CN105635178B - To ensure the safety of blocking network access method and device - Google Patents

To ensure the safety of blocking network access method and device Download PDF

Info

Publication number
CN105635178B
CN105635178B CN201610109172.1A CN201610109172A CN105635178B CN 105635178 B CN105635178 B CN 105635178B CN 201610109172 A CN201610109172 A CN 201610109172A CN 105635178 B CN105635178 B CN 105635178B
Authority
CN
China
Prior art keywords
request
network access
access
network
behavior
Prior art date
Application number
CN201610109172.1A
Other languages
Chinese (zh)
Other versions
CN105635178A (en
Inventor
王春雷
熊丽娜
Original Assignee
北京奇虎科技有限公司
奇智软件(北京)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京奇虎科技有限公司, 奇智软件(北京)有限公司 filed Critical 北京奇虎科技有限公司
Priority to CN201610109172.1A priority Critical patent/CN105635178B/en
Publication of CN105635178A publication Critical patent/CN105635178A/en
Application granted granted Critical
Publication of CN105635178B publication Critical patent/CN105635178B/en

Links

Abstract

本发明公开了种保证安全的阻塞式网络访问方法及装置,其中方法包括:获取网络访问请求,将网络访问请求重定向至本地服务进程,本地服务进程是由本地VPN服务提供的;在本地服务进程中,构造报文数据以通知基于浏览器内核的应用每隔预设时间重新发起网络访问请求;提取该网络访问请求对应的至少个资源请求链接信息,通过分析至少个资源请求链接信息,确定网络访问行为是否为恶意访问行为;若确定网络访问行为是恶意访问行为,则在获取到重新发起的网络访问请求之后,创建并向用户展示非安全提示页面。 Blocking network access method and apparatus of the present invention discloses a kind of safety assurance, wherein the method comprises: obtaining network access requests, network access request redirection to the local service process, the process is a local service provided by a local VPN services; in the local service process, the data packets sent to notify every preset time browser-based application kernel reinitiate the network access request; extracting the network access request corresponding to the at least one resource request link information, the link request information by analyzing at least one resource, determine network access behavior is malicious access behavior; determine if the network access behavior is malicious access behavior, after the acquisition to re-initiate the request for network access, create and present the user a non-safety tips page. 利用本方案,会因为网络访问行为是恶意访问行为而被阻止,并向用户展示非安全提示页面,有效遏制了恶意访问行为给用户带来不良影响。 The use of this program, because of network access behavior is the behavior of malicious access is prevented, and show non-secure page prompts the user to effectively curb malicious access to user behavior adversely affected.

Description

保证安全的阻塞式网络访问方法及装置 To ensure the safety of blocking network access method and device

技术领域 FIELD

[0001]本发明涉及互联网技术领域,具体涉及一种保证安全的阻塞式网络访问方法及装置。 [0001] The present invention relates to Internet technologies, and particularly relates to a secure network access method and a blocking means guaranteed.

背景技术 Background technique

[0002]随着移动互联网技术的不断发展,越来越多的用户已习惯于通过手机上网,并且可应用于智能手机上的应用也越来越多,极大地方便了用户的生活,但是与此同时也给用户带来了许多手机安全隐患。 [0002] With the development of mobile Internet technology, more and more users are accustomed to the Internet through mobile phones, and can be applied to applications on smart phones more and more, which greatly facilitates the user's life, but with this also brings a lot of cell phone safety hazards to the user. 由于相对于个人电脑而言,手机的私密性更强,因此手机安全隐患对用户的威胁更大。 Since the relative PC, the mobile phone privacy stronger, and therefore a greater threat to mobile security risks users. 例如,一些恶意访问和手机黑客等会使用户无故的花费支出、盗取用户手机信息或给用户带来其他形式的损失。 For example, some malicious hackers to access and mobile phone users will spend undue expenditure, or steal user information to mobile phone users other forms of loss.

[0003]在现有技术中已提供了联网防火墙技术,用户利用联网防火墙可以实现管理并控制应用程序、设置黑白名单等功能,以加强手机上网的安全性。 [0003] has provided networking firewall technology in the prior art, the use of network firewall users can manage and control the application, set the black and white lists and other features to enhance the security of mobile Internet. 但是由于手机操作系统的权限限制,现有的联网防火墙需要获得root权限才能实现上述功能,而一般需要通过刷机才能获得root权限。 However, due to rights restrictions phone operating system, the existing network firewall need root privileges to achieve the above functions, and it normally takes to get root privileges through the brush. 另外,在一些情况下,即使联网防火墙具有root权限,也无法有效地、全面地管理并控制应用程序。 In addition, in some cases, even if the network firewall with root privileges, can not effectively and comprehensively manage and control applications. 如何能够方便、有效地加强手机上网的安全性,成为了一个亟需解决的问题。 How can easily and effectively strengthen the security of the mobile Internet, it has become an urgent problem to solve.

发明内容 SUMMARY

[0004]鉴于上述问题,提出了本发明以便提供一种克服上述问题或者至少部分地解决上述问题的保证安全的阻塞式网络访问方法及装置,有效遏制了恶意访问行为给用户带来不良影响。 [0004] In view of the above problems, the present invention is proposed in order to overcome the above problems or to provide a solution to at least partially blocking ensure secure network access method and device the problems described above, effectively controlling the behavior of malicious access to adversely affect the user.

[0005] 根据本发明的一个方面,提供了一种保证安全的阻塞式网络访问方法,该方法包括: [0005] In accordance with one aspect of the invention there is provided a method of blocking network to ensure secure access, the method comprising:

[0006] 获取网络访问请求,将网络访问请求重定向至本地服务进程,本地服务进程是由本地VPN服务提供的; [0006] to obtain network access request, the request is redirected to the local network access service process, the process of local services are provided by the local VPN services;

[0007]在本地服务进程中,构造报文数据以通知基于浏览器内核的应用每隔预设时间重新发起网络访问请求;并且,提取该网络访问请求对应的至少一个资源请求链接信息,通过分析至少一个资源请求链接信息,确定网络访问行为是否为恶意访问行为; [0007] In the process of local service, data packets sent to notify every preset time browser-based application kernel reinitiate the network access request; and extracting at least one resource request access to the network link information corresponding to the request by analyzing at least one resource request information link to determine network access behavior is malicious access behavior;

[0008] 若确定网络访问行为是恶意访问行为,则在获取到重新发起的网络访问请求之后,创建并向用户展示非安全提示页面。 [0008] If it is determined access network access behavior is malicious behavior, after the acquisition to re-initiate the request for network access, create and present the user a non-safety tips page.

[0009] 根据本发明的另一方面,提供了一种保证安全的阻塞式网络访问装置,该装置包括: [0009] According to another aspect of the present invention, there is provided a device for blocking access to a network security is guaranteed, the apparatus comprising:

[0010] 获取模块,适于获取网络访问请求,将网络访问请求重定向至本地服务进程,本地服务进程是由本地VPN服务提供的; [0010] an acquiring module adapted to acquire network access requests, network access request redirection to the local service process, the process is a local service provided by a local VPN service;

[0011] 构造模块,适于在本地服务进程中,构造报文数据以通知基于浏览器内核的应用每隔预设时间重新发起网络访问请求; [0011] building blocks, suitable for local service process, the data packets sent to notify every preset time browser-based application kernel reinitiate the network access request;

[0012] 提取模块,适于提取该网络访问请求对应的至少一个资源请求链接信息; [0012] an extraction module adapted to extract the at least one resource to the network access request link information corresponding to the request;

[0013] 分析模块,适于通过分析至少一个资源请求链接信息,确定网络访问行为是否为恶意访问行为; [0013] Analysis module adapted to request the at least one resource by analyzing the link information, determining whether the network access behavior malicious access behavior;

[0014] 展示模块,适于若确定网络访问行为是恶意访问行为,则在获取到重新发起的网络访问请求之后,创建并向用户展示非安全提示页面。 [0014] display module adapted to determine if the behavior is malicious access network access behavior, after the acquisition to re-initiate the request for network access, create and present the user a non-safety tips page.

[0015] 根据本发明提供的技术方案,通过由本地VPN服务提供的本地服务进程,将获取的网络访问请求重定向至本地服务进程,并在本地服务进程中,构造报文数据以通知基于浏览器内核的应用每隔预设时间重新发起网络访问请求,并且,提取该网络访问请求对应的至少一个资源请求链接信息,通过分析至少一个资源请求链接信息,确定网络访问行为是否为恶意访问行为,如果确定了网络访问行为是恶意访问行为,则在获取到重新发起的网络访问请求之后,创建并向用户展示非安全提示页面。 [0015] According to the present invention is provided by the local service process provided by the local VPN service, the acquired network access request redirection to the local service process, and the process in the local service, the message data is configured to notify the browser-based kernel applications every preset time to re-initiate the network access request, and extracting at least one of the network resource access request corresponding to the request information link, at least one resource request information via link analysis to determine whether the network access behavior is malicious access behavior, If it is determined access network access behavior is malicious behavior, after the acquisition to re-initiate the request for network access, create and present the user a non-safety tips page. 根据本发明提供的技术方案,当客户端发起网络访问请求时,会因为网络访问行为是恶意访问行为而被阻止,并向用户展示非安全提示页面,以提示用户注意,从而阻止了由该网络访问请求所产生的流量,也有效遏制了恶意访问行为给用户带来不良影响。 According to the technical solution provided by the invention, when a client initiates a request for network access, network access behavior because behavior is malicious access is blocked, and show non-secure page prompts the user to alert the user, thereby preventing by the network traffic access requests generated, but also effectively curb malicious access to user behavior adversely affected. 而且本发明提供的技术方案利用VPN服务高速且安全的特定,无需获得root权限即可实现阻止恶意访问行为。 And the present invention provides the use of technical solutions and secure high-speed VPN service specific, do not need to gain root access privileges to prevent malicious behavior can be realized.

[0016]上述说明仅是本发明技术方案的概述,为了能够更清楚了解本发明的技术手段, 而可依照说明书的内容予以实施,并且为了让本发明的上述和其它目的、特征和优点能够更明显易懂,以下特举本发明的具体实施方式。 [0016] The above description is only an overview of the technical solution of the present invention, in order to more fully understood from the present invention, but may be implemented in accordance with the contents of the specification, and in order to make the aforementioned and other objects, features and advantages of the present invention can be more apparent from the following specific embodiments cite Patent of the present invention.

