CN106095781A - Malicious websites recognition methods and device - Google Patents
Malicious websites recognition methods and device Download PDFInfo
- Publication number
- CN106095781A CN106095781A CN201610361980.7A CN201610361980A CN106095781A CN 106095781 A CN106095781 A CN 106095781A CN 201610361980 A CN201610361980 A CN 201610361980A CN 106095781 A CN106095781 A CN 106095781A
- Authority
- CN
- China
- Prior art keywords
- website information
- url library
- malice
- network address
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/955—Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
- G06F16/9566—URL specific, e.g. using aliases, detecting broken or misspelled links
Abstract
The disclosure is directed to a kind of malicious websites recognition methods and device, belong to internet arena.Described method includes: when receiving network access instruction, based on the first locally stored URL library, judge whether the website information carried in described network instruction is malice network address, described network access instruction is the instruction that the arbitrary application installed accesses network, when determining that based on described first URL library the judged result of described website information is for time unknown, virtual data channel is set up by particular technology, by described virtual data channel, described website information is sent to server, to indicate described server to judge whether described website information is malice network address based on the second URL library of storage in described server, when determining that described website information is defined as malice network address based on described server, website corresponding for described website information is defined as malicious websites.The disclosure can improve the accuracy rate of malicious websites, and then improves the safety of mobile terminal accessing the Internet.
Description
Technical field
It relates to internet arena, particularly relate to a kind of malicious websites recognition methods and device.
Background technology
It is a lot of convenient that the fast development of Internet technology and popularizing brings to the life of user, and user can pass through the Internet
Download all kinds of data, shopping at network etc..Meanwhile, all kinds of trojan horses or fishing website may encroach on the hidden of user the most at any time
Private safety and property safety, bring puzzlement and inconvenience to user, therefore, need a kind of malicious websites recognition methods badly.
In correlation technique, user can install multiple application that can connect the Internet in the terminal, and by being somebody's turn to do
Multiple application carry out obtaining the activities such as all kinds of data from the Internet.When this mobile terminal based in the plurality of application each should
With when receiving network access instruction, if this is applied has malice URL library, then by this network this mobile terminal is locally stored
The website information carried in access instruction is mated with the malice network address in malice URL library, when storing in this malice URL library
When having this website information, this website information is identified as malice network address, website corresponding for this website information to be identified as malice
Website.If this application in this terminal local storage malice URL library, is not then directly based upon in this network access instruction and carries
Website information access this website information correspondence website.
Summary of the invention
For overcoming problem present in correlation technique, the disclosure provides a kind of malicious websites recognition methods and device.
First aspect according to disclosure embodiment, it is provided that a kind of malicious websites recognition methods, described method includes:
When receiving network access instruction, based on the first locally stored URL library, it is judged that described network instruction is taken
Whether the website information of band is malice network address, and described network access instruction is the instruction that the arbitrary application installed accesses network;
When determining that based on described first URL library the judged result of described website information is for, time unknown, building by particular technology
Vertical virtual data channel;
By described virtual data channel, described website information is sent to server, to indicate described server based on institute
State the second URL library of storage in server and judge whether described website information is malice network address;
When determining that described website information is defined as malice network address based on described server, by corresponding for described website information
Website is defined as malicious websites.
Alternatively, described particular technology is VPN (Virtual Private Network, VPN (virtual private network)) technology.
Alternatively, described first URL library includes the first safe URL library and the first malice URL library.
Alternatively, described based on the first locally stored URL library, it is judged that the website information carried in described network instruction
Whether it is malice network address, including:
Have when described first safe URL library not storing described website information and described first malice URL library store
During described website information, determine that described website information is for malice network address;
When described first safe URL library and the first malice URL library all do not store described website information, determine described
The judged result of website information is unknown.
Alternatively, described second URL library includes the second safe URL library and the second malice URL library.
Second aspect according to disclosure embodiment, it is provided that a kind of malicious websites identification device, described device includes:
Judge module, for when receiving network access instruction, based on the first locally stored URL library, it is judged that described
Whether the website information carried in network instruction is malice network address, and described network access instruction is that the arbitrary application installed accesses net
The instruction of network;
Set up module, be used for when the judged result determining described website information based on described first URL library is unknown,
Virtual data channel is set up by particular technology;
Sending module, for being sent to server by described virtual data channel by described website information, to indicate
State server and judge whether described website information is malice network address based on the second URL library of storage in described server;
Determine module, for when determining that described website information is defined as malice network address based on described server, by described
Website corresponding to website information is defined as malicious websites.
Alternatively, described particular technology is VPN technologies.
Alternatively, described first URL library includes the first safe URL library and the first malice URL library.
Alternatively, described judge module includes:
First determines unit, when not storing described website information and described first malice net in described first safe URL library
When storage has described website information in storehouse, location, determine that described website information is for malice network address;
Second determines unit, for when all not storing described net in described first safe URL library and the first malice URL library
During the information of location, determine that the judged result of described website information is the unknown.
Alternatively, described second URL library includes the second safe URL library and the second malice URL library.
The third aspect according to disclosure embodiment, it is provided that a kind of malicious websites identification device, described device includes:
Processor;
For storing the memorizer of processor executable;
Wherein, described processor is configured to:
When receiving network access instruction, based on the first locally stored URL library, it is judged that described network instruction is taken
Whether the website information of band is malice network address, and described network access instruction is the instruction that the arbitrary application installed accesses network;
When determining that based on described first URL library the judged result of described website information is for, time unknown, building by particular technology
Vertical virtual data channel;
By described virtual data channel, described website information is sent to server, to indicate described server based on institute
State the second URL library of storage in server and judge whether described website information is malice network address;
When determining that described website information is defined as malice network address based on described server, by corresponding for described website information
Website is defined as malicious websites.
Embodiment of the disclosure that the technical scheme of offer can include following beneficial effect: in the disclosed embodiments, should
Mobile terminal is when the arbitrary application receiving installation accesses network of network access instruction, it is possible to based on locally stored first
URL library judges whether this website information is malice network address, owing to the first URL library is stored in the locally stored sky of this mobile terminal
Between, whether it is that malice network address judges therefore, it is possible to quick to this this website information, i.e. improves and identify this website information
Efficiency, and owing to this network access instruction is the instruction that the arbitrary application installed accesses network, therefore, in this arbitrary application
Each application, it is not necessary in the malice URL library of this application locally stored, save locally stored space, also will not be because of this
Ground does not store the malice URL library of certain application and this application cannot be accessed the website information carried in the instruction of network and enter
Row identifies, therefore, also improves the accuracy rate identifying malicious websites.
It should be appreciated that it is only exemplary and explanatory, not that above general description and details hereinafter describe
The disclosure can be limited.
Accompanying drawing explanation
Accompanying drawing herein is merged in description and constitutes the part of this specification, it is shown that meet the enforcement of the present invention
Example, and for explaining the principle of the present invention together with description.
