CN102938766A - Vicious website prompt method and device - Google Patents
Vicious website prompt method and device Download PDFInfo
- Publication number
- CN102938766A CN102938766A CN2012104509986A CN201210450998A CN102938766A CN 102938766 A CN102938766 A CN 102938766A CN 2012104509986 A CN2012104509986 A CN 2012104509986A CN 201210450998 A CN201210450998 A CN 201210450998A CN 102938766 A CN102938766 A CN 102938766A
- Authority
- CN
- China
- Prior art keywords
- website
- module
- malicious
- browser
- recommended
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 54
- 230000000977 initiatory effect Effects 0.000 claims description 8
- 230000001360 synchronised effect Effects 0.000 claims description 7
- 238000010586 diagram Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 241000700605 Viruses Species 0.000 description 3
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 238000001914 filtration Methods 0.000 description 1
- 208000015181 infectious disease Diseases 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a vicious website prompt method and device and relates to the technical field of the internet. The vicious website prompt device comprises a prompt module and a vicious website judgment module, wherein the prompt module is suitable for obtaining input information of a user in a browser address bar, sending requests to the vicious website judgment module to judge whether a recommended website is a vicious website and prompting to display judgment results of the vicious website judgment module for the recommended website on the browser side. The vicious website judgment module comprises a storage sub-module and a judgment sub-module. According to the technical scheme, the vicious website prompt method and device can perform vicious website judgment and prompt in advance when the user inputs information in the browser address bar, quickens browser address bar judgment efficiency, and accordingly solves problems in the prior art that a vicious website is determined when the user sends a website request after confirming to click the certain website and the user knows whether the website is vicious after clicking the website and feels poor in experience.
Description
Technical Field
The invention relates to the technical field of internet, in particular to a malicious website prompting method and device.
Background
The malicious website is a website in which malicious programs such as trojans and viruses are maliciously planted, induces a user to visit the website through disguised website service contents, and once the user enters the website, the programs such as trojans and viruses planted in the website are triggered, so that a visitor computer is infected and risks such as losing accounts or leaking privacy information are encountered. The Trojan hanging webpage is a webpage embedded with a Trojan website link. Accessing these web pages triggers an access request to the trojan website, which, once successful, can result in the infection of the visitor's computer, risking the loss of account numbers and the disclosure of private information.
The existing 'malicious website interception' technology can prevent a computer of a user from being connected with a malicious website and prevent the user from being invaded by a horse hanging webpage, a phishing website, a malicious website carrying viruses and the like. The user can shield the malicious website through the malicious website interception function. The parent user can shield websites which are not suitable for teenagers to browse through the function, and a green and healthy internet surfing environment is created for children. Because the website filtering function comprises the website blacklist and the website white list, the user can set the suspicious or unsuitable network addresses to be browsed into the website blacklist and set the trusted network addresses into the website white list. In addition, the malicious website interception function can also monitor specific port numbers, agents and suspicious programs.
The existing 'malicious website interception' technology is performed when a user confirms that a certain website is clicked and initiates a request for the website, and after the malicious website is confirmed, the user is prompted whether to continue loading. However, with the scheme, the user only knows whether the website is a malicious website after clicking the website, and the experience of the user is not good.
Disclosure of Invention
In view of the above problems, the present invention is proposed to provide a malicious website prompting method and apparatus that overcomes or at least partially solves the above problems.
According to an aspect of the present invention, a method for prompting a malicious website is provided, where a malicious website determining module is disposed in a browser, and the method includes:
acquiring input information of a user in an address bar of a browser;
acquiring a recommended website corresponding to the input information according to the input information;
initiating a request for judging whether the recommended website is a malicious website to a malicious website judging module at the browser side, judging whether the website belongs to a white list or not by the malicious website judging module for each website in the recommended websites, and judging the website to be credible by the malicious website judging module if the website belongs to the white list;
and prompting and displaying a judgment result of the malicious website judgment module on the recommended website at the browser side.
Optionally, the method further comprises: if the website does not belong to the white list, the malicious website judging module judges whether the website belongs to the black list, if the website belongs to the black list, the safety information of the website is inquired for the server, and the safety information of the website returned by the server is used as a judging result of the website.
Optionally, the method further comprises: and if the website does not belong to the white list or the black list, the malicious website judging module initiates a cloud query request of the website to the server, and the cloud query result of the website returned by the server is used as the judging result of the website.
Optionally, the method further comprises: and the cloud query result returned by the local cache server of the browser is used for subsequent malicious website judgment.
