CN105635178A - Blocking network access method and device for ensuring safety - Google Patents

Blocking network access method and device for ensuring safety Download PDF

Info

Publication number
CN105635178A
CN105635178A CN201610109172.1A CN201610109172A CN105635178A CN 105635178 A CN105635178 A CN 105635178A CN 201610109172 A CN201610109172 A CN 201610109172A CN 105635178 A CN105635178 A CN 105635178A
Authority
CN
China
Prior art keywords
network access
request
access request
browser kernel
behavior
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610109172.1A
Other languages
Chinese (zh)
Other versions
CN105635178B (en
Inventor
王春雷
熊丽娜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qihoo Technology Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Qizhi Software Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd, Qizhi Software Beijing Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201610109172.1A priority Critical patent/CN105635178B/en
Publication of CN105635178A publication Critical patent/CN105635178A/en
Application granted granted Critical
Publication of CN105635178B publication Critical patent/CN105635178B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a blocking network access method and a blocking network access device for ensuring safety. The method comprises the steps of acquiring a network access request, redirecting the network access request to a local service process, wherein the local service process is provided by a local VPN; in the local service process, constructing message data to notice an application based on a browser core to reinitiate the network access request at preset intervals; extracting at least one resource request link information corresponding to the network access request, and determining that whether the network access behavior is a malicious access behavior through analyzing the at least on resource request link information; and if determining that the network access behavior is the malicious access behavior, creating a non-safety prompt page and presenting to the user after acquiring the reinitiated network access request. By using the method, as being the malicious access behavior, the network access behavior is blocked, and the non-safety prompt page is presented to the user, thus the bad influence brought to the user by the malicious access behavior is effectively contained.