Fig. 1 is the flow chart according to a kind of malicious websites recognition methods shown in an exemplary embodiment.
Fig. 2 A is the flow chart according to the another kind of malicious websites identification shown in an exemplary embodiment.
Fig. 2 B is the schematic diagram according to a kind of mobile terminal display interface shown in an exemplary embodiment.
Fig. 2 C is the schematic diagram according to the another kind of mobile terminal display interface shown in an exemplary embodiment.
Fig. 2 D is the schematic diagram according to another the mobile terminal display interface shown in an exemplary embodiment.
Fig. 2 E is the schematic diagram according to another the mobile terminal display interface shown in an exemplary embodiment.
Fig. 2 F is the schematic diagram according to another the mobile terminal display interface shown in an exemplary embodiment.
Fig. 3 is the block diagram according to a kind of malicious websites identification device shown in an exemplary embodiment.
Fig. 4 is the structural representation according to the another kind of malicious websites identification device shown in an exemplary embodiment.
Detailed description of the invention
Here will illustrate exemplary embodiment in detail, its example represents in the accompanying drawings.Explained below relates to
During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represents same or analogous key element.Following exemplary embodiment
Described in embodiment do not represent all embodiments consistent with the present invention.On the contrary, they are only with the most appended
The example of the apparatus and method that some aspects that described in detail in claims, the present invention are consistent.
Before disclosure embodiment is carried out detailed explanation, first the application scenarios of disclosure embodiment is given
Introduce.User can install multiple application that can connect the Internet in the terminal, and by this application from the Internet
Obtain information interested, but be likely to the tired of the malicious websites such as the website by propagating trojan horse or fishing website simultaneously
Disturb, in correlation technique, for any one application in the plurality of application, after this application is installed, this application can be obtained
The malice URL library that operator determines, and it is local, afterwards, when this mobile terminal receives based on this application to be stored in this mobile terminal
During to network access instruction, can be by the website information carried in this network access instruction and the malice network address in malice URL library
Mate, when storage has this website information in this malice URL library, this website information is identified as malice network address, with should
Website corresponding to website information is identified as malicious websites.But owing to the most each application can be at this terminal local storage malice net
Storehouse, location, when this application is not in this terminal local storage malice URL library, this website information cannot be carried out by this mobile terminal
Identify and directly access the website that this website information is corresponding, it is therefore more likely that have access to malicious websites, bring to user the biggest
Potential safety hazard.And when this is applied in this terminal local storage malice URL library, due in locally stored malice URL library
Maliciously network address limited amount, is difficult to identify this website information exactly, identifies that the accuracy rate of malicious websites is the lowest.Cause
This, disclosure embodiment provides a kind of malicious websites recognition methods.
Fig. 1 is the flow chart according to a kind of malicious websites recognition methods shown in an exemplary embodiment, with reference to Fig. 1, and should
Malicious websites recognition methods, in mobile terminal, comprises the following steps.
In a step 101, when receiving network access instruction, based on the first locally stored URL library, it is judged that this net
Whether the website information carried in network instruction is malice network address, and this network access instruction is that the arbitrary application installed accesses network
Instruction.
In a step 102, when the judged result determining this website information based on this first URL library is unknown, by spy
Determine technology and set up virtual data channel.
In step 103, by this virtual data channel, this website information is sent to server, to indicate this server
Judge whether this website information is malice network address based on the second URL library of storage in this server.
At step 104, when determining that this website information is defined as malice network address based on this server, by this website information
Corresponding website is defined as malicious websites.
In the disclosed embodiments, first, this mobile terminal accesses network of network in the arbitrary application receiving installation
During access instruction, it is possible to judge whether this website information is malice network address based on the first locally stored URL library, due to first
Whether URL library is stored in the locally stored space of this mobile terminal, be malice net therefore, it is possible to quick to this this website information
Location judges, i.e. improves the efficiency identifying this website information, and owing to this network access instruction is the arbitrary application installed
Access the instruction of network, therefore, for each application in this arbitrary application, it is not necessary at the malice net of this application locally stored
Storehouse, location, saves locally stored space, will not store because of this locality yet certain application malice URL library and cannot be to this
Application accesses the website information carried in the instruction of network and is identified, and therefore, also improves the accuracy rate identifying malice network address;
Secondly, this mobile terminal can also be the unknown in the judged result determining this website information based on the first locally stored URL library
Time, this mobile terminal can be set up virtual data channel by particular technology, to realize the safe transmission to this website information, carry
The high safety of this mobile terminal;Finally, this website information can be sent by this mobile terminal by this virtual data channel
To this server, and then indicate this server that this website information is determined whether, improve and identify this website information
Accuracy rate.
Alternatively, this particular technology is VPN technologies.
Alternatively, this first URL library includes the first safe URL library and the first malice URL library.
Alternatively, based on the first locally stored URL library, it is judged that whether the website information carried in this network instruction is
Maliciously network address, including:
This network address is had when this first safe URL library does not stores storage in this website information and this first malice URL library
During information, determine that this website information is for malice network address;
When this first safe URL library and the first malice URL library all do not store this website information, determine that this network address is believed
The judged result of breath is unknown.
Alternatively, this second URL library includes the second safe URL library and the second malice URL library.
Above-mentioned all optional technical schemes, all can be according to arbitrarily combining the alternative embodiment forming the disclosure, and the disclosure is real
Execute example this is repeated the most one by one.
Fig. 2 A is the flow chart according to a kind of malicious websites recognition methods shown in an exemplary embodiment, with reference to Fig. 2 A,
This malicious websites recognition methods for mobile terminal and server mutual in, comprise the following steps.
In step 201, when this mobile terminal receives network access instruction, this mobile terminal is based on locally stored
First URL library, it is judged that whether the website information carried in this network instruction is malice network address, and this network access instruction is for installing
Arbitrary application access network instruction.
In order to avoid having access to malicious websites, thus bringing loss and puzzlement to user, this mobile terminal can receive
During to network access instruction, it is judged that whether the website information carried in this network instruction is malice network address, should in order to improve judgement
Whether website information is the efficiency of malice network address, and this network address can be believed by this mobile terminal based on the first locally stored URL library
Whether breath is that malice network address judges.
Wherein, this mobile terminal can be the mobile end that mobile phone, panel computer, intelligent watch etc. are able to access that the Internet
End, this is not specifically limited by disclosure embodiment.
It should be noted that this website information can be IP (Internet Protocol, Internet protocol) address, domain name
Any one in address and URL (Uniform Resource Locator, URL), disclosure embodiment is to this
It is not specifically limited.
Also, it should be noted this network access instruction can trigger by performing predetermined registration operation with user, this predetermined registration operation
Can be click on the operations such as operation, touch operation, this is not specifically limited by disclosure embodiment.
Also, it should be noted owing to this network access instruction is the instruction that the arbitrary application installed accesses network, therefore,
For each application in this arbitrary application, it is not necessary in the malice URL library of this application locally stored, save locally stored
Space, also cannot will not access this application in the instruction of network because this locality does not store the malice URL library of certain application
The website information carried is identified, and therefore, also improves the accuracy rate identifying malice network address.
