CN103856442B - A kind of detecting black chain methods, devices and systems - Google Patents
A kind of detecting black chain methods, devices and systems Download PDFInfo
- Publication number
- CN103856442B CN103856442B CN201210501415.8A CN201210501415A CN103856442B CN 103856442 B CN103856442 B CN 103856442B CN 201210501415 A CN201210501415 A CN 201210501415A CN 103856442 B CN103856442 B CN 103856442B
- Authority
- CN
- China
- Prior art keywords
- url
- domain name
- black chain
- external linkage
- web page
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
Embodiment of the present invention proposes a kind of detecting black chain methods, devices and systems.Method includes: receive for the access request of URL (URL), and downloads should the web page files of URL;Resolve described to should the web page files of URL, to extract the external linkage URL being contained in this web page files;Extract the domain name of external linkage URL, and the domain name degree of belief data base pre-set according to the inquiry of the domain name extracted, to determine, whether external linkage URL comprises black chain.Embodiment of the present invention achieves the rapidly and automatically detection of black chain, improves detecting black chain efficiency.
Description
Technical field
Embodiment of the present invention relates to field of information security technology, more particularly, to a kind of detecting black chain
Methods, devices and systems.
Background technology
Along with developing rapidly of computer technology and network technology, the Internet (Internet) is people's
The effect played in daily life, study and work is the most increasing.Media documents on the Internet claims
For webpage (web page).Webpage generally includes and points to other related pages or other nodes
Pointer (hyperlink).The organic collection that logically will be regarded as overall a series of webpages is collectively referred to as
Website (Website or Site).
Black chain, also known as dark chain, is search engine optimization (Search Engine Optimization, SEO)
A kind of means fairly common in maneuver, refer to obtain the backward chaining of other websites by improper means,
Modal means are through the leak of various Website server and obtain its administration authority, and then are being hacked
The website of oneself is linked on website.Black chain be the method the most efficiently and effectively for search engine cheat it
One, it is generally used for the black industry of sudden huge profits, such as various types of games private clothes, plug-in, medical, pornographic, lottery industry
Etc. industry, and the most progressively industrialization.In actual applications, it is hacked website and is not only the possibility to implanted
Black chain, the most frequent implanted all kinds of malice hang horse code, if to be fitted without any security protection soft for user
Part, then open this type of webpage being tampered and also easily infect the trojan horse on website.
In the prior art, typically artificially collected by portal management personnel and distort key word and suspicious outer chain,
To judge whether it is hacked chain and distorts.But, this artificial treatment mode depends critically upon and artificially collects
Suspicious key word and regularly hand inspection, the Professional knowledge to portal management personnel also has higher requirements,
Cannot realize the rapidly and automatically detection of black chain, therefore detecting black chain is inefficient.
And, black chain generally uses some means to make black chain invisible to user, as set extra small font,
Font color is consistent with background colour, location parameter be set to webpage visible range outside, be placed in hiding div
In label (as<div style=”display:none”></div>) etc., therefore which increases artificial discriminating
The difficulty of black chain.
Summary of the invention
Embodiment of the present invention proposes a kind of detecting black chain method, thus improves detecting black chain efficiency.
Embodiment of the present invention also proposes a kind of detecting black chain device, thus improves detecting black chain efficiency.
Embodiment of the present invention also proposes a kind of detecting black chain system, thus improves detecting black chain efficiency.
The concrete scheme of embodiment of the present invention is as follows:
A kind of detecting black chain method, the method includes:
Receive for the access request of URL (URL), and download should the webpage of ULL
File;
Resolve described to should the web page files of URL, to extract the outer chains being contained in this web page files
Meet URL;
Extract the domain name of described external linkage URL, and pre-set according to the inquiry of the domain name extracted
Domain name degree of belief data base, to determine in described external linkage URL whether comprise black chain
A kind of detecting black chain device, this device includes that access request receives unit, external linkage URL extracts single
First and black chain identifying unit, wherein:
Access request receives unit, for receiving for the access request of URL, and downloads should URL
Web page files;
External linkage URL extraction unit, for resolve described to should the web page files of URL, to extract
Go out to be contained in the external linkage URL in this web page files;
Black chain identifying unit, for extracting the domain name of described external linkage URL, and according to being extracted
The domain name degree of belief data base that pre-sets of inquiry of the domain name, to determine in described external linkage URL be
No comprise black chain.
A kind of detecting black chain system, including client and server, wherein:
Client, for sending the access request for URL, and is sent to server by described access request;
Server, for resolve described to should the web page files of URL, be contained in this net to extract
External linkage URL in page file, extracts the domain name of described external linkage URL, and according to being extracted
The domain name degree of belief data base that the inquiry of the domain name gone out pre-sets, to determine in described external linkage URL
Whether comprise black chain.