Optionally, the white list and/or the black list are downloaded to the local browser after being updated on the server side.
Optionally, the input information is Chinese characters or English; the obtaining of the recommended website corresponding to the input information according to the input information includes: matching the input information with the websites in the website set to obtain more than one recommended website; wherein the website set comprises at least one of the following: the method comprises the steps of local browsing history of a browser, local favorites and cloud websites provided by a server.
Optionally, the prompting, displaying, at the browser side, a determination result of the recommended website by the malicious website determination module includes: displaying each recommended website in a pull-down prompt box of a browser address bar, and displaying a corresponding judgment result of each recommended website on the left side of the pull-down prompt box; or displaying the judgment result of the recommended website in a popup window mode.
Optionally, when the browser initiates a request for the malicious website after receiving an instruction for the user to access the recommended website of which the determination result is the malicious website, the method further includes: and intercepting the malicious website and/or prompting a user.
Optionally, the method further comprises: and taking the white list, the black list and the cached cloud query result as personal data of the browser user for synchronous storage.
According to another aspect of the present invention, there is provided a malicious website prompting apparatus, including: a prompt module and a malicious website judging module, wherein,
the prompting module is suitable for acquiring input information of a user in a browser address bar, acquiring a recommended website corresponding to the input information according to the input information, initiating a request for judging whether the recommended website is a malicious website to the malicious website judging module, and prompting and displaying a judgment result of the malicious website judging module on the recommended website at the browser side;
the malicious website judging module is suitable for judging whether the recommended website is a malicious website according to the request of the prompting module and returning the judging result to the prompting module;
wherein, the malicious website determining module comprises: a storage sub-module and a judgment sub-module, wherein,
the storage submodule is suitable for storing a white list;
and the judging submodule is suitable for judging whether each website in the recommended websites belongs to a white list, judging the website as credible if the website belongs to the white list, and returning the judgment result to the prompting module.
Optionally, the storage submodule is further adapted to store a blacklist;
the judging submodule is further suitable for judging whether the website belongs to a blacklist or not when the website does not belong to a white list, inquiring the security information of the website from the server if the website belongs to the blacklist, and returning the security information of the website returned by the server to the prompting module as a judgment result of the website.
Optionally, the determining sub-module is further adapted to initiate a cloud query request of the website to the server when the website does not belong to the white list or the black list, and take a cloud query result of the website returned by the server as a determination result of the website.
Optionally, the malicious website determining module further includes: a cache submodule;
the judging submodule is further suitable for storing the cloud query result of the website returned by the server into the caching submodule;
and the cache submodule is suitable for storing the cloud query result sent by the judgment submodule for use in subsequent malicious website judgment.
Optionally, the malicious website determining module further includes: updating a downloading submodule;
and the updating and downloading submodule is suitable for downloading the updated white list and/or black list from the server side and storing the updated white list and/or black list in the storage submodule.
Optionally, the prompting module is adapted to obtain input information of a user in a browser address bar, where the input information is matched with websites in a website set to obtain more than one recommended website; wherein the website set comprises at least one of the following: the method comprises the steps of local browsing history of a browser, local favorites and cloud websites provided by a server.
Optionally, the prompt module is adapted to display each recommended website in a pull-down prompt box of the browser address bar, and display a corresponding determination result of each recommended website on the left side of the pull-down prompt box; or the prompt module is suitable for displaying the judgment result of the recommended website in a popup window mode.
Optionally, the apparatus further comprises: and the malicious website intercepting module is suitable for intercepting the malicious website and/or prompting the user through the prompting module when the browser initiates a request for the malicious website after receiving an instruction for accessing the recommended website with the judgment result of the malicious website from the user.
Optionally, the apparatus further comprises: and the synchronous storage module is suitable for synchronously storing the white list and the black list in the storage sub-module and the cloud query result in the cache sub-module as personal data of the browser user.