Wherein, this first URL library can include following two kinds of possible situations:
The first possible situation, the first URL library includes the first safe URL library and the first malice URL library.
Owing to the first URL library includes the first safe URL library and the first malice URL library, therefore, this mobile terminal is permissible
Whether be malice network address judge, improve if being simultaneously based on the first safe URL library and the first malice URL library to this website information
Judge that whether this website information is the accuracy rate of malice network address.
Wherein, the first safe URL library can include at least one safe network address, the first malice URL library can be wrapped
Include at least one malice network address.
Also, it should be noted for this each safe network address at least one safe network address, this safe network address can
To be IP (Internet Protocol, Internet protocol) address, domain name addresses and URL (Uniform Resource
Locator, URL) in any one address, this is not specifically limited by disclosure embodiment.
Also, it should be noted for this at least one malice network address in each malice network address, this malice network address permissible
Be IP (Internet Protocol, Internet protocol) address, domain name addresses and URL (Uniform Resource Locator,
URL) in any one address, this is not specifically limited by disclosure embodiment.
Wherein, in the case of the first is possible, this mobile terminal is based on the first locally stored URL library, it is judged that this net
In network instruction, whether the website information carried is that the operation of malice network address can be: when not storing this in this first safe URL library
When storage has this website information in website information and this first malice URL library, determine that this website information is malice network address, when this
When first safe URL library and the first malice URL library all do not store this website information, determine the judged result of this website information
For the unknown.
Such as, the first safe URL library that this mobile terminal is locally stored includes 5 safe network address: " www.a.cn ",
" www.1.com ", " www.123.net ", " www.asd.gov " and " www.qwe.me ", the first malice URL library includes 5
Maliciously network address: " www.dsa.cn ", " www.2.com " " www.123.com.cn ", " www.asd.cn " and " www.zxc.me ".
When the website information that this mobile terminal receives network access instruction 1 and this network access instruction 1 carries is " Www.asd.cn "
Time, owing to the first safe URL library has " www.asd.cn " for not storing up to store in " www.asd.cn " and the first malice URL library,
Therefore, " www.asd.cn " is defined as malice network address by this mobile terminal.When this mobile terminal receive network access instruction 2 and
When the website information carried in this network access instruction 2 is for " wwww.aaa.cn ", due to the first safe URL library and the first malice
URL library does not all store " www.aaa.cn ", accordingly, it is determined that the judged result of " www.aaa.cn " is unknown.
It addition, have this website information and this first malice URL library not to store this network address when the first safe URL library stores
During information, determine that this website information is safe network address;When in the first safe URL library and the first malice URL library, all storages have this
During website information, determine that the judged result of this website information is the unknown.
Wherein, due to the often change of the content in this website information correspondence website, when this website information correspondence website
In content when being safe content, this website information is safe network address, when in this website information correspondence website content be
Malice content time, such as include the hostile content such as wooden horse or virus, this website information be malice network address, accordingly, it is possible to appearance
First safe URL library and the first malice URL library all store the situation of this website information.
Further, this mobile terminal can be based on the first locally stored URL library, it is judged that take in this network instruction
Before whether the website information of band is malice network address, by following two kinds of strategies obtain at least one safe network address or at least one
Maliciously network address, during by this, at least one safe network address stores the first safe URL library, at least one malice network address storage by this
In the first malice URL library.
Strategy one, this mobile terminal sends network address to this server and obtains request, asks when this server receives this network address
When asking, sending at least one safe network address or at least one malice network address to this mobile terminal, afterwards, this mobile terminal receives should
At least one safe network address or this at least one malice network address, by this, at least one safe network address stores the first safe URL library
In, during by this, at least one malice network address stores the first malice URL library.
It should be noted that this mobile terminal can also be asked every sending the acquisition of this network address according to specific duration to this server
Ask, so that this first URL library is updated.
Wherein, this specific duration can be one day, a week, January etc., this is not specifically limited by disclosure embodiment.
Strategy two, this mobile terminal receives network address and adds instruction, carries this at least one safety in the interpolation instruction of this network address
Network address or this at least one malice network address, afterwards, by this, at least one safe network address stores the first URL library to this mobile terminal
In, by this, at least one malice network address stores in malice URL library.
Wherein, this network address interpolation instruction can be triggered by performing predetermined registration operation by user.
It should be noted that this mobile terminal can also receive this network address add instruction on other opportunity, the disclosure is implemented
This is not specifically limited by example.
The situation that the second is possible, the first URL library only includes the first malice URL library.
Owing in the Internet, the number of security website is typically much deeper than the number of malicious websites, that is to say, safe network address
The number of number typically much deeper than malice network address, therefore, when this mobile terminal includes the first safety database, the first safe number
According to storehouse may include substantial amounts of safe network address, thus take the locally stored space that this mobile terminal is bigger, therefore, in order to
Saving the locally stored space of this mobile terminal, improve the efficiency identifying malicious websites, this first URL library can only include the
One malice URL library.
Wherein, in the case of the second is possible, this mobile terminal is based on the first locally stored URL library, it is judged that this net
In network instruction, whether the website information carried is that the operation of malice network address can be: have this network address when storing in this malice URL library
During information, determine that this website information is for malice network address;When this malice URL library does not stores this website information, determine this network address
The judged result of information is unknown.
It addition, in actual applications, the first URL library can also have the situation that other is possible, such as, alternatively possible
In the case of, the first URL library only includes the first safe URL library, and this is not specifically limited by disclosure embodiment.
Wherein, if the first URL library only includes the first safe URL library, when in the first safe URL library, storage has this net
During the information of location, determine that this website information is safe network address, when the first safe URL library does not stores this website information, determine this
The judged result of website information is unknown.
Further, after this mobile terminal determines that this website information is safe network address, can based on this website information,
The website corresponding to this website information sends network access request, to conduct interviews the website that this website information is corresponding.
In step 202., determine that the judged result of this website information is not for when this mobile terminal based on this first URL library
When knowing, set up virtual data channel by particular technology.
Owing to this mobile terminal is when obtaining information interested from the Internet, data corresponding to this information are in transmission
During may be by wooden horse or the malicious attack of virus, when this mobile terminal receives the data after being hacked, should
Mobile terminal also may can receive the malicious attack of wooden horse or virus, thus endangers personal secrets and the property safety of user, because of
This, this terminal can set up this virtual data channel by particular technology, due to for this mobile terminal, this virtual data
Passage is the data channel monopolized by this mobile terminal, so, when this terminal accesses the Internet by this virtual data channel,
These data can be reduced in transmitting procedure by wooden horse or the malicious attack of virus, i.e. improve this mobile terminal accessing the Internet
Time data transmission safety.
It should be noted that one end of this virtual data channel is this mobile terminal, the other end can be server.
Wherein, this particular technology is the technology that can set up this virtual data channel, and such as this particular technology can be VPN
Technology.
