characteristic verification according to first file type; , said second characteristic comprises the document structure information of identification document type;
When said first file type authentic document type that is said file and when satisfying preset tactful, stop the said file of transmission, include the file type that will stop transmitting in the said strategy that presets.
According to another aspect of the embodiment of the invention, a kind of instant messaging internet behavior management devices is provided, comprising:
The policy configurations module is used to preset strategy, includes the file type that will stop transmitting in the said strategy that presets;
First identification module; Be used in the transfer files process; From the part that said file has transmitted, extract first characteristic, obtain first file type of said file according to said first characteristic, said first characteristic comprises the file header information that is used to distinguish file type;
Second identification module is used for extracting second characteristic according to first file type from the part that said file has transmitted, and said second characteristic comprises the document structure information of identification document type;
Whether the verification module is used for when second identification module can extract second characteristic from the part that said file has transmitted, be the authentic document type of said file according to said first file type of the said second characteristic verification;
Processing module, be used for when check results be said first file type authentic document type that is said file and when satisfying preset tactful, stop the said file of transmission.
According to another aspect of the embodiment of the invention, a kind of instant messaging internet behavior management system is provided, comprising:
Message recipient is used to receive the strategy that the user presets, and strategy is sent to memory;
Primary processor is used in the transfer files process, from the part that said file has transmitted, extracts first characteristic, obtains first file type of said file according to said first characteristic, and said first characteristic comprises the file header information that is used to distinguish file type; From the part that said file has transmitted, extract second characteristic according to first file type, said second characteristic comprises the document structure information of identification document type; In the time can from the part that said file has transmitted, extracting second characteristic, whether be the authentic document type of said file then according to said first file type of the said second characteristic verification according to first file type; When said first file type authentic document type that is said file and when satisfying preset tactful, stop the said file of transmission, include the file type that will stop transmitting in the said strategy that presets;
Memory is used for storage and presets strategy.
Can know through above technical scheme; Technical scheme of the present invention is through in the transfer files process; From the part that said file has transmitted, extract first characteristic, obtain first file type of said file according to said first characteristic, and from the part that said file has transmitted, extract second characteristic according to first file type and come whether said first file type of verification is the authentic document type of said file; When said first file type authentic document type that is said file and when satisfying preset tactful; Stop the said file of transmission, thereby improved accuracy, strengthened the fail safe of system the file type identification of institute's transfer files.And the identification file type is in document transmission process, to carry out in the technical scheme of the present invention, need not the whole file of first buffer memory and file type is discerned again, thereby reduced the time loss in the testing process, has improved user experience.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art; To do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below; Obviously, the accompanying drawing in describing below is some embodiments of the present invention, for those of ordinary skills; Under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the flow chart of the management method of instant messaging internet behavior shown in the one embodiment of the invention;
Fig. 2 is the flow chart of instant messaging internet behavior management method shown in another embodiment of the present invention;
Fig. 3 is the flow chart of the management method of instant messaging internet behavior shown in the another embodiment of the present invention;
Fig. 4 is the structural representation of the management devices of instant messaging internet behavior shown in the one embodiment of the invention;
Fig. 5 is the structural representation of instant messaging internet behavior management devices shown in another embodiment of the present invention;
Fig. 6 is the structural representation of the management system of instant messaging internet behavior shown in the one embodiment of the invention.
Embodiment
For the purpose, technical scheme and the advantage that make the embodiment of the invention clearer; To combine the accompanying drawing in the embodiment of the invention below; Technical scheme in the embodiment of the invention is carried out clear, intactly description; Obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills are not making the every other embodiment that is obtained under the creative work prerequisite, all belong to the scope of embodiment of the invention protection.