According to the malicious website prompting method and device, the input information of a user in the browser address bar is obtained, the recommended website corresponding to the input information is obtained according to the input information, a request for judging whether the recommended website is a malicious website is initiated to the malicious website judging module at the browser side, and the technical scheme that the judging result of the malicious website judging module on the recommended website is prompted and displayed at the browser side is adopted, so that when the user inputs the information in the browser address bar, the malicious website can be judged and prompted before the browser initiates actual access, the efficiency of judging the malicious website is accelerated, the problem that in the prior art, the malicious website can be confirmed only when the user confirms that a certain website initiates the request of the website, the user knows whether the website is a malicious website after clicking, and the experience is poor is solved, the prompt of whether the website is malicious or not is obtained in the process that the user inputs the website in the browser address bar, and the beneficial effect of improving the user experience is achieved.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 is a flowchart illustrating a malicious website prompting method according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating a malicious website determining method of a malicious website determining module provided in a browser according to an embodiment of the present invention;
FIG. 3 is a diagram illustrating malicious website prompting in a pull-down prompt box of a browser according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram illustrating a malicious website prompting device according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram illustrating a malicious website prompting device according to another embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
Fig. 1 shows a flowchart of a malicious website prompting method according to an embodiment of the present invention. If a malicious website determining module is arranged in the browser, referring to fig. 1, the method includes:
step S110, acquiring input information of a user in an address bar of the browser.
In an embodiment of the present invention, the obtained information input by the user in the address bar of the browser may be chinese characters, or english, or characters in any other language.
And step S120, acquiring a recommended website corresponding to the input information according to the input information.
In an embodiment of the present invention, the input information may be matched with websites in the website set to obtain more than one recommended website. The set of web sites described herein may include at least one of: the method comprises the steps of local browsing history of a browser, local favorites and cloud websites provided by a server. That is, in an embodiment of the present invention, the input information may be matched with a local browsing history of the browser, a local favorite, and a website in the cloud websites provided by the server, where the matched website is a recommended website, and the number of the recommended websites obtained through matching may be one or more.
Step S130, a request for determining whether the recommended website is a malicious website is initiated to the malicious website determination module on the browser side.
And step S140, prompting and displaying a judgment result of the malicious website judgment module on the recommended website at the browser side.
In an embodiment of the present invention, each recommended website may be displayed in a pull-down prompt box of the browser address bar, and a corresponding determination result of each recommended website may be displayed on the left side of the pull-down prompt box. Alternatively, in another embodiment of the present invention, the determination result of the recommended website is displayed in the form of a pop-up window.
By the method shown in fig. 1, when the user inputs information in the address bar of the browser, that is, before the browser initiates actual access, the malicious website can be judged and prompted, so that the efficiency of judging the malicious website is improved. Compared with the prior art, the malicious website is confirmed only when the user confirms that a request of initiating the website by clicking a certain website is sent, so that the user can know whether the website is the malicious website after clicking the website, and the user experience is greatly improved.
In an embodiment of the present invention, the malicious website determining module at the browser side may determine whether each website in the recommended websites is a malicious website by the following method: and for each website in the recommended websites, judging whether the website belongs to a white list by a malicious website judging module, and judging the website as credible by the malicious website judging module if the website belongs to the white list. In this way, a trusted website among the recommended websites can be confirmed.
In an embodiment of the present invention, after the malicious website determining module at the browser side performs the determination according to the white list, the following determination may be performed: if a certain website does not belong to the white list, the malicious website judging module judges whether the website belongs to the black list, if the website belongs to the black list, the security information of the website is inquired for the server, and the security information of the website returned by the server is used as a judging result of the website. This makes it possible to further recognize an untrusted site among the recommended sites.
In an embodiment of the present invention, after the malicious website determining module at the browser side performs the determination according to the white list and the black list, the following determination may be performed: and if a certain website does not belong to the white list or the black list, the malicious website judgment module initiates a cloud query request of the website to the server, and the cloud query result of the website returned by the server is used as the judgment result of the website. Therefore, the information of whether a batch of websites in the recommended websites are malicious websites can be further supplemented.
In an embodiment of the present invention, the cloud query result returned by the local cache server of the browser may be used in subsequent malicious website judgment. Therefore, the judgment efficiency of the malicious website can be improved.
Here, the black list and the white list are both a set of websites, where the websites included in the black list are untrustworthy websites, and the websites included in the white list are trusted websites. The black list and the white list may be manually set by the user himself.
In an embodiment of the present invention, the white list, the black list, or both the white list and the black list are downloaded to the local browser after being updated on the server side, so as to speed up the efficiency of the cloud query, otherwise, the browser side may have a large number of cloud query requests. The number of queries can be saved due to the determined blacklists and whitelists which are updated in time. Under the condition that the blacklist and the white list are not updated in time, the malicious website can be judged through the cloud query result cached in the local browser, and therefore the malicious website can be judged efficiently and accurately when the blacklist and the white list are not updated in time.