附图说明 BRIEF DESCRIPTION

[0017] 通过阅读下文优选实施方式的详细描述,各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。 [0017] By reading the following detailed description of preferred embodiments Hereinafter, a variety of other advantages and benefits to those of ordinary skill in the art will become apparent. 附图仅用于示出优选实施方式的目的,而并不认为是对本发明的限制。 The drawings are only for purposes of illustrating a preferred embodiment and are not to be considered limiting of the present invention. 而且在整个附图中,用相同的参考符号表示相同的部件。 But throughout the drawings, like parts with the same reference symbols. 在附图中: In the drawings:

[0018] 图1示出了根据本发明一个实施例的保证安全的阻塞式网络访问方法的流程示意图; [0018] FIG. 1 shows a schematic view of a flow blocking network to ensure a secure access method according to an embodiment of the present invention;

[0019] 图2示出了根据本发明另一个实施例的保证安全的阻塞式网络访问方法的流程示意图; [0019] FIG. 2 shows a flow blocking network to ensure safe access method according to another embodiment of the present invention, a schematic view;

[0020] 图3示出了根据本发明一个实施例的保证安全的阻塞式网络访问装置的功能框图; [0020] FIG. 3 shows a functional block diagram of a blocking means to ensure safe access network according to an embodiment of the present invention;

[0021] 图4示出了根据本发明另一个实施例的保证安全的阻塞式网络访问装置的功能框图。 [0021] FIG. 4 shows a functional block diagram of the network access blocking device according to ensure the safety in accordance with another embodiment of the present invention.

具体实施方式 Detailed ways

[0022]下面将参照附图更详细地描述本公开的示例性实施例。 [0022] The following exemplary embodiments of the present disclosure will be described in more detail with reference to the drawings. 虽然附图中显示了本公开的示例性实施例,然而应当理解,可以以各种形式实现本公开而不应被这里阐述的实施例所限制。 While the exemplary embodiment shows an exemplary embodiment of the present disclosure in the drawings, it should be understood that the present disclosure may be implemented embodiments and should not be set forth herein to limit in various forms. 相反,提供这些实施例是为了能够更透彻地理解本公开,并且能够将本公开的范围完整的传达给本领域的技术人员。 Rather, these embodiments are able to more thorough understanding of the present disclosure, and the scope of the present disclosure can be completely conveying to those skilled in the art.

[0023] 本发明实施例是基于在客户端内部创建的本地VPN (虚拟专用网络,Virtual Private Network)服务而实现的。 [0023] Example embodiments of the present invention is based on the local VPN client created in the interior (virtual private network, Virtual Private Network) services realized. 在本文中,客户端可以是智能手机、平板式电脑等终端设备。 In this context, the client can be smart phones, tablet computers and other devices. 客户端的操作系统为了便于使用VPN服务,开放了多个系统接口(API),在得到用户确认的情况下,VPN服务能够获得控制和管理其它应用的权限。 The client operating system to facilitate the use of VPN service, a plurality of open system interface (the API), in the case of obtaining the user's confirmation, control access to VPN services and other rights management applications. 本发明实施例通过调用操作系统提供的API,将客户端内部的VPN服务打开,当客户端的其它应用要访问网络时,应用所发起的网络连接请求均经过本地VPN服务的处理,使得客户端能够有效且安全地访问网络资源。 Embodiments of the invention by calling an API provided by the OS, the internal client VPN service is opened, when the other application client to access the network, application initiates a network connection requests are processed locally VPN services, so that the client can effective and secure access to network resources.

[0024] 以一种应用场景为例,客户端在安装或首次启动用于实现本发明方案的独立的应用似下称为本发明应用)时,本发明应用需要创建本地VPN服务,此时本发明应用向用户发出信任或不信任本应用的提示信息,如果用户选择信任,则本发明应用创建本地VPN服务。 When [0024] In an application scenario as an example, the client or the first start installation for implementing the separate application of the invention, under similar application of the present invention is referred to), application of the present invention is required to create a local VPN service, the present case application invention issued trust or not trust this application prompt information to the user, if the user chooses to trust, the application of the present invention to create a local VPN services. 在创建本地VPN服务之后,由于在操作系统框架内允许VPN框架里的应用对其它应用具有更高的控制权,所以本发明应用对于网络访问请求的控制级别高于其它应用。 After creating the local VPN service, since the VPN application framework allows for a greater control over the other applications within the operating system framework, the present invention is applied to the control level of the network access request than other applications. 在用户要使用某些应用且希望在使用这些应用的过程中对这些应用发起的网络连接进行处理时,启动上述创建本地VPN服务的本发明应用,点击本发明应用的设置开关用于启动VPN服务。 When users wish to use certain applications and processes initiated by the application of the network connection during the use of these applications, the startup of the above-described VPN service create a local application of the present invention, the present invention is applied click switch is provided for activating VPN services . 在启动VPN服务后,执行本实施例提供的方法。 After starting the VPN service, the method provided in the present embodiment performs.

[0025] 图1示出了根据本发明一个实施例的保证安全的阻塞式网络访问方法的流程示意图,如图1所示,该方法包括如下步骤: [0025] FIG. 1 shows a flow blocking access method of a network to ensure the safety of the embodiment of the present invention, a schematic embodiment shown in Figure 1, the method comprising the steps of:

[0026] 步骤S100,获取网络访问请求,将网络访问请求重定向至本地服务进程,本地服务进程是由本地VPN服务提供的。 [0026] step S100, obtain network access request, the request is redirected to the local network access service process, the process of local services are provided by local VPN services.

[0027] 基于上面的描述可知,在本发明应用创建本地VPN服务之后,本发明应用对于网络访问请求的控制级别高于其它应用。 [0027] Based on the above description that, after the application of the present invention to create a local VPN service, the present invention is applied to the control level of the network access request than other applications. 在其它应用发出网络访问请求时,本发明应用能够拦截网络访问请求,将网络访问请求重定向至本发明应用内的本地服务进程进行后续处理。 When a network access request other applications, applications of the present invention is capable of intercepting network access request, the local network service access request is redirected to the application process in the present invention for subsequent processing. 以微信应用为例,当用户启动微信应用发起网络访问请求时,由于本发明应用对于网络访问请求的控制级别高于微信应用,本发明应用拦截该网络访问请求,将网络访问请求重定向至本发明应用内的本地服务进程进行后续处理。 In micro-channel application, for example, when a user starts micro-channel application initiated request for network access, since the present invention is applied to the control level of the network access request is higher than the micro-channel applications, applications of the present invention intercepts the request for network access, network access request redirection to the present local service process in the application of the invention for subsequent processing.

[0028] 步骤S101,在本地服务进程中,构造报文数据以通知基于浏览器内核的应用每隔预设时间重新发起网络访问请求。 [0028] step S101, the local service process, the data packets sent to notify every preset time browser-based application kernel reinitiate the network access request.

[0029] 其中,基于浏览器内核的应用包括各种浏览器应用,还包括微信应用等。 [0029] wherein the browser-based applications include various kernel browser application, further comprising a micro-channel applications. 预设时间可根据实际需要进行具体设置,此处不做限制。 Preset time to set this up, here is not limited according to actual needs. 例如,预设时间设为100ms,那么在步骤S100 将微信应用发起的网络访问请求重定向至本地服务进程之后,在步骤S101中,构造报文数据以通知微信应用每隔100ms重新发起网络访问请求。 For example, the default time is set to 100ms, then in step S100 after the micro-channel initiated by the application network access request is redirected to the local service process, in step S101, the data packets sent to notify the micro-channel application every 100ms to re-initiate the network access request .

[0030] 由于本发明通过报文数据的构造使基于浏览器内核的应用每隔预设时间重新发起网络访问请求,因此在这一过程中仅为在本地进行访问,并没有对外请求网络,从而节省了流量,也不会给用户带来不良影响。 [0030] Since the present invention makes use of a browser-based core structure of the message data by every predetermined time to re-initiate the network access request, and therefore only be accessed locally in the process, and no external network requests, such saving traffic, the user will not have an adverse impact.

[0031] 步骤S102,提取该网络访问请求对应的至少一个资源请求链接信息。 [0031] step S102, extracts the network access request corresponding to the at least one resource request for the link information.

[0032]具体地,可提取网络访问请求对应的主页面的资源请求链接信息、该主页面的父页面的资源请求链接信息以及该主页面的子页面的资源请求链接信息。 [0032] Specifically, the resource access request may extract the network home page of the link information corresponding to the request, the resources of the main page of the parent page request resource information and links to sub-pages of the home page of the link information request. 因此,本发明可根据网络访问请求全面地提取到其对应的资源请求链接信息。 Accordingly, the present invention can be fully extracted according to the network access request resource request to its corresponding link information.

[0033]步骤S103,通过分析至少一个资源请求链接信息,确定网络访问行为是否为恶意访问行为;若是,则执行步骤S104。 [0033] step S103, by analyzing at least one resource request information link to determine network access behavior is malicious access behavior; if yes, execute step S104.

[0034] 在提取到至少一个资源请求链接信息之后,对至少一个资源请求链接信息进行分析。 [0034] After extracting the at least one resource request to link information, the link information for requesting for analysis of at least one resource. 通过分析至少一个资源请求链接信息,确定网络访问行为是否为恶意访问行为。 By analyzing the at least one resource request information link to determine network access behavior is malicious access behavior.

[0035] 步骤S104,在获取到重新发起的网络访问请求之后,创建并向用户展示非安全提示页面。 [0035] step S104, after acquiring to re-initiate the request for network access, create and present the user a non-safety tips page.

[0036] 在步骤S103通过分析至少一个资源请求链接信息,确定了网络访问行为是恶意访问行为时,则在获取到重新发起的网络访问请求之后,步骤S104并没有响应该网络访问请求,而是创建了非安全提示页面,并向用户展示该非安全提示页面,从而阻止了由该网络访问请求所产生的流量,也有效遏制了恶意访问行为给用户带来不良影响。 After [0036] In step S103 at least one resource request information via link analysis to determine the network access behavior is malicious access behavior, then get to reinitiate the network access request, step S104 and did not respond to the request for network access, but tips to create a non-secure page, and show that the non-secure page prompts the user, thereby preventing the flow by the network access request is generated, but also effectively curb malicious access to user behavior adversely affected. 其中,非安全提示页面可包括提示用户的语句或图片等信息,例如,当用户想要打开一个网页时,经确定该网页为恶意网页,则非安全提示页面可包括“****提示您:该网页为恶意网页”的信息。 Among them, the non-safety tips pages can include tips and other user information statements or pictures, for example, when a user wants to open a Web page, the page is determined by a malicious Web page, the page may include non-safety tips "**** prompts you : the page is malicious information page "of.