Fig. 1 is the flow chart of the management method of instant messaging internet behavior shown in the one embodiment of the invention, and is as shown in Figure 1, and this method comprises:
In step 101, the transfer files process, from the part that said file has transmitted, extract first characteristic, obtain first file type of said file according to said first characteristic, said first is characterized as the file header information that is used to distinguish file type;
In the internet behavior of instant messaging shown in the foregoing description management method; Through in the transfer files process; From the part that said file has transmitted, extract first characteristic; Obtain first file type of said file according to said first characteristic, and from the part that said file has transmitted, extract second characteristic according to first file type and come whether said first file type of verification is the authentic document type of said file, when said first file type authentic document type that is said file and when satisfying preset tactful; Stop the said file of transmission; Thereby improved accuracy, avoided escaping the possibility that file type detects, strengthened the fail safe of system through artificial modification first characteristic to the file type identification of institute's transfer files.And the identification file type is in document transmission process, to carry out in the technical scheme of the present invention, need not the whole file of first buffer memory and file type is discerned again, thereby reduced the time loss in the testing process, has improved user experience.
Fig. 2 will be an example with the transmission and the detection of word document for the flow chart of instant messaging internet behavior management method shown in another embodiment of the present invention in the present embodiment, carry out bright specifically.With reference to shown in Figure 2, concrete steps comprise:
In step 203, the transfer files process, from the part that said file has transmitted, extract first characteristic, said first characteristic comprises the file header numeral that is used to distinguish file type;
Be example with the word document in the present embodiment, said first is characterized as the file header numeral of institute's transfer files, and the file header numeral of word document is the file header numeral of office file consolidation, and concrete form is the numeral of 8 16 systems; File is to transmit with the form of byte in transmission course, and above-mentioned 8 bytes are transmitted at first.Said extraction first characteristic is specially after preceding 8 bytes of file transfer are accomplished transmission, promptly reads preceding 8 bytes; Get into step 205;
Concrete, the file header numeral of concrete file type that can be through first characteristic that will extract and prevision is complementary and obtains first file type; For example,, the file header numeral of office file is unified to be these 8 bytes of D0 CF11 E0 A1 B1 1A E1; The file header information of RIFF (Resource Interchange File Format, resource interchange file format) file is ' RIFF '.
Concrete; The file header numeral that obtains this document when the part transmitted according to file in the present embodiment is during for D0 CF 11 E0 A1 B1 1A E1; First file type that can know institute's transfer files is the office file, but can't confirm specifically that it is specially word, ppt or xls;
For confirming that first file type is institute's transfer files of office, then extract second characteristic in the present embodiment to the concrete file structure of office; The document structure information of office is positioned at after the file header information, just can carry out second Feature Extraction so must accomplish the file header transmission of Information; In the actual conditions, be file attribute information on the position after the file header information of office file, per 128 bytes are represented a kind of attribute in the file attribute information, and said second characteristic is that document structure information is a kind of in the file attribute information; Because the office file also comprises multiple file attribute information except document structure information; And the order of All Files attribute information is fixing, needs in the process of second characteristic whenever search at a distance from 128 bytes whether definite this partial document attribute information is exactly document structure information so extract.Get into step 208.
Concrete; In the present embodiment; In file attribute information, find a string byte of representing WordDocument, then think and read the document structure information that this partial document attribute information is the word document this partial bytes and promptly accomplish second Feature Extraction at transfer files; If all do not find this a string byte of WordDocument, then think second feature extraction failure to a last packet.Then get into step 209 when extracting the success of second characteristic; Then get into step 213 when extracting the failure of second characteristic;
For example first file type of identification is the office file in the step 205; Second of extraction is characterized as a string byte of representing WordDocument in the step 207; Think that then the authentic document type of institute's transfer files is the word document in the office file; Consistent with the result of " office file " of identification in the step 205, think that first file type of discerning in the step 205 is the authentic document type of this document, then get into step 211;
If first file type of identification is the RIFF file type in the step 205; Then (for example according to the document structure information position that identifies the RIFF file; Specifically can be on the position of 9-12 byte) in data packets for transmission, remove to search the document structure information of this document; If second characteristic that on corresponding position, extracts be not sign RIFF file document structure information (for example; If do not see the content of the concrete RIFF file types of sign such as " wave " or " MIDI " or " AVI " 9-12 byte), think that then the authentic document type of this document is not the RIFF file that identifies in the step 205, then get into step 213.
Concrete; The said file type that comprises needs execution interception operation in the strategy that presets is tackled the word file like needs, then presets to comprise the word file type in the strategy; When the authentic document type that detects file is word, then judge the satisfied strategy that presets of file type of this document.