From technique scheme it can be seen that in embodiments of the present invention, receive and position for unified resource
The access request of symbol (URL), and download should the web page files of URL;Resolve described to should URL
Web page files, to extract the external linkage URL being contained in this web page files;Extract described outer chains
Meet the domain name of URL, and the domain name degree of belief data base pre-set according to the inquiry of the domain name extracted, with
Determine in described external linkage URL and whether comprise black chain.As can be seen here, after application embodiment of the present invention,
Angle value can be trusted according to the domain name connected outside the page and carry out the black chain automatic decision of webpage, it is achieved thereby that black chain
Rapidly and automatically detection, therefore improve detecting black chain efficiency.
Furthermore it is possible to arrange voluntarily in client for black chain decision condition, therefore the present invention implements
The motility of mode is high, also further increases detecting black chain efficiency.
Accompanying drawing explanation
Fig. 1 is the detecting black chain method flow diagram according to embodiment of the present invention;
Fig. 2 is the domain name degree of belief assignment schematic diagram according to embodiment of the present invention;
Fig. 3 is according to embodiment of the present invention, realizes the method flow diagram of detecting black chain at network side;
Fig. 4 is the detecting black chain structure drawing of device according to embodiment of the present invention;
Fig. 5 is the detecting black chain system construction drawing according to embodiment of the present invention.
Detailed description of the invention
For making the object, technical solutions and advantages of the present invention clearer, below in conjunction with the accompanying drawings to the present invention
It is described in further detail.
In embodiments of the present invention, preferably the domain name of outer chain URL indication website is trusted angle value as
Weigh whether original web is hacked the foundation that chain is distorted.Specifically, domain name trust angle value describes a domain name
Safe coefficient, when malice URL under a domain name is the most, its domain name trust angle value the lowest.Can
To set up domain name degree of belief data base, wherein the domain name letter of trusted website domain name for numerous domain names in advance
Appoint angle value the highest, and the domain name trust angle value including website domain name more for malice URL is general
Relatively low.
Fig. 1 is the detecting black chain method flow diagram according to embodiment of the present invention.
As it is shown in figure 1, that the method comprising the steps of is as follows:
Step 101: receive for the access request of URL (URL), and download should
The web page files of URL.
Here, it is preferable that can be initiated for the access request of URL in this locality by client in advance, and
And this access request is sent to be positioned at the server of network side by client.Now, by the clothes being positioned at network side
Business device receives this access request for URL, and downloads should the web page files of URL.
Specifically, when user accesses certain URL in client expectation, such as, when user is at browser
During the URL that in address field, input expectation accesses, client then sends the access request for this URL, this
Time, detector unit (such as installing fail-safe software on the client) on the client is installed and intercepts this
Secondary access request, then the server that this URL is sent to be positioned at high in the clouds detects, and then this server is again
Download the web page files corresponding to this URL.
Such as, client can include, but are not limited to: functional mobile phone, smart mobile phone, palm PC,
PC (PC), panel computer or PDA(Personal Digital Assistant), etc..
Here, to should the web page files of URL can be the web page files of various ways, such as HTML
File, JS file or CSS file, etc..
Although enumerating the concrete manifestation form of client and web page files, those skilled in the art the most in detail
It is to be appreciated that this enumerating is only exemplary, it is not used to the protection domain to embodiment of the present invention
It is defined.
Step 102: resolve described to should the web page files of URL, be contained in this web page files to extract
In external linkage URL.
Here, first resolve to should the web page files of URL, be contained in this web page files to obtain
<a>label;The hypertext of<a>label acquired in then extracting quotes (href) property value;Again from being carried
The href property value taken is rejected the href property value identical with the home domain name of this web page files, and will residue
Href property value as the external linkage URL being contained in this web page files.
Specifically, all outer chains can be extracted from web page files, including<a>label in HTMLl file
With<a>label etc. write by modes such as document.write in js code, and extract wherein href attribute
Corresponding value, and get rid of the href value identical with currently accessed URL/domain name.
Such as: assume that current accessed URL ishttp://www.a.com/;Its page comprises following 3<a>
Label:
<a href=" http://www.a.com/test.htm ">
<a href=" test.htm ">
<a href=" http://www.b.com/ ">
Due to<a href=" http://www.a.com/test.htm ">and<a href=" test.htm ">respectively with definitely
The mode of path and relative path is linked to identical file test.htm of site-local, the most finally only has
Http:// www.b.com/ is extracted the external linkage URL being used as being contained in this web page files.