Specifically, in an embodiment of the present invention, when a user inputs a keyword (chinese character or english) in an address bar of a browser, the browser performs matching on a website in a local browsing history, a local favorite, and a cloud website provided by a server in the background, and prompts a matched URL in a pull-down prompt box of the address bar. A malicious website determining module disposed in the browser determines whether each URL in the pull-down prompt box is a malicious website, as shown in fig. 2.
Fig. 2 is a flowchart illustrating a malicious website determining method of a malicious website determining module provided in a browser according to an embodiment of the present invention. As shown in fig. 2, for each website (URL) that needs to be determined, the malicious website determining module performs the following steps:
step S210, determine whether the URL belongs to the white list, if yes, execute step S220, otherwise execute step SS 230.
And step S220, directly performing normal kernel rendering and loading on the URL, and displaying the URL as a trusted website. The flow is ended.
Step S230, determining whether the URL belongs to the blacklist, if so, performing step S240, otherwise, performing step SS 250.
Step S240, a request is made to the web shield server, the security information of the URL is scrutinized, the web shield server returns the security information query result of the URL, and the browser side displays the security information of the URL. The flow is ended.
And step S250, if the blacklist and the white list are not matched, performing cloud website security query of the URL to the web shield server side, and returning a cloud query result to the browser side after the web shield server queries and detects any security information.
And step S260, the browser side correspondingly displays the cloud query result of the URL in the address prompt bar and locally caches the cloud query result in the browser. The flow is ended.
As can be seen from the above process shown in fig. 2, in this embodiment, for the URL to be determined, the malicious website determining module first determines the black and white list in the first round, and if the URL does not belong to either the white list or the black list, the malicious website determining module performs the cloud website security query process in the second round. Therefore, after the first and second rounds of judgment, the judgment on whether the URL is a malicious website can be completed. For each URL matched with the key input by the user, the judgment shown in fig. 2 is carried out one by one, so that the judgment of all matched URLs can be realized, and the judgment result is displayed in a pull-down prompt box of the browser address bar.
Fig. 3 is a schematic diagram illustrating malicious website prompting in a pull-down prompt box of a browser according to an embodiment of the present invention. As shown in fig. 3, in this embodiment, the matched recommended websites are displayed on the left side of the pull-down prompt box of the browser, and the determination results of the recommended websites are correspondingly displayed on the right side of the pull-down prompt box.
In other embodiments of the present invention, the URL which is a malicious website may also be prompted in the form of a pop-up box.
According to the technical scheme of the invention, the matched URL can be judged in advance whether to be a malicious website or not under the condition of not opening the webpage, and the requirement of the user on the network security is met.
In an embodiment of the present invention, if the user still accesses the recommended website whose determination result is the malicious website, the present invention further intercepts the malicious website. After receiving an instruction of a user for accessing the URL determined as the malicious website, when the browser initiates a request for the malicious website, intercepting the malicious website or prompting the user, or intercepting the malicious website and prompting the user.
In an embodiment of the present invention, the white list, the black list, and the cached cloud query result may also be synchronously saved as personal data of the browser user. That is, when different users use different accounts to use the browser, the browser can provide different personalized services for the users with different accounts. The user can set a black and white list according to own preference under own account. In this way, different network security services can be provided for different users according to the preference of the users.
Fig. 4 is a schematic structural diagram illustrating a malicious website prompting device according to an embodiment of the present invention. The malicious website prompting device 400 is capable of prompting a malicious website, referring to fig. 4, the malicious website prompting device 400 includes: a prompt module 410 and a malicious website decision module 420.
The prompting module 410 is adapted to obtain input information of a user in an address bar of a browser, obtain a recommended website corresponding to the input information according to the input information, initiate a request for judging whether the recommended website is a malicious website to the malicious website judging module 420, and prompt and display a judgment result of the recommended website by the malicious website judging module 420 on the browser side;
the malicious website determining module 420 is adapted to determine whether the recommended website is a malicious website according to the request of the prompting module 410, and return the determination result to the prompting module 410.
The malicious website prompting device shown in fig. 4 can judge and prompt a malicious website when a user inputs information in the browser address bar, that is, before the browser initiates actual access, so that the efficiency of judging the malicious website is improved. Compared with the prior art, the malicious website is confirmed only when the user confirms that a request of initiating the website by clicking a certain website is sent, so that the user can know whether the website is the malicious website after clicking the website, and the user experience is greatly improved.
Fig. 5 is a schematic structural diagram illustrating a malicious website prompting device according to another embodiment of the present invention. The malicious website prompting device 500 is capable of prompting a malicious website, and referring to fig. 5, the malicious website prompting device 500 includes: a prompt module 510, a malicious website determination module 520 and a malicious website interception module 530.