Concrete, if in the strategy that presets be the file type that needs to stop transmission, then when the file type that obtains satisfies preset tactful, stop the said file of transmission, when the file type that obtains does not satisfy preset tactful, continue the said file of transmission.
What certainly can understand is; If in the strategy that presets be the file type that needs to continue transmission; Then, the file type that obtains then continues to transmit said file when satisfying preset tactful; When the file type that obtains does not satisfy preset tactful, then stopping transmitting said file, is serve as that to need the file type of termination be that example describes in the strategy that presets in the present embodiment.
Present embodiment is through extracting first characteristic and second characteristic in the transfer files process; And verify through second characteristic of extracting whether the file type that obtains according to first characteristic is real file type; Because second characteristic is the structure information of file; Therefore second characteristic is difficult to by malicious modification, thereby has improved the accuracy of the file type of identification file, and when the file type of the file that identifies meets preset tactful; Stop transfer files, thereby the file that is transmitted is effectively filtered.And, in the time can't extracting second characteristic, stop the file that transmission is being transmitted, the fail safe that has further improved system.And because whole process is in the process of file transfer, to carry out, need not the whole file of buffer memory and again file type is discerned, thereby reduced the time loss in the testing process, improved user experience.
Fig. 3 is the flow chart of the management method of instant messaging internet behavior shown in the another embodiment of the present invention, and present embodiment obtains on the basis of embodiment 2, further expanding, and concrete steps are:
Step 301, beginning file transfer get into step 303;
In step 303, the transfer files process, from the part that said file has transmitted, extract first characteristic, in the time can from the part that said file has transmitted, extracting first characteristic, get into step 305, otherwise get into step 315;
Concrete, said first characteristic comprises the file header information that is used to distinguish file type, for example is used to distinguish the file header numeral of file type.Yet in the practical application, some file type (for example txt document) is to belong to the file type that does not have set form, and this file type does not have file header information, therefore, to this file type, can't extract first characteristic.In the time can't extracting first characteristic, then get into step 315;
Step 305, obtain first file type of said file according to said first characteristic; Get into step 307;
Step 307, from the part that said file has transmitted, extract second characteristic according to first file type, said second characteristic comprises the document structure information of identification document type, gets into step 308;
Step 308 judges whether said second characteristic extracts success, when second feature extraction success, gets into step 309; Then get into step 313 when extracting the failure of second characteristic;
Step 309, whether be the authentic document type of said file according to said first file type of the said second characteristic verification; Be then to get into step 311, otherwise get into step 313;
Step 311, judge whether said authentic document type satisfies and preset strategy; Preset strategy when the authentic document type satisfies, then get into step 313; Do not preset strategy when the authentic document type does not satisfy, then get into step 319;
Step 313, the said file of termination transmission;
Step 315, judge whether said file is with extension name, then do not get into step 313 when said file does not carry extension name; When said file carries extension name, then get into step 317;
Step 317, discern the file type of said file, get into step 311 according to the extension name of said file;
For example said file has extension name " .rmvb " and thinks that then the authentic document type of this document is the rmvb file, gets into step 311, judges whether the file type of said file satisfies the strategy that presets;
Step 319, the said file of continuation transmission.
Present embodiment is on basis embodiment illustrated in fig. 2; Expanded when first characteristic that can't extraction document, the extension name of carrying through file is discerned the technical scheme of the file type of file, and present embodiment is than Fig. 1 or embodiment illustrated in fig. 2; Realized the authentic document type that obtains file under the first file type failure scenarios obtaining; Make checkout procedure improve more, further effectively realized filtration, the fail safe that has improved system file with accurate.