For another example, it is assumed that current accessed URL ishttp://www.a.com/;Its page comprises following 5<a>
Label:
<a href=" http://www.a.com/test.htm ">
<a href=" test.htm ">
<a href=" http://www.b.com/ ">
<a href=" http://www.c.com/test.htm ">
<a href=" http://www.d.com ">
Due to<a href=" http://www.a.com/test.htm ">and<a href=" test.htm ">respectively with definitely
The mode of path and relative path is linked to identical file test.htm of site-local, finally only has
Http:// www.b.com/, http://www.c.com/test.htm, these 3 URL quilts of http://www.d.com
Extract as the external linkage URL being contained in this web page files.
Step 103: extract the domain name of described external linkage URL, and pre-according to the inquiry of the domain name extracted
The domain name degree of belief data base first arranged, to determine in described external linkage URL whether comprise black chain.
Here, from external linkage URL, domain name is first extracted.Domain name is by the name of a string separation
A certain computer or the title of calculating unit on the Internet of composition, based on the mark when data are transmitted
The electronic bearing of calculation machine.The domain name that can extract is divided into different stage, including TLD, second level domain,
Three grades of domain names etc..Wherein TLD is divided into again two classes: one is country TLD (national top-level
Domainnames, nTLDs), current more than 200 countries are all assigned with top according to ISO3166 country code
Level domain name, such as China are cn, and the U.S. is us, and Japan is jp etc.;Two is international TLD (international
Top-level domain names, iTDs), such as represent the .Com of industrial and commercial enterprises, represent network provider
.net, represent non-profit organization .org etc..Second level domain refers to the domain name under TLD, in the world
Under TLD, it refers to the online title of domain name registration people, such as ibm, yahoo, microsoft etc.;
Under country's TLD, it is the symbol representing registered enterprise's classification, such as com, edu, gov, net
Deng;Three grades of domain name letters (A~Z, a~z, capital and small letter etc.), numeral (0~9) and connector (-)s
Composition, connects with real point (.) between domain names at different levels, and the length of three grades of domain names not can exceed that 20 characters.
In domain name degree of belief data base, preserve domain name and its domain name trusts the corresponding relation between angle value.Excellent
Selection of land, this domain name degree of belief data base can edit, such that it is able to increase in domain name degree of belief data base
Add, delete or change domain name and domain name trusts angle value.
During setting up domain name degree of belief data base, it is referred to following principle:
Domain name is trusted angle value and is described the safe coefficient of domain name, when malice URL under a domain name is the most, its
It is the lowest that domain name trusts angle value.Generally the normal link (the brightest chain) on website point to all with type
Security website, represents current site to the recommendation of other websites and trust, in bright chain mode by user guiding one
The reputation of website self also can be had a significant impact by individual malicious site.But, black chain then contrast, it is past
Toward pointing to sudden huge profits and the malicious websites such as various types of games private clothes, plug-in, medical, pornographic, lottery industry, and generally also
The most this kind of website just has motivation to buy black chain to improve its visibility at search engine to hacker in a large number, from
And attract more users to obtain sudden huge profits.
When occurring a large amount of outer chain pointing to malicious websites on a normal website, its probability being tampered is the biggest
Big increase.Website owing to being tampered generally is also possible to implant all kinds of malice and hangs horse code, and user should try one's best
Avoid accessing this type of website to avoid computer to infect the trojan horse on website.
Preferably, the domain name degree of belief data base that can pre-set according to the inquiry of the domain name extracted, with
Determine that the domain name of each domain name trusts angle value;Whether domain name trust angle value determined by judgement meets presets
Black chain decision condition, if it is, judge described external linkage URL comprises black chain, if be unsatisfactory for,
Then judge described external linkage URL does not comprise black chain.
Wherein: it is concrete whether domain name trust angle value determined by judgement meets black chain decision condition set in advance
May include that the domain name number judging that domain name is trusted in angle value less than the domain name degree of belief threshold value pre-set
Whether reach the domain name number pre-set;Or judge that the average of the domain name trust angle value of each domain name is the lowest
In black chain threshold value set in advance, etc..
Change black chain decision condition and can arrange/be saved in client, it is also possible to arrange/preserve in the server.
Here, arrange the most in the client or change black chain decision condition.When client judges that black chain judges bar
When part occurs change, up-to-date black chain decision condition is sent to server, and is preserved by server.Pass through
Black chain decision condition is being set in the client, can so that user changes black chain decision condition at any time, thus
Improve the motility of embodiment of the present invention.
Such as: domain name trust angle value based on effective outer chain that nslookup degree of belief data base is extracted,
Black chain can be carried out according to predetermined black chain decision condition and distort judgement.Preferably, black chain decision condition is permissible
Being arranged by User Defined, possible rule includes:
A) domain name trust angle value arrives certain predetermined number less than the outer chain URL of certain threshold value;
B) the domain name degree of belief score average of all effectively outer chain URL is less than certain threshold value pre-set.