Description

Ensure block type network access method and the device of safety
Technical field
The present invention relates to Internet technical field, it is specifically related to a kind of ensure safe block type network access method and device.
Background technology
Along with the development of mobile interchange network technology, more and more users has got used to passing through surfing Internet with cell phone, and the application that can be applicable on smart mobile phone also gets more and more, it is very easy to the life of user, but meanwhile also brings much mobile phone safe hidden danger to user. Owing to, for PC, the secret of mobile phone is stronger, and therefore mobile phone safe hidden danger is bigger to the threat of user. Such as, some malice access and mobile phone hackers etc. can make user's cost expenditure without reason, steal user mobile phone information or bring other forms of loss to user.
Having provided networking fireproof brickwork technology in the prior art, user utilizes networking fireproof brickwork can realize managing and control application program, arrange the functions such as black and white list, to strengthen the security of surfing Internet with cell phone. But owing to the authority of mobile phone operating system limits, existing networking fireproof brickwork needs to obtain root authority could realize above-mentioned functions, and it is generally required to root authority could be obtained by brush machine. In addition, in some cases, even if networking fireproof brickwork has root authority, also cannot manage effectively, comprehensively and control application program. How can facilitate, effectively to strengthen the security of surfing Internet with cell phone, become the problem that is needed badly solution.
Summary of the invention
In view of the above problems, it is proposed that the present invention overcomes the problems referred to above or the block type network access method of guarantee safety solved the problem at least in part and device to provide a kind of, has effectively contained that malice access behavior brings detrimentally affect to user.
According to an aspect of the present invention, it provides a kind of ensure safe block type network access method, the method comprises:
Obtaining network access request, network access request is redirected to local service process, local service process is provided by local VPN service;
In local service process, it is to construct message data to notify the application based on browser kernel again initiate network access request every the default time; Further, at least one resource request link information that this network access request is corresponding is extracted, by analyzing at least one resource request link information, it is determined that whether network access behavior is malice access behavior;
If determining, network access behavior is malice access behavior, then, after getting the network access request again initiated, create and show the non-security prompting page to user.
According to a further aspect in the invention, it provides a kind of ensure safe block type network access device, this device comprises:
Acquisition module, is suitable for obtaining network access request, network access request is redirected to local service process, and local service process is provided by local VPN service;
Constructing module, is suitable in local service process, it is to construct message data to notify the application based on browser kernel again initiate network access request every the default time;
Extraction module, is suitable for extracting at least one resource request link information corresponding to this network access request;
Analyze module, be suitable for by analyzing at least one resource request link information, it is determined that whether network access behavior is malice access behavior;
Display module, if being suitable for determining that network access behavior is malice access behavior, then, after getting the network access request again initiated, creates and shows the non-security prompting page to user.
According to technical scheme provided by the invention, by the local service process provided by local VPN service, the network access request of acquisition is redirected to local service process, and in local service process, structure message data to notify the application based on browser kernel again initiate network access request every the default time, and, extract at least one resource request link information that this network access request is corresponding, by analyzing at least one resource request link information, determine whether network access behavior is malice access behavior, if it is determined that network access behavior is malice access behavior, then after getting the network access request again initiated, create and show the non-security prompting page to user. according to technical scheme provided by the invention, when client terminal initiates network access request, can because network access behavior be malice access behavior and be prevented from, and show the non-security prompting page to user, to point out user to note, thus prevent the flow produced by this network access request, also effectively contain that malice access behavior brings detrimentally affect to user. and technical scheme provided by the invention utilizes the specific of VPN service high-speed and safety, it is not necessary to obtain root authority and can realize stoping malice access behavior.
Above-mentioned explanation is only the general introduction of technical solution of the present invention, in order to the technique means of the present invention can be better understood, and can be implemented according to the content of specification sheets, and in order to above and other objects of the present invention, feature and advantage can be become apparent, below especially exemplified by the specific embodiment of the present invention.
Accompanying drawing explanation
By reading hereafter detailed description of the preferred embodiment, various other advantage and benefit will become clear for those of ordinary skill in the art and understand. Accompanying drawing is only for illustrating the object of preferred implementation, and does not think limitation of the present invention. And in whole accompanying drawing, represent identical parts with identical reference symbol. In the accompanying drawings:
Fig. 1 shows the schematic flow sheet ensureing safe block type network access method according to an embodiment of the invention;
Fig. 2 shows the schematic flow sheet ensureing safe block type network access method in accordance with another embodiment of the present invention;
Fig. 3 shows the function block diagram ensureing safe block type network access device according to an embodiment of the invention;
Fig. 4 shows the function block diagram ensureing safe block type network access device in accordance with another embodiment of the present invention.
Embodiment
Exemplary embodiment of the present disclosure is described below with reference to accompanying drawings more in detail. Although show exemplary embodiment of the present disclosure in accompanying drawing, it should be understood, however, that the embodiment that can realize the disclosure in a variety of manners and should do not set forth here limits. On the contrary, it is provided that these embodiments are to can more thoroughly understand the disclosure, and can pass on complete for the scope of the present disclosure to the technician of this area.
Local VPN (virtual private network, the VirtualPrivateNetwork) service that the embodiment of the present invention is based on the establishment of client terminal inside realizes. Herein, client terminal can be the terminating unit such as smart mobile phone, plate type computer. The operating system of client terminal, for the ease of using VPN service, has opened multiple system interface (API), and when obtaining user and confirm, VPN service can obtain the authority of other application of control and management. The API that the embodiment of the present invention is provided by call operation system, the VPN service of client terminal inside is opened, when accesses network is wanted in other application of client terminal, the network connecting request that application is initiated is all through the process of local VPN service so that client terminal can effective and safe accessing network resource.
For one application scene, client terminal install or initiating switchup for realize the present invention program independent application (hereinafter referred to as the present invention application) time, the present invention applies to be needed to create local VPN service, now the present invention application sends the information trusted or distrust this application to user, if user selects to trust, then the present invention applies and creates local VPN service. After creating local VPN and serving, owing to allowing the application in VPN framework that other application is had higher control in operating system framework, apply so the present invention applies the control rank for network access request higher than other. When the network connection that user to be used some application and hope these application to be initiated in the processes using these application processes, starting the present invention's application of the local VPN service of above-mentioned establishment, that clicks the present invention's application arranges switch for starting VPN service. After starting VPN service, perform the method that the present embodiment provides.
Fig. 1 shows the schematic flow sheet ensureing safe block type network access method according to an embodiment of the invention, and as shown in Figure 1, the method comprises the steps:
Step S100, obtains network access request, network access request is redirected to local service process, and local service process is provided by local VPN service.
Based on description above it will be seen that after the present invention applies the local VPN service of establishment, the present invention's application is applied higher than other for the control rank of network access request. When other application sends network access request, the present invention's application can tackle network access request, and local service process network access request being redirected in the present invention's application carries out subsequent disposal. It is applied as example with micro-letter, when user starts micro-letter application initiation network access request, apply higher than micro-letter owing to the present invention applies the control rank for network access request, the present invention applies this network access request of interception, and local service process network access request being redirected in the present invention's application carries out subsequent disposal.
Step S101, in local service process, it is to construct message data to notify the application based on browser kernel again initiate network access request every the default time.
Wherein, the application based on browser kernel comprises various browser application, also comprises micro-letter application etc. The default time can specifically be arranged according to actual needs, does not limit herein. Such as, the default time is set to 100ms, so step S100 by micro-letter application initiate network access request be redirected to local service process after, in step S101, it is to construct message data with notify micro-letter apply again initiate network access request every 100ms.
Owing to the present invention makes the application based on browser kernel again initiate network access request every the default time by the structure of message data, therefore it is only in this course and conducts interviews in this locality, externally do not ask network, thus save flow, can not bring detrimentally affect to user yet.
Step S102, extracts at least one resource request link information that this network access request is corresponding.
Specifically, the resource request link information in the resource request link information in homepage face corresponding to network access request, the resource request link information of father's page in this homepage face and the subpage face in this homepage face can be extracted. Therefore, the present invention can extract the resource request link information of its correspondence according to network access request comprehensively.