Fig. 4 is the structural representation of the management devices of instant messaging internet behavior shown in the one embodiment of the invention, and with reference to shown in Figure 4, this device comprises:
The policy configurations module is used to preset strategy, includes the file type that will stop transmitting in the said strategy that presets;
First identification module; Be used in the transfer files process; From the part that said file has transmitted, extract first characteristic, obtain first file type of said file according to said first characteristic, said first characteristic comprises the file header information that is used to distinguish file type;
Second identification module is used for extracting second characteristic according to first file type from the part that said file has transmitted, and said second characteristic comprises the document structure information of identification document type;
Whether the verification module is used for when second identification module can extract second characteristic from the part that said file has transmitted, be the authentic document type of said file according to said first file type of the said second characteristic verification;
Processing module, be used for when check results be said first file type authentic document type that is said file and when satisfying preset tactful, stop the said file of transmission.
Originally be embodied as the instant messaging internet behavior management devices that provides to method embodiment shown in Figure 1; Realize the method in real time as shown in Figure 1 through the said device of present embodiment; Thereby realize through in the transfer files process; From the part that said file has transmitted, extract first characteristic; Obtain first file type of said file according to said first characteristic, and from the part that said file has transmitted, extract second characteristic according to first file type and come whether said first file type of verification is the authentic document type of said file, when said first file type authentic document type that is said file and when satisfying preset tactful; Stop the said file of transmission; Thereby improved accuracy, avoided escaping the possibility that file type detects, strengthened the fail safe of system through the artificial modification extension name or first characteristic to the file type identification of institute's transfer files.And the identification file type is in document transmission process, to carry out in the technical scheme of the present invention, need not the whole file of first buffer memory and file type is discerned again, thereby reduced the time loss in the testing process, has improved user experience.
Fig. 4 is the structural representation of the management devices of instant messaging internet behavior shown in the one embodiment of the invention, and to device embodiment as shown in Figure 4, transmission and the detection with the word document is example below, carries out brightly specifically, and this device comprises:
The policy configurations module is used to preset strategy, includes the file type that will stop transmitting in the said strategy that presets;
Said presetting comprises in the strategy that needs carry out the file type of interception operation, like needs interception word file, then preset and comprise the word file type in the strategy, when the file type of file be word then this document satisfy and preset strategy;
First identification module; Be used in the transfer files process; From the part that said file has transmitted, extract first characteristic, obtain first file type of said file according to said first characteristic, said first characteristic comprises the file header information that is used to distinguish file type;
Described in the present embodiment first be characterized as institute's transfer files file header numeral, be example with the word document, the file header numeral of word document is the file header numeral of office file consolidation, concrete form is the numeral of 8 16 systems; File is to transmit with the form of byte in transmission course, and above-mentioned 8 bytes are transmitted at first, therefore, can be through reading preceding 8 bytes of transfer files obtain first characteristic of institute's transfer files; Concrete, be the content in these 8 bytes to be complementary with the file header numeral that presets obtain first file type, for example: the file header numeral of office file is unified to be D0 CF 11 these 8 bytes of E0A1 B1 1A E1; The file header information of RIFF (Resource Interchange File Format, resource interchange file format) file is ' RIFF '.
Concrete; The file header numeral that obtains this document when the part transmitted according to file in the present embodiment is during for D0 CF 11 E0 A1 B1 1A E1; First file type that can know institute's transfer files is the office file, but can't confirm specifically that it is specially word, ppt or xls;
Second identification module is used for extracting second characteristic according to first file type from the part that said file has transmitted, and said second characteristic comprises the document structure information of identification document type;
For confirming that first file type is institute's transfer files of office, then extract second characteristic in the present embodiment to the concrete file structure of office; The document structure information of office is positioned at after the file header information, just can carry out second Feature Extraction so must accomplish the file header transmission of Information; In the actual conditions, be file attribute information on the position after the file header information of office file, per 128 bytes are represented a kind of attribute in the file attribute information, and said second characteristic is that document structure information is a kind of in the file attribute information; Because the office file also comprises multiple file attribute information except document structure information; And the order of All Files attribute information is fixing, needs in the process of second characteristic whenever search at a distance from 128 bytes whether definite once this partial document attribute information is exactly document structure information so extract.For example, when searching a string byte that obtains representing WordDocument, then think and read the document structure information that this partial document attribute information is the word document this partial bytes and promptly accomplish second Feature Extraction; If all do not find this a string byte of WordDocument, then think second feature extraction failure to a last packet.