The prompting module 510 is adapted to obtain input information of a user in an address bar of a browser, obtain a recommended website corresponding to the input information according to the input information, initiate a request for determining whether the recommended website is a malicious website to the malicious website determining module 520, and prompt and display a determination result of the recommended website by the malicious website determining module 520 on a browser side.
Specifically, the prompt module 510 obtains input information of chinese characters or english words in the address bar of the browser of the user, matches the input information with websites in the website set, and obtains more than one recommended website. Wherein the website set comprises at least one of the following: the method comprises the steps of local browsing history of a browser, local favorites and cloud websites provided by a server.
The prompt module 510 may display each recommended website in a pull-down prompt box of the browser address bar, and display a corresponding determination result of each recommended website on the left side of the pull-down prompt box. Alternatively, the prompt module 510 may display the determination result of each recommended website in a pop-up window form.
The malicious website determining module 520 is adapted to determine whether the recommended website is a malicious website according to the request of the prompting module 510, and return the determination result to the prompting module 510.
The malicious website intercepting module 530 is adapted to intercept the malicious website and/or prompt the user through the prompting module when the browser initiates a request for the malicious website after receiving an instruction for accessing the recommended website of which the determination result is the malicious website from the user, so as to further enhance network security.
Here, the malicious website intercepting module 530 is an optional module. In an embodiment of the present invention, if it is only necessary to prompt the user in advance which websites are malicious websites, and no interception or related prompt is needed when the user actually accesses the malicious websites, the malicious website interception module 530 may be omitted.
The following describes in detail whether the recommended website is a malicious website specifically determined by the malicious website determination module 520. Specifically, in this embodiment, the malicious website determining module 520 includes: the storage submodule 521, the judgment submodule 522, the cache submodule 523, the update downloading submodule 524 and the synchronous storage submodule 525.
Wherein the storage submodule 521 is adapted to store a white list. The determining sub-module 522 is adapted to determine whether each of the recommended websites belongs to the white list, determine the website as a trusted website if the website belongs to the white list, and return the determination result to the prompting module 510. In this way, a trusted website among the recommended websites can be confirmed.
The storage submodule 521 may further store a black list. The determining sub-module 522 may further determine whether the website belongs to the blacklist when the website does not belong to the whitelist, query the server for the security information of the website if the website belongs to the blacklist, and return the security information of the website returned by the server to the prompting module 510 as the determination result of the website. This makes it possible to further recognize an untrusted site among the recommended sites.
The determining sub-module 522 may further initiate a cloud query request of the website to the server when the website does not belong to the white list or the black list, and take a cloud query result of the website returned by the server as a determination result of the website. Therefore, the information of whether a batch of websites in the recommended websites are malicious websites can be further supplemented.
The determining sub-module 522 may further store the cloud query result of the website returned by the server in the caching sub-module 523. The cache sub-module 523 stores the cloud query result sent by the determining sub-module 522 for use in subsequent malicious website determination. Therefore, the judging efficiency and the judging accuracy of the malicious website can be improved.
The update download submodule 524 is adapted to download the updated white list and/or black list from the server side and store the same in the storage submodule 521. This may increase the efficiency of cloud queries by decision submodule 522, which may require a large number of cloud query requests by decision submodule 522. The number of queries can be saved due to the determined blacklists and whitelists which are updated in time. Under the condition that the black list and the white list are not updated in time, the malicious website can be judged according to the cloud query result stored in the cache submodule 523, so that the malicious website can be judged efficiently and accurately when the black list and the white list are not updated in time.
And the synchronous storage module 525 is adapted to store the white list and the black list in the storage submodule 521 and the cloud query result in the cache submodule 523 as the personal data of the browser user synchronously. Therefore, when different users use different accounts to use the browser, the browser can provide different personalized services for the users with different accounts. The user can set a black and white list according to own preference under own account. In this way, different network security services can be provided for different users according to the preference of the users.
In summary, the malicious website prompting method and device of the present invention can obtain the input information of the user in the browser address bar, obtain the recommended website corresponding to the input information according to the input information, initiate a request for judging whether the recommended website is a malicious website to the malicious website determining module at the browser side, and prompt and display the judgment result of the malicious website determining module on the browser side, can judge and prompt the malicious website before the browser initiates actual access when the user inputs information in the browser address bar, and accelerate the efficiency of judging the malicious website, thereby solving the problem that the prior art can confirm the malicious website only when the user confirms that a request for initiating the website is clicked by a certain website, so that the user knows whether the website is a malicious website after clicking the website, the problem of poor experience is solved, the prompt whether the website is malicious or not is obtained in the process that the user inputs the website in the browser address bar, and the beneficial effect of user experience is improved.