In embodiments of the present invention, preferably when judging described external linkage URL comprises black chain, stop
Access request to described URL, and issue the user with risk alarm message;When judging described external linkage
When URL does not comprises black chain, it is allowed to the access request to described URL.
Fig. 2 is the domain name degree of belief assignment schematic diagram according to embodiment of the present invention.
As in figure 2 it is shown, there are 3 outer chain URL in the page to be analyzed, wherein the 1st outer chain URL is corresponding
Domain name trust angle value be the 100, the 2nd outer corresponding for chain URL domain name trust angle value be outside the 80, the 3rd
It is 60 that domain name corresponding for chain URL trusts angle value.
Assume that predefined black chain decision condition is: degree of belief scoring less than 90 domain name arrive 2 and more than,
Then these 3 outer chain URL meet rule, then judgement comprises corresponding to the web page files of these 3 outer chain URL
URL be hacked chain and distort, the most preferably stop user to access the URL corresponding to this web page files, and to
User points out risk.
Assume that predefined black chain decision condition is: the degree of belief score average of all effectively outer chains is less than 80,
Then this URL is unsatisfactory for rule, then judge the URL corresponding to web page files comprising these 3 outer chain URL
Not being hacked chain to distort, user can normally access the URL corresponding to this web page files.
Enumerate some instantiations of black chain decision condition in detail above, those skilled in the art it will be appreciated that
Arrive, this enumerate the most exemplary, be not intended to limit the present invention the protection domain of embodiment.
Embodiment of the present invention can be applied in multiple concrete situation, than as applied to client-server
Pattern in, wherein server is positioned at network side, and preferably comprises the form of expression of server zone.
Fig. 3 is according to embodiment of the present invention, realizes the method flow diagram of detecting black chain at network side.
As it is shown on figure 3, this flow process includes:
Step 301: client initiates the access request to URL at local browser, is arranged on this client
On plug-in unit intercept and capture this access request, and user is expected, and the URL accessed is sent to be positioned at the service of network side
Device detects, and the server being positioned at network side is preferably Cloud Server.
Step 302: after server obtains the URL that this user expects access, downloads this user and expects to access
The pagefile corresponding to URL.
Step 303: server extracts all of effectively outer chain URL from this pagefile.
Step 304: the domain name degree of belief data base that server lookup pre-sets, to determine each outer chain URL
The domain name of corresponding domain name trusts angle value.Here, demand based on actual application environment, pin can be selected
The domain name of each rank is determined that its domain name trusts angle value.
Step 305: judge that the domain name of domain name corresponding to outer chain URL trusts whether angle value meets set in advance
Black chain decision condition, if it is performs step 306, otherwise performs step 307.Here, black chain judges
Condition is specifically as follows: domain name is trusted angle value and arrived certain predetermined number less than the outer chain URL of certain threshold value;Or
The domain name degree of belief score average of all effectively outer chain URL of person is less than certain threshold value pre-set.
Step 306: server sends instruction to client, with block this user of client-access expect access
URL, and server sends risk alarm message to client, points out in the URL that this expectation accesses
Comprise black chain.
Step 307: server allows this user of client-access to expect the URL accessed.
Based on above-mentioned labor, embodiment of the present invention also proposed a kind of detecting black chain device.
Fig. 4 is the detecting black chain structure drawing of device according to embodiment of the present invention.As shown in Figure 4,
This device includes that access request receives unit 401, external linkage URL extraction unit 402 and black chain and sentences
Cell 403, wherein:
Access request receives unit 401, for receiving for the access request of URL, and downloads should
The web page files of URL;
External linkage URL extraction unit 402, for resolve described to should the web page files of URL, with
Extract the external linkage URL being contained in this web page files;
Black chain identifying unit 403, for extracting the domain name of described external linkage URL, and according to being extracted
The domain name degree of belief data base that pre-sets of inquiry of the domain name, whether wrap to determine in described external linkage URL
Containing black chain.
In one embodiment, external linkage URL extraction unit 402, for resolving should URL
Web page files, with<a>label of being contained in this web page files of acquisition;<a>label acquired in extraction
Hypertext quotes (href) property value;The basis with this web page files is rejected from the href property value extracted
The href property value that region name is identical, and using remaining href property value as being contained in this web page files
External linkage URL.
Preferably, black chain identifying unit 403, it is further used for when the described external linkage URL of judgement comprises
During black chain, stop the access request to described URL, and issue the user with risk alarm message;When judging institute
State time external linkage URL does not comprises black chain, it is allowed to the access request to described URL.
Preferably, black chain identifying unit 403, for the territory pre-set according to the inquiry of the domain name extracted
Name degree of belief data base, to determine that the domain name of each domain name trusts angle value;Domain name degree of belief determined by judgement
Whether value meets black chain decision condition set in advance, if it is, judge to wrap in described external linkage URL
Containing black chain, if be unsatisfactory for, then judge described external linkage URL does not comprise black chain.