Whether the verification module is used for when the part that second identification module can transmit from said file is extracted second characteristic, be the authentic document type of said file according to said first file type of the said second characteristic verification;
Concrete; For example first file type of first identification module identification is the office file; What second identification module extracted second is characterized as a string byte of representing WordDocument; Think that then the authentic document type of institute's transfer files is the word document in the office file, consistent with the result of " the office file " of first identification module identification, first file type that first identification module is discerned is the authentic document type of this document;
If first file type of first identification module identification is the RIFF file type; Then (for example according to the document structure information position that identifies the RIFF file; Specifically can be on the position of 9-12 byte) in data packets for transmission, remove to search the document structure information of this document; If second characteristic that on corresponding position, extracts be not sign RIFF file document structure information (for example; If do not see the content of the concrete RIFF file types of sign such as " wave " or " MIDI " or " AVI " 9-12 byte), think that then the RIFF file type that first identification module identifies is not the authentic document type of this document.
Processing module, be used for when check results be said first file type authentic document type that is said file and when satisfying preset tactful, stop the said file of transmission; When authentic document type and satisfied preset tactful, continue the said file of transmission; , second identification module stops the said file of transmission when extracting the failure of second characteristic.
Present embodiment is through extracting first characteristic and second characteristic in the transfer files process; And verify through second characteristic of extracting whether the file type that obtains according to first characteristic is real file type; Because second characteristic is the structure information of file; Therefore second characteristic is difficult to by malicious modification, thereby has improved the accuracy of the file type of identification file, and when the file type of the file that identifies meets preset tactful; Stop transfer files, thereby the file that is transmitted is effectively filtered.And, in the time can't extracting second characteristic, stop the file that transmission is being transmitted, the fail safe that has further improved system.And because whole process is in the process of file transfer, to carry out, need not the whole file of buffer memory and again file type is discerned, thereby reduced the time loss in the testing process, improved user experience.
Fig. 5 is the structural representation of instant messaging internet behavior management devices shown in another embodiment of the present invention, on embodiment basis shown in Figure 4, also comprises:
The 3rd identification module is used for when the part that first identification module can't transmit from said file is extracted first characteristic, if said file carries extension name is then discerned said file according to the extension name of said file file type;
For example,,, therefore can't from file, extract first characteristic, so the extension name that can carry according to this document owing to there not be fixing file format to the file of txt type " .txt " identify the text that this document is the txt type.
Said processing module also is used for, and when said the 3rd identification module identifies the file type of said file according to the extension name of said file, and when the file type of said file satisfies preset tactful, stops the said file of transmission; When said file does not carry extension name, when said the 3rd identification module can't identify the file type of said file, stop the said file of transmission.
The embodiment of the invention is in the time can't obtaining first file type of said file according to first characteristic; Further discern the file type of file through the extension name of file; Thereby further realized effective filtration, the fail safe that has further improved system to file.
Fig. 6 is the structural representation of the management system of instant messaging internet behavior shown in the one embodiment of the invention, comprising:
Message recipient is used to receive the strategy that the user presets, and strategy is sent to memory;
Primary processor is used in the transfer files process, from the part that said file has transmitted, extracts first characteristic, obtains first file type of said file according to said first characteristic, and said first characteristic comprises the file header information that is used to distinguish file type; From the part that said file has transmitted, extract second characteristic according to first file type, said second characteristic comprises the document structure information of identification document type; In the time can from the part that said file has transmitted, extracting second characteristic, whether be the authentic document type of said file then according to said first file type of the said second characteristic verification according to first file type; When said first file type authentic document type that is said file and when satisfying preset tactful, stop the said file of transmission, include the file type that will stop transmitting in the said strategy that presets;
Concrete, said primary processor can be instant messaging internet behavior management devices shown in described in the foregoing description.Specifically can repeat no more with reference to the description of the embodiment of aforementioned means and method here.
Memory is used for storage and presets strategy.