It should be noted that:
the algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
The various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. It will be understood by those skilled in the art that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functions of some or all of the components in the malicious web address prompting device according to the embodiments of the present invention. The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.
Claims (18)
1. A malicious website prompting method for a browser is provided, wherein a malicious website determining module is arranged in the browser, and the method comprises the following steps:
acquiring input information of a user in an address bar of a browser;
acquiring a recommended website corresponding to the input information according to the input information;
initiating a request for judging whether the recommended website is a malicious website to a malicious website judging module at the browser side, judging whether the website belongs to a white list or not by the malicious website judging module for each website in the recommended websites, and judging the website to be credible by the malicious website judging module if the website belongs to the white list;
and prompting and displaying a judgment result of the malicious website judgment module on the recommended website at the browser side.
2. The method of claim 1, wherein the method further comprises:
if the website does not belong to the white list, the malicious website judging module judges whether the website belongs to the black list, if the website belongs to the black list, the safety information of the website is inquired for the server, and the safety information of the website returned by the server is used as a judging result of the website.
3. The method of claim 2, wherein the method further comprises:
and if the website does not belong to the white list or the black list, the malicious website judging module initiates a cloud query request of the website to the server, and the cloud query result of the website returned by the server is used as the judging result of the website.
4. The method of claim 3, wherein the method further comprises:
and the cloud query result returned by the local cache server of the browser is used for subsequent malicious website judgment.
5. The method of claim 2, wherein,
the white list and/or the black list are downloaded to the local browser after being updated on the server side.
6. The method of claim 1, wherein the input information is chinese characters or english;
the obtaining of the recommended website corresponding to the input information according to the input information includes: matching the input information with the websites in the website set to obtain more than one recommended website;
wherein the website set comprises at least one of the following: the method comprises the steps of local browsing history of a browser, local favorites and cloud websites provided by a server.
7. The method of claim 1, wherein the prompting, at the browser side, of displaying a determination result of the recommended website by a malicious website determination module comprises:
displaying each recommended website in a pull-down prompt box of a browser address bar, and displaying a corresponding judgment result of each recommended website on the left side of the pull-down prompt box;
or,
and displaying the judgment result of the recommended website in a popup window mode.
8. The method according to any one of claims 1 to 7, wherein when the browser initiates a request for the malicious website after receiving an instruction for accessing the recommended website determined as the malicious website by the user, the method further comprises:
and intercepting the malicious website and/or prompting a user.
9. The method of any one of claims 4 to 7, wherein the method further comprises:
and taking the white list, the black list and the cached cloud query result as personal data of the browser user for synchronous storage.
10. A malicious website prompting device comprises: a prompt module and a malicious website judging module, wherein,
the prompting module is suitable for acquiring input information of a user in a browser address bar, acquiring a recommended website corresponding to the input information according to the input information, initiating a request for judging whether the recommended website is a malicious website to the malicious website judging module, and prompting and displaying a judgment result of the malicious website judging module on the recommended website at the browser side;
the malicious website judging module is suitable for judging whether the recommended website is a malicious website according to the request of the prompting module and returning the judging result to the prompting module;
wherein, the malicious website determining module comprises: a storage sub-module and a judgment sub-module, wherein,
the storage submodule is suitable for storing a white list;
and the judging submodule is suitable for judging whether each website in the recommended websites belongs to a white list, judging the website as credible if the website belongs to the white list, and returning the judgment result to the prompting module.
11. The apparatus of claim 10, wherein,
the storage submodule is further suitable for storing a blacklist;
the judging submodule is further suitable for judging whether the website belongs to a blacklist or not when the website does not belong to a white list, inquiring the security information of the website from the server if the website belongs to the blacklist, and returning the security information of the website returned by the server to the prompting module as a judgment result of the website.
12. The apparatus of claim 11, wherein,
the judging submodule is further suitable for initiating a cloud query request of the website to the server when the website does not belong to the white list or the black list, and taking a cloud query result of the website returned by the server as a judging result of the website.
13. The apparatus of claim 12, wherein the malicious web address determination module further comprises: a cache submodule;
the judging submodule is further suitable for storing the cloud query result of the website returned by the server into the caching submodule;
and the cache submodule is suitable for storing the cloud query result sent by the judgment submodule for use in subsequent malicious website judgment.