[0037] 根据本实施例提供的保证安全的阻塞式网络访问方法,通过由本地VPN服务提供的本地服务进程,将获取的网络访问请求重定向至本地服务进程,并在本地服务进程中,构造报文数据以通知基于浏览器内核的应用每隔预设时间重新发起网络访问请求,并且,提取该网络访问请求对应的至少一个资源请求链接信息,通过分析至少一个资源请求链接信息,确定网络访问彳丁为是否为恶思访问彳丁为,如果确定了网络访问彳丁为是恶意访问彳丁为,则在获取到重新发起的网络访问请求之后,创建并向用户展示非安全提示页面。 [0037] ensure secure blocking network access method provided by the present embodiment, the process provided by the local service by the local VPN service, the acquired network access request redirection to the local service process, and the process in the local service, configured message data to inform every preset time browser-based application kernel reinitiate the network access request, and extracts the network access request network access at least one resource request information link, at least one resource request information via link analysis to determine the corresponding Ding left foot to left foot Ding access whether evil thinking is, if it is determined that the network access to malicious left foot Ding Ding left foot to visit, then after the acquisition to re-initiate the request for network access, create and present the user a non-safety tips page. 根据本发明提供的技术方案,当客户端发起网络访问请求时,会因为网络访问行为是恶意访问行为而被阻止,并向用户展示非安全提示页面,以提示用户注意,从而阻止了由该网络访问请求所产生的流量,也有效遏制了恶意访问行为给用户带来不良影响。 According to the technical solution provided by the invention, when a client initiates a request for network access, network access behavior because behavior is malicious access is blocked, and show non-secure page prompts the user to alert the user, thereby preventing by the network traffic access requests generated, but also effectively curb malicious access to user behavior adversely affected. 而且本发明提供的技术方案利用VPN服务高速且安全的特定,无需获得root权限即可实现阻止恶意访问行为。 And the present invention provides the use of technical solutions and secure high-speed VPN service specific, do not need to gain root access privileges to prevent malicious behavior can be realized.

[0038]图2示出了根据本发明另一个实施例的保证安全的阻塞式网络访问方法的流程示意图,如图2所示,该方法包括如下步骤: [0038] FIG. 2 shows a schematic flow blocking network to ensure safe access method according to another embodiment of the present invention, shown in Figure 2, the method comprising the steps of:

[0039]步骤S200,获取网络访问请求,将网络访问请求重定向至本地服务进程,本地服务进程是由本地VPN服务提供的。 [0039] step S200, obtain network access request, the request is redirected to the local network access service process, the process of local services are provided by local VPN services.

[0040]在客户端进行网络访问的过程中,需要发出网络访问请求,本实施例在客户端发出网络访问请求之前,获取该网络访问请求,然后将网络访问请求重定向至由本地VPN服务提供的本地服务进程。 [0040] The network access process in the client needs to send the network an access request issued prior to the present embodiment, the client network access request, obtains the network access request, and redirecting the request to the network access provided by a local VPN services local service process.

[0041]步骤S201,在本地服务进程中,判断网络访问请求是否为基于浏览器内核的应用所发起的请求;若是,则执行步骤S202;若否,则该方法结束。 [0041] step S201, in the process of local service, network access request to determine whether the request is a browser-based application kernel initiated; if yes, execute step S202; if not, the method ends.

[0042]由于本方法适用于基于浏览器内核的应用(如微信应用等)所发起的网络访问请求,因此为了便于后续步骤的执行,需要在步骤S2〇l中进行该网络访问请求是否为基于浏览器内核的应用所发起的请求的判断。 [0042] Since the present method is applicable to the core network access request from the browser application (e.g., application of micro-channel, etc.) initiated based on, so to facilitate the execution of subsequent steps, the need for the network based on the access request is a step in S2〇l determine the browser kernel application initiated request. 具体地,可先解析网络访问请求的头信息,获取用户代理字符串,然后根据用户代理字符串区分网络访问请求为基于浏览器内核的应用所发起的请求或不基于浏览器内核的应用所发起的请求。 Specifically, header to parse network information access request, obtain the user agent string, browser then requests the kernel application initiated request or not based on a browser-based application kernel initiated according to a user agent string distinguish between network access requests. 由于用户代理字符串包含为服务器提供的细节信息,例如浏览器种类信息、版本信息以及操作系统信息等。 Since the user agent string contains detailed information for the server, such as browser type information, version information, and operating system information. 根据用户代理字符串可方便地区分出该网络访问请求是否为基于浏览器内核的应用所发起的请求。 According to the user agent string can be easily separated areas of the network access request is a request for the application browser kernel-based initiated.

[0043]步骤S2〇2,构造重定向响应报文,重定向响应报文的l〇cati〇n字段记录的是网络访问请求对应的链接。 [0043] Step S2〇2, configured to redirect response packets, redirect response message l〇cati〇n field of the record is the network access link corresponding to the request.

[0044]其中,所构造的重定向响应报文的location字段记录的是网络访问请求对应的链接,而不是新的链接。 [0044] wherein the configuration of the recording location field redirect response message corresponding to the request for network access link, rather than a new link.

[0045]步骤S203,将重定向响应报文返回给基于浏览器内核的应用,以通知基于浏览器内核的应用每隔预设时间重新发起网络访问请求。 [0045] step S203, the response packet is redirected back to the browser-based application kernel to notify every browser-based application preset time kernel reinitiate the network access request.

[0046] 由于所构造的重定向响应报文的location字段记录的是网络访问请求对应的链接,那么在将重定向响应报文返回给基于浏览器内核的应用之后,基于浏览器内核的应用会每隔预设时间重新发起网络访问请求。 [0046] Due to the configuration of the recording location field redirect response message is the network access request corresponding to the link, in response to the redirect message back to the core after application of the browser-based, browser-based applications will cores every preset time to re-initiate the network access request. 其中,预设时间可根据实际需要进行具体设置,此处不做限制。 The preset time according to the actual need for specific settings, where no limit.

[0047] 由于本发明通过重定向响应报文的构造使基于浏览器内核的应用每隔预设时间重新发起网络访问请求,因此在这一过程中仅为在本地进行访问,并没有对外请求网络,从而节省了流量。 [0047] Since the present invention is configured so that packets every browser-based application default time to re-initiate the network core via the access request redirection response, thus only be accessed locally in the process, and no external network requests , thus saving traffic.

[0048] 步骤S204,提取该网络访问请求对应的至少一个资源请求链接信息。 [0048] step S204, extracting at least one resource request to the network access request corresponding to the link information.

[0049] 具体地,可提取网络访问请求对应的主页面的资源请求链接信息、该主页面的父页面的资源请求链接信息以及该主页面的子页面的资源请求链接信息。 [0049] Specifically, the resource access request may extract the network home page of the link information corresponding to the request, the resources of the main page of the parent page request resource information and links to sub-pages of the home page of the link information request. 因此,本发明可根据网络访问请求全面地提取到其对应的资源请求链接信息。 Accordingly, the present invention can be fully extracted according to the network access request resource request to its corresponding link information.

[0050] 步骤S205,提取至少一个资源请求链接信息对应的域名和/或IP和/或路径。 [0050] step S205, extracts at least one resource request domain name and / or IP and / or link information corresponding to the path.

[0051] 步骤S206,查询域名和/或IP和/或路径是否与本地白名单匹配;若查询得到域名和/或IP和/或路径与本地白名单匹配,则该方法结束;若查询得到域名和/或IP和/或路径与本地白名单不匹配,则执行步骤S207。 [0051] Step S206, the query domain name and / or IP and / or path matches the local whitelist; if the query to obtain the domain name and / or IP and / or path with local whitelist match, then the method ends; if the query to obtain the domain name and / or IP and / or local path does not match the white list, step S207.

[0052] 客户端内保存有本地白名单,该本地白名单中记录的是常见的、经安全认证的域名、IP和路径,其中,经安全认证的域名包括360. cn、taobao. com以及sohu• com等。 [0052] stored within the client has a local whitelist, the local white list records are common, safety-certified domain names, IP and path, including the safety-certified domain 360. cn, taobao. Com and sohu • com and so on. 本地白名单可以根据用户的配置生成,也可以从云端处得到。 Local whitelist can be obtained from the cloud generated according to the configuration of the user. 如果查询得到域名和/或IP和/或路径与本地白名单匹配,则确定网络访问行为不是恶意访问行为,该方法结束;如果查询得到域名和/或IP和/或路径与本地白名单不匹配,则执行步骤S207。 If the query to get a domain name and / or IP and / or path with the local white list match, it is determined that the network access behavior is not malicious access behavior, the method ends; If the query to get a domain name and / or IP and / or path with the local white list does not match , it proceeds to step S207.

[0053] 步骤S207,查询域名和/或IP和/或路径是否与本地黑名单匹配;若查询得到域名和/或IP和/或路径与本地黑名单匹配,则执行步骤S210;若查询得到域名和/或IP和/或路径与本地黑名单不匹配,则执行步骤S208。 [0053] step S207, the query and the domain name / IP or and / or local path matches the blacklist; if the query to obtain the domain and / or IP and / or local path matches the blacklist, performing step S210; if domain name query to give and / or IP and / or the local path does not match the blacklist, step S208.

[0054] 客户端内还保存有本地黑名单,该本地黑名单中记录的是常见的、经认证为危险的域名、IP和路径。 Within [0054] The client also has a local blacklist stored, recorded in the local blacklist are common, certified as dangerous domain name, IP and path. 本地黑名单可以根据用户的配置生成,也可以从云端处得到云端已预先收集到的危险的域名、IP和路径。 The blacklist can be configured to generate a local user, the risk can be obtained domain name, IP Cloud path and has been previously collected from the cloud. 如果查询得到域名和/或IP和/或路径与本地黑名单匹配, 则确定网络访问行为是恶意访向行为,接着执行步骤S210;如果查询得到域名和/或IP和/ 或路径与本地黑名单不匹配,则执行步骤S208。 If the query to get a domain name and / or IP and / or path with local blacklist match, it is determined that the network access behavior is to visit a malicious act, and then to step S210; if the query to get a domain name and / or IP and / or path with local blacklist do not match, proceed to step S208.

[0055]步骤S208,将资源请求链接信息发送至云端。 [0055] step S208, the resource request is sent to the Drive link information.

[0056]在查询得到域名和/或IP和/或路径与本地黑名单不匹配的情况下,为了更加准确地确定网络访问行为是否为恶意访问行为,可将资源请求链接信息发送至云端,以便进行云端匹配。 [0056] or in or under inquiry and get the domain name / IP and / blacklist with the local situation does not match the path, in order to more accurately determine network access behavior is malicious access behavior, you can request link resource information is sent to the cloud, so that conduct cloud match.