In the internet behavior of instant messaging shown in the foregoing description management system; First characteristic of extraction document in the process of transfer files; Obtain first file type of said file according to said first characteristic; And from the part that said file has transmitted, extract second characteristic according to first file type and come whether said first file type of verification is the authentic document type of said file, when said first file type authentic document type that is said file and when satisfying preset tactful, stop the said file of transmission; Thereby improved accuracy, strengthened the fail safe of system the file type identification of institute's transfer files.And the identification file type is in document transmission process, to carry out in the technical scheme of the present invention, need not the whole file of first buffer memory and file type is discerned again, thereby reduced the time loss in the testing process, has improved user experience.
Need to prove; In this article; Relational terms such as first and second grades only is used for an entity or operation are made a distinction with another entity or operation, and not necessarily requires or hint relation or the order that has any this reality between these entities or the operation.And; Term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability; Thereby make and comprise that process, method, article or the equipment of a series of key elements not only comprise those key elements; But also comprise other key elements of clearly not listing, or also be included as this process, method, article or equipment intrinsic key element.Under the situation that do not having much more more restrictions, the key element that limits by statement " comprising ... ", and be not precluded within process, method, article or the equipment that comprises said key element and also have other identical element.
One of ordinary skill in the art will appreciate that all or part of step that realizes in the said method execution mode is to instruct relevant hardware to accomplish through program; Described program can be stored in the computer read/write memory medium; Here the alleged storage medium that gets, as: ROM/RAM, magnetic disc, CD etc.
The above is merely preferred embodiment of the present invention, is not to be used to limit protection scope of the present invention.All any modifications of within spirit of the present invention and principle, being done, be equal to replacement, improvement etc., all be included in protection scope of the present invention.
Claims (11)
1. an instant messaging internet behavior management method is characterized in that, comprising:
In the transfer files process, from the part that said file has transmitted, extract first characteristic, obtain first file type of said file according to said first characteristic, said first is characterized as the file header information that is used to distinguish file type;
In the time can from the part that said file has transmitted, extracting second characteristic according to first file type; Whether is the authentic document type of said file according to said first file type of the said second characteristic verification then, said second is characterized as the document structure information of identification document type;
When said first file type authentic document type that is said file and when satisfying preset tactful, stop the said file of transmission, include the file type that will stop transmitting in the said strategy that presets.
2. method according to claim 1 is characterized in that, also comprises:
In the time can not from the part that said file has transmitted, extracting second characteristic, stop the said file of transmission according to first file type.
3. method according to claim 1 is characterized in that, also comprises:
When said first file type authentic document type that is said file and when not satisfying preset tactful, continue the said file of transmission.
4. method according to claim 1 is characterized in that, also comprises:
When authentic document type that said first file type is not said file, stop the said file of transmission.
5. according to the arbitrary said method of claim 1-4, it is characterized in that, also comprise:
In the time can't from the part that said file has transmitted, extracting first characteristic; If said file carries extension name; Then discern the file type of said file, and when the file type of said file satisfies preset tactful, stop the said file of transmission according to the extension name of said file;
In the time can't from the part that said file has transmitted, extracting first characteristic,, then stop the said file of transmission if said file does not carry extension name.
6. an instant messaging internet behavior management devices is characterized in that, comprising:
The policy configurations module is used to preset strategy, includes the file type that will stop transmitting in the said strategy that presets;
First identification module; Be used in the transfer files process; From the part that said file has transmitted, extract first characteristic, obtain first file type of said file according to said first characteristic, said first characteristic comprises the file header information that is used to distinguish file type;
Second identification module is used for extracting second characteristic according to first file type from the part that said file has transmitted, and said second characteristic comprises the document structure information of identification document type;
Whether the verification module is used for when second identification module can extract second characteristic from the part that said file has transmitted, be the authentic document type of said file according to said first file type of the said second characteristic verification;
Processing module, be used for when check results be said first file type authentic document type that is said file and when satisfying preset tactful, stop the said file of transmission.
7. according to claim 6 shown device, it is characterized in that:
Said processing module also is used for when second identification module can not extract second characteristic from the part that said file has transmitted, stops the said file of transmission.
8. according to the said device of claim 6, it is characterized in that:
Said processing module, the authentic document type that also to be used for check results when said verification module and to be said first file type be said file and when not satisfying preset tactful continues the said file of transmission.