In one embodiment, black chain identifying unit 403, it is used for judging that domain name is trusted in angle value less than pre-
Whether the domain name number of the domain name degree of belief threshold value first arranged reaches the domain name number pre-set;Or judge each
Whether the domain name of individual domain name trusts the average of angle value less than black chain threshold value set in advance.
Based on above-mentioned labor, embodiment of the present invention also proposed a kind of detecting black chain system.
Fig. 5 is the structure chart of the detecting black chain system according to embodiment of the present invention.
As it is shown in figure 5, include client 501 and server 502, wherein: server is positioned at network side.
In embodiments of the present invention, multiple network (ratio can be passed through between client 501 and server 502
As, the Internet or cordless communication network) it is communicatively coupled.Such as: by information transmit direction and time
Between relation, the communication mode between client 501 and server 502 preferably can be divided into simplex, half
Duplex communication and full-duplex communication, etc..
In embodiments of the present invention, concrete leading to can be arranged between client 501 and server 502
Letter agreement, at the form that good data cell defined in these communication protocols uses, information unit should comprise
Information and implication, connected mode, the information sequential that sends and receive, so that it is guaranteed that data are suitable in network
It is sent to the place determined sharply.
Such as, but the communication protocol that can use of embodiment of the present invention includes being not limited to: transmission control
Agreement/Internet protocol (TCP/IP) processed, HTTP(Hypertext Transport Protocol), simple mail transmission are assisted
View (SMTP), the 3rd version (POP3) of post office protocol, etc..
And, when client 501 is wirelessly connected with server 502, embodiment party of the present invention
In formula, can to perform information by multiple communication standard and server 502 mutual for client 501.Such as:
Global system for mobile communications (GSM), WCDMA (WCDMA), code division can be used many
Location 2000(CDMA-2000), the various communication mark such as TD SDMA (TD-SCDMA)
Accurate.And, the information exchange format between client 501 and server 502 can have various ways.
Such as, information format can include, but are not limited to: short message (SMS), Email, instant messaging
(IM) information, multimedia messages (MMS) or voice messaging, etc..
Wherein:
Client 501, for sending the access request for URL, and is sent to clothes by described access request
Business device;
Server 502, for resolve described to should the web page files of URL, be contained in this net to extract
External linkage URL in page file, extracts the domain name of described external linkage URL, and according to being extracted
The domain name degree of belief data base that pre-sets of inquiry of the domain name, whether wrap to determine in described external linkage URL
Containing black chain.
Preferably, server 502, for resolve to should the web page files of URL, be contained in this to obtain
<a>label in web page files;The hypertext of<a>label acquired in extraction quotes (href) property value;
The href property value identical with the home domain name of this web page files is rejected from the href property value extracted, and
Using remaining href property value as the external linkage URL being contained in this web page files.
In one embodiment, server 502, it is further used for when judging in described external linkage URL
When comprising black chain, stop the client 501 access request to described URL, and send wind to client 501
Danger warning message;When judging described external linkage URL does not comprises black chain, it is allowed to client 502 is to institute
State the access request of URL.
Preferably, server 502, trust for the domain name pre-set according to the inquiry of the domain name extracted
Degrees of data storehouse, to determine that the domain name of each domain name trusts angle value;Whether domain name determined by judgement trusts angle value
Meet black chain decision condition set in advance, if it is, judge described external linkage URL comprises black chain,
If be unsatisfactory for, then judge described external linkage URL does not comprise black chain.
Wherein: server 502, it can be determined that domain name is trusted in angle value less than the domain name degree of belief pre-set
Whether the domain name number of threshold value reaches the domain name number pre-set;Or judge the domain name degree of belief of each domain name
Whether the average of value is less than black chain threshold value set in advance.
Fig. 4 shown device can be integrated in the middle of the hardware entities of various communication network.Such as, can be by
Detecting black chain device is integrated into: functional mobile phone, smart mobile phone, palm PC, PC (PC), flat
Plate computer or PDA(Personal Digital Assistant), etc. among equipment.
Indeed, it is possible to be embodied as, by various ways, the black chain inspection that embodiment of the present invention is proposed
Survey device.Such as, the application programming interfaces of certain specification can be followed, detecting black chain device is written as
The plug-in card program being installed in terminal, it is also possible to be encapsulated to download voluntarily for user for application program and make
With.When being written as plug-in card program, the multiple card format such as ocx, dll, cab can be implemented as.
Flash plug-in unit, RealPlayer plug-in unit, MMS plug-in unit, MIDI staff plug-in unit, ActiveX can also be passed through
The concrete technology such as plug-in unit implements the detecting black chain device that embodiment of the present invention is proposed.