It should be noted that owing to these VPN technologies include tunnel protocol, encrypting and decrypting agreement and IKMP etc.
Agreement, therefore, it is possible to ensure the safety of data transmission during this mobile terminal accessing the Internet well.
Also, it should be noted in actual applications, can also include other agreement in these VPN technologies, the disclosure is implemented
This is not specifically limited by example.
Wherein, this mobile terminal needs when this server sends data, by encrypting and decrypting agreement and key management etc.
Agreement to initial data packet encryption, this raw data packets include these mobile terminal needs to this server send data, afterwards,
By tunnel protocol, this raw data packets after encryption is packaged, obtains VPN data bag, this VPN data bag is sent to
This server, when this server receives this VPN data bag, carries out parsing by tunnel protocol to this VPN data bag and is solved
Packet after analysis, then by the agreement such as encrypting and decrypting agreement and key management, the packet after resolving is deciphered, obtain this former
Beginning packet, and then obtain this mobile terminal and issue the data of this server.Owing to have employed encrypting and decrypting agreement and key pipe
Reason agreement, therefore only has this mobile terminal and this server can acquire this raw data packets, that is to say, be equivalent at this
Virtual data channel is established between mobile terminal and this server.
It should be noted that in actual applications, this mobile terminal can also root during setting up virtual data channel
Include that this is not specifically limited by other step, disclosure embodiment according to needs.
In step 203, by this virtual data channel, this website information is sent to server.
Due to the locally stored limited space of this mobile terminal, therefore, the first URL library of this mobile terminal storage includes
The first secure address or first malice address number the most limited, so, in order to improve further identify malice network address standard
Really rate, i.e. improves the accuracy rate identifying malicious websites, this mobile terminal determine the judged result of this website information for time unknown,
This website information can be sent to this server, so that this website information to be determined whether.
Wherein, when this virtual data channel is to be set up by VPN technologies, this mobile terminal is by this virtual data channel
The operation that this website information is sent to server can be: this mobile terminal passes through encrypting and decrypting agreement and IKMP
The raw data packets including this website information is encrypted, by tunnel protocol, this raw data packets after encryption is carried out
Encapsulation obtains VPN data bag, and this VPN data bag is sent to this server.When this server receives this VPN data bag,
Packet after this VPN data bag being resolved by tunnel protocol, then by encrypting and decrypting agreement and key
Management agreement is decrypted this raw data packets obtaining including this website information to the packet after resolving.
Also, it should be noted in actual applications, this website information is sent out by this mobile terminal by this virtual data base
Giving this server and can also include other step as required, this is not specifically limited by disclosure embodiment.
In step 204, when this server receives this website information, based on the second network address of storage in this server
Storehouse judges whether this website information is malice network address.
Owing to the memory space of server is generally higher than the locally stored space of this mobile terminal, therefore, it is possible to storage
The number of safe network address or malice network address is the most more, so, can judge based on the second URL library of storage in this server should
Whether website information is malice network address, to improve the accuracy rate identifying malice network address.
Wherein, this second URL library can include following two kinds of possible situations:
The first possible situation, this second URL library includes the second safe URL library and the second malice URL library.
Wherein, in the case of the first is possible, this server judges based on the second URL library of storage in this server
Whether this website information is that the operation of malice network address can be: when not storing this website information and second in the second safe URL library
When maliciously URL library storage has this website information, this server determines that this website information is for malice network address.When the second safe network address
Stock contains this website information and the second malice URL library when not storing this website information, and this server determines that this website information is
Safe network address.When the second safe URL library and the second malice URL library have all stored this website information, this server determines this
The judged result of website information is unknown.When the second safe URL library and the second malice URL library do not store this website information,
This server determines that the judged result of this website information is the unknown.
Such as, in this server, the second safety database of storage includes 6 safe network address: " www.b.cn ",
" www.2.co ", " www.1q2.net ", " www.asd.gov ", " www.qwe.me " and " wap.666.com ", the second malice number
According to storehouse include 6 malice network address: " www.aaa.cn ", " www.2.com " " www.123.com.cn ", " www.asd.cn ",
" www.zxc.me " and " wap.678.com ".When the website information that this server receives is for " www.aaa.cn ", due to the
Two safe URL library do not store " www.aaa.cn " and the second malice URL library storage has " www.aaa.cn ", therefore, these clothes
Business device determines that " www.aaa.cn " is for malice network address.
The situation that the second is possible, the second URL library only includes the second malice URL library.
From the foregoing it will be appreciated that the number of the number of safe network address typically much deeper than malice network address, therefore, in order to improve further
Identifying the efficiency of malice network address, save the memory space of this server simultaneously, the second URL library can only include malice URL library.
Wherein, in the case of the second is possible, this server judges based on the second URL library of storage in this server
Whether this website information is that the operation of malice network address can be: when in the second malice URL library, storage has this website information, really
This website information fixed is malice network address, when the second malice URL library does not stores this website information, determines sentencing of this website information
Disconnected result is unknown.
It addition, in actual applications, the second URL library can also have the situation that other is possible, such as, alternatively possible
In the case of, the second URL library only includes the second safe URL library, and this is not specifically limited by disclosure embodiment.
Wherein, if the second URL library only includes the second safe URL library, when in the second safe URL library, storage has this net
During the information of location, determine that this website information is safe network address, when the second safe URL library does not stores this website information, determine this
The judged result of website information is unknown.
In step 205, when this server determines that this website information is defined as malice network address, by this virtual data channel
Malice network address information is sent to this mobile terminal.
Due to when this website information is malice network address, if the net that this website information of this mobile terminal accessing is corresponding
Standing, this mobile terminal is just most likely subject to the threat of virus or wooden horse, therefore, in order to ensure the safety of this mobile terminal, and should
Server, when determining this website information for malice network address, can send malice network address information to this mobile terminal, to say
This website information bright is malice network address.
Point out it should be noted that this server sends this malice network address by this virtual data channel to this mobile terminal
The method of information, can send the method phase of this website information with this mobile terminal by this virtual data channel to this server
With, this is repeated no more by disclosure embodiment.
Further, when this server determines that this website information is defined as safe network address, can include two kinds possible
Strategy: strategy one, this server sends safe network address information by this virtual data channel to this mobile terminal, with explanation
This website information is safe network address.Strategy two, this server, based on this website information, is sent out to the website corresponding with this website information
SCN Space Cable Network access request, when the website corresponding with this website information receives this network access request, sends to this server
Network access response, when this server receives this network access response, is sent to this by this network access response and moves end
End.
Wherein, owing to when this website information is safe network address, it is corresponding that this mobile terminal can access this website information
Website, therefore, in strategy two, this server is directly based upon this website information and sends network access to this website information correspondence website
Request, and the network access response received is sent to this mobile terminal, receiving this peace without this mobile terminal
During the information of the whole network location, then send network access request to website corresponding to this website information, decrease this mobile terminal from
Receive access instruction to receiving total time of network access response, improve efficiency.