9. according to the said device of claim 6, it is characterized in that:
When said processing module, authentic document type that also to be used for check results when said verification module and to be said first file type be not said file, stop the said file of transmission.
10. according to the arbitrary said device of claim 7-9, it is characterized in that, also comprise:
The 3rd identification module is used for when the part that can't transmit from said file is extracted first characteristic, if said file carries extension name, then discerning the file type of said file according to the extension name of said file;
Said processing module also is used for, and when said the 3rd identification module identifies the file type of said file according to the extension name of said file, and when the file type of said file satisfies preset tactful, stops the said file of transmission; When said file does not carry extension name, when said the 3rd identification module can't identify the file type of said file, stop the said file of transmission.
11. an instant messaging internet behavior management system is characterized in that said system comprises;
Message recipient is used to receive the strategy that the user presets, and strategy is sent to memory;
Primary processor is used in the transfer files process, from the part that said file has transmitted, extracts first characteristic, obtains first file type of said file according to said first characteristic, and said first characteristic comprises the file header information that is used to distinguish file type; From the part that said file has transmitted, extract second characteristic according to first file type, said second characteristic comprises the document structure information of identification document type; In the time can from the part that said file has transmitted, extracting second characteristic, whether be the authentic document type of said file then according to said first file type of the said second characteristic verification according to first file type; When said first file type authentic document type that is said file and when satisfying preset tactful, stop the said file of transmission, include the file type that will stop transmitting in the said strategy that presets;
Memory is used for storage and presets strategy.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012100498183A CN102624547A (en) | 2011-12-31 | 2012-02-29 | Method, device and system for managing IM (Instant Messaging) online behavior |
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110459771 | 2011-12-31 | ||
| CN201110459771.3 | 2011-12-31 | ||
| CN2012100498183A CN102624547A (en) | 2011-12-31 | 2012-02-29 | Method, device and system for managing IM (Instant Messaging) online behavior |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102624547A true CN102624547A (en) | 2012-08-01 |
Family
ID=46564238
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012100498183A Pending CN102624547A (en) | 2011-12-31 | 2012-02-29 | Method, device and system for managing IM (Instant Messaging) online behavior |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102624547A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103677654A (en) * | 2012-09-24 | 2014-03-26 | 联想(北京)有限公司 | Method and electronic equipment for storing data |
| CN106227852A (en) * | 2016-07-28 | 2016-12-14 | 中国石油天然气集团公司 | The recognition methods of seismic prospecting performance data file and device |
| CN108140084A (en) * | 2015-08-13 | 2018-06-08 | 格拉斯沃(Ip)有限公司 | Using multilayer tactical management come managing risk |
| CN108270783A (en) * | 2018-01-15 | 2018-07-10 | 新华三信息安全技术有限公司 | A kind of data processing method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008009994A1 (en) * | 2006-07-19 | 2008-01-24 | Chronicle Solutions (Uk) Limited | Network monitoring by using packet header analysis |
| CN101329711A (en) * | 2008-07-24 | 2008-12-24 | 成都市华为赛门铁克科技有限公司 | Method and apparatus for detecting computer file |
| CN101639880A (en) * | 2008-07-31 | 2010-02-03 | 华为技术有限公司 | File test method and device |
| CN101901315A (en) * | 2010-07-12 | 2010-12-01 | 浪潮齐鲁软件产业有限公司 | Security isolation and monitoring management method of USB mobile storage media |
| WO2011034813A2 (en) * | 2009-09-15 | 2011-03-24 | Backa Bruce R | System and method for determining true computer file type identity |
-
2012
- 2012-02-29 CN CN2012100498183A patent/CN102624547A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008009994A1 (en) * | 2006-07-19 | 2008-01-24 | Chronicle Solutions (Uk) Limited | Network monitoring by using packet header analysis |