It is black that embodiment of the present invention is proposed by the storing mode that can pass through to instruct or instruction set stores
Chain detection method is stored on various storage medium.These storage mediums include, but are not limited to: floppy disk,
CD, DVD, hard disk, flash memory, USB flash disk, CF card, SD card, mmc card, SM card, memory
Rod (Memory Stick), xD card etc..
Furthermore it is also possible to detecting black chain method embodiment of the present invention proposed is applied to based on flash memory
In the storage medium of (Nand flash), such as USB flash disk, CF card, SD card, SDHC card, MMC
Card, SM card, memory stick, xD card etc..
In sum, in embodiments of the present invention, receive for URL (URL)
Access request, and download should the web page files of URL;Resolve described to should URL webpage literary composition
Part, to extract the external linkage URL being contained in this web page files;Extract described external linkage URL
Domain name, and the domain name degree of belief data base pre-set according to the inquiry of the domain name extracted, to determine
Whether described external linkage URL comprises black chain.As can be seen here, after application embodiment of the present invention,
Angle value can be trusted according to the domain name connected outside the page and carry out the black chain automatic decision of webpage, it is achieved thereby that black
The rapidly and automatically detection of chain, therefore improves detecting black chain efficiency.
Furthermore it is possible to arrange voluntarily in client for black chain decision condition, therefore the present invention implements
The motility of mode is high, also further increases detecting black chain efficiency.
The above, only presently preferred embodiments of the present invention, it is not intended to limit the protection of the present invention
Scope.All within the spirit and principles in the present invention, any modification, equivalent substitution and improvement etc. made,
Should be included within the scope of the present invention.
Claims (13)
1. a detecting black chain method, it is characterised in that the method includes:
Receive for the access request of URL (URL), and download should the webpage of URL
File;
Resolve described to should the web page files of URL, to extract the outer chains being contained in this web page files
Meet URL;
Extract the domain name of described external linkage URL, and the territory pre-set according to the inquiry of the domain name extracted
Name degree of belief data base, to determine in described external linkage URL whether comprise black chain;
The described domain name degree of belief data base pre-set according to the inquiry of the domain name extracted, described to determine
Whether external linkage URL comprises black chain include:
The domain name degree of belief data base pre-set according to the inquiry of the domain name extracted, to determine each domain name
Domain name trust angle value;
Domain name determined by judgement trusts whether angle value meets black chain decision condition set in advance, if it is,
Then judging described external linkage URL comprises black chain, if be unsatisfactory for, then judging described external linkage URL
In do not comprise black chain.
Detecting black chain method the most according to claim 1, it is characterised in that described parsing is to should
The web page files of URL, includes extracting the external linkage URL being contained in this web page files:
Resolve to should the web page files of URL,<a>label being contained in this web page files with acquisition;
The hypertext of<a>label acquired in extraction quotes (href) property value;
The href attribute identical with the home domain name of this web page files is rejected from the href property value extracted
Value, and using remaining href property value as the external linkage URL being contained in this web page files.
Detecting black chain method the most according to claim 1, it is characterised in that the method farther includes:
When judging described external linkage URL comprises black chain, stop the access request to described URL,
And issue the user with risk alarm message;When judging described external linkage URL does not comprises black chain, it is allowed to
Access request to described URL.
Detecting black chain method the most according to claim 1, it is characterised in that described reception is for URL
Access request, and download should the web page files of URL include:
Client sends access request for this URL, and is sent to be positioned at network side by described access request
Server;
It is positioned at the server of network side and receives this access request for URL, and download should URL
Web page files.
Detecting black chain method the most according to claim 1, it is characterised in that determined by described judgement
Whether domain name trust angle value meets black chain decision condition set in advance includes:
Judge that domain name is trusted in angle value whether to reach less than the domain name number of the domain name degree of belief threshold value pre-set
To the domain name number pre-set;Or
Judge that whether the domain name of each domain name trusts the average of angle value less than black chain threshold value set in advance.
6. a detecting black chain device, it is characterised in that this device includes that access request receives unit, outside
Link URL extraction unit and black chain identifying unit, wherein:
Access request receives unit, for receiving for the access request of URL, and downloads should URL
Web page files;
External linkage URL extraction unit, for resolve described to should the web page files of URL, to extract
Go out to be contained in the external linkage URL in this web page files;
Black chain identifying unit, for extracting the domain name of described external linkage URL, and according to the territory extracted
The name domain name degree of belief data base that pre-sets of inquiry, with determine whether described external linkage URL comprises black
Chain;The described domain name degree of belief data base pre-set according to the inquiry of the domain name extracted, described to determine
Whether external linkage URL comprises black chain include: the domain name pre-set according to the inquiry of the domain name extracted
Degree of belief data base, to determine that the domain name of each domain name trusts angle value;Domain name determined by judgement trusts angle value
Whether meet black chain decision condition set in advance, if it is, judge described external linkage URL comprises
Black chain, if be unsatisfactory for, then judges not comprise black chain in described external linkage URL.