14. The apparatus of claim 11, wherein the malicious web address determination module further comprises: updating a downloading submodule;
and the updating and downloading submodule is suitable for downloading the updated white list and/or black list from the server side and storing the updated white list and/or black list in the storage submodule.
15. The apparatus of claim 10, wherein,
the prompting module is suitable for acquiring Chinese character or English input information of a user in an address bar of the browser, and the input information is matched with websites in the website set to obtain more than one recommended website;
wherein the website set comprises at least one of the following: the method comprises the steps of local browsing history of a browser, local favorites and cloud websites provided by a server.
16. The apparatus of claim 10, wherein,
the prompting module is suitable for displaying each recommended website in a pull-down prompting frame of the browser address bar and displaying a corresponding judgment result of each recommended website on the left side of the pull-down prompting frame;
or,
and the prompting module is suitable for displaying the judgment result of the recommended website in a popup window mode.
17. The apparatus of any one of claims 10 to 16, wherein the apparatus further comprises: a malicious website intercepting module;
the malicious website intercepting module is suitable for intercepting the malicious website and/or prompting the user through the prompting module when the browser initiates a request for the malicious website after receiving an instruction for accessing the recommended website of which the judgment result is the malicious website from the user.
18. The apparatus of any one of claims 13 to 16, wherein the apparatus further comprises: a synchronous saving module;
and the synchronous storage module is suitable for synchronously storing the white list and the black list in the storage sub-module and the cloud query result in the cache sub-module as personal data of the browser user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210450998.6A CN102938766B (en) | 2012-11-12 | 2012-11-12 | Maliciously website prompt method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210450998.6A CN102938766B (en) | 2012-11-12 | 2012-11-12 | Maliciously website prompt method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102938766A true CN102938766A (en) | 2013-02-20 |
| CN102938766B CN102938766B (en) | 2016-08-24 |
Family
ID=47697634
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210450998.6A Expired - Fee Related CN102938766B (en) | 2012-11-12 | 2012-11-12 | Maliciously website prompt method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102938766B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102946391A (en) * | 2012-11-12 | 2013-02-27 | 北京奇虎科技有限公司 | Method for prompting malicious website in browser and browser |
| CN103491543A (en) * | 2013-09-30 | 2014-01-01 | 北京奇虎科技有限公司 | Method for detecting malicious websites through wireless terminal, and wireless terminal |
| CN104052722A (en) * | 2013-03-15 | 2014-09-17 | 腾讯科技(深圳)有限公司 | Web address security detection method, apparatus and system |
| CN104504058A (en) * | 2014-12-18 | 2015-04-08 | 北京奇虎科技有限公司 | Web page presentation method and browser device |
| CN104580348A (en) * | 2013-10-15 | 2015-04-29 | 谷歌公司 | Accessing location-based content |
| CN105094560A (en) * | 2015-08-10 | 2015-11-25 | 联想(北京)有限公司 | Information processing method and electronic equipment |
| CN105550266A (en) * | 2015-12-09 | 2016-05-04 | 百度在线网络技术(北京)有限公司 | Website address associated information display method and device |
| CN105959280A (en) * | 2016-04-28 | 2016-09-21 | 北京奇虎科技有限公司 | Malicious website intercepting method and device |
| CN106713266A (en) * | 2016-11-14 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Method, device, terminal and system for preventing information leakage |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102355469A (en) * | 2011-10-31 | 2012-02-15 | 北龙中网(北京)科技有限责任公司 | Method for displaying credibility certification for website in address bar of browser |
| CN102467633A (en) * | 2010-11-19 | 2012-05-23 | 奇智软件(北京)有限公司 | Method and system for safely browsing webpage |
| CN102708132A (en) * | 2012-03-06 | 2012-10-03 | 奇智软件(北京)有限公司 | Method and system for webpage recommendation |
| CN102724186A (en) * | 2012-06-06 | 2012-10-10 | 珠海市君天电子科技有限公司 | System and method for detecting phishing websites |
| CN102946391A (en) * | 2012-11-12 | 2013-02-27 | 北京奇虎科技有限公司 | Method for prompting malicious website in browser and browser |
-
2012
- 2012-11-12 CN CN201210450998.6A patent/CN102938766B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102467633A (en) * | 2010-11-19 | 2012-05-23 | 奇智软件(北京)有限公司 | Method and system for safely browsing webpage |