| CN101329711A (en) * | 2008-07-24 | 2008-12-24 | 成都市华为赛门铁克科技有限公司 | Method and apparatus for detecting computer file |
| CN101639880A (en) * | 2008-07-31 | 2010-02-03 | 华为技术有限公司 | File test method and device |
| WO2011034813A2 (en) * | 2009-09-15 | 2011-03-24 | Backa Bruce R | System and method for determining true computer file type identity |
| CN101901315A (en) * | 2010-07-12 | 2010-12-01 | 浪潮齐鲁软件产业有限公司 | Security isolation and monitoring management method of USB mobile storage media |
Non-Patent Citations (1)
| Title |
|---|
| 石宇: "文件类型的分析、判定与关键信息的提取", 《中国优秀硕士学位论文全文数据库信息科技辑》, no. 14, 15 December 2011 (2011-12-15) * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103677654A (en) * | 2012-09-24 | 2014-03-26 | 联想(北京)有限公司 | Method and electronic equipment for storing data |
| CN103677654B (en) * | 2012-09-24 | 2018-03-23 | 联想(北京)有限公司 | The method and electronic equipment of a kind of data storage |
| CN108140084A (en) * | 2015-08-13 | 2018-06-08 | 格拉斯沃(Ip)有限公司 | Using multilayer tactical management come managing risk |
| CN106227852A (en) * | 2016-07-28 | 2016-12-14 | 中国石油天然气集团公司 | The recognition methods of seismic prospecting performance data file and device |
| CN108270783A (en) * | 2018-01-15 | 2018-07-10 | 新华三信息安全技术有限公司 | A kind of data processing method and device |
| CN108270783B (en) * | 2018-01-15 | 2021-04-16 | 新华三信息安全技术有限公司 | Data processing method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101873259B (en) | SCTP (Stream Control Transmission Protocol) message identification method and device | |
| CN109194680B (en) | Network attack identification method, device and equipment | |
| CN109495377B (en) | Instant E-mail embedded URL credit confirming equipment, system and method | |
| CN102594623B (en) | The data detection method of fire compartment wall and device | |
| CN110519150B (en) | Mail detection method, device, equipment, system and computer readable storage medium | |
| US20090044006A1 (en) | System for blocking spam mail and method of the same | |
| CN102724317A (en) | Network data flow classification method and device | |
| CN101340290A (en) | Method, system and transmission card for safe data transmission between internal and external networks | |
| CN102624547A (en) | Method, device and system for managing IM (Instant Messaging) online behavior | |
| CN104320325A (en) | Information push method and device | |
| CN102780681A (en) | URL (Uniform Resource Locator) filtering system and URL filtering method | |
| CN110266650A (en) | The recognition methods of Conpot industry control honey jar | |
| CN112134893A (en) | Internet of things safety protection method and device, electronic equipment and storage medium | |
| CN108683589B (en) | Junk mail detection method and device and electronic equipment | |
| CN100481812C (en) | Flow controlling method based on application and network equipment for making applied flow control | |
| CN103796207A (en) | Method and device for identifying false subscriber number | |
| CN102098640B (en) | Method, device and system for distinguishing and stopping equipment from sending SMS (short messaging service) spam | |
| CN102404341A (en) | Method and device for monitoring E-mail user behaviors | |
| CN104184723A (en) | Application identifying method and device and network equipment | |
| CN110362993A (en) | Malicious process recognition methods, terminal, server, system and storage medium | |
| CN105516200A (en) | Cloud system security processing method and device | |
| US20130179537A1 (en) | Transmitting of configuration items within a network | |
| KR101826728B1 (en) | Method, system and computer-readable recording medium for managing log data | |
| CN105357166A (en) | Next-generation firewall system and packet detection method thereof | |
| CN101778055B (en) | Message processing method and network entity |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C53 | Correction of patent of invention or patent application | ||
| CB02 | Change of applicant information |
Address after: 611731 Chengdu high tech Zone, Sichuan, West Park, Qingshui River Applicant after: Huawei Symantec Technologies Co., Ltd. Address before: 611731 Chengdu high tech Zone, Sichuan, West Park, Qingshui River Applicant before: Chengdu Huawei Symantec Technologies Co., Ltd. |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: APPLICANT; FROM: CHENGDU HUAWEI SYMANTEC TECHNOLOGY CO., LTD. TO: HUAWEI DIGITAL TECHNOLOGY (CHENGDU) CO., LTD. |
|
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20120801 |