Detecting black chain device the most according to claim 6, it is characterised in that
External linkage URL extraction unit, for resolve to should the web page files of URL, comprise to obtain
<a>label in this web page files;The hypertext of<a>label acquired in extraction quotes (href) attribute
Value;The href property value identical with the home domain name of this web page files is rejected from the href property value extracted,
And using remaining href property value as the external linkage URL being contained in this web page files.
Detecting black chain device the most according to claim 6, it is characterised in that
Black chain identifying unit, is further used for, when judging to comprise black chain in described external linkage URL, stoping
Access request to described URL, and issue the user with risk alarm message;When judging described external linkage
When URL does not comprises black chain, it is allowed to the access request to described URL.
Detecting black chain device the most according to claim 6, it is characterised in that
Black chain identifying unit, for judging that domain name is trusted in angle value less than the domain name degree of belief thresholding pre-set
Whether the domain name number of value reaches the domain name number pre-set;Or judge that the domain name of each domain name trusts angle value
Whether average is less than black chain threshold value set in advance.
10. a detecting black chain system, it is characterised in that include client and server, wherein:
Client, for sending the access request for URL, and is sent to server by described access request;
Server, for resolve described to should the web page files of URL, be contained in this webpage literary composition to extract
External linkage URL in part, extracts the domain name of described external linkage URL, and according to the territory extracted
The name domain name degree of belief data base that pre-sets of inquiry, with determine whether described external linkage URL comprises black
Chain;The described domain name degree of belief data base pre-set according to the inquiry of the domain name extracted, described to determine
Whether external linkage URL comprises black chain include: the domain name pre-set according to the inquiry of the domain name extracted
Degree of belief data base, to determine that the domain name of each domain name trusts angle value;Domain name determined by judgement trusts angle value
Whether meet black chain decision condition set in advance, if it is, judge described external linkage URL comprises
Black chain, if be unsatisfactory for, then judges not comprise black chain in described external linkage URL.
11. detecting black chain systems according to claim 10, it is characterised in that
Server, for resolve to should the web page files of URL, be contained in this web page files to obtain
<a>label;The hypertext of<a>label acquired in extraction quotes (href) property value;From the href extracted
Property value is rejected the href property value identical with the home domain name of this web page files, and remaining href is belonged to
Property value is as the external linkage URL being contained in this web page files.
12. detecting black chain systems according to claim 10, it is characterised in that
Server, is further used for, when judging to comprise black chain in described external linkage URL, stoping client
Access request to described URL, and send risk alarm message to client;When judging described external linkage
When URL does not comprises black chain, it is allowed to the client access request to described URL.
13. detecting black chain systems according to claim 10, it is characterised in that
Server, it is judged that domain name trusts the domain name in angle value less than the domain name degree of belief threshold value pre-set
Whether number reaches the domain name number pre-set;Or judge whether the domain name of each domain name trusts the average of angle value
Less than black chain threshold value set in advance.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210501415.8A CN103856442B (en) | 2012-11-30 | 2012-11-30 | A kind of detecting black chain methods, devices and systems |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210501415.8A CN103856442B (en) | 2012-11-30 | 2012-11-30 | A kind of detecting black chain methods, devices and systems |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103856442A CN103856442A (en) | 2014-06-11 |
CN103856442B true CN103856442B (en) | 2016-08-17 |
Family
ID=50863664
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210501415.8A Active CN103856442B (en) | 2012-11-30 | 2012-11-30 | A kind of detecting black chain methods, devices and systems |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103856442B (en) |
Families Citing this family (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104239485B (en) * | 2014-09-05 | 2018-05-01 | 中国科学院计算机网络信息中心 | A kind of dark chain detection method in internet based on statistical machine learning |
CN104954867A (en) * | 2015-06-26 | 2015-09-30 | 努比亚技术有限公司 | Media playing method and device |
CN105354511A (en) * | 2015-07-24 | 2016-02-24 | 北京奇虎科技有限公司 | Method and apparatus for detecting page tampering in application |