Step S103, by analyzing at least one resource request link information, it is determined that whether network access behavior is malice access behavior; If then performing step S104.
After extracting at least one resource request link information, at least one resource request is linked information and analyzes. By analyzing at least one resource request link information, it is determined that whether network access behavior is malice access behavior.
Step S104, after getting the network access request again initiated, creates and shows the non-security prompting page to user.
In step S103 by analyzing at least one resource request link information, determine network access behavior be malice access behavior time, then after getting the network access request again initiated, step S104 does not respond this network access request, but create the non-security prompting page, and show this non-security prompting page to user, thus prevent the flow produced by this network access request, also effectively contain that malice access behavior brings detrimentally affect to user. Wherein, the non-security prompting page can comprise the information such as the statement pointing out user or picture, such as, when user wants to open a webpage, through determining that this webpage is malicious web pages, then the non-security prompting page can comprise the information of " * * * * You are prompted with: this webpage is malicious web pages ".
Block type network access method according to the guarantee safety that the present embodiment provides, by the local service process provided by local VPN service, the network access request of acquisition is redirected to local service process, and in local service process, structure message data to notify the application based on browser kernel again initiate network access request every the default time, and, extract at least one resource request link information that this network access request is corresponding, by analyzing at least one resource request link information, determine whether network access behavior is malice access behavior, if it is determined that network access behavior is malice access behavior, then after getting the network access request again initiated, create and show the non-security prompting page to user. according to technical scheme provided by the invention, when client terminal initiates network access request, can because network access behavior be malice access behavior and be prevented from, and show the non-security prompting page to user, to point out user to note, thus prevent the flow produced by this network access request, also effectively contain that malice access behavior brings detrimentally affect to user. and technical scheme provided by the invention utilizes the specific of VPN service high-speed and safety, it is not necessary to obtain root authority and can realize stoping malice access behavior.
Fig. 2 shows the schematic flow sheet ensureing safe block type network access method in accordance with another embodiment of the present invention, and as shown in Figure 2, the method comprises the steps:
Step S200, obtains network access request, network access request is redirected to local service process, and local service process is provided by local VPN service.
Carry out in the process of network access in client terminal, need to send network access request, before the present embodiment sends network access request in client terminal, obtain this network access request, then network access request is redirected to the local service process provided by local VPN service.
Step S201, in local service process, judges whether network access request is the request that the application based on browser kernel is initiated; If then performing step S202; If not, then the method terminates.
Owing to present method is applicable to the network access request that the application based on browser kernel (such as micro-letter application etc.) initiates, therefore for the ease of the execution of subsequent step, it is necessary to carry out the judgement whether this network access request is the request that the application based on browser kernel is initiated in step s 201. Specifically, can first resolve the head information of network access request, obtain user agent's character string, it is then the request initiated of the application based on browser kernel or the request do not initiated based on the application of browser kernel according to user agent's character string diffServ network access request. Owing to user agent's character string is included as the detailed information of server offer, such as browser kind of information, version information and operation system information etc. Can conveniently distinguish whether this network access request is the request that the application based on browser kernel is initiated according to user agent's character string.
Step S202, it is to construct redirect response message, the location field record of redirect response message be link corresponding to network access request.
Wherein, the location field record of the redirect response message constructed be link corresponding to network access request, instead of new link.
Step S203, returns to the application based on browser kernel by redirect response message, to notify that the application based on browser kernel initiates network access request again every the default time.
Due to the location field record of redirect response message that constructs is link corresponding to network access request, so after redirect response message is returned to the application based on browser kernel, the application based on browser kernel can initiate network access request again every the default time. Wherein, the default time can specifically be arranged according to actual needs, does not limit herein.
Owing to the present invention makes the application based on browser kernel again initiate network access request every the default time by the structure of redirect response message, therefore it is only in this course and conducts interviews in this locality, externally do not ask network, thus save flow.
Step S204, extracts at least one resource request link information that this network access request is corresponding.
Specifically, the resource request link information in the resource request link information in homepage face corresponding to network access request, the resource request link information of father's page in this homepage face and the subpage face in this homepage face can be extracted. Therefore, the present invention can extract the resource request link information of its correspondence according to network access request comprehensively.
Step S205, extracts at least one resource request link domain name corresponding to information and/or IP and/or path.
Whether step S206, nslookup and/or IP and/or path mate with local White List; Mate with local White List if inquiry obtains domain name and/or IP and/or path, then the method terminates; Do not mate with local White List if inquiry obtains domain name and/or IP and/or path, then perform step S207.
Preserving local White List in client terminal, what record in this this locality White List is common, domain name through safety certification, IP and path, and wherein, the domain name through safety certification comprises 360.cn, taobao.com and sohu.com etc. Local White List can generate according to the configuration of user, it is also possible to obtains from high in the clouds. Mating with local White List if inquiry obtains domain name and/or IP and/or path, then determine that network access behavior is not malice access behavior, the method terminates; Do not mate with local White List if inquiry obtains domain name and/or IP and/or path, then perform step S207.
Whether step S207, nslookup and/or IP and/or path mate with local Black List; Mate with local Black List if inquiry obtains domain name and/or IP and/or path, then perform step S210; Do not mate with local Black List if inquiry obtains domain name and/or IP and/or path, then perform step S208.
Also preserving local Black List in client terminal, in this this locality Black List, record is the domain name for danger common, authenticated, IP and path. Local Black List can generate according to the configuration of user, it is also possible to obtain the domain name of the danger that high in the clouds is collected in advance, IP and path from high in the clouds. Mate with local Black List if inquiry obtains domain name and/or IP and/or path, then determine that network access behavior is malice access behavior, then perform step S210; Do not mate with local Black List if inquiry obtains domain name and/or IP and/or path, then perform step S208.
Step S208, links information by resource request and is sent to high in the clouds.
Obtain domain name and/or IP and/or path and the local unmatched situation of Black List in inquiry under, in order to more accurately determine whether network access behavior is malice access behavior, resource request can be linked information and be sent to high in the clouds, to carry out high in the clouds coupling.
According to high in the clouds matching result, step S209, determines whether network access behavior is malice access behavior; If, then step S210; If not, then the method terminates.
If determining network access behavior according to high in the clouds matching result is malice access behavior, then perform step S210; If determining network access behavior according to high in the clouds matching result is not malice access behavior, then the method terminates.
Step S210, after getting the network access request again initiated, creates and shows the non-security prompting page to user.
When determining network access behavior and be malice access behavior, then after getting the network access request again initiated, do not respond this network access request, but create the non-security prompting page, and show this non-security prompting page to user, thus prevent the flow produced by this network access request, also effectively contain that malice access behavior brings detrimentally affect to user. Wherein, the non-security prompting page can comprise the information such as the statement pointing out user or picture.
Block type network access method according to the guarantee safety that the present embodiment provides, by the local service process provided by local VPN service, the network access request of acquisition is redirected to local service process, and in local service process, when judging that network access request is the request that the application based on browser kernel is initiated, structure redirect response message, redirect response message is returned to the application based on browser kernel, to notify that the application based on browser kernel initiates network access request again every the default time, then at least one resource request link information corresponding to this network access request and at least one resource request link domain name corresponding to information and/or IP and/or path is extracted, then by domain name and/or IP and/or path and local White List, local Black List and high in the clouds are mated, if it is determined that network access behavior is malice access behavior, then after getting the network access request again initiated, create and show the non-security prompting page to user. according to technical scheme provided by the invention, when client terminal initiates network access request, can because network access behavior be malice access behavior and be prevented from, and show the non-security prompting page to user, to point out user to note, thus prevent the flow produced by this network access request, also effectively contain that malice access behavior brings detrimentally affect to user. in addition, technical scheme provided by the invention inquires about, by local White List inquiry, local Black List inquiry and high in the clouds, the mode combined, and more accurately determines whether network access behavior is malice access behavior. and technical scheme provided by the invention utilizes the specific of VPN service high-speed and safety, it is not necessary to obtain root authority and can realize stoping malice access behavior.