Further, determine that the judged result of this website information, for time unknown, is led to by this virtual data when this server
Road sends unknown network address information to this mobile terminal, with this website information is described judged result as the unknown.
In step 206, when this mobile terminal receives malice network address information, by net corresponding for this website information
Station is defined as malicious websites.
When this mobile terminal receives this malice network address information, it may be determined that this website information is malice network address,
Therefore, it can website corresponding for this website information is defined as malicious websites.
Further, when this mobile terminal receives this malice network address information, it is also possible to show this malice network address
Information, to point out website corresponding to this website information of user as malicious websites.And this mobile terminal is also based on this evil
Meaning network address information receives and continues access instruction or determine instruction, when this mobile terminal receives this continuation access instruction,
The website corresponding to this website information sends network access request, when this determines instruction, not to the website that this website information is corresponding
Send network access request.
Wherein, the modes such as this mobile terminal can be shown by window, pop-up shows show this malice network address information,
This is not specifically limited by disclosure embodiment.
It should be noted that with this, this continuation access instruction determines that instruction all can be touched by performing predetermined registration operation by user
Send out.
Such as, when this mobile terminal receives malice network address information, malice network address information can be shown such as
Shown in Fig. 2 B or as shown in Figure 2 C.Wherein, in Fig. 2 B and Fig. 2 C, this mobile terminal is same this malice network address information of display
Time, also one confirming button of display and a continuation access buttons, when user clicks on this continuation access buttons, can trigger and continue
Continuous access instruction, and then when this mobile terminal receives continuation access instruction, this mobile terminal is corresponding to this website information
Website sends network access request, when user clicks on this confirming button, does not sends network to the website that this website information is corresponding
Access request, thus avoid having access to this malicious websites, it addition, Fig. 2 C also includes the network address being currently determined as malice network address
Information.
Further, when this mobile terminal receives this safe network address information, can be corresponding to this website information
Website send network access request.
Wherein, when this mobile terminal is when receiving this safe network address information, in order to reduce mutual with user time
Number, can not display to the user that this safe network address information, and directly send network to the website that this website information is corresponding and visit
Ask request.
Further, when this mobile terminal receives this unknown network address information, can show that this unknown network address carries
Show information, with point out this website information of user judged result as the unknown.And this mobile terminal can also be based on this unknown network address
Information receives and continues access instruction or determine instruction, when this mobile terminal receives this continuation access instruction, to this net
The website transmission network access request that location information is corresponding, when this determines instruction, does not sends net to the website that this website information is corresponding
Network access request.
It should be noted that this mobile terminal can be shown by window, pop-up shows etc., mode shows this unknown network address
Information, this is not specifically limited by disclosure embodiment.
Such as, when this mobile terminal receives unknown network address information, unknown network address information can be shown such as
Shown in Fig. 2 D.Wherein, in Fig. 2 D and Fig. 2 E, this mobile terminal, while showing this unknown network address information, also shows one
Individual confirming button and a continuation access buttons, when user clicks on this continuation access buttons, can trigger continuation access instruction,
And then when this mobile terminal receives continuation access instruction, this mobile terminal sends network to the website that this website information is corresponding
Access request, when user clicks on this confirming button, does not sends network access request to the website that this website information is corresponding, thus
Avoid having access to this malicious websites, it addition, Fig. 2 E also including, current judged result is unknown website information.
Further, when the website that this client successful access is corresponding with this website information, i.e. connect at this mobile terminal
After receiving the network access response that the website corresponding with this website information sends, this mobile terminal can show that Website evaluation is believed
Breath, whether the website that this Website Evaluation information is currently accessing for pointing out user to determine is malicious websites, when based on this net
Evaluation information of standing receives normal website when determining instruction, if this mobile terminal determines that the first safe URL library does not stores this net
Location information, stores the first safe URL library by this website information, if this mobile terminal determines the first malice URL library storage
Have this website information, this website information of storage in the first malice URL library deleted, with to the first safe URL library and
First malice URL library is updated.When based on this Website Evaluation information receive malicious websites determine instruction time, if this shifting
Dynamic terminal determines that the first malice URL library does not stores this website information, and this website information stores the first malice URL library, as
Really this mobile terminal determines that the first safe network address library storage has this website information, by this network address of storage in the first safe URL library
Information is deleted, to be updated the first safe URL library or the first malice URL library.
Owing to this server or this mobile terminal are when being identified this website information, this website information may be sentenced
The practical situation of disconnected result and this website information does not corresponds, it is possible to by this net in the case of this website information is safe network address
Location information is identified as malice network address, or in the case of this website information is for malice network address, this network address is identified as safety net
Location, and from the foregoing it will be appreciated that when identifying this website information, the recognition result of this website information is also likely to be the unknown, therefore, this shifting
Dynamic terminal can display to the user that this Website Evaluation information during accessing website corresponding to this website information, thus
Receive safe network address and determine when instruction or malice network address determine instruction, the first locally stored to this mobile terminal in real time peace
Full URL library and the first malice URL library are updated, again to need to be identified this website information at this mobile terminal
Time, it is possible to rapidly and accurately this website information is carried out based on the first locally stored safe URL library or the first malice URL library
Identify, thus improve the accuracy rate of the efficiency identifying malicious websites further.
It should be noted that this mobile terminal can be shown by window, pop-up shows etc., mode shows this Website Evaluation
Information, this is not specifically limited by disclosure embodiment.
Also, it should be noted this security website determines that instruction and this malicious websites determine that instruction can be by user by holding
Row predetermined registration operation triggers.
Such as, this mobile terminal receives, at this mobile terminal, the network access that the website corresponding with this website information sends
After response, while the content of pages that this website information is corresponding can be shown, also show Website Evaluation information, such as Fig. 2 F institute
Show, wherein, the display interface of this mobile terminal also includes " safety " button and " maliciously " button, presses safely when user clicks on this
During button, safe network address can be triggered and determine instruction, when this malice button of user, malice network address can be triggered and determine instruction, when
User triggers this safe network address and determines instruction or after this malice network address determines instruction, can be to the first locally stored safety net
Storehouse, location or the first malice URL library are updated.
Further, this mobile terminal based on this Website Evaluation information to the first locally stored safe URL library or
After one malice URL library is updated, it is also possible to send network address more new information by this virtual data channel to this server,
This network address more new information is used for illustrating that this website information is safe network address or malice network address, when this server receives this network address more
During new information, the second safe URL library or the second malice URL library of storage in this server are updated.