[0057] 步骤S209,根据云端匹配结果确定网络访问行为是否为恶意访问行为;若是,则步骤S210;若否,则该方法结束。 [0057] step S209, the matching result is determined in accordance with the cloud network access behavior is malicious access behavior; if yes, step S210; if not, the method ends.

[0058]如果根据云端匹配结果确定了网络访问行为是恶意访问行为,则执行步骤S210; 如果根据云端匹配结果确定了网络访问行为不是恶意访问行为,则该方法结束。 [0058] If it is determined that the network access behavior based on the matching result Drive malicious access behavior, step S210; if it is determined that the network access behavior is not the malicious behavior based access Drive matching result, the method ends.

[0059] 步骤SWO,在获取到重新发起的网络访问请求之后,创建并向用户展示非安全提示页面。 [0059] Step SWO, after acquiring the network access request re-initiated, create and present the user a non-safety tips page.

[0060]在确定了网络访问行为是恶意访问行为的情况下,则在获取到重新发起的网络访问请求之后,并没有响应该网络访问请求,而是创建了非安全提示页面,并向用户展示该非安全提示页面,从而阻止了由该网络访问请求所产生的流量,也有效遏制了恶意访问行为给用户带来不良影响。 [0060] In determining the behavior is malicious access network access behavior of the case, after the acquisition to re-initiate the network access request, and did not respond to the request for network access, but to create a non-safety tips page, and present the user the non-safety tips page, preventing access by the network traffic generated by the request, but also effectively curb malicious access to user behavior adversely affected. 其中,非安全提示页面可包括提示用户的语句或图片等信息。 Among them, the non-safety tips pages can include tips and other user statement or picture messages.

[0061] 根据本实施例提供的保证安全的阻塞式网络访问方法,通过由本地VPN服务提供的本地服务进程,将获取的网络访问请求重定向至本地服务进程,并在本地服务进程中,在判断出网络访问请求是基于浏览器内核的应用所发起的请求的情况下,构造重定向响应报文,将重定向响应报文返回给基于浏览器内核的应用,以通知基于浏览器内核的应用每隔预设时间重新发起网络访问请求,接着提取该网络访问请求对应的至少一个资源请求链接信息以及至少一个资源请求链接信息对应的域名和/或IP和/或路径,然后将域名和/或IP 和/或路径与本地白名单、本地黑名单和云端进行匹配,如果确定了网络访问行为是恶意访问行为,则在获取到重新发起的网络访问请求之后,创建并向用户展示非安全提示页面。 [0061] The blocking network access method to ensure the safety of the present embodiment provided by the local service process provided by the local VPN service, the acquired network access request redirection to the local service process, and the process in the local service, in When it is determined that the request is a request for network access browser-based application initiated by the kernel, configured redirect response packet, the response packet back to redirect a browser-based application kernel to notify the application browser-based core every predetermined time to re-initiate the network access request, followed by extraction of the network access request corresponding to the at least one resource request for the link information and at least one link resource request information corresponding to the domain name and / or IP and / or path, then the domain name and / or IP to match and / or path with local whitelists, blacklists and local cloud, to determine if the behavior is malicious access network access behavior, after acquiring the network access request re-initiated, create and present the user a non-safety tips page . 根据本发明提供的技术方案,当客户端发起网络访问请求时,会因为网络访问行为是恶意访问行为而被阻止,并向用户展示非安全提示页面,以提示用户注意,从而阻止了由该网络访问请求所产生的流量,也有效遏制了恶意访问行为给用户带来不良影响。 According to the technical solution provided by the invention, when a client initiates a request for network access, network access behavior because behavior is malicious access is blocked, and show non-secure page prompts the user to alert the user, thereby preventing by the network traffic access requests generated, but also effectively curb malicious access to user behavior adversely affected. 另外,本发明提供的技术方案通过本地白名单查询、本地黑名单查询和云端查询相结合的方式,更加准确地确定出网络访问行为是否为恶意访问行为。 In addition, the present invention provides a technical solution by a local whitelist queries, and query local blacklist cloud query combining more accurately determine the network access behavior is malicious access behavior. 而且本发明提供的技术方案利用VPN服务高速且安全的特定,无需获得root权限即可实现阻止恶意访问行为。 And the present invention provides the use of technical solutions and secure high-speed VPN service specific, do not need to gain root access privileges to prevent malicious behavior can be realized.

[0062]图3示出了根据本发明一个实施例的保证安全的阻塞式网络访问装置的功能框图,如图3所示,该装置包括:获取模块310、构造模块320、提取模块330、分析模块340和展示模块350。 [0062] FIG. 3 shows a functional block diagram of a network to ensure the safety blocking of the embodiment of the present invention, the access device embodiment according to FIG. 3, the apparatus comprising: an obtaining module 310, configuration module 320, an extracting module 330, analysis module 340 and display module 350.

[0063] 获取模块310适于:获取网络访问请求,将网络访问请求重定向至本地服务进程, 本地服务进程是由本地VPN服务提供的。 [0063] The acquisition module 310 is adapted to: obtain network access requests, network access request redirection to the local service process, processes local service is provided by the local VPN service.

[0064] 在客户端进行网络访问的过程中,需要发出网络访问请求,本实施例在客户端发出网络访问请求之前,获取该网络访问请求,然后将网络访问请求重定向至由本地VPN服务提供的本地服务进程。 [0064] The network access process in the client needs to send the network an access request issued prior to the present embodiment, the client network access request, obtains the network access request, and redirecting the request to the network access provided by a local VPN services local service process.

[0065] 构造模块320适于:在本地服务进程中,构造报文数据以通知基于浏览器内核的应用每隔预设时间重新发起网络访问请求。 [0065] configuration module 320 is adapted to: local service process, the data packets sent to notify every preset time browser-based application kernel reinitiate the network access request.

[0066] 在获取模块310将网络访问请求重定向至本地服务进程之后,在本地服务进程中, 构造模块320构造报文数据,以通知基于浏览器内核的应用每隔预设时间重新发起网络访问请求。 [0066] After acquiring the network access module 310 redirects the request to the local service process, service process at the local, 320 is configured building blocks message data to inform reinitiate the network access browser-based applications every preset time kernel request. 其中,基于浏览器内核的应用包括微信应用等。 Wherein the browser-based applications including micro-kernel channel applications. 预设时间可根据实际需要进行具体设置,此处不做限制。 Preset time to set this up, here is not limited according to actual needs. 例如,预设时间设为。 For example, the pre-set time. 由于本发明通过报文数据的构造使基于浏览器内核的应用每隔预设时间重新发起网络访问请求,因此在这一过程中仅为在本地进行访问,并没有对外请求网络,从而节省了流量,也不会给用户带来不良影响。 Since the invention by constructing the packet data applications, browser-based core of every preset time to re-initiate the network access request, therefore only be accessed locally in the process, and no external network requests, thus saving traffic , does not give the user an adverse effect.

[0067] 提取模块330适于:提取该网络访问请求对应的至少一个资源请求链接信息。 [0067] The extraction module 330 is adapted to: extract the network access request corresponding to the at least one resource request for the link information.

[0068] 分析模块340适于:通过分析至少一个资源请求链接信息,确定网络访问行为是否为恶意访问行为。 [0068] Analysis module 340 is adapted to: request the at least one resource by analyzing the link information, determining whether the network access behavior malicious access behavior.

[0069] 展示模块350适于:若确定网络访问行为是恶意访问行为,则在获取到重新发起的网络访问请求之后,创建并向用户展示非安全提示页面。 [0069] display module 350 is adapted to: determine if the network access behavior is malicious access behavior, after acquiring the network access request re-initiated, create and present the user a non-safety tips page.

[0070]在分析模块340通过分析至少一个资源请求链接信息,确定了网络访问行为是恶意访问行为时,展示模块350在获取到重新发起的网络访问请求之后,并没有响应该网络访问请求,而是创建了非安全提示页面,并向用户展示该非安全提示页面,从而阻止了由该网络访问请求所产生的流量,也有效遏制了恶意访问行为给用户带来不良影响。 [0070] In the analysis module 340 at least one resource request link information through analysis, network access behavior is malicious access behavior, display module 350 after acquiring the network access request re-initiated, did not respond to the request for network access, and It is to create a non-safety tips page, and show that the non-secure page prompts the user, thereby preventing the flow by the network access request is generated, but also effectively curb malicious access to user behavior adversely affected. 其中,非安全提示页面可包括提示用户的语句或图片等信息。 Among them, the non-safety tips pages can include tips and other user statement or picture messages.

[0071]根据本实施例提供的保证安全的阻塞式网络访问装置,获取模块获取网络访问请求,将网络访问请求重定向至本地服务进程,并在本地服务进程中,构造模块构造报文数据以通知基于浏览器内核的应用每隔预设时间重新发起网络访问请求,提取模块提取该网络访问请求对应的至少一个资源请求链接信息,分析模块通过分析至少一个资源请求链接信息,确定网络访问行为是否为恶意访问行为,如果确定了网络访问行为是恶意访问行为,展示模块在获取到重新发起的网络访问请求之后,创建并向用户展示非安全提示页面。 [0071] Network access blocking device according to the present embodiment to ensure the safety provided by the acquisition module acquires the network access request, the network access request redirection to the local service process, and the process in the local service, the message data structure module configured to inform the browser-based application kernel every preset time to re-initiate the network access request, the extraction module extracts the network access request network access behavior of at least one resource request link information, analysis module at least one resource request information via link analysis to determine whether the corresponding access to malicious acts, determine if the behavior is malicious access network access behavior, after obtaining the display module to re-initiate the request for network access, create and present the user a non-safety tips page. 根据本发明提供的技术方案,当客户端发起网络访问请求时,会因为网络访问行为是恶意访问行为而被阻止,并向用户展示非安全提示页面,以提示用户注意,从而阻止了由该网络访问请求所产生的流量,也有效遏制了恶意访问行为给用户带来不良影响。 According to the technical solution provided by the invention, when a client initiates a request for network access, network access behavior because behavior is malicious access is blocked, and show non-secure page prompts the user to alert the user, thereby preventing by the network traffic access requests generated, but also effectively curb malicious access to user behavior adversely affected. 而且本发明提供的技术方案利用VPN服务高速且安全的特定,无需获得root权限即可实现阻止恶意访问行为。 And the present invention provides the use of technical solutions and secure high-speed VPN service specific, do not need to gain root access privileges to prevent malicious behavior can be realized. [0072]图4示出了根据本发明另一个实施例的保证安全的阻塞式网络访问装置的功能框图,如图4所示,该装置包括:获取模块410、判断模块420、构造模块430、提取模块440、分析牛吴块450和展不t吴块460。 [0072] FIG. 4 shows a functional block diagram of the network access blocking device according to ensure safety according to another embodiment of the present invention, shown in Figure 4, the apparatus comprising: an obtaining module 410, a determining module 420, configuration module 430, 440, block 450 and the NIU Wu Wu t block 460 does not show extraction module.

[0073]获取模块410适于:获取网络访问请求,将网络访问请求重定向至本地服务进程, 本地服务进程是由本地VPN服务提供的。 [0073] The obtaining module 410 is adapted to: obtain network access requests, network access request redirection to the local service process, the process is a local service provided by a local VPN service.

[0074]判断模块420适于:判断网络访问请求是否为基于浏览器内核的应用起的请求。 [0074] The determining module 420 is adapted to: determine whether the network access request is a request based on the browser from the core application. [0075]由于本装置适用于基于浏览器内核的应用(如微信应用等)所发起的网络访问请求,因此需要判断模块420进行该网络访问请求是否为基于浏览器内核的应用所发起的请求的判断。 [0075] Since the present apparatus applies to a browser-based core applications (such as micro-channel applications) initiated request for network access, requiring determination module 420 of the network access request is a request for the application browser kernel based on the initiated by judgment.

[0076]判断模块420进一步适于:解析网络访问请求的头信息,获取用户代理字符串;根据用户代理字符串区分网络访问请求为基于浏览器内核的应用所发起的请求或不基于浏览器内核的应用所发起的请求。 [0076] The determining module 420 is further adapted to: parse the header information of the network access request, obtain a user agent string; Request for the application based on the browser kernel initiated by the user agent string is case-based network access or browser kernel the application initiated requests. 由于用户代理字符串包含为服务器提供的细节信息,例如浏览器种类信息、版本信息以及操作系统信息等。 Since the user agent string contains detailed information for the server, such as browser type information, version information, and operating system information. 根据用户代理字符串可方便地区分出该网络访问请求是否为基于浏览器内核的应用所发起的请求。 According to the user agent string can be easily separated areas of the network access request is a request for the application browser kernel-based initiated.

[0077] 构造模块430适于:在判断模块420判断出网络访问请求为基于浏览器内核的应用所发起的请求的情况下,构造报文数据以通知基于浏览器内核的应用每隔预设时间重新发起网络访问请求。 [0077] The configuration module 430 is adapted to: the determination module 420 determines that the request is a case where the access network based on a request of a browser application initiated by the kernel, the message data structure to notice every browser-based application preset time kernel reinitiate the network access request.

[0078] 构造模块430进一步适于:构造重定向响应报文,重定向响应报文的location字段记录的是网络访问请求对应的链接;将重定向响应报文返回给基于浏览器内核的应用,以通知基于浏览器内核的应用每隔预设时间重新发起网络访问请求。 [0078] The configuration module 430 is further adapted to: redirect response packet is configured, the recording location field redirect response message is the network access link corresponding to the request; response message returned to redirect a browser-based application to the core, to notify every preset time browser-based application kernel reinitiate the network access request. 其中,所构造的重定向响应报文的location字段记录的是网络访问请求对应的链接,而不是新的链接,那么在将重定向响应报文返回给基于浏览器内核的应用之后,基于浏览器内核的应用会每隔预设时间重新发起网络访问请求。 Wherein the configuration of the recording location field redirect response message is the network access link corresponding to the request, instead of the new link, in response to the redirect message back to the core after application of the browser-based, browser core application will be pre-set time intervals to re-initiate the network access request. 其中,预设时间可根据实际需要进行具体设置,此处不做限制。 The preset time according to the actual need for specific settings, where no limit. 由于本装置通过重定向响应报文的构造使基于浏览器内核的应用每隔预设时间重新发起网络访问请求,因此在这一过程中仅为在本地进行访问,并没有对外请求网络,从而节省了流量。 Since the present apparatus is configured so that packets every browser-based application default time reinitiate core network access request, and therefore only be accessed locally in the process, and no external requests through a network redirection response, thereby saving traffic.

[0079] 提取模块440适于:提取该网络访问请求对应的至少一个资源请求链接信息。 [0079] The extraction module 440 is adapted to: extract the network access request corresponding to the at least one resource request for the link information.

[0080] 提取模块440进一步适于:提取网络访问请求对应的主页面的资源请求链接信息、 该主页面的父页面的资源请求链接信息以及该主页面的子页面的资源请求链接信息。 [0080] The extraction module 440 is further adapted to: extract the network resource access request home page of the link information corresponding to the request, the resources of the main page of the parent page request resource information and links to sub-pages of the home page of the link information request. 因此,本装置可全面地提取该网络访问请求对应的资源请求链接信息。 Accordingly, the present device can fully extract the access network resource request corresponding to the request link information.

[0081] 分析模块450适于:提取至少一个资源请求链接信息对应的域名和/或IP和/或路径,将域名和/或IP和/或路径与本地白名单和/或本地黑名单进行匹配;若域名和/或IP和/ 或路径与本地白名单匹配,则确定网络访问行为不是恶意访问行为;若域名和/或IP和/或路径与本地黑名单匹配,则确定网络访问行为是恶意访问行为。 [0081] Analysis module 450 is adapted to: extract at least one link resource request information corresponding to the domain name and / or IP and / or paths, the domain name and / or IP and / or local path whitelist and / or blacklist local match ; if the domain name and / or IP and / or path with the local white list match, it is determined that the network access behavior is not malicious access behavior; if the domain name and / or IP and / or path with local blacklist match, it is determined that the network access behavior is malicious access behavior.

[0082] 分析模块450还适于:若域名和/或IP和/或路径与本地白名单和/或本地黑名单不匹配,则将资源请求链接信息发送至云端,根据云端匹配结果确定网络访问行为是否为恶意访问行为。 [0082] Analysis module 450 is further adapted to: if the domain name and / or IP and / or local path whitelist and / or blacklist local not match, the resource request message sent to the Drive link, network access is determined according to the matching result Drive behavior is malicious access behavior.

[0083]展示模块460适于:若确定网络访问行为是恶意访问行为,则在获取到重新发起的网络访问请求之后,创建并向用户展示非安全提示页面。 [0083] display module 460 is adapted to: determine if the network access behavior is malicious access behavior, after acquiring the network access request re-initiated, create and present the user a non-safety tips page.

[0084] 在分析模块妨0确定了网络访问行为是恶意访问行为的情况下,展示模块460在获取到重新发起的网络访问请求之后,并没有响应该网络访问请求,而是创建了非安全提示页面,并向用户展示该非安全提示页面,从而阻止了由该网络访问请求所产生的流量,也有效遏制了恶意访问行为给用户带来不良影响。 [0084] In the analysis module hinder 0 determines network access behavior is the behavior of malicious access, the presentation module 460 after the acquisition to reinitiate the network access request, and did not respond to the request for network access, but to create a non-safety tips page, and present the user of the non-safety tips page, preventing access by the network traffic generated by the request, but also effectively curb malicious access to user behavior adversely affected. 其中,非安全提示页面可包括提示用户的语句或图片等信息。 Among them, the non-safety tips pages can include tips and other user statement or picture messages.

[0085]根据本实施例提供的保证安全的阻塞式网络访问装置,获取模块获取网络访问请求,将网络访问请求重定向至本地服务进程,并在本地服务进程中,在判断模块判断出网络访问请求是基于浏览器内核的应用所发起的请求的情况下,构造模块构造重定向响应报文,将重定向响应报文返回给基于浏览器内核的应用,以通知基于浏览器内核的应用每隔预设时间重新发起网络访问请求,接着提取模块提取该网络访问请求对应的至少一个资源请求链接信息,分析模块提取至少一个资源请求链接信息对应的域名和/或IP和/或路径, 并将域名和/或IP和/或路径与本地白名单、本地黑名单和云端进行匹配,确定网络访问行为是否为恶意访问行为,如果分析模块确定了网络访问行为是恶意访问行为,展示模块在获取到重新发起的网络访向请求之后,创建并向用户展 [0085] Network access blocking device according to the present embodiment to ensure the safety provided by the acquisition module acquires the network access request, the network access request redirection to the local service process, and the local service process, the determining module determines that the network access request is based on the case where the core browser application initiated request, the configuration module configured to redirect response packet, the response packet back to redirect a browser-based application kernel to notify the browser-based application every kernel preset time to re-initiate the network access request, followed by extraction module extracts the network access request corresponding to the at least one resource request for the link information, the analysis module extracts the at least one resource request for the link information corresponding to the domain name and / or IP and / or path, and the domain name and / or IP and / or path with local whitelists, blacklists and cloud the local match to determine the network access behavior is malicious access behavior analysis module to determine if the behavior is malicious access network access behavior, display module to re-acquire after the launch of the network access to the request, the user create and Exhibition 非安全提示页面。 Non-Safety Tips page. 根据本发明提供的技术方案,当客户端发起网络访问请求时,会因为网络访问行为是恶意访问行为而被阻止,并向用户展示非安全提示页面,以提示用户注意,从而阻止了由该网络访问请求所产生的流量,也有效遏制了恶意访问行为给用户带来不良影响。 According to the technical solution provided by the invention, when a client initiates a request for network access, network access behavior because behavior is malicious access is blocked, and show non-secure page prompts the user to alert the user, thereby preventing by the network traffic access requests generated, but also effectively curb malicious access to user behavior adversely affected. 另外,本发明提供的技术方案通过本地白名单查询、本地黑名单查询和云端查询相结合的方式,更加准确地确定出网络访问行为是否为恶意访问行为。 In addition, the present invention provides a technical solution by a local whitelist queries, and query local blacklist cloud query combining more accurately determine the network access behavior is malicious access behavior. 而且本发明提供的技术方案利用VPN服务高速且安全的特定,无需获得root权限即可实现阻止恶意访问行为。 And the present invention provides the use of technical solutions and secure high-speed VPN service specific, do not need to gain root access privileges to prevent malicious behavior can be realized.

[0086]在此提供的算法和显示不与任何特定计算机、虚拟系统或者其它设备固有相关。 [0086] The algorithms and displays are not provided, the virtual system or other device inherently related to any particular computer. 各种通用系统也可以与基于在此的示教一起使用。 Various general-purpose systems may also be used with the teachings herein based. 根据上面的描述,构造这类系统所要求的结构是显而易见的。 According to the above description, the configuration of such a system requires a structure will be apparent. 此外,本发明也不针对任何特定编程语言。 Further, the present invention is not to any particular programming language. 应当明白,可以利用各种编程语言实现在此描述的本发明的内容,并且上面对特定语言所做的描述是为了披露本发明的最佳实施方式。 It should be appreciated that a variety of programming languages ​​may be utilized to achieve the present invention described herein, the above description and specific language is made to the disclosure of preferred embodiments of the present invention.

[0087]在此处所提供的说明书中,说明了大量具体细节。 [0087] In the description provided herein, numerous specific details are described. 然而,能够理解,本发明的实施例可以在没有这些具体细节的情况下实践。 However, it can be understood that the embodiments of the present invention may be practiced without these specific details. 在一些实例中,并未详细示出公知的方法、结构和技术,以便不模糊对本说明书的理解。 In some examples, not shown in detail in well-known methods, structures and techniques, so as not to obscure the understanding of this description.

[0088] 类似地,应当理解,为了精简本公开并帮助理解各个发明方面中的一个或多个,在上面对本发明的示例性实施例的描述中,本发明的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。 [0088] Similarly, it should be understood that the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects in the description of exemplary embodiments of the present invention, various features of the invention are sometimes grouped into a single together embodiment, FIG, or the description thereof. 然而,并不应将该公开的方法解释成反映如下意图:即所要求保护的本发明要求比在每个权利要求中所明确记载的特征更多的特征。 However, the methods disclosed herein should not be interpreted as reflecting an intention: that the claimed invention requires more features than in each of the claims expressly recited. 更确切地说,如下面的权利要求书所反映的那样,发明方面在于少于前面公开的单个实施例的所有特征。 More specifically, as reflected in the book as the following claims, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. 因此, 遵循具体实施方式的权利要求书由此明确地并入该具体实施方式,其中每个权利要求本身都作为本发明的单独实施例。 Thus, the claims following the specific embodiments are hereby incorporated into this Detailed Description explicitly, with each claim itself as a separate embodiment of the present invention.

[0089]本领域那些技术人员可以理解,可以对实施例中的设备中的模块进行自适应性地改变并且把它们设置在与该实施例不同的一个或多个设备中。 [0089] Those skilled in the art can understand may be made to change adaptively embodiment device module and provided them with one or more devices different from this embodiment of the. 可以把实施例中的模块或单元或组件组合成一个模块或单元或组件,以及此外可以把它们分成多个子模块或子单元或子组件。 The embodiments may be modules or units into one module or component or components or units, and in addition they can be divided into a plurality of sub-modules or sub-units or sub-assemblies. 除了这样的特征和/或过程或者单元中的至少一些是相互排斥之外,可以采用任何组合对本说明书(包括伴随的权利要求、摘要和附图)中公开的所有特征以及如此公开的任何方法或者设备的所有过程或单元进行组合。 Any method other than such features and / or process, or at least some of the units are mutually exclusive, any combination of the present specification (including the accompanying claims, abstract and drawings) All of the features disclosed in, or disclosed herein and such All process units or equipment combination. 除非另外明确陈述,本说明书(包括伴随的权利要求、摘要和附图)中公开的每个特征可以由提供相同、等同或相似目的的替代特征来代替。 Unless expressly stated otherwise, each feature of the present specification (including the accompanying claims, abstract and drawings) may be provided by the same disclosed, characterized equivalents or similar purpose may be substituted.

[0090] 此外,本领域的技术人员能够理解,尽管在此所述的一些实施例包括其它实施例中所包括的某些特征而不是其它特征,但是不同实施例的特征的组合意味着处于本发明的范围之内并且形成不同的实施例。 [0090] Moreover, those skilled in the art will appreciate that although in some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant in the present within the scope of the invention and form different embodiments. 例如,在下面的权利要求书中,所要求保护的实施例的任意之一都可以以任意的组合方式来使用。 For example, in one embodiment any forth in the following claims, it may be claimed in any combination used.

[0091]本发明的各个部件实施例可以以硬件实现,或者以在一个或者多个处理器上运行的软件模块实现,或者以它们的组合实现。 [0091] The various components of the present embodiment of the invention may be implemented in hardware, or as software modules running on one or more processors, or in a combination thereof. 本领域的技术人员应当理解,可以在实践中使用微处理器或者数字信号处理器(DSP)来实现根据本发明实施例中的一些或者全部部件的一些或者全部功能。 Those skilled in the art will appreciate that a microprocessor may be used or a digital signal processor (DSP) in practice to implement some or all of the functionality of some or all of the embodiments of the present invention member. 本发明还可以实现为用于执行这里所描述的方法的一部分或者全部的设备或者装置程序(例如,计算机程序和计算机程序产品)。 The present invention may also be implemented as a part or all of the device or apparatus programs for performing the methods described herein (e.g., computer programs and computer program products). 这样的实现本发明的程序可以存储在计算机可读介质上,或者可以具有一个或者多个信号的形式。 Such a program implementing the present invention may be stored on a computer-readable medium, or may have the form of one or more signals. 这样的信号可以从因特网网站上下载得到,或者在载体信号上提供,或者以任何其他形式提供。 Such signals can be downloaded from the Internet website, or provided on a carrier signal, or in any other form.

[0092]应该注意的是上述实施例对本发明进行说明而不是对本发明进行限制,并且本领域技术人员在不脱离所附权利要求的范围的情况下可设计出替换实施例。 [0092] It should be noted that the embodiments of the present invention, the above-described embodiments illustrate rather than limit the invention, and those skilled in the art without departing from the scope of the appended claims may be devised alternative embodiments. 在权利要求中, 不应将位于括号之间的任何参考符号构造成对权利要求的限制。 In the claims, should not be limited by any reference signs located claimed configured to claims between parentheses. 单词“包含”不排除存在未列在权利要求中的元件或步骤。 The word "comprising" does not exclude the presence of elements or steps not listed in the appended claims. 位于元件之前的单词“一”或“一个”不排除存在多个这样的元件。 Preceding an element of the word "a" or "an" does not exclude the presence of a plurality of such elements. 本发明可以借助于包括有若干不同元件的硬件以及借助于适当编程的计算机来实现。 The present invention by means of hardware comprising several distinct elements, and by means of a suitably programmed computer implemented. 在列举了若干装置的单元权利要求中,这些装置中的若干个可以是通过同一个硬件项来具体体现。 Unit claims enumerating several means, several of these means may be embodied by the same item of hardware. 单词第一、第二、以及第三等的使用不表示任何顺序。 Word of the first, second, and third, etc. does not denote any order. 可将这些单词解释为名称。 These words can be interpreted as names.

[0093]本发明公开了: [0093] The present invention discloses:

[0094] A1、一种保证安全的阻塞式网络访问方法,包括: [0094] A1, a guarantee of safety of blocking network access methods, including:

[0095]获取网络访问请求,将所述网络访问请求重定向至本地服务进程,所述本地服务进程是由本地VPN服务提供的; [0095] acquisition request for network access, the network access request is redirected to the local service process, the process is a local service provided by a local VPN services;

[0096]在所述本地服务进程中,构造报文数据以通知所述基于浏览器内核的应用每隔预设时间重新发起网络访问请求;并且,提取该网络访问请求对应的至少一个资源请求链接信息,通过分析至少一个资源请求链接信息,确定网络访问行为是否为恶意访问行为; [0096] In the process of the local service, the message data is configured to notify the browser-based application kernel every predetermined time to re-initiate the network access request; and extracts the network access request corresponding to the at least one resource request link information by analyzing at least one resource request information link to determine network access behavior is malicious access behavior;

[0097]若确定网络访问行为是恶意访问行为,则在获取到重新发起的网络访问请求之后,创建并向用户展示非安全提示页面。 [0097] If it is determined access network access behavior is malicious behavior, after the acquisition to re-initiate the request for network access, create and present the user a non-safety tips page.

[0098] A2、根据A1所述的方法,在所述构造报文数据之前,所述方法还包括:判断所述网络访问请求是否为基于浏览器内核的应用所发起的请求; [0098] A2, The method of claim A1, prior to said configuration data packet, said method further comprising: determining the network access request is a request based on the browser application kernel initiated;

[0099] 所述构造报文数据以通知所述基于浏览器内核的应用每隔预设时间重新发起网络访问请求进一步为:在判断出所述网络访问请求为基于浏览器内核的应用所发起的请求的情况下,构造报文数据以通知所述基于浏览器内核的应用每隔预设时间重新发起网络访问请求。 [0099] The data packet configured to notify the browser-based application every preset time kernel reinitiate access request further to the network: the access network is determined that the request for the application based on the browser kernel initiated case of a request, the configuration data packet to notify the browser-based application core network every predetermined time to re-initiate an access request.

[0100] A3、根据A2所述的方法,所述判断所述网络访问请求是否为基于浏览器内核的应用所发起的请求进一步包括: [0100] A3, according to the method A2, the network determines the access request is a request of a browser application initiated by the kernel based further comprising:

[0101] 解析所述网络访问请求的头信息,获取用户代理字符串; [0101] parsing the header information of the network access request, obtain a user agent string;

[0102] 根据所述用户代理字符串区分网络访问请求为基于浏览器内核的应用所发起的请求或不基于浏览器内核的应用所发起的请求。 [0102] request is a kernel application browser initiated request or not based on a browser-based application kernel initiated according to the user agent string distinguish the network access request.

[0103] A4、根据A2或A3所述的方法,所述构造报文数据以通知所述基于浏览器内核的应用每隔预设时间重新发起网络访问请求进一步包括: [0103] A4, according to Method A2 or A3, the packet data is configured to notify the browser-based application core network every predetermined time reinitiate access request further comprises:

[0104] 构造重定向响应报文,所述重定向响应报文的location字段记录的是网络访问请求对应的链接; [0104] configured to redirect response message, the location field of the record redirect response message corresponding to the request for network access link;

[0105] 将重定向响应报文返回给所述基于浏览器内核的应用,以通知所述基于浏览器内核的应用每隔预设时间重新发起网络访问请求。 [0105] The redirect response packet back to the browser-based core application, to notify the browser-based application core network every predetermined time to re-initiate an access request.

[0106] A5、根据A1-A4任一项所述的方法,所述提取该网络访问请求对应的至少一个资源请求链接信息进一步包括:提取所述网络访问请求对应的主页面的资源请求链接信息、该主页面的父页面的资源请求链接信息以及该主页面的子页面的资源请求链接信息。 [0106] A5, according to a method according to any one of A1-A4, extracting at least one of the resources of the network access request corresponding to the request link information further comprises: extracting said network resource access request home page of the link information corresponding to the request , parent resources page of the main page of the request for information and resource links to sub-pages of the main page of links to information request.

[0107] A6、根据A1-A5任一项所述的方法,所述通过分析至少一个资源请求链接信息,确定网络访问行为是否为恶意行为进一步包括: [0107] A6, A1-A5 method according to any one of the at least one resource request by analyzing the link information, determining whether the network access behavior malicious behavior further comprises:

[0108] 提取所述至少一个资源请求链接信息对应的域名和/或IP和/或路径,将所述域名和/或IP和/或路径与本地白名单和/或本地黑名单进行匹配; [0108] extracting the at least one resource request domain name and / or IP and / or path information corresponding to the link, the domain name matching and / or IP and / or local path whitelist and / or local blacklist;

[0109] 若所述域名和/或IP和/或路径与本地白名单匹配,则确定网络访问行为不是恶意访问行为;若所述域名和/或IP和/或路径与本地黑名单匹配,则确定网络访问行为是恶意访问行为。 [0109] If the domain name and / or IP and / or local path matches the white list, it is determined that access to the network access behavior is not malicious behavior; if the domain name and / or IP and / or local blacklist path match, determining a network access behavior is malicious access behavior.

[0110] A7、根据A6所述的方法,所述通过分析至少一个资源请求链接信息,确定网络访问行为是否为恶意访问行为还包括: [0110] A7, method according to A6, the resource request by analyzing at least one information link, network access is determined access behavior is malicious behaviors further comprises:

[0111] 若所述域名和/或IP和/或路径与本地白名单和/或本地黑名单不匹配,则将资源请求链接信息发送至云端,根据云端匹配结果确定网络访问行为是否为恶意访问行为。 [0111] If the domain name and / or IP and / or local path whitelist and / or blacklist local not match, the resource request is sent to the cloud link information, determining whether the network access behavior malicious access according to a matching result Drive behavior.

[0112] B8、一种保证安全的阻塞式网络访问装置,包括: [0112] B8, a guarantee of secure network access blocking device, comprising:

[0113] 获取模块,适于获取网络访问请求,将所述网络访问请求重定向至本地服务进程, 所述本地服务进程是由本地VPN服务提供的; [0113] an acquiring module adapted to acquire network access request, the access request is redirected to the local network service process, the process is a local service provided by a local VPN service;

[0114] 构造模块,适于在所述本地服务进程中,构造报文数据以通知所述基于浏览器内核的应用每隔预设时间重新发起网络访问请求; [0114] configuration module adapted to process at the local service, the message data is configured to notify the browser-based application kernel every predetermined time to re-initiate the network access request;

[0115]提取模块,适于提取该网络访问请求对应的至少一个资源请求链接信息; [0115] an extraction module adapted to extract the at least one resource to the network access request link information corresponding to the request;

[0116]分析模块,适于通过分析至少一个资源请求链接信息,确定网络访问行为是否为恶意访问行为; [0116] Analysis module adapted to request the at least one resource by analyzing the link information, determining whether the network access behavior malicious access behavior;

[0117]展示模块,适于若确定网络访问行为是恶意访问行为,则在获取到重新发起的网络访问请求之后,创建并向用户展示非安全提示页面。 [0117] display module adapted to determine if the behavior is malicious access network access behavior, after the acquisition to re-initiate the request for network access, create and present the user a non-safety tips page.

[0118] B9、根据B8所述的装置,还包括:判断模块,适于判断所述网络访问请求是否为基于浏览器内核的应用所发起的请求; [0118] B9, B8 apparatus according to claim, further comprising: a determining module, adapted to determine whether the network access request is a request based on the browser application kernel initiated;

[0119] 所述构造模块进一步适于:在所述判断模块判断出所述网络访问请求为基于浏览器内核的应用所发起的请求的情况下,构造报文数据以通知所述基于浏览器内核的应用每隔预设时间重新发起网络访问请求。 [0119] The configuration module is further adapted to: in a case where said determination module determines that the request is a request to access the network application based on the browser kernel initiated, the configuration of the message data to notify the browser-based core the pre-application every time to re-initiate the network access request.

[0120] B10、根据B9所述的装置,所述判断模块进一步适于: [0120] B10, B9 apparatus according to the determining module is further adapted to:

[0121] 解析所述网络访问请求的头信息,获取用户代理字符串; [0121] parsing the header information of the network access request, obtain a user agent string;

[0122] 根据所述用户代理字符串区分网络访问请求为基于浏览器内核的应用所发起的请求或不基于浏览器内核的应用所发起的请求。 [0122] request is a kernel application browser initiated request or not based on a browser-based application kernel initiated according to the user agent string distinguish the network access request.

[0123] B11、根据B9或B10所述的装置,所述构造模块进一步适于: [0123] B11, B9 or B10 apparatus according to the constructing module is further adapted to:

[0124]构造重定向响应报文,所述重定向响应报文的location字段记录的是网络访问请求对应的链接; [0124] configured to redirect response message, the location field of the record redirect response message corresponding to the request for network access link;

[0125] 将重定向响应报文返回给所述基于浏览器内核的应用,以通知所述基于浏览器内核的应用每隔预设时间重新发起网络访问请求。 [0125] The redirect response packet back to the browser-based core application, to notify the browser-based application core network every predetermined time to re-initiate an access request.

[0126] B12、根据B9-B11任一项所述的装置,所述提取模块进一步适于:提取所述网络访问请求对应的主页面的资源请求链接信息、该主页面的父页面的资源请求链接信息以及该主页面的子页面的资源请求链接信息。 [0126] B12, B9-B11 apparatus according to any one of the, the extraction module is further adapted to: extract the resource access request to the network home page of the link information corresponding to the request, the parent page resource request of the main page information and resource links to sub-pages of the main page of links to information request.

[0127] B13、根据B9-B12任一项所述的装置,所述分析模块进一步适于: [0127] B13, B9-B12 apparatus according to any one of the analysis module is further adapted to:

[0128] 提取所述至少一个资源请求链接信息对应的域名和/或IP和/或路径,将所述域名和/或IP和/或路径与本地白名单和/或本地黑名单进行匹配; [0128] extracting the at least one resource request domain name and / or IP and / or path information corresponding to the link, the domain name matching and / or IP and / or local path whitelist and / or local blacklist;

[0129] 若所述域名和/或IP和/或路径与本地白名单匹配,则确定网络访问行为不是恶意访问行为;若所述域名和/或IP和/或路径与本地黑名单匹配,则确定网络访问行为是恶意访问行为。 [0129] If the domain name and / or IP and / or local path matches the white list, it is determined that access to the network access behavior is not malicious behavior; if the domain name and / or IP and / or local blacklist path match, determining a network access behavior is malicious access behavior.

[0130] B14、根据B13所述的装置,所述分析模块还适于:若所述域名和/或IP和/或路径与本地白名单和/或本地黑名单不匹配,则将资源请求链接信息发送至云端,根据云端匹配结果确定网络访问行为是否为恶意访问行为。 [0130] B14, B13 of the apparatus according to the analyzing module is further adapted to: if the domain name and / or IP and / or local path whitelist and / or local blacklist do not match, the resource request link information is sent to the cloud, to determine the network access behavior is malicious behavior based access cloud matches.

Claims (14)