Fig. 3 shows the function block diagram ensureing safe block type network access device according to an embodiment of the invention, and as shown in Figure 3, this device comprises: acquisition module 310, constructing module 320, extraction module 330, analysis module 340 and display module 350.
Acquisition module 310 is suitable for: obtain network access request, network access request is redirected to local service process, and local service process is provided by local VPN service.
Carry out in the process of network access in client terminal, need to send network access request, before the present embodiment sends network access request in client terminal, obtain this network access request, then network access request is redirected to the local service process provided by local VPN service.
Constructing module 320 is suitable for: in local service process, it is to construct message data to notify the application based on browser kernel again initiate network access request every the default time.
After network access request is redirected to local service process by acquisition module 310, in local service process, it is to construct module 320 constructs message data, to notify that the application based on browser kernel initiates network access request again every the default time. Wherein, application based on browser kernel comprises micro-letter application etc. The default time can specifically be arranged according to actual needs, does not limit herein. Such as, the default time is set to 100ms. Owing to the present invention makes the application based on browser kernel again initiate network access request every the default time by the structure of message data, therefore it is only in this course and conducts interviews in this locality, externally do not ask network, thus save flow, can not bring detrimentally affect to user yet.
Extraction module 330 is suitable for: extract at least one resource request link information that this network access request is corresponding.
Analyze module 340 to be suitable for: by analyzing at least one resource request link information, it is determined that whether network access behavior is malice access behavior.
Display module 350 is suitable for: if determining, network access behavior is malice access behavior, then, after getting the network access request again initiated, create and show the non-security prompting page to user.
In analysis module 340 by analyzing at least one resource request link information, determine network access behavior be malice access behavior time, display module 350 is after getting the network access request again initiated, do not respond this network access request, but create the non-security prompting page, and show this non-security prompting page to user, thus prevent the flow produced by this network access request, also effectively contain that malice access behavior brings detrimentally affect to user. Wherein, the non-security prompting page can comprise the information such as the statement pointing out user or picture.
Block type network access device according to the guarantee safety that the present embodiment provides, acquisition module obtains network access request, network access request is redirected to local service process, and in local service process, constructing module structure message data to notify the application based on browser kernel again initiate network access request every the default time, extraction module extracts at least one resource request link information corresponding to this network access request, analyze module by analyzing at least one resource request link information, determine whether network access behavior is malice access behavior, if it is determined that network access behavior is malice access behavior, display module is after getting the network access request again initiated, create and show the non-security prompting page to user. according to technical scheme provided by the invention, when client terminal initiates network access request, can because network access behavior be malice access behavior and be prevented from, and show the non-security prompting page to user, to point out user to note, thus prevent the flow produced by this network access request, also effectively contain that malice access behavior brings detrimentally affect to user. and technical scheme provided by the invention utilizes the specific of VPN service high-speed and safety, it is not necessary to obtain root authority and can realize stoping malice access behavior.
Fig. 4 shows the function block diagram ensureing safe block type network access device in accordance with another embodiment of the present invention, as shown in Figure 4, this device comprises: acquisition module 410, judges module 420, constructing module 430, extraction module 440, analyze module 450 and display module 460.
Acquisition module 410 is suitable for: obtain network access request, network access request is redirected to local service process, and local service process is provided by local VPN service.
Judge that module 420 is suitable for: judge whether network access request is the request applied based on browser kernel.
Owing to this device is applicable to the network access request that the application based on browser kernel (such as micro-letter application etc.) initiates, it is thus desirable to judge that module 420 carries out the judgement whether this network access request is the request that the application based on browser kernel is initiated.
Judge that module 420 is further adapted for: the head information resolving network access request, obtain user agent's character string; It is the request initiated of the application based on browser kernel or the request do not initiated based on the application of browser kernel according to user agent's character string diffServ network access request. Owing to user agent's character string is included as the detailed information of server offer, such as browser kind of information, version information and operation system information etc. Can conveniently distinguish whether this network access request is the request that the application based on browser kernel is initiated according to user agent's character string.
Constructing module 430 is suitable for: when judging that module 420 judges that network access request is the request that the application based on browser kernel is initiated, it is to construct message data to notify the application based on browser kernel again initiate network access request every the default time.
Constructing module 430 is further adapted for: structure redirect response message, the location field record of redirect response message be link corresponding to network access request; Redirect response message is returned to the application based on browser kernel, to notify that the application based on browser kernel initiates network access request again every the default time. Wherein, the location field record of the redirect response message constructed be link corresponding to network access request, instead of new link, so after redirect response message is returned to the application based on browser kernel, the application based on browser kernel can initiate network access request again every the default time. Wherein, the default time can specifically be arranged according to actual needs, does not limit herein. Owing to this device makes the application based on browser kernel again initiate network access request every the default time by the structure of redirect response message, therefore it is only in this course and conducts interviews in this locality, externally do not ask network, thus save flow.
Extraction module 440 is suitable for: extract at least one resource request link information that this network access request is corresponding.
Extraction module 440 is further adapted for: the resource request link information extracting the resource request link information in homepage face corresponding to network access request, the resource request link information of father's page in this homepage face and the subpage face in this homepage face. Therefore, this device can extract resource request link information corresponding to this network access request comprehensively.
Analyze module 450 to be suitable for: extract at least one resource request link domain name corresponding to information and/or IP and/or path, domain name and/or IP and/or path are mated with local White List and/or this locality Black List; If domain name and/or IP and/or path mates with local White List, then determine that network access behavior is not maliciously access behavior; If domain name and/or IP and/or path mates with local Black List, then determine that network access behavior is maliciously access behavior.
Analyze module 450 to be also suitable for: if domain name and/or IP and/or path are not mated with local White List and/or local Black List, then resource request is linked information and be sent to high in the clouds, determine whether network access behavior is maliciously access behavior according to high in the clouds matching result.
Display module 460 is suitable for: if determining, network access behavior is malice access behavior, then, after getting the network access request again initiated, create and show the non-security prompting page to user.
When analyze module 450 determine network access behavior be malice access behavior, display module 460 is after getting the network access request again initiated, do not respond this network access request, but create the non-security prompting page, and show this non-security prompting page to user, thus prevent the flow produced by this network access request, also effectively contain that malice access behavior brings detrimentally affect to user. Wherein, the non-security prompting page can comprise the information such as the statement pointing out user or picture.
Block type network access device according to the guarantee safety that the present embodiment provides, acquisition module obtains network access request, network access request is redirected to local service process, and in local service process, when judging that module judges that network access request is the request that the application based on browser kernel is initiated, constructing module structure redirect response message, redirect response message is returned to the application based on browser kernel, to notify that the application based on browser kernel initiates network access request again every the default time, then extraction module extracts at least one resource request link information corresponding to this network access request, analyze module and extract at least one resource request link domain name corresponding to information and/or IP and/or path, and by domain name and/or IP and/or path and local White List, local Black List and high in the clouds are mated, determine whether network access behavior is malice access behavior, if it is malice access behavior that analysis module determines network access behavior, display module is after getting the network access request again initiated, create and show the non-security prompting page to user. according to technical scheme provided by the invention, when client terminal initiates network access request, can because network access behavior be malice access behavior and be prevented from, and show the non-security prompting page to user, to point out user to note, thus prevent the flow produced by this network access request, also effectively contain that malice access behavior brings detrimentally affect to user. in addition, technical scheme provided by the invention inquires about, by local White List inquiry, local Black List inquiry and high in the clouds, the mode combined, and more accurately determines whether network access behavior is malice access behavior. and technical scheme provided by the invention utilizes the specific of VPN service high-speed and safety, it is not necessary to obtain root authority and can realize stoping malice access behavior.
Intrinsic not relevant to any certain computer, virtual system or other equipment with display at this algorithm provided. Various general-purpose system can also with use based on together with this teaching. According to description above, it is to construct the structure required by this type systematic is apparent. In addition, the present invention is not also for any certain programmed language. It should be appreciated that various programming language can be utilized to realize the content of the present invention described here, and the description done by language-specific above is the preferred forms in order to disclose the present invention.
In specification sheets mentioned herein, describe a large amount of detail. However, it is understood that embodiments of the invention can be put into practice when not having these details. In some instances, it is not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, it is to be understood that, one or more in order to what simplify the disclosure and help to understand in each inventive aspect, above to, in the description of the exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or the description to it sometimes. But, the method for the disclosure should be construed to the following intention of reflection: namely the present invention for required protection requires feature more more than the feature clearly recorded in each claim. More properly saying, as reflected in claim book below, inventive aspect is all features less than disclosed single embodiment above. Therefore, the claim book following embodiment is thus incorporated to this embodiment clearly, and wherein each claim itself is as the independent embodiment of the present invention.
Those skilled in the art it can be appreciated that the module in the equipment in embodiment can be carried out adaptively change and they are arranged in one or more equipment different from this embodiment. Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and multiple submodule block or subelement or subgroup part can be put them in addition. Except at least some in such feature and/or process or unit mutually repels, it is possible to adopt any combination all processes or the unit of all features disclosed in this specification sheets (comprising adjoint claim, summary and accompanying drawing) and so disclosed any method or equipment to be combined. Unless expressly stated otherwise, each feature disclosed in this specification sheets (comprising adjoint claim, summary and accompanying drawing) can by providing alternative features that is identical, equivalent or similar object to replace.
In addition, the technician of this area can understand, although embodiments more described herein comprise in other embodiment some included feature instead of further feature, but the combination of the feature of different embodiment means to be within the scope of the present invention and forms different embodiments. Such as, in the following claims, the one of any of claimed embodiment can use with arbitrary array mode.
Each parts embodiment of the present invention with hardware implementing, or can realize with the software module run on one or more treater, or realizes with their combination. It will be understood by one skilled in the art that the some or all functions of the some or all parts that microprocessor or digital signal processor (DSP) can be used in practice to realize according to embodiments of the present invention. Such as, the present invention can also be embodied as part or all the equipment for performing method as described herein or device program (computer program and computer program). The program of such the present invention of realization can store on a computer-readable medium, or can have the form of one or more signal. Such signal can be downloaded from internet website and obtain, or provides on carrier signal, or provides with any other form.
Should it is to be noted that above-described embodiment the present invention will be described instead of limits the invention, and those skilled in the art can design alternative embodiment when not departing from the scope of claims. In the claims, it should not any reference symbol construction between bracket is become limitations on claims. Word " comprises " element or step not getting rid of and exist and do not arrange in the claims. Word "a" or "an" before being positioned at element is not got rid of and be there is multiple such element. The present invention can by means of including the hardware of some different elements and realize by means of the computer suitably programmed. In the unit claim listing some devices, some in these devices can be carry out particular embodiment by same hardware branch. Word first, second and third-class use do not represent any order. Can be title by these word explanations.
The present invention discloses:
A1, a kind of ensure safe block type network access method, comprising:
Obtaining network access request, described network access request is redirected to local service process, described local service process is provided by local VPN service;
In described local service process, it is to construct message data to notify the described application based on browser kernel again initiate network access request every the default time; Further, at least one resource request link information that this network access request is corresponding is extracted, by analyzing at least one resource request link information, it is determined that whether network access behavior is malice access behavior;
If determining, network access behavior is malice access behavior, then, after getting the network access request again initiated, create and show the non-security prompting page to user.
A2, method according to A1, before described structure message data, described method also comprises: judge whether described network access request is the request that the application based on browser kernel is initiated;
Described structure message data taking notify the described application based on browser kernel every the default time again initiate network access request further as: when judging that described network access request is the request that the application based on browser kernel is initiated, it is to construct message data to notify the described application based on browser kernel again initiate network access request every the default time.
A3, method according to A2, described judge whether described network access request is that the request that the application based on browser kernel is initiated comprises further:
Resolve the head information of described network access request, obtain user agent's character string;
It is the request initiated of the application based on browser kernel or the request do not initiated based on the application of browser kernel according to described user agent's character string diffServ network access request.
A4, method according to A2 or A3, described structure message data to notify the described application based on browser kernel again initiate network access request every the default time and comprise further:
Structure redirect response message, the location field record of described redirect response message be link corresponding to network access request;
Redirect response message is returned to the described application based on browser kernel, to notify that the described application based on browser kernel initiates network access request again every the default time.
A5, method according to the arbitrary item of A1-A4, at least one resource request link information corresponding to this network access request of described extraction comprises further: the resource request link information extracting the resource request link information in homepage face corresponding to described network access request, the resource request link information of father's page in this homepage face and the subpage face in this homepage face.
A6, method according to the arbitrary item of A1-A5, described by analyzing at least one resource request link information, it is determined that whether network access behavior is that malicious act comprises further:
Extract domain name corresponding at least one resource request described link information and/or IP and/or path, domain name and/or IP and/or path are mated with local White List and/or this locality Black List;
If domain name and/or IP and/or path mates with local White List, then determine that network access behavior is not maliciously access behavior; If domain name and/or IP and/or path mates with local Black List, then determine that network access behavior is maliciously access behavior.
A7, method according to A6, described by analyzing at least one resource request link information, it is determined that whether network access behavior is that malice access behavior also comprises:
If domain name and/or IP and/or path are not mated with local White List and/or local Black List, then resource request is linked information and it is sent to high in the clouds, determine whether network access behavior is malice access behavior according to high in the clouds matching result.
B8, a kind of ensure safe block type network access device, comprising:
Acquisition module, is suitable for obtaining network access request, described network access request is redirected to local service process, and described local service process is provided by local VPN service;
Constructing module, is suitable in described local service process, it is to construct message data to notify the described application based on browser kernel again initiate network access request every the default time;
Extraction module, is suitable for extracting at least one resource request link information corresponding to this network access request;
Analyze module, be suitable for by analyzing at least one resource request link information, it is determined that whether network access behavior is malice access behavior;
Display module, if being suitable for determining that network access behavior is malice access behavior, then, after getting the network access request again initiated, creates and shows the non-security prompting page to user.
B9, device according to B8, also comprise: judge module, be suitable for judging whether described network access request is the request that the application based on browser kernel is initiated;
Described constructing module is further adapted for: when described judgement module judges that described network access request is the request that the application based on browser kernel is initiated, it is to construct message data to notify the described application based on browser kernel again initiate network access request every the default time.
B10, device according to B9, described judgement module is further adapted for:
Resolve the head information of described network access request, obtain user agent's character string;
It is the request initiated of the application based on browser kernel or the request do not initiated based on the application of browser kernel according to described user agent's character string diffServ network access request.
B11, device according to B9 or B10, described constructing module is further adapted for:
Structure redirect response message, the location field record of described redirect response message be link corresponding to network access request;
Redirect response message is returned to the described application based on browser kernel, to notify that the described application based on browser kernel initiates network access request again every the default time.
B12, device according to the arbitrary item of B9-B11, described extraction module is further adapted for: the resource request link information extracting the resource request link information in homepage face corresponding to described network access request, the resource request link information of father's page in this homepage face and the subpage face in this homepage face.
B13, device according to the arbitrary item of B9-B12, described analysis module is further adapted for:
Extract domain name corresponding at least one resource request described link information and/or IP and/or path, domain name and/or IP and/or path are mated with local White List and/or this locality Black List;
If domain name and/or IP and/or path mates with local White List, then determine that network access behavior is not maliciously access behavior; If domain name and/or IP and/or path mates with local Black List, then determine that network access behavior is maliciously access behavior.
B14, device according to B13, described analysis module is also suitable for: if domain name and/or IP and/or path are not mated with local White List and/or local Black List, then resource request is linked information and it is sent to high in the clouds, determine whether network access behavior is malice access behavior according to high in the clouds matching result.

Claims (10)

1. one kind ensures safe block type network access method, comprising:
Obtaining network access request, described network access request is redirected to local service process, described local service process is provided by local VPN service;
In described local service process, it is to construct message data to notify the described application based on browser kernel again initiate network access request every the default time; Further, at least one resource request link information that this network access request is corresponding is extracted, by analyzing at least one resource request link information, it is determined that whether network access behavior is malice access behavior;
If determining, network access behavior is malice access behavior, then, after getting the network access request again initiated, create and show the non-security prompting page to user.
2. method according to claim 1, before described structure message data, described method also comprises: judge whether described network access request is the request that the application based on browser kernel is initiated;
Described structure message data taking notify the described application based on browser kernel every the default time again initiate network access request further as: when judging that described network access request is the request that the application based on browser kernel is initiated, it is to construct message data to notify the described application based on browser kernel again initiate network access request every the default time.
3. method according to claim 2, described judges whether described network access request is that the request that the application based on browser kernel is initiated comprises further:
Resolve the head information of described network access request, obtain user agent's character string;
It is the request initiated of the application based on browser kernel or the request do not initiated based on the application of browser kernel according to described user agent's character string diffServ network access request.
According to the method in claim 2 or 3,4. described structure message data to notify the described application based on browser kernel again initiate network access request every the default time and comprise further:
Structure redirect response message, the location field record of described redirect response message be link corresponding to network access request;
Redirect response message is returned to the described application based on browser kernel, to notify that the described application based on browser kernel initiates network access request again every the default time.
5. method according to the arbitrary item of claim 1-4, at least one resource request link information corresponding to this network access request of described extraction comprises further: the resource request link information extracting the resource request link information in homepage face corresponding to described network access request, the resource request link information of father's page in this homepage face and the subpage face in this homepage face.
6. method according to the arbitrary item of claim 1-5, described by analyzing at least one resource request link information, it is determined that whether network access behavior is that malicious act comprises further:
Extract domain name corresponding at least one resource request described link information and/or IP and/or path, domain name and/or IP and/or path are mated with local White List and/or this locality Black List;
If domain name and/or IP and/or path mates with local White List, then determine that network access behavior is not maliciously access behavior; If domain name and/or IP and/or path mates with local Black List, then determine that network access behavior is maliciously access behavior.
7. method according to claim 6, described by analyzing at least one resource request link information, it is determined that whether network access behavior is that malice access behavior also comprises:
If domain name and/or IP and/or path are not mated with local White List and/or local Black List, then resource request is linked information and it is sent to high in the clouds, determine whether network access behavior is malice access behavior according to high in the clouds matching result.
8. ensure a safe block type network access device, comprising:
Acquisition module, is suitable for obtaining network access request, described network access request is redirected to local service process, and described local service process is provided by local VPN service;
Constructing module, is suitable in described local service process, it is to construct message data to notify the described application based on browser kernel again initiate network access request every the default time;
Extraction module, is suitable for extracting at least one resource request link information corresponding to this network access request;
Analyze module, be suitable for by analyzing at least one resource request link information, it is determined that whether network access behavior is malice access behavior;
Display module, if being suitable for determining that network access behavior is malice access behavior, then, after getting the network access request again initiated, creates and shows the non-security prompting page to user.
9. device according to claim 8, also comprises: judge module, is suitable for judging whether described network access request is the request that the application based on browser kernel is initiated;
Described constructing module is further adapted for: when described judgement module judges that described network access request is the request that the application based on browser kernel is initiated, it is to construct message data to notify the described application based on browser kernel again initiate network access request every the default time.
10. device according to claim 9, described judgement module is further adapted for:
Resolve the head information of described network access request, obtain user agent's character string;
It is the request initiated of the application based on browser kernel or the request do not initiated based on the application of browser kernel according to described user agent's character string diffServ network access request.
CN201610109172.1A 2016-02-26 2016-02-26 Ensure the block type Network Access Method and device of safety Active CN105635178B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610109172.1A CN105635178B (en) 2016-02-26 2016-02-26 Ensure the block type Network Access Method and device of safety

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610109172.1A CN105635178B (en) 2016-02-26 2016-02-26 Ensure the block type Network Access Method and device of safety

Publications (2)

Publication Number Publication Date
CN105635178A true CN105635178A (en) 2016-06-01
CN105635178B CN105635178B (en) 2018-06-22

Family

ID=56049666

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610109172.1A Active CN105635178B (en) 2016-02-26 2016-02-26 Ensure the block type Network Access Method and device of safety

Country Status (1)

Country Link
CN (1) CN105635178B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107968783A (en) * 2017-11-30 2018-04-27 腾讯科技(深圳)有限公司 Flow managing method, device, terminal and computer-readable recording medium
CN108390808A (en) * 2017-02-03 2018-08-10 阿里巴巴集团控股有限公司 Communication processing method and device
CN108401262A (en) * 2018-02-06 2018-08-14 武汉斗鱼网络科技有限公司 A kind of method and device that terminal applies communication data is obtained and analyzed
CN108965251A (en) * 2018-06-08 2018-12-07 广州大学 A kind of safe mobile phone guard system that cloud combines
CN109462589A (en) * 2018-11-13 2019-03-12 北京天融信网络安全技术有限公司 The method, device and equipment of application program NS software
CN109756992A (en) * 2017-08-24 2019-05-14 阿里巴巴集团控股有限公司 Create the methods, devices and systems of network connection
CN109801092A (en) * 2017-11-16 2019-05-24 腾讯科技(武汉)有限公司 Resource security management method, device, computer equipment and storage medium
CN109802919A (en) * 2017-11-16 2019-05-24 中移(杭州)信息技术有限公司 A kind of web page access interception method and device
CN112165474A (en) * 2020-09-22 2021-01-01 珠海市魅族科技有限公司 Network monitoring method and device
CN113452645A (en) * 2020-03-24 2021-09-28 腾讯科技(深圳)有限公司 Man-in-the-middle attack detection method, apparatus, computer device and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120254429A1 (en) * 2011-03-31 2012-10-04 International Business Machine Corporation Non-Intrusive Single Sign-On Mechanism in Cloud Services
CN104092691A (en) * 2014-07-15 2014-10-08 北京奇虎科技有限公司 Implementation method for implementing root-authority-free networking firewall and client-side
CN104484259A (en) * 2014-11-25 2015-04-01 北京奇虎科技有限公司 Application program traffic monitoring method and device, and mobile terminal

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120254429A1 (en) * 2011-03-31 2012-10-04 International Business Machine Corporation Non-Intrusive Single Sign-On Mechanism in Cloud Services
CN104092691A (en) * 2014-07-15 2014-10-08 北京奇虎科技有限公司 Implementation method for implementing root-authority-free networking firewall and client-side
CN104484259A (en) * 2014-11-25 2015-04-01 北京奇虎科技有限公司 Application program traffic monitoring method and device, and mobile terminal

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108390808A (en) * 2017-02-03 2018-08-10 阿里巴巴集团控股有限公司 Communication processing method and device
CN108390808B (en) * 2017-02-03 2021-09-14 阿里巴巴集团控股有限公司 Communication processing method and device
CN109756992A (en) * 2017-08-24 2019-05-14 阿里巴巴集团控股有限公司 Create the methods, devices and systems of network connection
CN109756992B (en) * 2017-08-24 2022-08-30 阿里巴巴集团控股有限公司 Method, device and system for establishing network connection
CN109801092B (en) * 2017-11-16 2023-09-08 腾讯科技(武汉)有限公司 Resource security management method, device, computer equipment and storage medium
CN109801092A (en) * 2017-11-16 2019-05-24 腾讯科技(武汉)有限公司 Resource security management method, device, computer equipment and storage medium
CN109802919A (en) * 2017-11-16 2019-05-24 中移(杭州)信息技术有限公司 A kind of web page access interception method and device
CN109802919B (en) * 2017-11-16 2021-06-29 中移(杭州)信息技术有限公司 Web page access intercepting method and device
CN107968783A (en) * 2017-11-30 2018-04-27 腾讯科技(深圳)有限公司 Flow managing method, device, terminal and computer-readable recording medium
CN107968783B (en) * 2017-11-30 2021-10-08 腾讯科技(深圳)有限公司 Traffic management method, device, terminal and computer readable storage medium
CN108401262A (en) * 2018-02-06 2018-08-14 武汉斗鱼网络科技有限公司 A kind of method and device that terminal applies communication data is obtained and analyzed
CN108965251B (en) * 2018-06-08 2019-07-26 广州大学 A kind of safe mobile phone guard system that cloud combines
CN108965251A (en) * 2018-06-08 2018-12-07 广州大学 A kind of safe mobile phone guard system that cloud combines
CN109462589A (en) * 2018-11-13 2019-03-12 北京天融信网络安全技术有限公司 The method, device and equipment of application program NS software
CN113452645A (en) * 2020-03-24 2021-09-28 腾讯科技(深圳)有限公司 Man-in-the-middle attack detection method, apparatus, computer device and storage medium
CN112165474A (en) * 2020-09-22 2021-01-01 珠海市魅族科技有限公司 Network monitoring method and device

Also Published As

Publication number Publication date
CN105635178B (en) 2018-06-22

Similar Documents

Publication Publication Date Title
CN105635178A (en) Blocking network access method and device for ensuring safety
US11709945B2 (en) System and method for identifying network security threats and assessing network security
Akbanov et al. WannaCry ransomware: Analysis of infection, persistence, recovery prevention and propagation mechanisms
Petsas et al. Two-factor authentication: is the world ready? Quantifying 2FA adoption
Kirda et al. Noxes: a client-side solution for mitigating cross-site scripting attacks
RU2726032C2 (en) Systems and methods for detecting malicious programs with a domain generation algorithm (dga)
CN111783096B (en) Method and device for detecting security hole
US20210006592A1 (en) Phishing Detection based on Interaction with End User
Begum et al. RFI and SQLi based local file inclusion vulnerabilities in web applications of Bangladesh
Wang et al. A cost-effective ocr implementation to prevent phishing on mobile platforms
CN114024751A (en) Application access control method and device, computer equipment and storage medium
Dong et al. User behaviour based phishing websites detection
CN113596014A (en) Access vulnerability detection method and device and electronic equipment
US10360379B2 (en) Method and apparatus for detecting exploits
Rajeh et al. A novel three-tier SQLi detection and mitigation scheme for cloud environments
Velu Mastering Kali Linux for advanced penetration testing
CN105592105B (en) Guarantee the asynchronous system Network Access Method and device of safety
CN114024947B (en) Web access method and device based on browser
Ansari Web penetration testing with Kali Linux
Mourtaji et al. Perception of a new framework for detecting phishing web pages
Hidhaya et al. Supplementary event-listener injection attack in smart phones
Rodriguez et al. XSStudent: Proposal to Avoid Cross-Site Scripting (XSS) Attacks in Universities
RU2778635C1 (en) System and method for outside control of the cyberattack surface
NL2030861B1 (en) System and method for external monitoring a cyberattack surface
Huovila Improving the Security of SQL Server using SQL-Map Tool

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20220718

Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015

Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park)

Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Patentee before: Qizhi software (Beijing) Co.,Ltd.

TR01 Transfer of patent right