Wherein, when this network address more new information is used for illustrating that this website information is safe network address, if the storage of this server
The second safe URL library do not store this website information, this website information is stored to the second safe URL library, if this service
Device determines that the second malice URL library storage has this website information, this website information of storage in the second malice URL library is deleted
Remove.When this network address more new information is used for this website information being described for malice network address, if this server determines the second malice net
Storehouse, location does not stores this website information, this website information stores the second malice URL library, if this server determines the first peace
The whole network location stock contains this website information, this website information of storage in the second safe URL library is deleted
In the disclosed embodiments, first, this mobile terminal accesses network of network in the arbitrary application receiving installation
During access instruction, it is possible to judge whether this website information is malice network address based on the first locally stored URL library, due to first
Whether URL library is stored in the locally stored space of this mobile terminal, be malice net therefore, it is possible to quick to this this website information
Location judges, i.e. improves the efficiency identifying this website information, and owing to this network access instruction is the arbitrary application installed
Access the instruction of network, therefore, for each application in this arbitrary application, it is not necessary at the malice net of this application locally stored
Storehouse, location, saves locally stored space, will not store because of this locality yet certain application malice URL library and cannot be to this
Application accesses the website information carried in the instruction of network and is identified, and therefore, also improves the accuracy rate identifying malice network address;
Secondly, this mobile terminal can also be the unknown in the judged result determining this website information based on the first locally stored URL library
Time, this mobile terminal can be set up virtual data channel by particular technology, to realize the safe transmission to this website information, carry
The high safety of this mobile terminal;Finally, this website information can be sent by this mobile terminal by this virtual data channel
To this server, and then indicate this server that this website information is determined whether, improve and identify this website information
Accuracy rate.It addition, this particular technology is VPN technologies, owing to VPN technologies include tunnel protocol, encrypting and decrypting agreement and key
The various protocols such as management agreement, therefore, it is possible to improve this mobile terminal further to transmit the safety of data in a network.
Fig. 3 is the block diagram according to a kind of malicious websites identification device shown in an exemplary embodiment.With reference to Fig. 3, this dress
Put and include judge module 301, set up module 302, sending module 303 and determine module 304.
Judge module 301, for when receiving network access instruction, based on the first locally stored URL library, it is judged that
Whether the website information carried in this network instruction is malice network address, and this network access instruction is that the arbitrary application installed accesses net
The instruction of network;
Set up module 302, for when determining that based on this first URL library the judged result of this website information, for time unknown, is led to
Cross particular technology and set up virtual data channel;
Sending module 303, for being sent to server by this virtual data channel by this website information, to indicate this clothes
Based on the second URL library of storage in this server, business device judges whether this website information is malice network address;
Determine module 304, for when determining that this website information is defined as malice network address based on this server, by this network address
Website corresponding to information is defined as malicious websites.
Alternatively, this particular technology is VPN technologies.
Alternatively, this first URL library includes the first safe URL library and the first malice URL library.
Alternatively, this judge module includes:
First determines unit, when not storing in this first safe URL library in this website information and this first malice URL library
When storage has this website information, determine that this website information is for malice network address;
Second determines unit, for when all not storing this network address letter in this first safe URL library and the first malice URL library
During breath, determine that the judged result of this website information is the unknown.
Alternatively, this second URL library includes the second safe URL library and the second malice URL library.
In the disclosed embodiments, first, this mobile terminal accesses network of network in the arbitrary application receiving installation
During access instruction, it is possible to judge whether this website information is malice network address based on the first locally stored URL library, due to first
Whether URL library is stored in the locally stored space of this mobile terminal, be malice net therefore, it is possible to quick to this this website information
Location judges, i.e. improves the efficiency identifying this website information, and owing to this network access instruction is the arbitrary application installed
Access the instruction of network, therefore, for each application in this arbitrary application, it is not necessary at the malice net of this application locally stored
Storehouse, location, saves locally stored space, will not store because of this locality yet certain application malice URL library and cannot be to this
Application accesses the website information carried in the instruction of network and is identified, and therefore, also improves the accuracy rate identifying malice network address;
Secondly, this mobile terminal can also be the unknown in the judged result determining this website information based on the first locally stored URL library
Time, this mobile terminal can be set up virtual data channel by particular technology, to realize the safe transmission to this website information, carry
The high safety of this mobile terminal;Finally, this website information can be sent by this mobile terminal by this virtual data channel
To this server, and then indicate this server that this website information is determined whether, improve and identify this website information
Accuracy rate.
About the device in above-described embodiment, wherein modules performs the concrete mode of operation in relevant the method
Embodiment in be described in detail, explanation will be not set forth in detail herein.
Fig. 4 is the block diagram according to a kind of device 400 for malicious websites identification shown in an exemplary embodiment.Example
As, device 400 can be mobile phone, digital broadcast terminal, messaging devices, game console, tablet device, and medical treatment sets
Standby, body-building equipment, personal digital assistant etc..
With reference to Fig. 4, device 400 can include following one or more assembly: processes assembly 402, memorizer 404, power supply
Assembly 406, multimedia groupware 408, audio-frequency assembly 410, the interface 412 of input/output (I/O), sensor cluster 414, and
Communications component 416.
Process assembly 402 and generally control the integrated operation of device 400, such as with display, call, data communication, phase
The operation that machine operation and record operation are associated.Process assembly 402 and can include that one or more processor 420 performs to refer to
Order, to complete all or part of step of above-mentioned method.Additionally, process assembly 402 can include one or more module, just
Mutual in process between assembly 402 and other assemblies.Such as, process assembly 402 and can include multi-media module, many to facilitate
Media component 408 and process between assembly 402 mutual.
Memorizer 404 is configured to store various types of data to support the operation at device 400.Showing of these data
Example includes any application program for operation on device 400 or the instruction of method, contact data, telephone book data, disappears
Breath, picture, video etc..Memorizer 404 can be by any kind of volatibility or non-volatile memory device or their group
Close and realize, such as static RAM (SRAM), Electrically Erasable Read Only Memory (EEPROM), erasable compile
Journey read only memory (EPROM), programmable read only memory (PROM), read only memory (ROM), magnetic memory, flash
Device, disk or CD.
The various assemblies that power supply module 406 is device 400 provide power supply.Power supply module 406 can include power management system
System, one or more power supplys, and other generate, manage and distribute, with for device 400, the assembly that power supply is associated.
The screen of one output interface of offer that multimedia groupware 408 is included between described device 400 and user.One
In a little embodiments, screen can include liquid crystal display (LCD) and touch panel (TP).If screen includes touch panel, screen
Curtain may be implemented as touch screen, to receive the input signal from user.Touch panel includes one or more touch sensing
Device is with the gesture on sensing touch, slip and touch panel.Described touch sensor can not only sense touch or sliding action
Border, but also detect the persistent period relevant to described touch or slide and pressure.In certain embodiments, many matchmakers
Body assembly 408 includes a front-facing camera and/or post-positioned pick-up head.When device 400 is in operator scheme, such as screening-mode or
During video mode, front-facing camera and/or post-positioned pick-up head can receive the multi-medium data of outside.Each front-facing camera and
Post-positioned pick-up head can be a fixing optical lens system or have focal length and optical zoom ability.
Audio-frequency assembly 410 is configured to output and/or input audio signal.Such as, audio-frequency assembly 410 includes a Mike
Wind (MIC), when device 400 is in operator scheme, during such as call model, logging mode and speech recognition mode, mike is joined
It is set to receive external audio signal.The audio signal received can be further stored at memorizer 404 or via communication set
Part 416 sends.In certain embodiments, audio-frequency assembly 410 also includes a speaker, is used for exporting audio signal.
I/O interface 412 provides interface for processing between assembly 402 and peripheral interface module, above-mentioned peripheral interface module can
To be keyboard, put striking wheel, button etc..These buttons may include but be not limited to: home button, volume button, start button and lock
Set button.
Sensor cluster 414 includes one or more sensor, for providing the state of various aspects to comment for device 400
Estimate.Such as, what sensor cluster 414 can detect device 400 opens/closed mode, the relative localization of assembly, such as described
Assembly is display and the keypad of device 400, and sensor cluster 414 can also detect device 400 or 400 1 assemblies of device
Position change, the presence or absence that user contacts with device 400, device 400 orientation or acceleration/deceleration and device 400
Variations in temperature.Sensor cluster 414 can include proximity transducer, is configured to when not having any physical contact detect
The existence of neighbouring object.Sensor cluster 414 can also include optical sensor, such as CMOS or ccd image sensor, is used for becoming
Use as in application.In certain embodiments, this sensor cluster 414 can also include acceleration transducer, gyro sensors
Device, Magnetic Sensor, pressure transducer or temperature sensor.
Communications component 416 is configured to facilitate the communication of wired or wireless mode between device 400 and other equipment.Device
400 can access wireless network based on communication standard, such as WiFi, 2G or 3G, or combinations thereof.An exemplary enforcement
In example, communication component 416 receives the broadcast singal from external broadcasting management system or broadcast related information via broadcast channel.
In one exemplary embodiment, described communications component 416 also includes near-field communication (NFC) module, to promote junction service.Example
As, can be based on RF identification (RFID) technology in NFC module, Infrared Data Association (IrDA) technology, ultra broadband (UWB) technology,
Bluetooth (BT) technology and other technologies realize.
In the exemplary embodiment, device 400 can be by one or more application specific integrated circuits (ASIC), numeral letter
Number processor (DSP), digital signal processing appts (DSPD), PLD (PLD), field programmable gate array
(FPGA), controller, microcontroller, microprocessor or other electronic components realize, be used for performing said method.
In the exemplary embodiment, a kind of non-transitory computer-readable recording medium including instruction, example are additionally provided
As included the memorizer 404 of instruction, above-mentioned instruction can have been performed said method by the processor 420 of device 400.Such as,
Described non-transitory computer-readable recording medium can be ROM, random access memory (RAM), CD-ROM, tape, floppy disk
With optical data storage devices etc..
A kind of non-transitory computer-readable recording medium, when the instruction in described storage medium is by the process of mobile terminal
When device performs so that mobile terminal is able to carry out a kind of malicious websites recognition methods, and described method includes:
When receiving network access instruction, based on the first locally stored URL library, it is judged that this network instruction is carried
Website information be whether malice network address, this network access instruction is the instruction that the arbitrary application installed accesses network;
When determining that based on this first URL library the judged result of this website information, for time unknown, sets up void by particular technology
Intend data channel;
By this virtual data channel, this website information is sent to server, to indicate this server based on this server
Second URL library of middle storage judges whether this website information is malice network address;
When determining that this website information is defined as malice network address based on this server, by true for website corresponding for this website information
It is set to malicious websites.
Alternatively, this particular technology is VPN technologies.
Alternatively, this first URL library includes the first safe URL library and the first malice URL library.
Alternatively, based on the first locally stored URL library, it is judged that whether the website information carried in this network instruction is
Maliciously network address, including:
This network address is had when this first safe URL library does not stores storage in this website information and this first malice URL library
During information, determine that this website information is for malice network address;
When this first safe URL library and the first malice URL library all do not store this website information, determine that this network address is believed
The judged result of breath is unknown.
Alternatively, this second URL library includes the second safe URL library and the second malice URL library.
In the disclosed embodiments, first, this mobile terminal accesses network of network in the arbitrary application receiving installation
During access instruction, it is possible to judge whether this website information is malice network address based on the first locally stored URL library, due to first
Whether URL library is stored in the locally stored space of this mobile terminal, be malice net therefore, it is possible to quick to this this website information
Location judges, i.e. improves the efficiency identifying this website information, and owing to this network access instruction is the arbitrary application installed
Access the instruction of network, therefore, for each application in this arbitrary application, it is not necessary at the malice net of this application locally stored
Storehouse, location, saves locally stored space, will not store because of this locality yet certain application malice URL library and cannot be to this
Application accesses the website information carried in the instruction of network and is identified, and therefore, also improves the accuracy rate identifying malice network address;
Secondly, this mobile terminal can also be the unknown in the judged result determining this website information based on the first locally stored URL library
Time, this mobile terminal can be set up virtual data channel by particular technology, to realize the safe transmission to this website information, carry
The high safety of this mobile terminal;Finally, this website information can be sent by this mobile terminal by this virtual data channel
To this server, and then indicate this server that this website information is determined whether, improve and identify this website information
Accuracy rate.
Those skilled in the art, after considering description and putting into practice invention disclosed herein, will readily occur to its of the present invention
Its embodiment.The application is intended to any modification, purposes or the adaptations of the present invention, these modification, purposes or
Person's adaptations is followed the general principle of the present invention and includes the undocumented common knowledge in the art of the disclosure
Or conventional techniques means.Description and embodiments is considered only as exemplary, and true scope and spirit of the invention are by following
Claim is pointed out.
It should be appreciated that the invention is not limited in precision architecture described above and illustrated in the accompanying drawings, and
And various modifications and changes can carried out without departing from the scope.The scope of the present invention is only limited by appended claim.
Claims (11)
1. a malicious websites recognition methods, it is characterised in that described method includes:
When receiving network access instruction, based on the first locally stored URL library, it is judged that described network instruction is carried
Whether website information is malice network address, and described network access instruction is the instruction that the arbitrary application installed accesses network;
When determining that based on described first URL library the judged result of described website information, for time unknown, sets up void by particular technology
Intend data channel;
By described virtual data channel, described website information is sent to server, to indicate described server based on described clothes
In business device, the second URL library of storage judges whether described website information is malice network address;
When determining that described website information is defined as malice network address based on described server, by website corresponding for described website information
It is defined as malicious websites.
2. the method for claim 1, it is characterised in that described particular technology is VPN (virtual private network) VPN technologies.
3. the method for claim 1, it is characterised in that described first URL library includes the first safe URL library and first
Maliciously URL library.
4. method as claimed in claim 3, it is characterised in that described based on the first locally stored URL library, it is judged that described
Whether the website information carried in network instruction is malice network address, including:
Have described when described first safe URL library does not stores storage in described website information and described first malice URL library
During website information, determine that described website information is for malice network address;
When described first safe URL library and the first malice URL library all do not store described website information, determine described network address
The judged result of information is unknown.
5. the method for claim 1, it is characterised in that described second URL library includes the second safe URL library and second
Maliciously URL library.
6. a malicious websites identification device, it is characterised in that described device includes:
Judge module, for when receiving network access instruction, based on the first locally stored URL library, it is judged that described network
Whether the website information carried in instruction is malice network address, and described network access instruction is that the arbitrary application installed accesses network
Instruction;
Set up module, for when determining that based on described first URL library the judged result of described website information is for, time unknown, passing through
Particular technology sets up virtual data channel;
Sending module, for being sent to server by described virtual data channel by described website information, to indicate described clothes
Based on the second URL library of storage in described server, business device judges whether described website information is malice network address;
Determine module, for when determining that described website information is defined as malice network address based on described server, by described network address
Website corresponding to information is defined as malicious websites.
7. device as claimed in claim 6, it is characterised in that described particular technology is VPN (virtual private network) VPN technologies.
8. device as claimed in claim 6, it is characterised in that described first URL library includes the first safe URL library and first
Maliciously URL library.
9. device as claimed in claim 8, it is characterised in that described judge module includes:
First determines unit, when not storing described website information and described first malice URL library in described first safe URL library
When middle storage has described website information, determine that described website information is for malice network address;
Second determines unit, for when all not storing described network address letter in described first safe URL library and the first malice URL library
During breath, determine that the judged result of described website information is the unknown.
10. device as claimed in claim 6, it is characterised in that described second URL library includes the second safe URL library and the
Two malice URL library.
11. 1 kinds of malicious websites identification devices, it is characterised in that described device includes:
Processor;
For storing the memorizer of processor executable;
Wherein, described processor is configured to:
When receiving network access instruction, based on the first locally stored URL library, it is judged that described network instruction is carried
Whether website information is malice network address, and described network access instruction is the instruction that the arbitrary application installed accesses network;
When determining that based on described first URL library the judged result of described website information, for time unknown, sets up void by particular technology
Intend data channel;
By described virtual data channel, described website information is sent to server, to indicate described server based on described clothes
In business device, the second URL library of storage judges whether described website information is malice network address;
When determining that described website information is defined as malice network address based on described server, by website corresponding for described website information
It is defined as malicious websites.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610361980.7A CN106095781A (en) | 2016-05-26 | 2016-05-26 | Malicious websites recognition methods and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610361980.7A CN106095781A (en) | 2016-05-26 | 2016-05-26 | Malicious websites recognition methods and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106095781A true CN106095781A (en) | 2016-11-09 |
Family
ID=57229925
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610361980.7A Pending CN106095781A (en) | 2016-05-26 | 2016-05-26 | Malicious websites recognition methods and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106095781A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109802919A (en) * | 2017-11-16 | 2019-05-24 | 中移(杭州)信息技术有限公司 | A kind of web page access interception method and device |
CN113315766A (en) * | 2021-05-26 | 2021-08-27 | 中国信息通信研究院 | Malicious website identification method, system and medium based on reinforcement learning |
CN117033742A (en) * | 2023-08-18 | 2023-11-10 | 广东轻工职业技术学院 | Data security acquisition method based on artificial intelligence |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102664925A (en) * | 2012-03-29 | 2012-09-12 | 奇智软件(北京)有限公司 | Method and apparatus for displaying searching result |
CN102724187A (en) * | 2012-06-06 | 2012-10-10 | 奇智软件(北京)有限公司 | Method and device for safety detection of universal resource locators |
CN104253785A (en) * | 2013-06-25 | 2014-12-31 | 腾讯科技(深圳)有限公司 | Dangerous web address identification method, device and system |
CN104683290A (en) * | 2013-11-26 | 2015-06-03 | 腾讯科技(深圳)有限公司 | Method and device for monitoring phishing and terminal |
-
2016
- 2016-05-26 CN CN201610361980.7A patent/CN106095781A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102664925A (en) * | 2012-03-29 | 2012-09-12 | 奇智软件(北京)有限公司 | Method and apparatus for displaying searching result |
CN102724187A (en) * | 2012-06-06 | 2012-10-10 | 奇智软件(北京)有限公司 | Method and device for safety detection of universal resource locators |
CN104253785A (en) * | 2013-06-25 | 2014-12-31 | 腾讯科技(深圳)有限公司 | Dangerous web address identification method, device and system |
CN104683290A (en) * | 2013-11-26 | 2015-06-03 | 腾讯科技(深圳)有限公司 | Method and device for monitoring phishing and terminal |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109802919A (en) * | 2017-11-16 | 2019-05-24 | 中移(杭州)信息技术有限公司 | A kind of web page access interception method and device |
CN109802919B (en) * | 2017-11-16 | 2021-06-29 | 中移(杭州)信息技术有限公司 | Web page access intercepting method and device |
CN113315766A (en) * | 2021-05-26 | 2021-08-27 | 中国信息通信研究院 | Malicious website identification method, system and medium based on reinforcement learning |
CN117033742A (en) * | 2023-08-18 | 2023-11-10 | 广东轻工职业技术学院 | Data security acquisition method based on artificial intelligence |
CN117033742B (en) * | 2023-08-18 | 2024-02-20 | 广东轻工职业技术学院 | Data security acquisition method based on artificial intelligence |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104202306B (en) | Access authentication method, Apparatus and system | |
CN104159275B (en) | Method for connecting network and device | |
CN107750466A (en) | Use equipment near synchronized cue pairing | |
CN107040540B (en) | Cloud privacy data display method and device, server and mobile terminal | |
CN104639972B (en) | The method, apparatus and equipment of a kind of sharing contents | |
CN106454392A (en) | Live broadcast processing method, device and terminal | |
CN107145794B (en) | Data processing method and device and mobile terminal | |
CN105183513A (en) | Application recommendation method and apparatus | |
CN105847243A (en) | Method and device for accessing smart camera | |
US9723486B2 (en) | Method and apparatus for accessing network | |
CN104065762A (en) | Method and device for detecting hijacking of DNS (Domain Name Server) | |
CN105323244A (en) | Method and device for network identification | |
CN103914520A (en) | Data query method, terminal equipment and server | |
CN106600367A (en) | Order information processing method and order information processing device | |
CN104158659A (en) | Anti-fake verifying method, device and system | |
CN105183493A (en) | Display method and device of network information | |
CN105450662A (en) | Encryption method and device | |
CN108022349A (en) | Information input method, equipment, smart lock and storage medium | |
CN104125267A (en) | Account protection method, device and terminal equipment | |
CN106095781A (en) | Malicious websites recognition methods and device | |
CN105320885A (en) | Method and device for detecting malicious website | |
CN104113588B (en) | The update method of a kind of the Internet Yellow Page and device | |
CN104050236B (en) | Web site contents update reminding method, server and client side | |
CN105808767A (en) | Data updating method and apparatus | |
CN104735139B (en) | End message statistical method, device, terminal and server |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20161109 |