| CN102355469A (en) * | 2011-10-31 | 2012-02-15 | 北龙中网(北京)科技有限责任公司 | Method for displaying credibility certification for website in address bar of browser |
| CN102708132A (en) * | 2012-03-06 | 2012-10-03 | 奇智软件(北京)有限公司 | Method and system for webpage recommendation |
| CN102724186A (en) * | 2012-06-06 | 2012-10-10 | 珠海市君天电子科技有限公司 | System and method for detecting phishing websites |
| CN102946391A (en) * | 2012-11-12 | 2013-02-27 | 北京奇虎科技有限公司 | Method for prompting malicious website in browser and browser |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102946391A (en) * | 2012-11-12 | 2013-02-27 | 北京奇虎科技有限公司 | Method for prompting malicious website in browser and browser |
| CN102946391B (en) * | 2012-11-12 | 2016-09-28 | 北京奇虎科技有限公司 | The method of prompting malice network address and a kind of browser in a kind of browser |
| CN104052722A (en) * | 2013-03-15 | 2014-09-17 | 腾讯科技(深圳)有限公司 | Web address security detection method, apparatus and system |
| CN103491543A (en) * | 2013-09-30 | 2014-01-01 | 北京奇虎科技有限公司 | Method for detecting malicious websites through wireless terminal, and wireless terminal |
| CN104580348A (en) * | 2013-10-15 | 2015-04-29 | 谷歌公司 | Accessing location-based content |
| CN104504058B (en) * | 2014-12-18 | 2018-10-09 | 北京奇虎科技有限公司 | A kind of page display method and browser device |
| CN104504058A (en) * | 2014-12-18 | 2015-04-08 | 北京奇虎科技有限公司 | Web page presentation method and browser device |
| CN105094560A (en) * | 2015-08-10 | 2015-11-25 | 联想(北京)有限公司 | Information processing method and electronic equipment |
| CN105094560B (en) * | 2015-08-10 | 2021-08-13 | 联想(北京)有限公司 | Information processing method and electronic equipment |
| CN105550266A (en) * | 2015-12-09 | 2016-05-04 | 百度在线网络技术(北京)有限公司 | Website address associated information display method and device |
| CN105959280B (en) * | 2016-04-28 | 2019-10-15 | 北京奇虎科技有限公司 | The hold-up interception method and device of malice network address |
| CN105959280A (en) * | 2016-04-28 | 2016-09-21 | 北京奇虎科技有限公司 | Malicious website intercepting method and device |
| CN106713266A (en) * | 2016-11-14 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Method, device, terminal and system for preventing information leakage |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102938766B (en) | 2016-08-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102938766B (en) | Maliciously website prompt method and device | |
| US9832210B2 (en) | Multi-core browser and method for intercepting malicious network address in multi-core browser | |
| CN102946391B (en) | The method of prompting malice network address and a kind of browser in a kind of browser | |
| CN102932356B (en) | Malice network address hold-up interception method and device in multi-core browser | |
| CN103268442B (en) | A kind of method and apparatus realizing secure access video website | |
| WO2018099219A1 (en) | Method and device for detecting phishing website | |
| CN102647417B (en) | The implementation method of network access, device and system and network system | |
| US20130159873A1 (en) | Browser supporting multiple users | |
| US20170154013A9 (en) | Ad blocking page display method and device | |
| CN106911693B (en) | Method and device for detecting hijacking of webpage content and terminal equipment | |
| US20140041029A1 (en) | Method and system for processing website address risk detection | |
| US20100306184A1 (en) | Method and device for processing webpage data | |
| WO2013044757A1 (en) | Method, device and system for detecting security of download link | |
| CN105653526B (en) | Page access method and apparatus | |
| CN108282443B (en) | Crawler behavior identification method and device | |
| CN102185830A (en) | Method and system for security filtration of network television browser | |
| CN105791293B (en) | Malice network address hold-up interception method and device in multi-core browser | |
| CN103366011A (en) | Method and device for visiting authenticated websites by browser address bar | |
| GB2542140A (en) | Controlling access to web resources | |
| US9191392B2 (en) | Security configuration | |
| CN106909579A (en) | Browser-presented method and device | |
| CN103116725A (en) | Screen locking method, device and browser for webpage | |
| CN106649792B (en) | Page access method and device | |
| US11741171B2 (en) | System, method and computer program product for alerting users to websites new to the web | |
| CN109829293B (en) | Method, device and system for defending browser, storage medium and electronic device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220718 Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20160824 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |