Specific embodiment
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although the disclosure is shown in accompanying drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure and should not be by embodiments set forth here
Limited.On the contrary, there is provided these embodiments are able to be best understood from the disclosure, and can be by the scope of the present disclosure
Complete conveys to those skilled in the art.
The technological means detected for the single URL of the utilization of prior art presence can not effectively detect malice
Website, thus the technical problem of the web page browsing safety of client can not be real-time, quickly and efficiently protected, the invention provides one
Plant scheme web page access behavior processed using refer chains.For the page that active user is accessing, its refer
Information is the URL of the parent page of the current page, that is, be linked to the URL of the previous stage page of the current page.Basis of the present invention
The URL for being linked to some grades of pages of current page obtains refer chains, using refer chains come to web page access behavior
Reason.
Fig. 1 shows the flow process of the method 100 processed by web page access behavior according to an embodiment of the invention
Figure.In the present embodiment, current page is referred to as the i-stage page, i >=2, the i-stage page are by the i-stage chain of initial page
Connect the opened page.Generally, after user opens browser, the initial page of browser access acquiescence is existed by user
Address field input triggering initial page access request, by user in initial page clickthrough or other side of link
Formula is linked to the 2nd grade of page by initial page, by user on the 2nd grade of page clickthrough or other on-link mode (OLM)s by
, to the 3rd level page, the rest may be inferred for 2 grades of page links, finally by the i-th -1 grade page link to the i-stage page.For example, use
Family is input into www.so.com in address field after opening browser, and the page is exactly initial page(Its URL is represented with A below);
Then, user is input into " telephone recharge " in search column, clicks on search button, and browser can jump to http://www.so.com/s?
Ie=utf-8&src=360sou_home&q=%E8%AF%9D%E8%B4%B9%E5%85%85%E 5%80%BC, the page are the 2nd grade
The page(Its URL is represented with B below);The 2nd grade of page provides a lot of links, and user clicks on one of link, browser
The corresponding page http of this link can be jumped to://chongzhi.360.cn/mobile/, the page are the 3rd level page(Use below
C is representing its URL);User clicks on " network game point card " link on the 3rd level page, and browser can jump to http://
Chongzhi.360.cn/GameCard/index, the page are the 4th grade of page(Its URL is represented with D below).
As shown in figure 1, this method 100 starts from step S101, the wherein browser of client monitors the access of the i-stage page
Request.The access request of the i-stage page is that user is triggered in the i-th -1 grade page clickthrough or other on-link mode (OLM)s.?
In above-mentioned example, user clicks on " network game point card " link on the 3rd level page, and browser will monitor the 4th grade of page:
http:The access request of //chongzhi.360.cn/GameCard/index.
After the access request for monitoring the i-stage page, browser will load the i-stage page, in the loading i-stage page
During, obtain the refer chains of the page ID comprising the i-stage page, i.e. step S102.Refer chains include initial page to i-th
The page ID of the level page and URL, the page ID of the pages wherein at different levels is that browser is given birth to by the page during loading page
Into unique ID, its index value as the URL of the page in refer chains.Browser is looked into by the page ID of the i-stage page
Ask the refer chains that URL and the i-stage page comprising the i-stage page are the afterbody pages.For example, refer chains be A (ID1)->
B(ID2)->C(ID3)->D (ID4), wherein A, B, C and D are respectively the URL of the pages at different levels, and ID1, ID2, ID3 and ID4 are respectively
The page ID of the pages at different levels.In browser loading page D, the page ID 4 according to page D inquires above-mentioned refer chains.
In the examples described above, during the 4th grade of page is loaded, following refer chains will be obtained:
A(ID1)->B(ID2)->C(ID3)->D(ID4)
After step s 102, method 100 enters step S103, all URL that wherein refer chains are included by client
It is sent to server.The URL of the pages at different levels that refer chains only can be included by client reports server, need not report
The page ID of the pages at different levels.For refer chains:A(ID1)->B(ID2)->C(ID3)->D (ID4), client is by A->B->C->
D is sent to server.Alternatively, according to the cloud vlan query protocol VLAN between server, refer chains can be included by this method
All URL are encrypted to ciphertext and are sent to server.Here, the present invention all URL can be carried out using reversible encryption method plus
Close, it would however also be possible to employ irreversible encryption method is encrypted to all URL.For example, calculate refer chains included each
The characteristic value of URL is used as ciphertext.Alternatively, characteristic value can MD5 according to(Message Digest Algorithm, message
Digest algorithm the 5th edition)Calculated cryptographic Hash, or SHA1(Secure Hash Algorithm, Secure Hash Algorithm)Code,
Or CRC(Cyclic Redundancy Check, CRC)Code etc. can unique mark prime information condition code.Need
Illustrate, when the ciphertext of URL being uploaded to cloud security service device, need shielding first carry the net of user cipher
Location character string, does not upload such URL, to ensure the safety of user profile
After step s 103, method 100 enters step S104, and what wherein server lookup refer chains were included owns
Whether URL belongs to the blacklist and/or white list database of server preservation, obtains Query Result.If in client-side,
All URL that refer chains are included are encrypted through reversible encryption method, then ciphertext of the server first to receiving
It is decrypted, obtains all URL that refer chains are included;Accordingly, server is preserved blacklist and/or white list data
In storehouse, that storage is URL, after all URL that server obtains that refer chains are included, inquires about blacklist and/or white list
Database, obtains whether these URL belong to blacklist or whether belong to the Query Result of white list.If in client-side,
The URL included by refer chains is encrypted through irreversible encryption method, accordingly, server preserve blacklist and/or
Stored in white list database is also the characteristic value of corresponding URL, obtains all URL that refer chains are included in server
Characteristic value after, inquiry blacklist and/or white list database obtains whether these URL belong to blacklist or whether belong to
Query Result in white list.
After step s 104, method 100 enters step S105, and Query Result is entered by wherein server with default rule
Row coupling obtains matching result.Wherein default rule is to set according to the actual requirements, and its concrete regulation needs to carry out
The situation of indicating risk.Illustrate by taking two kinds of preset rules as an example below:
Rule one:The malice page or the dangerous page or the unknown page are jumped to through search engine
If Query Result shows that the URL of the i-stage page belongs to black list database, i.e. the i-stage page for the malice page
Or the dangerous page;Or, the URL of the i-stage page is not belonging to white list database, i.e. the i-stage page for the unknown page;And sentence
Break initial page be to redirect through search engine to arbitrary page in the i-th -1 grade page for searched page, i.e. the i-stage page and
Come, show that Query Result regular one is mated with this, it is indicating risk information to obtain matching result.
Alternatively, server also preserves searched page url list.In this step, judge initial page to the i-th -1 grade page
In face, whether the URL of arbitrary page belongs to searched page url list, if so, then judges initial page into the i-th -1 grade page
Arbitrary page is searched page.It should be noted that judging that searched page can also adopt other methods, this side is not limited only to
Method.
Rule two:Through the malice page or the dangerous page or unknown page jump to the payment page
If Query Result shows that the URL of the arbitrary page in initial page to the i-th -1 grade page belongs to blacklist data
Storehouse, the i.e. page are the malice page or the dangerous page;Or, the URL of the arbitrary page in initial page to the i-th -1 grade page is not
Belong to white list database, i.e., the page is the unknown page;And judge that the i-stage page, for paying the page, shows inquiry knot
Fruit is mated with the rule two, obtains matching result for indicating risk information.
Alternatively, server also preserves payment page url list.In this step, whether the URL of the i-stage page is judged
Belong to payment page url list, if so, then judge that the i-stage page is the payment page.It should be noted that judging to pay page
Face can also adopt other methods, be not limited only to this method.
Above-mentioned regular one and regular two is only two specific examples, and the present invention is not limited only to both rules, according to reality
Border demand, server can preset multiple rule for matching inquiry result.
After step S105, method 100 enters step S106, the coupling knot that wherein client the reception server is returned
Really.
Subsequently, method 100 enters step S107, the access of the browser of client according to matching result to the i-stage page
Behavior is processed.If the matching result for receiving is indicating risk information, browser prompts the user with risk.Alternatively,
Browser can provide a user with the option for intercepting current page and continuing to access current page, if user selects to intercept currently
The page, then browser the access behavior of current page is intercepted.Here prompt the user with risk to be specially:In user
The problematic page is marked on interface;Or, suspended window prompting is carried out when mouse is moved on on the page;If it is determined that to the page
Access behavior is intercepted, then can directly shield or cover the problematic page.
The method processed by web page access behavior for providing according to embodiments of the present invention, whenever monitoring by initial
After the links at different levels of the page are to the access request of new page, the corresponding refer chains of the new page obtained, refer chains are included
All URL report server, detect matching result by server according to these URL, by client according to the matching result
The access behavior of new page is processed.With prior art merely with new page URL carry out detection compared with, due to refer
The URL provided by chain is more, and coverage rate is wider, thus detection efficiency is higher, can more effectively protect client terminal web page clear
The security that lookes at.
Further, on the basis of above-described embodiment, also include the process for creating refer chains before step S102.
Existing browser provides the interface of the refer information for obtaining URL, i.e. get_refer interfaces.But, by get_refer
Refer information acquired in interface is only contained in the URL of the page accessed by the last time before accessing current page, that is, be linked to
The URL of the previous stage page of current page;Also, needs can be used longer from a page open to get_refer interfaces
Time, if the overlong time that can be spent needed for going again to be detected after use when get_refer interfaces.In order to
The refer chains being made up of the URL of the pages at different levels are obtained in real time, the invention provides the method for creating refer chains, the method is concrete
For:Whenever new page being opened by the links at different levels of initial page, be responsible for safeguarding that the process of refer chains obtains the page of new page
The page ID of the upper level page of face ID and URL and new page or URL, look into according to the page ID of the upper level page or URL
Corresponding refer chains are ask, the corresponding node of refer chains is created.
The flow chart that Fig. 2 shows the method 200 of establishment refer chains according to an embodiment of the invention.Such as Fig. 2 institutes
Show, method 200 starts from the 1st grade of node foundation step S201.In the 1st grade of node foundation step S201, initial page is being monitored
The page ID of initial page after the access request in face, is generated, the URL of initial page is obtained, the 1st grade of node of refer chains is created,
The page ID of initial page and URL are write refer chains as the information of the 1st grade of node.Acquiescence page for browser access
Face triggers the page for accessing by user in the input of address field, as initial page, creates a new refer
Chain.Specifically, after browser monitors the access request of initial page, the initial page can be loaded.In loading initial page
During, browser generates a unique ID as the page ID of the initial page, and obtains the URL of initial page.Its
The URL of middle initial page can be obtained by specified response event interface, such as by realizing the specified sound of standard plug-in unit mechanism
Answer event interface to obtain.
In IE(Internet Explorer)Browser auxiliary object used in browser(Browser Helper
Object, referred to as:BHO)Plugin Mechanism, can obtain IE currently loadings by responding " BeforeNavigate2 " event
URL.In red fox(Firefox)The specified response event interface that red fox extension mechanism is provided used in browser, obtains red fox clear
The URL of device of looking at currently loading.In Google(chrome)Netscape plug-in applications DLL used in browser(Netscape
Plugin Application Programming Interface, referred to as:NPAPI)Plugin Mechanism, obtains Google's browser and works as
The URL of front loading.In the page ID for obtaining initial page(Such as ID1)And URL(Such as A)Afterwards, using ID1 and A as the refer chains
The information of the 1st grade of node, creating refer chains is:A(ID1).Wherein, ID1 is index information.
It should be noted that in due to practical application, people use computer application environment, such as operating system, browse
Device type etc. is not quite similar, and therefore, the executive agent of each step aforementioned can also have multiple implementations.Can for example be
A kind of with identification and add the browser of mark function, wherein, browser can be browsing of carrying of Windows operating system
Device Internet Explorer(Abbreviation IE), and other third party's browsers.So-called third party's browser, is often referred to
The browser software of the non-IE run in Windows operating system, this kind of third party's browser would generally have for use because of which
The abundant unique function design at family and personalized extension, have provided the user many convenient applications.For example, same plug-in unit
Mechanism can run on polytype browser, for example, browser be IE, firefox, google chrome, safari,
Opera, QQ browser, browser of roaming, sogou browser or cheetah browser etc..
After the 1st grade of node foundation step S201, method 200 enters the process that circulation creates i-stage node.From i=2
Start, method 200 enters step S202, wherein after the access request for monitoring the i-stage page, generate the page of the i-stage page
Face ID, obtains page ID or the URL of the URL and the i-th -1 grade page of the i-stage page, and the i-stage page is the i-th -1 grade page
Page-level jump page.Herein by the chain by user's clickthrough or triggering of other user behaviors on the i-th -1 grade page
Connect mode to be redirected by the i-th -1 grade page link to the i-stage page referred to as page-level.Monitor in browser and redirect through page-level
The i-stage page access request after, the i-stage page can be loaded.During the loading i-stage page, browser generates one
Page IDs of the individual unique ID as the i-stage page, and obtain the URL of the i-stage page.The URL of the wherein i-stage page can
Obtained by specified response event interface, for example, obtained by realizing the specified response event interface of standard plug-in unit mechanism.
Concrete mode can be found in the associated description of the URL for being previously with regard to how to obtain initial page.
In order to find corresponding refer chains and continue thereon to create node, also need to obtain the in step S202
The page ID of the i-1 level pages or URL.The present invention provides two kinds of different sides for the different situations of browser access new page
Formula is obtaining the information of the i-th -1 grade page, a kind of mode(That is following manner one)It is applied to by new window or new label(tab)
Page opens the situation of the i-stage page;Another way(That is following manner two)It is applied to yet by current window or current label
Page opens the situation of the i-stage page.
Mode one:
First, the interface object pointer of the i-stage page, after the access request for monitoring the i-stage page, is obtained, according to connecing
The i-th -1 grade acquired during being written in the i-th -1 grade page of loading to the interface object of i-stage page page of mouth pointer to object
The page ID in face.Then, during the loading i-stage page, by reading the letter that provided of interface object of the i-stage page
Breath, obtains the page ID of the i-th -1 grade page.
Aforesaid way one is applied to by new window or new label(tab)Page opens the situation of the i-stage page.Browsed with IE
As a example by device, principle is realized by analyze that IE browser opens new window or new tab page, have found IE browser internal module wound
The relevant treatment function called by new window or new tab page is built, is captured(Hook)The function, is obtained using the return value of the function
New window or new tab page(Window or the tab page of the i-stage page will be loaded)Interface object pointer, such as IWEBBROWSER2
Pointer;As now browser does not have started the loading i-stage page, the page ID of the current page recorded by browser still exists
The page ID of the i-th -1 grade acquired page during the i-th -1 grade page of loading, therefore, now browser can be connect according to this
Mouth pointer to object writes the page ID of the i-th -1 grade page to IWEBBROWSER2 objects.After starting to load the i-stage page,
By reading the information provided by the IWEBBROWSER2 objects of the i-stage page, it is possible to obtain the page of the i-th -1 grade page
ID.
Mode two:
After the access request for monitoring the i-stage page and before the loading i-stage page, provided by browser
Get_locationURL interfaces obtain the URL of the i-th -1 grade page.
Aforesaid way two is applied to the situation for opening the i-stage page yet by current window or current label page.This
In the case of, due to being not turned on new window or new Shipping Options Page, so can not adopt, with one similar mode of mode, i-th -1 is obtained
The page ID of the level page.For such case, after the access request for monitoring the i-stage page, but in the i-stage page
Before " BeforeNavigate2 " event, get_locationURL interfaces provided still or the i-th -1 grade page
URL, hence with the URL that get_locationURL interfaces can obtain the i-th -1 grade page.
But, the step of the get_locationURL interfaces provided by browser obtain the URL of the i-th -1 grade page
Also need to afterwards judge whether the i-stage page to be opened by the input behavior triggering of browser address bar, specifically, can pass through root
Click and input action according to browser address bar is judging;If the determination result is YES, then the get_ that will be provided by browser
The URL of the i-th -1 grade page that locationURL interfaces are obtained is emptied, and the i-stage page is processed as initial page, is held
Row step S201;If judged result is no, execution step S203.
Aforesaid way one and mode two are respectively directed to different situations.If the i-stage page is by new window or new mark
Sign page open, then step S202 by the way one obtain the i-th -1 grade page page ID;If the i-stage page is
Opened by current window or current label page, then step S202 two obtains the i-th -1 grade page by the way
URL.If step S202 obtain be the i-th -1 grade page page ID, then follow-up then inquired about according to the page ID corresponding
Refer chains;If step S202 obtain be the i-th -1 grade page URL, then follow-up then inquired about according to the URL corresponding
Refer chains.
After step S202, method 200 enter step S203, wherein inquiry comprising the i-th -1 grade page page ID or
The refer chains of URL, create the i-stage node of the refer chains, using the page ID of the i-stage page and URL as i-stage node
Information.
Specifically, if in step S202, page ID that the i-th -1 grade page is acquired using aforesaid way one, that
Directly inquiry includes the refer chains of the page ID of the i-th -1 grade page.For example, if obtaining the 2nd grade by step S202
The page ID of the page is ID2, and URL is B, and the 1st grade of page(It is exactly initial page)Page ID be ID1, then in this step
In, refer chain of the inquiry comprising ID1, and the index information of the afterbody node of the refer chains is ID1, i.e. A (ID1);
Create the 2nd grade of node of the refer chains, using ID2 and B as the 2nd grade of node information, obtain refer chains for A (ID1)->B
(ID2).If in step S202, URL that the i-th -1 grade page is acquired using aforesaid way two, then then need to inquire about
The refer chains of the URL comprising the i-th -1 grade page.Process due to safeguarding refer chains be possible to maintenance have a plurality of comprising identical
The refer chains of URL, so this step is possible to inquire about the refer chains for obtaining a plurality of URL for including the i-th -1 grade page.But,
Due to aforesaid way two be suitable for open the i-stage page yet by current window or current label page in the case of, the page
The timing for redirecting is good, it is possible to select the refer chains of recent renewal as the refer chains of i-stage node to be created.
Alternatively, in the mode one of above-mentioned steps S202, it is also possible to only to the i-stage page interface object write i-th-
The URL of 1 grade of page, the information provided by the interface object for reading the i-stage page obtain the URL of the i-th -1 grade page.Connect
, in step S203, the refer chains of URL of the inquiry comprising the i-th -1 grade page, and inquiring the situation of a plurality of refer chains
Refer chain of the lower refer chains for selecting recent renewal as i-stage node to be created.But, due to fitted in aforesaid way one
By new window or new label(tab)In the case that page opens the i-stage page, the timing of page jump is poor, so
The degree of accuracy for searching the method for refer chains according to page ID can be higher than the method for searching refer chains according to URL.
Circulation executes above-mentioned steps S202 and step S203, thus creates complete refer chains.For above-mentioned example, institute
The refer chains of establishment are:A(ID1)->B(ID2)->C(ID3)->D(ID4).
During refer chains are created, in addition it is also necessary in view of a kind of special circumstances, i.e.,:When some pages are accessed, should
The page can occur situation about repeatedly redirecting automatically, such as 3xx etc. and redirect situation, referred to as redirect this redirecting between the page herein.
In IE browser, when the same page is accessed, BHO mechanism provides three events, respectively BeforeNavigate2,
NavigateComplete2 and DocumentComplete2.Under normal circumstances, the corresponding URL of three events is identical
, but if occur multiple 302 redirecting, following situation will occur:(BeforeNavigate2)url0->(302)url1->
(302)url2->(NavigateComplete2)url2->(DocumentComplete2)url2.If still with above-mentioned example
As a example by, in accession page C, page C is likely to occur and repeatedly redirects automatically, jumps to C1 and C2 successively.Therefore, if it happens
Situation about redirecting between the page, by the URL that said method possibly cannot capture all jump page.
In view of above-mentioned special circumstances, the embodiment of the present invention also includes creating at least one i-th after above-mentioned steps S203
The step of level child node, i.e. step S204, the step, are executed in the case where the i-stage page occurs to redirect between the page, its
In at least one i-stage child node corresponding to the i-stage page at least one page between jump page.In step S204, catch
Obtain the function called during re-orientation processes, from re-orientation processes when the |input paramete of function called in obtain i-stage page
The URL of jump page between at least one page in face;And, the refer chains of page ID of the inquiry comprising the i-stage page are created
At least one i-stage child node of the refer chains, by between at least one page of the page ID of the i-stage page and the i-stage page
Information of the URL of jump page as at least one i-stage child node.Specifically, when generation 3xx etc. redirects situation, browse
Device can redirect process, and in re-orientation processes, browser can call " Urlmon!CINet::OnRedirect " functions,
The |input paramete of the function just have recorded the URL of jump page between the page, by capturing the function, it is possible to obtain i-stage page
The URL of jump page between at least one page in face.Using the URL of jump page between the page for obtaining by this method as
The information of i level child nodes, between the page, the index ID of jump page is identical with the page ID of the i-stage page.For above-mentioned example,
The refer chains for being created are:A(ID1)->B(ID2)->C(ID3)->C1(ID3)->C2(ID3)->D(ID4).
The method processed by web page access behavior for providing according to embodiments of the present invention, whenever monitoring by initial
After the links at different levels of the page are to the access request of new page, the corresponding refer chains of the new page obtained, refer chains are included
All URL report server, detect matching result by server according to these URL, by client according to the matching result
The access behavior of new page is processed.With prior art merely with new page URL carry out detection compared with, due to refer
The URL provided by chain is more, and coverage rate is wider, thus detection efficiency is higher, can more effectively protect client terminal web page clear
The security that lookes at.Further, the embodiment of the present invention additionally provides the method for creating refer chains, can be real-time according to the method
The refer chains being made up of the URL of the pages at different levels are obtained, such client can also timely by owning that refer chains are included
URL is sent to server, server thus, it is possible to obtain very comprehensive URL information in time, according to these URL informations, server
Matching result can be returned to client timely, it is achieved thereby that the safety of the web page browsing of real-time protection client
Property.
Fig. 3 shows the structured flowchart of client according to an embodiment of the invention.The client passes through for detection
The i-stage of initial page links the opened i-stage page, i >=2.As shown in figure 3, client includes:Monitoring module 31, look into
Interface 32 and protection module 33 is ask, alternatively, client can also include:Encrypting module 34.
Monitoring module 31 is suitable to after the access request for monitoring the i-stage page, obtains the page ID comprising the i-stage page
Refer chains.The access request of the i-stage page is that user is triggered in the i-th -1 grade page clickthrough or other on-link mode (OLM)s
's.After the access request for monitoring the i-stage page, browser will load the i-stage page to monitoring module 31, in loading i-stage
During the page, monitoring module 31 obtains the refer chains of the page ID comprising the i-stage page.Refer chains include initial page
To page ID and the URL of the i-stage page, it is the page during loading page that the page ID of the pages wherein at different levels is browser
The unique ID for being generated, its index value as the URL of the page in refer chains.The page of the browser by the i-stage page
The URL and the i-stage page that ID inquiries include the i-stage page is the refer chains of the afterbody page.
Query interface 32 is suitable to for all URL that refer chains are included to be sent to server, for server lookup
Whether all URL that refer chains are included belong to the blacklist and/or white list database of server preservation, then will inquiry
As a result carry out mating obtaining matching result with default rule;And, the matching result that the reception server is returned.Alternatively, root
According to the cloud vlan query protocol VLAN between server, all URL that refer chains are included are encrypted to ciphertext by encrypting module 34(Relevant
The description of encryption method can be found in embodiment of the method), query interface 32 is sent to, ciphertext is sent to service by query interface 32
Device.The ciphertext of the URL of the pages at different levels that refer chains only can be included by query interface 32 reports server, need not report
The page ID of the pages at different levels.
Protection module 33 is suitable to process the access behavior of the i-stage page according to matching result.If matching result
For indicating risk information, protection module 33 prompts the user with risk.Alternatively, protection module 33 can provide a user with interception and work as
The front page and the option for continuing to access current page, if user selects to intercept current page, protection module 33 is to current page
The access behavior in face is intercepted.
Further, client can also include refer chain creations module 35.Refer chain creations module 35 includes:First
Node creating unit 36 and Section Point creating unit 37.
First node creating unit 36 is suitable to after the access request for monitoring initial page, generates the page of initial page
ID, obtains the URL of initial page, creates the 1st grade of node of refer chains, using the page ID of initial page and URL as the 1st grade
The information write refer chains of node.Further, first node creating unit 36 includes:The page ID of initial page generates single
Unit 361, the URL acquiring units 362 of initial page and first node create subelement 363.The page ID of initial page generates single
Unit 361 is suitable to after the access request for monitoring initial page, generates the page ID of initial page.The URL of initial page is obtained
Unit 362 is suitable to the initial page for during loading initial page, obtaining current loading by specified response event interface
URL.For example, obtained by realizing the specified response event interface of standard plug-in unit mechanism.Browse used in IE browser
Device auxiliary object BHO Plugin Mechanisms, can obtain the URL of IE currently loadings by responding " BeforeNavigate2 " event.?
Red fox(Firefox)The specified response event interface that red fox extension mechanism is provided used in browser, obtains red fox browser and works as
The URL of front loading.In Google(chrome)NPAPI Plugin Mechanisms used in browser, obtain the currently loading of Google's browser
URL.First node creates the 1st grade of node that subelement 363 is suitable to create refer chains, and the page ID of initial page and URL are made
Information write refer chains for the 1st grade of node.
Section Point creating unit 37, i >=2 are suitable to after the access request for monitoring the i-stage page, generate i-stage page
The page ID in face, obtains page ID or the URL of the URL and the i-th -1 grade page of the i-stage page, and the i-stage page is the i-th -1 grade
The page-level jump page of the page;And, the refer chains of page ID of the inquiry comprising the i-th -1 grade page or URL, creating should
The i-stage node of refer chains, using the page ID of the i-stage page and URL as i-stage node information;Section Point creates single
Unit 37 is suitable to the nodes at different levels for creating refer chains.Further, Section Point creating unit 37 includes:The page of the i-stage page
ID signal generating units 371,373 and of the page ID of the URL acquiring units 372, the i-th -1 grade page of the i-stage page or URL acquiring units
Section Point creates subelement 374.The page ID signal generating unit 371 of the i-stage page is suitable in the access for monitoring the i-stage page
After request, the page ID of the i-stage page is generated.The URL acquiring units 372 of the i-stage page are suitable to the mistake in the loading i-stage page
Cheng Zhong, obtains the URL of the i-stage page of current loading by specified response event interface.Obtain the i-stage page of current loading
URL concrete mode can be found in obtain initial page URL associated description.The page ID of the i-th -1 grade page or URL are obtained
Unit 373 is suitable to after the access request for monitoring the i-stage page, obtains page ID or the URL of the i-th -1 grade page.Second section
Point creates the refer chains that subelement 374 is suitable to inquire about the page ID comprising the i-th -1 grade page or URL, creates the refer chains
I-stage node, using the page ID of the i-stage page and URL as i-stage node information.
Alternatively, the Section Point creating unit 37 of client also includes:Capturing unit 375 and writing unit 376.Capture
Unit 375 is suitable to after the access request for monitoring the i-stage page, obtains the interface object pointer of the i-stage page.Writing unit
376 be suitable to be written in the i-th -1 grade page of loading according to interface object pointer to the interface object of the i-stage page during obtained
The page ID of the i-th -1 grade page for taking.This embodiment is applied to by new window or new label(tab)Page opens i-stage
The situation of the page.By taking IE browser as an example, capturing unit 375 is further adapted for after the access request for monitoring the i-stage page,
Capture browser creates the function called by new window or new Shipping Options Page, obtains the i-stage page using the return value of the function
Interface object pointer, such as IWEBBROWSER2 pointers.As now browser does not have started the loading i-stage page, browser institute
The page of the i-th -1 grade still acquired during the i-th -1 grade page is loaded page of the page ID of the current page of record
ID, therefore, now writing unit 376 can write the i-th -1 grade page according to the interface object pointer to IWEBBROWSER2 objects
Page ID.The page ID of the i-th -1 grade page or URL acquiring units 373 are particularly adapted to:During the loading i-stage page,
The information provided by the interface object for reading the i-stage page, obtains the page ID of the i-th -1 grade page.Alternatively, write single
Unit 376 be suitable to be written in the i-th -1 grade page of loading according to interface object pointer to the interface object of the i-stage page during institute
The URL of the i-th -1 grade page for obtaining.
Alternatively, the page ID of the i-th -1 grade page or URL acquiring units 373 are further adapted for:Monitoring i-stage page
After the access request in face and before the loading i-stage page, the get_locationURL interfaces provided by browser are obtained
The URL of the i-th -1 grade page.Section Point creating unit 37 also includes:Judging unit 377 and empty unit 378.Wherein, judge
Unit 377 is suitable to judge whether to open the i-stage page by the input behavior triggering of browser address bar, specifically, can pass through
Judged according to the click of browser address bar and input action;Empty unit 378 and be suitable to the judged result in judging unit 377
In the case of being, will be clear for the URL of the i-th -1 grade page acquired in the page ID of the i-th -1 grade page or URL acquiring units 373
Sky, and trigger first node creating unit 36 the i-stage page is processed as initial page;In sentencing for judging unit 377
In the case that disconnected result is no, the triggering Section Point of judging unit 377 creates the i-stage section that subelement 374 creates refer chains
Point.
If the page ID of the i-th -1 grade page or URL acquiring units 373 acquire the page ID of the i-th -1 grade page, that
Section Point creates the refer chains that the page ID comprising the i-th -1 grade page directly inquired about by subelement 374, creates the refer chains
I-stage node, using the page ID of the i-stage page and URL as i-stage node information.If the page of the i-th -1 grade page
ID or URL acquiring units 373 acquire the URL of the i-th -1 grade page, then Section Point creates the inquiry of subelement 374 and includes
The refer chains of the URL of the i-th -1 grade page, and the refer chains of recent renewal are selected in the case where a plurality of refer chains are inquired,
Create the i-stage node of the refer chains, using the page ID of the i-stage page and URL as i-stage node information.
During refer chains are created, it is contemplated that the page occurs situation about repeatedly redirecting automatically, refer chain creation moulds
Block 35 also includes:Second child node creating unit 38, is suitable to capture the function called during re-orientation processes, from re-orientation processes
When the |input paramete of function called in obtain the URL of jump page between at least one page of the i-stage page;And, look into
The refer chains of the page ID comprising the i-stage page are ask, at least one i-stage child node of the refer chains is created, by i-stage page
Between at least one page of the page ID in face and the i-stage page, the URL of jump page is used as at least one i-stage child node
Information.
Fig. 4 shows the structured flowchart of server according to an embodiment of the invention.The server passes through for detection
The i-stage of initial page links the opened i-stage page, i >=2.As shown in figure 4, server includes:Blacklist and/or white
List data storehouse 41 and query interface 42.Wherein,
Blacklist and/or white list database 41 are suitable to preserve the URL for belonging to blacklist and/or white list.Server is pre-
Identified secure web-page and danger/malicious web pages are collected first, the URL of secure web-page is stored in white list database, will
The URL of danger/malicious web pages is stored in black list database.Alternatively, store in blacklist and/or white list database 41
Can also be URL characteristic value.
Preferably, in the embodiment of the present invention blacklist and/or white list database 41 including but not limited to can be gone fishing
URL library, cheating in advertisement URL library, or other any kind of malice URL libraries etc..
Query interface 42 is suitable to receive all URL that the refer chains of client transmission are included, and inquiry refer chains are wrapped
Whether all URL for containing belong to blacklist and/or white list database, then mate Query Result with default rule
Matching result is obtained, matching result is returned to client.If in client-side, all URL that refer chains are included are passed through
Reversible encryption method is encrypted, then comprising the module is decrypted by the encrypted cipher text for receiving in query interface 42,
All URL that refer chains are included are obtained after the module decryption processing.
Default rule is to set according to the actual requirements, and its concrete regulation needs the situation for carrying out indicating risk.
Illustrate by taking two kinds of preset rules as an example below:
Rule one:The malice page or the dangerous page or the unknown page are jumped to through search engine
For the rule one, query interface 42 is further adapted for:If Query Result shows that the URL of the i-stage page belongs to
Black list database, i.e. the i-stage page are the malice page or the dangerous page;Or, the URL of the i-stage page is not belonging to white list
Database, i.e. the i-stage page are the unknown page;And judge that initial page to arbitrary page in the i-th -1 grade page is search
The page, i.e. the i-stage page are redirected through search engine, are shown that Query Result regular one is mated with this, are mated
As a result it is indicating risk information.
Rule two:Through the malice page or the dangerous page or unknown page jump to the payment page
For the rule two, query interface 42 is further adapted for:If Query Result shows initial page to the i-th -1 grade page
The URL of the arbitrary page in face belongs to black list database, i.e., the page is the malice page or the dangerous page;Or, initial page
The URL of the arbitrary page in face to the i-th -1 grade page is not belonging to white list database, i.e., the page is the unknown page;And sentence
Break and the i-stage page for paying the page, show that Query Result regular two is mated with this, matching result is obtained for indicating risk letter
Breath.
Above-mentioned regular one and regular two is only two specific examples, and the present invention is not limited only to both rules, according to reality
Border demand, server can preset multiple rule for matching inquiry result.
Further, server can also include:Searched page url database 43, is suitable to preserve searched page URL column
Table;Page url database 44 is paid, is suitable to preserve payment page url list.Query interface 42 is by judging initial page to the
In the i-1 level pages, the URL of arbitrary page belongs to default searched page url list, determines initial page into the i-th -1 grade page
Arbitrary page is searched page;And, by judging that the URL of the i-stage page belongs to default payment page url list, determine
The i-stage page is the payment page.
Fig. 5 shows the structural frames to system that web page access behavior is processed according to an embodiment of the invention
Figure.As shown in figure 5, system includes client 30 and server 40, with regard to client 30 and the concrete structure and work(of server 40
Can will not be described here referring to the description of above-described embodiment.
Client, server and the system processed by web page access behavior for providing according to embodiments of the present invention,
After client control to the access request by the links at different levels of initial page to new page, the new page is obtained corresponding
All URL that refer chains include are reported server, detect matching result by server according to these URL by refer chains,
The access behavior of new page is processed according to the matching result by client.With prior art merely with new page URL
Carry out detection to compare, as the URL provided by refer chains is more, coverage rate is wider, thus detection efficiency is higher, can be more
The security that effectively protection client terminal web page is browsed.Further, the client of the embodiment of the present invention also has establishment refer
The function of chain, can obtain the refer chains being made up of the URL of the pages at different levels in real time according to the function, and such client can also
All URL that refer chains are included are sent to server timely, server is thus, it is possible to obtain very comprehensive URL in time
Information, according to these URL informations, server timely can return matching result to client, it is achieved thereby that real-time
Protection client web page browsing security.
The method for providing according to embodiments of the present invention, in the get_locationURL interfaces provided by browser
Also include after the step of page ID of the i-th -1 grade page of acquisition and URL:
Judge whether it is that the i-stage page is opened by the input behavior triggering of browser address bar;
If the determination result is YES, then the i-th -1 grade page for the get_locationURL interfaces provided by browser being obtained
The URL in face is emptied, and the i-stage page is processed as initial page;
If judged result is no, execute described create the refer chains i-stage node the step of.
The method for providing according to embodiments of the present invention, also includes after the i-stage node foundation step:At least one
I-stage child node foundation step, jumps between at least one page of at least one i-stage child node corresponding to the i-stage page
Blade-rotating face:The function that called during capture re-orientation processes, from the re-orientation processes when |input paramete of function called
The URL of jump page between middle at least one page for obtaining the i-stage page;And, the page of the inquiry comprising the i-stage page
The refer chains of ID, create at least one i-stage child node of the refer chains, by the page ID of the i-stage page and described
Information of the URL of jump page as at least one i-stage child node between at least one page of the i-stage page.
The client for providing according to embodiments of the present invention, is opened by the i-stage link of initial page for detection
The i-stage page, i >=2;The client includes:
Monitoring module, is suitable to after the access request for monitoring the i-stage page, obtains the page ID comprising the i-stage page
Refer chains, the refer chains comprising initial page to the i-stage page page ID and URL;
Query interface, is suitable to for all URL that the refer chains are included to be sent to server, for the server
Blacklist and/or white list database that whether all URL that the refer chains are included belong to server preservation is inquired about, so
Afterwards Query Result and default rule are carried out mating obtaining matching result;And, receive the coupling knot that the server is returned
Really;
Protection module, is suitable to process the access behavior of the i-stage page according to the matching result.
Client described according to embodiments of the present invention, if the matching result that the query interface is received is carried for risk
Show information, the protection module is further adapted for:Risk is prompted the user with according to the indicating risk information, and according to user's
Select to intercept the access behavior of the i-stage page.
Described client, also includes according to embodiments of the present invention:Encrypting module, is suitable to be included the refer chains
All URL be encrypted to ciphertext, be sent to the query interface, the ciphertext be sent to server by the query interface.
Described client, also includes according to embodiments of the present invention:Refer chain creation modules;
The refer chain creations module includes:
First node creating unit, is suitable to after the access request for monitoring initial page, generates the page of initial page
ID, obtains the URL of initial page, creates the 1st grade of node of refer chains, using the page ID of the initial page and URL as the
The information write refer chains of 1 grade of node;
Section Point creating unit, i >=2 are suitable to after the access request for monitoring the i-stage page, generate the i-stage page
Page ID, obtain the i-stage page URL and the i-th -1 grade page page ID or URL, the i-stage page is i-th -1
The page-level jump page of the level page;And, the refer chains of page ID of the inquiry comprising the i-th -1 grade page or URL, wound
Build the i-stage node of the refer chains, using the page ID of the i-stage page and URL as i-stage node information;
The Section Point creating unit is suitable to the nodes at different levels for creating the refer chains.
Client described according to embodiments of the present invention,
The first node creating unit includes:
The page ID signal generating unit of initial page, is suitable to after the access request for monitoring initial page, generates initial page
The page ID in face;
The URL acquiring units of initial page, are suitable to during loading initial page, by specified response event interface
Obtain the URL of the initial page of current loading;
First node creates subelement, is suitable to the 1st grade of node for creating refer chains, by the page ID of the initial page
Refer chains are write with URL as the information of the 1st grade of node;
The Section Point creating unit includes:
The page ID signal generating unit of the i-stage page, is suitable to after the access request for monitoring the i-stage page, generates i-stage
The page ID of the page;
The URL acquiring units of the i-stage page, are suitable to, during the loading i-stage page, connect by specified response event
Mouth obtains the URL of the i-stage page of current loading;
The page ID of the i-th -1 grade page or URL acquiring units, are suitable to after the access request for monitoring the i-stage page, obtain
Take page ID or the URL of the i-th -1 grade page;
Section Point creates subelement, is suitable to the refer chains for inquiring about the page ID comprising the i-th -1 grade page or URL,
Create the i-stage node of the refer chains, using the page ID of the i-stage page and URL as i-stage node information.
Client described according to embodiments of the present invention, the Section Point creating unit also include:Capturing unit, is suitable to
After the access request for monitoring the i-stage page, the interface object pointer of the i-stage page is obtained;And, writing unit is suitable to
According to acquired in during the interface object pointer is written in the i-th -1 grade page of loading to the interface object of the i-stage page
The i-th -1 grade page page ID;
The page ID of the i-th -1 grade page or URL acquiring units are particularly adapted to:During the loading i-stage page,
The information provided by the interface object for reading the i-stage page, obtains the page ID of the i-th -1 grade page.
Client described according to embodiments of the present invention, the capturing unit are further adapted for:Monitoring the i-stage page
Access request after, capture browser and create the function called by new window or new Shipping Options Page, obtained using the return value of the function
Take the interface object pointer of the i-stage page.
Client described according to embodiments of the present invention, the page ID of the i-th -1 grade page or URL acquiring units enter one
Step is suitable to:After the access request for monitoring the i-stage page and before the loading i-stage page, provided by browser
Get_locationURL interfaces obtain the URL of the i-th -1 grade page.
Client described according to embodiments of the present invention, the Section Point creating unit also include:
Judging unit, is suitable to judge whether be to open the i-stage page by the input behavior triggering of browser address bar;
Unit is emptied, and judged result in the judging unit is suitable to in the case of being, by the i-th -1 grade page
The URL of the i-th -1 grade page acquired in page ID or URL acquiring units is emptied, and triggers first node creating unit by i-stage
The page is processed as initial page;
In the case where the judged result of the judging unit is no, the judging unit triggers the Section Point and creates
Subelement creates the i-stage node of the refer chains.
Client described according to embodiments of the present invention, the refer chain creations module also include:Second child node is created
Unit, the function that called when being suitable to capture re-orientation processes, from the re-orientation processes when input ginseng of function called
The URL of jump page between at least one page of the i-stage page is obtained in number;And, page of the inquiry comprising the i-stage page
The refer chains of face ID, create at least one i-stage child node of the refer chains, by the page ID of the i-stage page and institute
State the information of the URL as at least one i-stage child node of jump page between at least one page of the i-stage page.
Described server, is opened by the i-stage link of initial page for detection according to embodiments of the present invention
The i-stage page, i >=2;The server includes:
Blacklist and/or white list database, are suitable to preserve the URL for belonging to blacklist and/or white list;
Query interface, is suitable to receive all URL that the refer chains of client transmission are included, inquires about the refer chains institute
Comprising all URL whether belong to the blacklist and/or white list database, then Query Result is entered with default rule
Row coupling obtains matching result, and the matching result is returned to the client.
Server described according to embodiments of the present invention, the query interface are further adapted for:
If Query Result shows that the URL of the i-stage page belongs to black list database or is not belonging to white list database, and
And judge that initial page is searched page to arbitrary page in the i-th -1 grade page, then obtain matching result and believe for indicating risk
Breath;
Or, if Query Result shows that initial page belongs to blacklist number to the URL of arbitrary page in the i-th -1 grade page
According to storehouse or white list database is not belonging to, and judges that the i-stage page for paying the page, then obtains matching result and carries for risk
Show information.
Described server, also includes according to embodiments of the present invention:
Searched page url database, is suitable to preserve searched page url list;
Page url database is paid, is suitable to preserve payment page url list;
The query interface belongs to default by judging the initial page to the URL of arbitrary page in the i-th -1 grade page
Searched page url list, determine the initial page to arbitrary page in the i-th -1 grade page be searched page;And, pass through
Judge that the URL of the i-stage page belongs to default payment page url list, determine that the i-stage page is the payment page.
The system processed by web page access behavior according to embodiments of the present invention, including above-mentioned client and above-mentioned
Server.
Algorithm and display be not inherently related to any certain computer, virtual system or miscellaneous equipment provided herein.
Various general-purpose systems can also be used together based on teaching in this.As described above, construct required by this kind of system
Structure be obvious.Additionally, the present invention is also not for any certain programmed language.It is understood that, it is possible to use various
Programming language realizes the content of invention described herein, and the above description done by language-specific is to disclose this
Bright preferred forms.
In specification mentioned herein, a large amount of details are illustrated.It is to be appreciated, however, that the enforcement of the present invention
Example can be put into practice in the case where not having these details.In some instances, known method, structure are not been shown in detail
And technology, so as not to obscure the understanding of this description.
Similarly, it will be appreciated that in order to simplify the disclosure helping understand one or more in each inventive aspect,
Above in the description to the exemplary embodiment of the present invention, each feature of the present invention is grouped together into single enforcement sometimes
In example, figure or descriptions thereof.However, should not be construed to reflect following intention by the method for the disclosure:I.e. required guarantor
The more features of feature that the application claims ratio of shield is expressly recited in each claim.More precisely, such as following
Claims reflected as, inventive aspect is all features less than single embodiment disclosed above.Therefore,
Thus the claims for following specific embodiment are expressly incorporated in the specific embodiment, wherein each claim itself
All as the separate embodiments of the present invention.
Those skilled in the art be appreciated that can to embodiment in equipment in module carry out adaptively
Change and they are arranged in one or more equipment different from the embodiment.Can be the module in embodiment or list
Unit or component are combined into a module or unit or component, and can be divided in addition multiple submodule or subelement or
Sub-component.In addition at least some in such feature and/or process or unit is excluded each other, can adopt any
Combination is to this specification(Including adjoint claim, summary and accompanying drawing)Disclosed in all features and so disclosed appoint
Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification(Including adjoint power
Profit requires, makes a summary and accompanying drawing)Disclosed in each feature can be by providing identical, equivalent or the alternative features of similar purpose carry out generation
Replace.
Although additionally, it will be appreciated by those of skill in the art that some embodiments described herein include other embodiments
In some included features rather than further feature, but the combination of the feature of different embodiments means in of the invention
Within the scope of and form different embodiments.For example, in the following claims, embodiment required for protection appoint
One of meaning can in any combination mode using.
The present invention all parts embodiment can be realized with hardware, or with one or more processor operation
Software module realize, or with combinations thereof realize.It will be understood by those of skill in the art that can use in practice
Microprocessor or digital signal processor(DSP)To realize client according to embodiments of the present invention, server and to net
The some or all functions of some or all parts in the system processed by access to web page behavior.Of the invention acceptable real
It is now for executing some or all equipment of method as described herein or program of device(For example, computer journey
Sequence and computer program).Such program for realizing the present invention can be stored on a computer-readable medium, or can be with
There is the form of one or more signal.Such signal can be downloaded from internet website and be obtained, or believe in carrier
There is provided on number, or provided with any other form.
It should be noted that above-described embodiment the present invention will be described rather than limits the invention, and ability
Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims,
Any reference symbol being located between bracket should not be configured to limitations on claims.Word "comprising" is not excluded the presence of not
Element listed in the claims or step.Word "a" or "an" before being located at element does not exclude the presence of multiple such
Element.The present invention can come real by means of the hardware for including some different elements and by means of properly programmed computer
Existing.If in the unit claim for listing equipment for drying, several in these devices can be by same hardware branch
To embody.The use of word first, second, and third does not indicate that any order.These words can be explained and be run after fame
Claim.