1.一种保证安全的阻塞式网络访问方法,包括: 获取网络访问请求,将所述网络访问请求重定向至本地服务进程,所述本地服务进程是由本地VPN服务提供的; 在所述本地服务进程中,构造报文数据以通知基于浏览器内核的应用每隔预设时间重新发起网络访问请求;并且,提取该网络访问请求对应的至少一个资源请求链接信息,通过分析至少一个资源请求链接信息,确定网络访问行为是否为恶意访问行为; 若确定网络访问行为是恶意访问行为,则在获取到重新发起的网络访问请求之后,创建并向用户展示非安全提示页面。 A blocking ensure secure network access method, comprising: obtaining network access request, the access request is redirected to the local network service process, the process of the local service provided by the local VPN services; the local service process, the structure of the message data to inform every preset time browser-based application kernel reinitiate the network access request; and extracting at least one resource request access to the network link information corresponding to the request by analyzing at least one resource request link information, determine the network access behavior is malicious access behavior; determine if the network access behavior is malicious access behavior, after acquiring the network access request re-initiated, create and present the user a non-safety tips page.
2.根据权利要求1所述的方法,在所述构造报文数据之前,所述方法还包括:判断所述网络访问请求是否为基于浏览器内核的应用所发起的请求; 所述构造报文数据以通知所述基于浏览器内核的应用每隔预设时间重新发起网络访问请求进一步为:在判断出所述网络访问请求为基于浏览器内核的应用所发起的请求的情况下,构造报文数据以通知所述基于浏览器内核的应用每隔预设时间重新发起网络访问请求。 2. The method according to claim 1, before the configuration data packet, said method further comprising: determining the network access request is a request based on the browser application initiated kernel; the configuration packet data to notify the browser-based application core network every predetermined time reinitiate access request further to: in a case where it is determined that the request is a request to access the network application based on the browser kernel initiated, the configuration of the packet data to notify the browser-based application core network every predetermined time to re-initiate an access request.
3. 根据权利要求2所述的方法,所述判断所述网络访问请求是否为基于浏览器内核的应用所发起的请求进一步包括: 解析所述网络访问请求的头信息,获取用户代理字符串; 根据所述用户代理字符串区分网络访问请求为基于浏览器内核的应用所发起的请求或不基于浏览器内核的应用所发起的请求。 3. The method according to claim 2, the network determines the access request is a browser-based application initiated request the kernels further comprises: parsing the header information of the network access request, obtain a user agent string; agent string distinguish the network according to the user request is a request to access the kernel browser application initiated request or not based browser application kernel initiate.
4. 根据权利要求2或3所述的方法,所述构造报文数据以通知所述基于浏览器内核的应用每隔预设时间重新发起网络访问请求进一步包括: 构造重定向响应报文,所述重定向响应报文的location字段记录的是网络访问请求对应的链接; 将重定向响应报文返回给所述基于浏览器内核的应用,以通知所述基于浏览器内核的应用每隔预设时间重新发起网络访问请求。 4. The method of claim 2 or claim 3, said configuration data packet to notify the browser-based application core network every predetermined time reinitiate access request further comprises: constructing a redirect response packet, the recording said location field redirect response message is the network access link corresponding to the request; application response packet is redirected back to the browser-based core application, to notify the browser-based core predetermined intervals time to re-initiate the network access request.
5. 根据权利要求1-3任一项所述的方法,所述提取该网络访问请求对应的至少一个资源请求链接信息进一步包括:提取所述网络访问请求对应的主页面的资源请求链接信息、 该主页面的父页面的资源请求链接信息以及该主页面的子页面的资源请求链接信息。 The method according to any one of claims 1-3, said extracting at least one resource request to the network access request corresponding to the link information further comprises: extracting said network resource access request home page of the link information corresponding to the request, parent resources page of the main page of the request for information and resource links to sub-pages of the main page of links to information request.
6. 根据权利要求1-3任一项所述的方法,所述通过分析至少一个资源请求链接信息,确定网络访问行为是否为恶意行为进一步包括: 提取所述至少一个资源请求链接信息对应的域名和/或IP和/或路径,将所述域名和/ 或IP和/或路径与本地白名单和/或本地黑名单进行匹配; 若所述域名和/或IP和/或路径与本地白名单匹配,则确定网络访问行为不是恶意访问行为;若所述域名和/或IP和/或路径与本地黑名单匹配,则确定网络访问行为是恶意访问行为。 6. The method according to any one of claims 1-3, said at least one resource request by analyzing the link information, determining whether the network access behavior malicious behavior further comprising: extracting said at least one domain link information corresponding to the resource request and / or IP and / or paths, the matching domain names and / or IP and / or local path whitelist and / or local blacklist; if the domain name and / or IP and / or local path whitelist match, it is determined that access to the network access behavior is not malicious behavior; if the domain name and / or IP and / or local path matches the blacklist, network access is determined access behavior malicious behavior.
7. 根据权利要求6所述的方法,所述通过分析至少一个资源请求链接信息,确定网络访问行为是否为恶意访问行为还包括: 若所述域名和/或IP和/或路径与本地白名单和/或本地黑名单不匹配,则将资源请求链接信息发送至云端,根据云端匹配结果确定网络访问行为是否为恶意访问行为。 7. The method according to claim 6, said at least one resource request by analyzing the link information, determining whether the network access behavior Behavior malicious access further comprises: if the domain name and / or IP and / or local path whitelist and / or local blacklist does not match, then the resource request link information sent to the cloud, to determine the network access behavior is malicious behavior based access cloud matches.
8. —种保证安全的阻塞式网络访问装置,包括: 获取模块,适于获取网络访问请求,将所述网络访问请求重定向至本地服务进程,所述本地服务进程是由本地VPN服务提供的; 构造模块,适于在所述本地服务进程中,构造报文数据以通知基于浏览器内核的应用每隔预设时间重新发起网络访问请求; 提取模块,适于提取该网络访问请求对应的至少一个资源请求链接信息; 分析模块,适于通过分析至少一个资源请求链接信息,确定网络访问行为是否为恶意访问行为; 展示模块,适于若确定网络访问行为是恶意访问行为,则在获取到重新发起的网络访问请求之后,创建并向用户展示非安全提示页面。 8. - kind to ensure secure blocking access network apparatus, comprising: an acquiring module adapted to acquire network access request, the access request is redirected to the local network service process, the process is a local service provided by a local VPN services ; configuration module adapted to process at the local service, configured to notify the message data every predetermined time kernel browser-based application re-initiate the network access request; extracting module adapted to extract the network access request corresponding to at least a link to the resource request information; an analysis module adapted to at least one resource request information via link analysis, network access behavior is malicious access behavior; display module adapted to determine if the network access behavior is malicious access behavior, then re-acquired after initiating the request for network access, create and present the user a non-safety tips page.
9. 根据权利要求8所述的装置,还包括:判断模块,适于判断所述网络访问请求是否为基于浏览器内核的应用所发起的请求; 所述构造模块进一步适于:在所述判断模块判断出所述网络访问请求为基于浏览器内核的应用所发起的请求的情况下,构造报文数据以通知所述基于浏览器内核的应用每隔预设时间重新发起网络访问请求。 9. The apparatus according to claim 8, further comprising: a determining module, adapted to determine whether the request is a request to access the network application based on the browser kernel initiated; the constructing module is further adapted to: the determination module determines that the request is a case where the access network based on a request of a browser application initiated by the kernel, the message data is configured to notify the browser-based application core network every predetermined time to re-initiate an access request.
10. 根据权利要求9所述的装置,所述判断模块进一步适于: 解析所述网络访问请求的头信息,获取用户代理字符串; 根据所述用户代理字符串区分网络访问请求为基于浏览器内核的应用所发起的请求或不基于浏览器内核的应用所发起的请求。 10. The apparatus according to claim 9, wherein the determining module is further adapted to: parse the header information of the network access request, obtaining the user agent string; according to the user agent string distinguish the network access request is a browser-based kernel application initiated request or not based on a browser kernel application initiated requests.
11. 根据权利要求9或10所述的装置,所述构造模块进一步适于: 构造重定向响应报文,所述重定向响应报文的1 〇cat i on字段记录的是网络访问请求对应的链接; 将重定向响应报文返回给所述基于浏览器内核的应用,以通知所述基于浏览器内核的应用每隔预设时间重新发起网络访问请求。 11. The apparatus of claim 9 or claim 10, said configuration module is further adapted to: redirect response packet is configured, in response to the redirection 〇cat 1 i on the field of the record is the network packet corresponding to the access request link; redirect response packet back to the browser-based core application, to notify the browser-based application core network every predetermined time to re-initiate an access request.
12. 根据权利要求8-10任一项所述的装置,所述提取模块进一步适于:提取所述网络访问请求对应的主页面的资源请求链接信息、该主页面的父页面的资源请求链接信息以及该主页面的子页面的资源请求链接信息。 12. The apparatus according to any of claims 8-10, the extraction module is further adapted to: extract the resource access request to the network home page of the link information corresponding to the request, the parent page resources of the main page request link resource information and sub-pages of the main page of links to information request.
13. 根据权利要求8-10任一项所述的装置,所述分析模块进一步适于: 提取所述至少一个资源请求链接信息对应的域名和/或IP和/或路径,将所述域名和/ 或IP和/或路径与本地白名单和/或本地黑名单进行匹配; 若所述域名和/或IP和/或路径与本地白名单匹配,则确定网络访问行为不是恶意访问行为;若所述域名和/或IP和/或路径与本地黑名单匹配,则确定网络访问行为是恶意访问行为。 13. The apparatus according to any of claims 8-10, the analysis module is further adapted to: extract at least one link resource request information corresponding to the domain name and / or IP and / or path, and the domain name / or IP and / or local path whitelist and / or blacklist local matching; if the domain name and / or IP and / or local path matches the white list, it is determined that access to the network access behavior is not malicious behavior; if the domain-name and / or IP and / or path with local blacklist match, it is determined that the behavior is malicious access network access behavior.
14. 根据权利要求13所述的装置,所述分析模块还适于:若所述域名和/或IP和/或路径与本地白名单和/或本地黑名单不匹配,则将资源请求链接信息发送至云端,根据云端匹配结果确定网络访问行为是否为恶意访问行为。 14. The apparatus according to claim 13, the analysis module is further adapted to: if the domain name and / or IP and / or local path whitelist and / or does not match the local blacklist, then the link information resource request sent to the cloud, to determine the network access behavior is malicious behavior based access cloud matches.
CN201610109172.1A 2016-02-26 2016-02-26 To ensure the safety of blocking network access method and device CN105635178B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610109172.1A CN105635178B (en) 2016-02-26 2016-02-26 To ensure the safety of blocking network access method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610109172.1A CN105635178B (en) 2016-02-26 2016-02-26 To ensure the safety of blocking network access method and device

Publications (2)

Publication Number Publication Date
CN105635178A CN105635178A (en) 2016-06-01
CN105635178B true CN105635178B (en) 2018-06-22

Family

ID=56049666

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610109172.1A CN105635178B (en) 2016-02-26 2016-02-26 To ensure the safety of blocking network access method and device

Country Status (1)

Country Link
CN (1) CN105635178B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104092691A (en) * 2014-07-15 2014-10-08 北京奇虎科技有限公司 Implementation method for implementing root-authority-free networking firewall and client-side
CN104484259A (en) * 2014-11-25 2015-04-01 北京奇虎科技有限公司 Application program traffic monitoring method and device, and mobile terminal

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102739603B (en) * 2011-03-31 2015-10-21 国际商业机器公司 Single sign-on method and apparatus

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104092691A (en) * 2014-07-15 2014-10-08 北京奇虎科技有限公司 Implementation method for implementing root-authority-free networking firewall and client-side
CN104484259A (en) * 2014-11-25 2015-04-01 北京奇虎科技有限公司 Application program traffic monitoring method and device, and mobile terminal

Also Published As

Publication number Publication date
CN105635178A (en) 2016-06-01

Similar Documents

Publication Publication Date Title
US9047441B2 (en) Malware analysis system
US10068091B1 (en) System and method for malware containment
CN1612532B (en) Host-based network intrusion detection systems
CN101496025B (en) System and method for providing network security to mobile devices
EP2410452B1 (en) Protection against malware on web resources
US8769268B2 (en) System and methods providing secure workspace sessions
Malkhi et al. Secure execution of Java applets using a remote playground
US8826411B2 (en) Client-side extensions for use in connection with HTTP proxy policy enforcement
JP4734592B2 (en) Secure access provides a method and system of the client redirected to a private network
US8220050B2 (en) Method and system for detecting restricted content associated with retrieved content
US8539582B1 (en) Malware containment and security analysis on connection
US8875272B2 (en) Firewall for controlling connections between a client machine and a network
US8844032B2 (en) Method and system for application-based policy monitoring and enforcement on a mobile device
CN105379223B (en) Manage access to corporate resources to methods and apparatus
US7870610B1 (en) Detection of malicious programs
US7464408B1 (en) Damage containment by translation
US8918865B2 (en) System and method for protecting data accessed through a network connection
US8353036B2 (en) Method and system for protecting cross-domain interaction of a web application on an unmodified browser
US20140096246A1 (en) Protecting users from undesirable content
CN104462952B (en) A method and apparatus for the application from the start prohibition
US8561182B2 (en) Health-based access to network resources
US8225404B2 (en) Trusted secure desktop
US9122874B2 (en) Method and system for detecting restricted content associated with retrieved content
US9326134B2 (en) Data loss prevention for mobile computing devices
EP2839406A1 (en) Detection and prevention of installation of malicious mobile applications

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination
GR01