CN105468974B (en) * | 2015-11-19 | 2018-05-29 | 广东欧珀移动通信有限公司 | A kind of file access method, device and mobile terminal |
CN107239701B (en) | 2016-03-29 | 2020-06-26 | 腾讯科技(深圳)有限公司 | Method and device for identifying malicious website |
CN107294904A (en) * | 2016-03-30 | 2017-10-24 | 深圳市深信服电子科技有限公司 | Server invades detection method and gateway device |
CN105975523A (en) * | 2016-04-28 | 2016-09-28 | 浙江乾冠信息安全研究院有限公司 | Hidden hyperlink detection method based on stack |
US10664332B2 (en) * | 2018-05-25 | 2020-05-26 | Microsoft Technology Licensing, Llc | Application programming interfaces for identifying, using, and managing trusted sources in online and networked content |
CN109388951B (en) * | 2018-10-30 | 2021-10-15 | 郑州市景安网络科技股份有限公司 | Illegal information processing method, device and equipment and readable storage medium |
CN109522494B (en) * | 2018-11-08 | 2020-09-15 | 杭州安恒信息技术股份有限公司 | Dark chain detection method, device, equipment and computer readable storage medium |
CN109784038A (en) * | 2018-12-29 | 2019-05-21 | 北京奇安信科技有限公司 | Detecting black chain method, apparatus, system and computer readable storage medium |
CN111488621A (en) * | 2019-01-25 | 2020-08-04 | 深信服科技股份有限公司 | Method and system for detecting falsified webpage, electronic equipment and storage medium |
CN109981604A (en) * | 2019-03-07 | 2019-07-05 | 北京华安普特网络科技有限公司 | A kind of method of the quick black chain of detection webpage |
CN110309667B (en) * | 2019-04-16 | 2022-08-30 | 网宿科技股份有限公司 | Website hidden link detection method and device |
CN111181756B (en) * | 2019-07-11 | 2021-12-14 | 腾讯科技(深圳)有限公司 | Domain name security judgment method, device, equipment and medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101620627A (en) * | 2008-06-10 | 2010-01-06 | 英特尔公司 | Techniques to establish trust of a web page to prevent malware redirects from web searches or hyperlinks |
CN102567417A (en) * | 2010-12-31 | 2012-07-11 | 百度在线网络技术(北京)有限公司 | Analysis equipment and method for determining reliability of anchor text of hyperlink |
CN102571768A (en) * | 2011-12-26 | 2012-07-11 | 北京大学 | Detection method for phishing site |
CN102622435A (en) * | 2012-02-29 | 2012-08-01 | 百度在线网络技术(北京)有限公司 | Method and device for detecting black chain |
-
2012
- 2012-11-30 CN CN201210501415.8A patent/CN103856442B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101620627A (en) * | 2008-06-10 | 2010-01-06 | 英特尔公司 | Techniques to establish trust of a web page to prevent malware redirects from web searches or hyperlinks |
CN102567417A (en) * | 2010-12-31 | 2012-07-11 | 百度在线网络技术(北京)有限公司 | Analysis equipment and method for determining reliability of anchor text of hyperlink |
CN102571768A (en) * | 2011-12-26 | 2012-07-11 | 北京大学 | Detection method for phishing site |
CN102622435A (en) * | 2012-02-29 | 2012-08-01 | 百度在线网络技术(北京)有限公司 | Method and device for detecting black chain |
Also Published As
Publication number | Publication date |
---|---|
CN103856442A (en) | 2014-06-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103856442B (en) | A kind of detecting black chain methods, devices and systems | |
CN104954372B (en) | A kind of evidence obtaining of fishing website and verification method and system | |
US20240061550A1 (en) | Systems and methods for proactive analysis of artifacts associated with information resources | |
CN111401416B (en) | Abnormal website identification method and device and abnormal countermeasure identification method | |
RU2671991C2 (en) | System and method for collecting information for detecting phishing | |
CN102957664B (en) | A kind of method and device identifying fishing website | |
CN104982011A (en) | Document classification using multiscale text fingerprints | |
CN101087259A (en) | A system for filtering spam in Internet and its implementation method | |
US8347381B1 (en) | Detecting malicious social networking profiles | |
CN103986731A (en) | Method and device for detecting phishing web pages through picture matching | |
CN108259415A (en) | A kind of method and device of mail-detection | |
CN102833258A (en) | Website access method and system | |
CN104168293A (en) | Method and system for recognizing suspicious phishing web page in combination with local content rule base | |
CN104767747A (en) | Click jacking safety detection method and device | |
CN104753730A (en) | Vulnerability detection method and device | |
CN108650260A (en) | A kind of recognition methods of malicious websites and device | |
CN105337993A (en) | Dynamic and static combination-based mail security detection device and method | |
KR102550923B1 (en) | System for blocking harmful site and method thereof | |
RU2676247C1 (en) | Web resources clustering method and computer device | |
Banerjee et al. | SUT: Quantifying and mitigating url typosquatting | |
CN104239582A (en) | Method and device for identifying phishing webpage based on feature vector model | |
RU2701040C1 (en) | Method and a computer for informing on malicious web resources | |
CN103491101A (en) | Phishing website detecting method and device and client-side | |
WO2017142792A1 (en) | Malware identification using qualitative data | |
CN108173814A (en) | Detection method for phishing site, terminal device and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |