CN107016282A - A kind of information processing method and device - Google Patents
A kind of information processing method and device Download PDFInfo
- Publication number
- CN107016282A CN107016282A CN201710065427.3A CN201710065427A CN107016282A CN 107016282 A CN107016282 A CN 107016282A CN 201710065427 A CN201710065427 A CN 201710065427A CN 107016282 A CN107016282 A CN 107016282A
- Authority
- CN
- China
- Prior art keywords
- webpage
- check results
- control logic
- verified
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
Abstract
The embodiment of the present application discloses a kind of information processing method and device.Methods described includes:Webpage is monitored;When monitoring the webpage and occurring to specify change, it is determined that the control logic information that the webpage after change is included;According to the control logic information of determination, the check results verified to the control logic information are obtained;According to the check results, judge whether monitored webpage has been tampered.It using the embodiment of the present application, can find that webpage has been injected into malicious code in time, and then be conducive to processing in time, therefore, be conducive to ensureing the information security of user.
Description
Technical field
The application is related to computer software technical field, more particularly to a kind of information processing method and device.
Background technology
Popularized with the use of intelligent terminal, types of applications (APP) also rolls up, and brings facility to user, therewith
Also some are brought to threaten.
In the prior art, in untrusted network (such as, public WiFi etc.), APP of the user in using terminal is visited
During asking webpage, webpage may be injected into malicious code, thus may result in dominant or non-dominant exception.Than
Such as, strange advertisement may be implanted in webpage, this exception is directly visual on webpage, is properly termed as dominant exception;Again
Such as, to webpage carry out browse wait operation during, the malicious code being injected into the webpage have modified terminal match somebody with somebody confidence
Breath, this exception is on webpage and indirect visual, is properly termed as non-dominant exception;Etc..
It for dominant exception, generally can in time find, and then be also beneficial to processing in time, still, for non-dominant
Exception, it is difficult in time find, be correspondingly also difficult in time processing, accordingly, it is possible to seriously threaten user information security.
The content of the invention
The embodiment of the present application provides a kind of information processing method and device, is asked to solve following technology of the prior art
Topic:The non-dominant exception caused by malicious code may be injected into for webpage, it is difficult to find, be correspondingly also difficult in time
Processing in time, accordingly, it is possible to seriously threaten the information security of user.
In order to solve the above technical problems, what the embodiment of the present application was realized in:
A kind of information processing method that the embodiment of the present application is provided, including:
Webpage is monitored;
When monitoring the webpage and occurring to specify change, it is determined that the control logic information that the webpage after change is included;
According to the control logic information of determination, the check results verified to the control logic information are obtained;
According to the check results, judge whether monitored webpage has been tampered.
A kind of information processor that the embodiment of the present application is provided, including:
Monitoring module, is monitored to webpage;
Determining module, when the monitoring module, which monitors the webpage, occurs to specify change, it is determined that the webpage after change
Comprising control logic information;
Module is obtained, the control logic information determined according to the determining module obtains and the control logic is believed
Cease the check results verified;
Judge module, according to the check results, judges whether monitored webpage has been tampered.
At least one above-mentioned technical scheme that the embodiment of the present application is used can reach following beneficial effect:It can send out in time
Existing network page has been injected into malicious code, and then is conducive to processing in time, therefore, is conducive to ensureing the information security of user, can be with
Partly or entirely solve the problems of the prior art.
Brief description of the drawings
, below will be to embodiment or existing in order to illustrate more clearly of the embodiment of the present application or technical scheme of the prior art
There is the accompanying drawing used required in technology description to be briefly described, it should be apparent that, drawings in the following description are only this
Some embodiments described in application, for those of ordinary skill in the art, are not paying the premise of creative labor
Under, other accompanying drawings can also be obtained according to these accompanying drawings.
A kind of schematic flow sheet for information processing method that Fig. 1 provides for the embodiment of the present application;
Under the practical application scene that Fig. 2 provides for the embodiment of the present application, a kind of specific implementation of above- mentioned information processing method
The interaction flow schematic diagram of scheme;
A kind of structural representation for information processor corresponding to Fig. 1 that Fig. 3 provides for the embodiment of the present application.
Embodiment
The embodiment of the present application provides a kind of information processing method and device.
In order that those skilled in the art more fully understand the technical scheme in the application, it is real below in conjunction with the application
The accompanying drawing in example is applied, the technical scheme in the embodiment of the present application is clearly and completely described, it is clear that described implementation
Example only some embodiments of the present application, rather than whole embodiments.Based on the embodiment in the application, this area is common
The every other embodiment that technical staff is obtained under the premise of creative work is not made, should all belong to the application protection
Scope.
A kind of schematic flow sheet for information processing method that Fig. 1 provides for the embodiment of the present application, should for program angle
The executive agent of flow can apply (APP) or PC ends program etc..For slave unit angle, the executive agent of the flow can be with
Including but not limited to following equipment:Mobile phone, tablet personal computer, intelligent wearable device, vehicle device, personal computer, big-and-middle-sized calculating
Machine, computer cluster etc..
Flow in Fig. 1 may comprise steps of:
S101:Webpage is monitored.
In the embodiment of the present application, when being monitored to webpage, the particular content monitored can be preassigned.Such as,
Can with the DOM Document Object Model (Document Object Model, DOM) of web page monitored, can with dominant interface in web page monitored,
The interface interchange that can be related to web page monitored, can be with address change of web page monitored etc..
S102:When monitoring the webpage and occurring to specify change, it is determined that the control logic letter that the webpage after change is included
Breath.
In the embodiment of the present application, specified change such as can be that DOM structure changes, and can be dominant interface
Layout changes or webpage is not redirected but address changes.
In the embodiment of the present application, control logic information includes but is not limited to script language code used in front end, than
Such as, JavaScript code, VBScript codes etc..
Why to determine control logic information, be because, if it is desired to webpage is controlled by malicious code, need
Malicious code is injected in control logic information, such as, in the JavaScript code that injection webpage is included.It therefore, it can
Whether malicious code injection is had based on control logic information analysis.
S103:According to the control logic information of determination, the verification verified to the control logic information is obtained
As a result.
In the embodiment of the present application, the verification can be completed by executive agent, can also be by the journey beyond executive agent
Sequence and/or it is accomplished manually.No matter verify and completed by whom, as long as executive agent is resulted in carries out school to the control logic information
The check results tested.
Further, the verification can be specifically whether verification control logic information changes or verify
Control logic information specifically there occurs which changes, and whether the change occurred is allowed to, etc..
S104:According to the check results, judge whether monitored webpage has been tampered.
In the embodiment of the present application, according to check results, the control logic information that monitored webpage is included can be speculated
In whether be injected into malicious code, and then can in this, as according to one of, judge whether monitored webpage be tampered.
In actual applications, other foundations beyond check results are can be combined with, whether monitored webpage are judged
It is tampered.Such as, other described foundations can be:Whether advertising pictures etc. are injected into the webpage monitored.
Further, then can be to the change if according to the check results, judging that monitored webpage has been tampered
Webpage afterwards is handled, and is used as counter-measure.Specific processing action such as can be to perform the net being directed to after the change
The alarm of page acts or carries out interface interchange control of authority etc. for the webpage after the change.
It by Fig. 1 method, can find that webpage has been injected into malicious code in time, and then be conducive to processing in time, because
This, is conducive to ensureing the information security of user, can partly or entirely solve the problems of the prior art.
In addition, it is another in the prior art, name of endorsing can be directly realized by by HTTPS agreements to web service
Data transfer, to prevent webpage from being injected into malicious code, still, this mode is only applicable to HTTPS webpages, is not suitable for HTTP
Webpage, and the interactive speed of webpage and server can be reduced, cost is high.And if the scheme of the application is applied to all webpages, and
The interactive speed of webpage and server, advantage of lower cost are not interfered with.
Method based on Fig. 1, the embodiment of the present application additionally provides some specific embodiments of this method, and extension side
Case, is illustrated below.
In the embodiment of the present application, because the DOM of webpage is tree structure, then the operations such as inquiry traversal are carried out for DOM
Efficiency it is higher.It may be preferable to which based on DOM web page monitoreds, efficiency is higher.
For example, for step S101, it is described that webpage is monitored, it can specifically include:It is determined that current webpage, described
Webpage is obtained from web service end;Couple DOM of the webpage determined is monitored.Accordingly for step S102, the prison
Control the webpage to occur to specify change, can specifically include:Given content hair in the DOM for the webpage for monitoring determination
Changing (such as, structure changes, and specifies the content of node to change).
As described above, webpage is obtained from web service end, monitoring can be begun to when just getting the webpage,
Monitoring can just be started after the webpage is got for a period of time." change " can refer to:Sent out compared to when starting monitored
Change is given birth to;Or, occur compared to a certain moment (not including current time) when starting monitored between current time
Change.
In addition, in actual applications, during obtaining webpage, the webpage may also be injected into malicious code, this
In the case of, the webpage at web service end may be original out of question, but the webpage obtained is problematic, then can influence follow-up monitoring
Validity.In order to tackle such case, it can be immediately performed once when just getting the webpage:Acquisition is somebody's turn to do to acquisition
The check results that the control logic information of webpage is verified, according to the check results, are handled for the webpage of acquisition.
If verification is out of question to start the webpage that monitoring is obtained again.
In the embodiment of the present application, it is substantially to distort row to one kind of web page contents that malicious code is injected in webpage
For verification summary is to verify a kind of effective means whether content is tampered.In addition, to verify whole web page contents whether by
Distort that then cost is higher, therefore, it can the control logic information that only verification webpage is included.
Thinking in the preceding paragraph, for step S103, the control logic information according to determination, acquisition pair
The check results that the control logic information is verified, can specifically include:Calculate the control logic information of determination
Summary;Obtain to the check results made a summary and verified, be used as the verification knot verified to the control logic information
Really.
In actual applications, executive agent is generally the mobile device of user, such as, mobile phone, tablet personal computer etc..If verification
Process is locally completed, then for mobile device, bears larger, accordingly it is also possible to ask service end complete by mobile device
Into.
For example, described obtain to the check results made a summary and verified, it can specifically include:The summary is sent
To the verification service end specified, and obtain the check results verified to the summary that verification service end is returned.Verification
Service end can be the service end of monitored webpage or be the unified third party's clothes for providing verification service in multiple websites
Business end etc..
Verification service end can pre-save the summary of the control logic information of monitored each webpage script (in order to just
In description, it is referred to as:Standard is made a summary), such as control logic information of webpage is not changed, then verified summary should with it is corresponding
Standard summary is identical.It is then described that the summary is verified, it can specifically include:Determine whether the summary is marked with corresponding
Quasi- summary is identical, wherein, the corresponding standard summary is:The control logic letter that webpage after the change is included before change
The summary of breath.
Further, in actual applications, control logic information is also possible to legally be changed by rear end, and such case is not
Belong to and distort, also not due to webpage is injected into malicious code and causes.If then verification service end determine receive summary not with
Corresponding standard summary with executive agent mutually it is also possible to continue to interact, with directly to control logic information further school
Test, to determine that control logic information is by legal modifications on earth or is tampered.In this way, being conducive to improving the side of the application
The reliability of case.
In the embodiment of the present application, verification service end can be plucked with identification informations such as the addresses of webpage to corresponding standard
It is identified, in order in verification, determine the standard summary corresponding to summary to be verified according to identification information.
Further, in actual applications, identical web page address can correspond to more than two different web pages, than
Such as, different user opens same web page address on different devices, and the webpage shown may be different, are probably specifically dominant
Content is different, it is also possible to which control logic information is different.In this case, correspondence can may not correctly only be determined by network address
Standard summary, can also determine that standard is plucked by other identification informations by the session identification (session id) etc. of webpage
Will.
For example, described be sent to the summary verification service end specified, and obtain pair that verification service end is returned
The check results verified of making a summary, can specifically include:By the session identification of the webpage after the summary, the change
Be sent to the verification service end specified with address, and obtain that verification service end returns according to the session identification and address pair
The check results verified of making a summary.
Being illustrated based on interaction flow to above- mentioned information processing method above, in the specific implementation, according to scene
Difference, interaction flow also has more flow details between the module and module of relevant device.Said with reference to example
It is bright.
Under the practical application scene that Fig. 2 provides for the embodiment of the present application, a kind of specific implementation of above- mentioned information processing method
The interaction flow schematic diagram of scheme.
Under Fig. 2 practical application scene, above- mentioned information processing method is applied in APP, has been comprised at least and has been browsed in APP
Device control and remote procedure call (RPC) module.Web page display after above-mentioned webpage, change in the browser control part, on
The control logic information stated is JavaScript code.
Browser control part can be specifically the example of the classes such as WebView, or built-in browser application etc..
Intermediate communication block can be used for being communicated between web page code and local (Native) code, specific to Fig. 2,
Intermediate communication block is used between monitored webpage (belonging to web page code) and browser control part (belonging to Native codes)
Communication, intermediate communication block can have a variety of implementations, and conventional has JS Bridge etc..Intermediate communication block can be included
In APP, can also be independently of APP outside.
The related code of supervisory control action may be at web page code side, can also be in Native codes side.Friendship in Fig. 2
Mutual flow is by taking the previous case as an example.
The flow in Fig. 2 is briefly described below, interaction flow can include following action.
The monitor code of web page code side is monitored to the DOM of webpage;
When the structure for monitoring the DOM changes, the summary for the JavaScript code that the webpage is included is calculated, and
The address of the summary, the session identification of the webpage, the webpage is sent to intermediate communication block;
The data received are sent to browser control part by intermediate communication block;
The data received are sent to RPC modules by browser control part;
The data received are sent to the verification service end specified by RPC modules, to ask verification to be made a summary;
Verification service end verifies to summary progress and obtains check results;
Check results are returned to RPC modules by verification service end;
The check results of reception are sent to browser control part by RPC modules;
The check results of reception are sent to intermediate communication block by browser control part;
The check results of reception are sent to web page code side by intermediate communication block;
The code of web page code side judges whether monitored webpage has been tampered according to check results, and if judging
Go out monitored webpage to be tampered, handled accordingly for webpage.
In the embodiment of the present application, in order to provide the security of above-mentioned interaction flow, for one in above-mentioned interaction flow
Section or multistage transmission path (transmission path, RPC modules and verification service end such as, between intermediate communication block and browser
Between transmission path etc.), data safe transmission on these paths can be ensured based on specified security strategy.
According to the explanation to the corresponding examples of Fig. 2, the flow in Fig. 1 is remarked additionally.
Fig. 1 method can be used for including browser control part, remote procedure call module in APP, the APP;It is described
Web page display after webpage, the change is in the browser control part.It is then above-mentioned that the summary is sent to the school specified
Service end is tested, and obtains the check results verified to the summary that verification service end is returned, can specifically be included:Institute
State browser control part and the summary is sent to the RPC modules;The summary of reception is sent to specified by the RPC modules
Verification service end, and receive that verification service end returns to the check results that are verified of making a summary;The RPC modules
The check results of reception are sent to the browser control part.
Further, the summary is sent to the RPC modules by the browser control part, can specifically be included:By institute
State summary and be sent to the browser control part;The summary of reception is sent to the RPC modules by the browser control part.
The executive agent of " summary is sent into the browser control part " typically can be the main body for calculating the summary, such as,
The code (may belong to web page code) of web page code side is totally independent of functional module of webpage etc., wherein, above-mentioned net
Page code can refer to:The code included originally in webpage, or the webpage that is associated with to realize that the scheme of the application increases newly
Code is attached to code of webpage etc..
Further, it is described that the summary is sent to the browser control part, it can specifically include:By the summary
Intermediate communication block is sent to, the intermediate communication block is used to be communicated between web page code and local Native codes;
The summary of reception is sent to the browser control part by the intermediate communication block.
Correspondingly, check results can be returned along the opposite direction of the transmitting path of summary info, as seen from Figure 2, this
In repeat no more.
If in addition, the related code of supervisory control action is not at web page code side, but during in Native code sides, then
Summary, check results transmission can also be without intermediate communication block.
A kind of information processing method provided above for the embodiment of the present application, based on same invention thinking, the application is real
Apply example and additionally provide corresponding device, as shown in Figure 3.
A kind of structural representation for information processor corresponding to Fig. 1 that Fig. 3 provides for the embodiment of the present application, the device
The executive agent of flow in Fig. 1 can be located at, including:
Monitoring module 301, is monitored to webpage;
Determining module 302, when the monitoring module 301, which monitors the webpage, occurs to specify change, it is determined that after change
The control logic information that includes of webpage;
Module 303 is obtained, the control logic information determined according to the determining module 302 is obtained to the control
The check results that logical message is verified;
Judge module 304, according to the check results, judges whether monitored webpage has been tampered.
Alternatively, the monitoring module 301 is monitored to webpage, is specifically included:
The monitoring module 301 determines current webpage, and the webpage is obtained from web service end;Pair determine the net
The DOM Document Object Model DOM of page is monitored;
The monitoring module 301, which monitors the webpage, to be occurred to specify change, is specifically included:
The structure that the monitoring module 301 monitors the DOM of the webpage of determination changes.
Alternatively, it is described to obtain the control logic information that module 303 is determined according to the determining module 302, obtain
The check results verified to the control logic information, are specifically included:
It is described to obtain the summary that module 303 calculates the control logic information that the determining module 302 is determined, acquisition pair
The check results verified of making a summary, are used as the check results verified to the control logic information.
Alternatively, the module 303 that obtains is obtained to the check results made a summary and verified, and is specifically included:
The summary is sent to the verification service end specified by the module 303 that obtains, and acquisition verification service end is returned
The check results verified to the summary returned.
Alternatively, it is described that the summary is verified, specifically include:
Determine whether the summary is identical with corresponding standard summary, wherein, the corresponding standard summary is:It is described to become
The summary for the control logic information that webpage after change is included before change.
Alternatively, the summary is sent to the verification service end specified by the module 303 that obtains, and obtains verification clothes
The check results verified to the summary that business end is returned, are specifically included:
The session identification of webpage after the summary, the change and address are sent to specified by the acquisition module 303
Verification service end, and being verified according to the session identification and address to the summary of obtaining that verification service end returns
Check results.
Alternatively, described device also includes:
Whether processing module 305, in the judge module 304 according to the check results, judge monitored webpage
After being tampered, if the judge module 304 judges that the monitored webpage has been tampered, the webpage after the change is entered
Row processing.
Alternatively, the control logic information is JavaScript code.
The apparatus and method that the embodiment of the present application is provided are one-to-one, and therefore, device also has corresponding side
The similar advantageous effects of method, due to the advantageous effects of method being described in detail above, therefore, here
Repeat no more the advantageous effects of corresponding intrument.
In the 1990s, for a technology improvement can clearly distinguish be on hardware improvement (for example,
Improvement to circuit structures such as diode, transistor, switches) or software on improvement (for the improvement of method flow).So
And, with the development of technology, the improvement of current many method flows can be considered as directly improving for hardware circuit.
Designer nearly all obtains corresponding hardware circuit by the way that improved method flow is programmed into hardware circuit.Cause
This, it cannot be said that the improvement of a method flow cannot be realized with hardware entities module.For example, PLD
(Programmable Logic Device, PLD) (such as field programmable gate array (Field Programmable Gate
Array, FPGA)) it is exactly such a integrated circuit, its logic function is determined by user to device programming.By designer
Voluntarily programming comes a digital display circuit " integrated " on a piece of PLD, without asking chip maker to design and make
Special IC chip.Moreover, nowadays, substitution manually makes IC chip, and this programming is also used instead mostly " patrols
Volume compiler (logic compiler) " software realizes that software compiler used is similar when it writes with program development,
And the source code before compiling also write by handy specific programming language, this is referred to as hardware description language
(Hardware Description Language, HDL), and HDL is also not only a kind of, but have many kinds, such as ABEL
(Advanced Boolean Expression Language)、AHDL(Altera Hardware Description
Language)、Confluence、CUPL(Cornell University Programming Language)、HDCal、JHDL
(Java Hardware Description Language)、Lava、Lola、MyHDL、PALASM、RHDL(Ruby
Hardware Description Language) etc., VHDL (Very-High-Speed are most generally used at present
Integrated Circuit Hardware Description Language) and Verilog.Those skilled in the art also should
This understands, it is only necessary to slightly programming in logic and be programmed into method flow in integrated circuit with above-mentioned several hardware description languages,
The hardware circuit for realizing the logical method flow can be just readily available.
Controller can be implemented in any suitable manner, for example, controller can take such as microprocessor or processing
Device and storage can by the computer of the computer readable program code (such as software or firmware) of (micro-) computing device
Read medium, gate, switch, application specific integrated circuit (Application Specific Integrated Circuit,
ASIC), the form of programmable logic controller (PLC) and embedded microcontroller, the example of controller includes but is not limited to following microcontroller
Device:ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicone Labs C8051F320, are deposited
Memory controller is also implemented as a part for the control logic of memory.It is also known in the art that except with
Pure computer readable program code mode is realized beyond controller, can be made completely by the way that method and step is carried out into programming in logic
Obtain controller and come real in the form of gate, switch, application specific integrated circuit, programmable logic controller (PLC) and embedded microcontroller etc.
Existing identical function.Therefore this controller is considered a kind of hardware component, and various for realizing to including in it
The device of function can also be considered as the structure in hardware component.Or even, can be by for realizing that the device of various functions is regarded
For that not only can be the software module of implementation method but also can be the structure in hardware component.
System, device, module or unit that above-described embodiment is illustrated, can specifically be realized by computer chip or entity,
Or realized by the product with certain function.It is a kind of typically to realize that equipment is computer.Specifically, computer for example may be used
Think personal computer, laptop computer, cell phone, camera phone, smart phone, personal digital assistant, media play
It is any in device, navigation equipment, electronic mail equipment, game console, tablet PC, wearable device or these equipment
The combination of equipment.
For convenience of description, it is divided into various units during description apparatus above with function to describe respectively.Certainly, this is being implemented
The function of each unit can be realized in same or multiple softwares and/or hardware during application.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or computer program
Product.Therefore, the present invention can be using the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware
Apply the form of example.Moreover, the present invention can be used in one or more computers for wherein including computer usable program code
The computer program production that usable storage medium is implemented on (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of product.
The present invention is the flow with reference to method according to embodiments of the present invention, equipment (system) and computer program product
Figure and/or block diagram are described.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram
Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided
The processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real
The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which is produced, to be included referring to
Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or
The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that in meter
Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, thus in computer or
The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in individual square frame or multiple square frames.
In a typical configuration, computing device includes one or more processors (CPU), input/output interface, net
Network interface and internal memory.
Internal memory potentially includes the volatile memory in computer-readable medium, random access memory (RAM) and/or
The forms such as Nonvolatile memory, such as read-only storage (ROM) or flash memory (flash RAM).Internal memory is computer-readable medium
Example.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method
Or technology come realize information store.Information can be computer-readable instruction, data structure, the module of program or other data.
The example of the storage medium of computer includes, but are not limited to phase transition internal memory (PRAM), static RAM (SRAM), moved
State random access memory (DRAM), other kinds of random access memory (RAM), read-only storage (ROM), electric erasable
Programmable read only memory (EEPROM), fast flash memory bank or other memory techniques, read-only optical disc read-only storage (CD-ROM),
Digital versatile disc (DVD) or other optical storages, magnetic cassette tape, the storage of tape magnetic rigid disk or other magnetic storage apparatus
Or any other non-transmission medium, the information that can be accessed by a computing device available for storage.Define, calculate according to herein
Machine computer-readable recording medium does not include temporary computer readable media (transitory media), such as data-signal and carrier wave of modulation.
It should also be noted that, term " comprising ", "comprising" or its any other variant are intended to nonexcludability
Comprising so that process, method, commodity or equipment including a series of key elements are not only including those key elements, but also wrap
Include other key elements being not expressly set out, or also include for this process, method, commodity or equipment intrinsic want
Element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that wanted including described
Also there is other identical element in process, method, commodity or the equipment of element.
The application can be described in the general context of computer executable instructions, such as program
Module.Usually, program module includes performing particular task or realizes routine, program, object, the group of particular abstract data type
Part, data structure etc..The application can also be put into practice in a distributed computing environment, in these DCEs, by
Remote processing devices connected by communication network perform task.In a distributed computing environment, program module can be with
Positioned at including in the local and remote computer-readable storage medium including storage device.
Each embodiment in this specification is described by the way of progressive, identical similar portion between each embodiment
Divide mutually referring to what each embodiment was stressed is the difference with other embodiment.It is real especially for system
Apply for example, because it is substantially similar to embodiment of the method, so description is fairly simple, related part is referring to embodiment of the method
Part explanation.
Embodiments herein is the foregoing is only, the application is not limited to.For those skilled in the art
For, the application can have various modifications and variations.It is all any modifications made within spirit herein and principle, equivalent
Replace, improve etc., it should be included within the scope of claims hereof.
Claims (19)
1. a kind of information processing method, it is characterised in that including:
Webpage is monitored;
When monitoring the webpage and occurring to specify change, it is determined that the control logic information that the webpage after change is included;
According to the control logic information of determination, the check results verified to the control logic information are obtained;
According to the check results, judge whether monitored webpage has been tampered.
2. the method as described in claim 1, it is characterised in that described to be monitored to webpage, is specifically included:
It is determined that current webpage, the webpage is obtained from web service end;
Couple DOM Document Object Model DOM of the webpage determined is monitored;
It is described to monitor the specified change of webpage generation, specifically include:
The structure for monitoring the DOM of the webpage of determination changes.
3. the method as described in claim 1, it is characterised in that the control logic information according to determination, acquisition pair
The check results that the control logic information is verified, are specifically included:
Calculate the summary of the control logic information determined;
Obtain to the check results made a summary and verified, be used as the verification knot verified to the control logic information
Really.
4. method as claimed in claim 3, it is characterised in that the check results that the acquisition is verified to the summary,
Specifically include:
The summary is sent to the verification service end specified, and obtain that verification service end returns school is carried out to the summary
The check results tested.
5. method as claimed in claim 4, it is characterised in that described to be verified to the summary, is specifically included:
Determine whether the summary is identical with corresponding standard summary, wherein, the corresponding standard summary is:After the change
The summary of control logic information that is included before change of webpage.
6. method as claimed in claim 4, it is characterised in that described that the summary is sent to the verification service end specified,
And the check results verified to the summary that verification service end is returned are obtained, specifically include:
The session identification of webpage after the summary, the change and address are sent to the verification service end specified, and obtained
The check results verified according to the session identification and address to the summary of service end return must be verified.
7. method as claimed in claim 4, it is characterised in that methods described is applied in APP, the APP comprising clear
Look at device control, remote procedure call module;Web page display after the webpage, the change is in the browser control part;
It is described that the summary is sent to the verification service end specified, and obtain that verification service end returns to it is described make a summary into
The check results of row verification, are specifically included:
The summary is sent to the RPC modules by the browser control part;
The summary of reception is sent to the verification service end specified by the RPC modules, and receives verification service end return
To the check results that are verified of making a summary;
The check results of reception are sent to the browser control part by the RPC modules.
8. method as claimed in claim 7, it is characterised in that the summary is sent to the RPC by the browser control part
Module, is specifically included:
The summary is sent to the browser control part;
The summary of reception is sent to the RPC modules by the browser control part.
9. method as claimed in claim 8, it is characterised in that described that the summary is sent into the browser control part, has
Body includes:
The summary is sent to intermediate communication block, the intermediate communication block is used for web page code and local Native codes
Between communicated;
The summary of reception is sent to the browser control part by the intermediate communication block.
10. the method as described in claim 1, it is characterised in that described according to the check results, judges monitored webpage
Whether after being tampered, methods described also includes:
If judging, the monitored webpage has been tampered, and the webpage after the change is handled.
11. the method as described in any one of claim 1~10, it is characterised in that the control logic information is
JavaScript code.
12. a kind of information processor, it is characterised in that including:
Monitoring module, is monitored to webpage;
Determining module, when the monitoring module, which monitors the webpage, occurs to specify change, it is determined that the webpage after change is included
Control logic information;
Module is obtained, the control logic information determined according to the determining module, acquisition is entered to the control logic information
The check results of row verification;
Judge module, according to the check results, judges whether monitored webpage has been tampered.
13. device as claimed in claim 12, it is characterised in that the monitoring module is monitored to webpage, is specifically included:
The monitoring module determines current webpage, and the webpage is obtained from web service end;
Couple DOM Document Object Model DOM of the webpage determined is monitored;
The monitoring module, which monitors the webpage, to be occurred to specify change, is specifically included:
The structure that the monitoring module monitors the DOM of the webpage of determination changes.
14. device as claimed in claim 12, it is characterised in that the institute that the acquisition module is determined according to the determining module
Control logic information is stated, the check results verified to the control logic information is obtained, specifically includes:
It is described to obtain the summary that module calculates the control logic information that the determining module is determined, obtain to it is described make a summary into
The check results of row verification, are used as the check results verified to the control logic information.
15. device as claimed in claim 14, it is characterised in that the acquisition module is obtained makes a summary what is verified to described
Check results, are specifically included:
The summary is sent to the verification service end specified by the module that obtains, and obtain that verification service end returns to institute
State the check results that summary is verified.
16. device as claimed in claim 15, it is characterised in that described to be verified to the summary, is specifically included:
Determine whether the summary is identical with corresponding standard summary, wherein, the corresponding standard summary is:After the change
The summary of control logic information that is included before change of webpage.
17. device as claimed in claim 15, it is characterised in that the summary is sent to the school specified by the acquisition module
Service end is tested, and obtains the check results verified to the summary that verification service end is returned, is specifically included:
The session identification of webpage after the summary, the change and address are sent to the verification clothes specified by the module that obtains
Business end, and obtain the verification knot verified according to the session identification and address to the summary that verification service end is returned
Really.
18. device as claimed in claim 12, it is characterised in that described device also includes:
Processing module, in the judge module according to the check results, after judging whether monitored webpage has been tampered, if
The judge module judges that the monitored webpage has been tampered, and the webpage after the change is handled.
19. the device as described in any one of claim 12~18, it is characterised in that the control logic information is
JavaScript code.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710065427.3A CN107016282B (en) | 2017-02-06 | 2017-02-06 | information processing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710065427.3A CN107016282B (en) | 2017-02-06 | 2017-02-06 | information processing method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107016282A true CN107016282A (en) | 2017-08-04 |
| CN107016282B CN107016282B (en) | 2020-01-31 |
Family
ID=59440288
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710065427.3A Active CN107016282B (en) | 2017-02-06 | 2017-02-06 | information processing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107016282B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108600157A (en) * | 2018-03-08 | 2018-09-28 | 阿里巴巴集团控股有限公司 | page loading method and device |
| CN109359260A (en) * | 2018-09-29 | 2019-02-19 | 腾讯科技(成都)有限公司 | Webpage changes monitoring method, device, equipment and medium |
| CN110378750A (en) * | 2019-07-25 | 2019-10-25 | 秒针信息技术有限公司 | Image rendering method, device, equipment and storage medium |
| CN111104616A (en) * | 2018-10-26 | 2020-05-05 | 阿里巴巴集团控股有限公司 | Webpage processing method and device |
| CN111262842A (en) * | 2020-01-10 | 2020-06-09 | 恒安嘉新(北京)科技股份公司 | Webpage tamper-proofing method and device, electronic equipment and storage medium |
| CN112929390A (en) * | 2021-03-12 | 2021-06-08 | 厦门帝恩思科技股份有限公司 | Network intelligent monitoring method based on multi-strategy fusion |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103201749A (en) * | 2011-01-05 | 2013-07-10 | 株式会社东芝 | Web page defacement detection device and storage medium |
| CN103562927A (en) * | 2011-05-31 | 2014-02-05 | 惠普发展公司,有限责任合伙企业 | Automated security testing |
| CN105354494A (en) * | 2015-10-30 | 2016-02-24 | 北京奇虎科技有限公司 | Detection method and apparatus for web page data tampering |
| US9407658B1 (en) * | 2015-06-30 | 2016-08-02 | AO Kaspersky Lab | System and method for determining modified web pages |
-
2017
- 2017-02-06 CN CN201710065427.3A patent/CN107016282B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103201749A (en) * | 2011-01-05 | 2013-07-10 | 株式会社东芝 | Web page defacement detection device and storage medium |
| CN103562927A (en) * | 2011-05-31 | 2014-02-05 | 惠普发展公司,有限责任合伙企业 | Automated security testing |
| US9407658B1 (en) * | 2015-06-30 | 2016-08-02 | AO Kaspersky Lab | System and method for determining modified web pages |
| CN105354494A (en) * | 2015-10-30 | 2016-02-24 | 北京奇虎科技有限公司 | Detection method and apparatus for web page data tampering |
Non-Patent Citations (1)
| Title |
|---|
| 张剑: "远程网页篡改事件监测", 《电子政务安全》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108600157A (en) * | 2018-03-08 | 2018-09-28 | 阿里巴巴集团控股有限公司 | page loading method and device |
| CN109359260A (en) * | 2018-09-29 | 2019-02-19 | 腾讯科技(成都)有限公司 | Webpage changes monitoring method, device, equipment and medium |
| CN111104616A (en) * | 2018-10-26 | 2020-05-05 | 阿里巴巴集团控股有限公司 | Webpage processing method and device |
| CN110378750A (en) * | 2019-07-25 | 2019-10-25 | 秒针信息技术有限公司 | Image rendering method, device, equipment and storage medium |
| CN111262842A (en) * | 2020-01-10 | 2020-06-09 | 恒安嘉新(北京)科技股份公司 | Webpage tamper-proofing method and device, electronic equipment and storage medium |
| CN112929390A (en) * | 2021-03-12 | 2021-06-08 | 厦门帝恩思科技股份有限公司 | Network intelligent monitoring method based on multi-strategy fusion |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107016282B (en) | 2020-01-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107016282A (en) | A kind of information processing method and device | |
| CN105940654B (en) | Franchise static web application in trust | |
| CN107133174A (en) | Test case code automatically generating device and method | |
| WO2019000710A1 (en) | Page loading method, apparatus and electronic device | |
| CN106682028A (en) | Method, device and system for obtaining web application | |
| CN109740085A (en) | A kind of methods of exhibiting of content of pages, device, equipment and storage medium | |
| CN107590228B (en) | Page content processing method and mobile terminal | |
| CN108959509A (en) | Webpage watermark processing method, device and electronic equipment | |
| US20150227276A1 (en) | Method and system for providing an interactive user guide on a webpage | |
| CN107908959A (en) | Site information detection method, device, electronic equipment and storage medium | |
| CN105955593B (en) | Method and device for presenting discussion information | |
| CN111555940A (en) | Client test method and device, electronic equipment and computer readable storage medium | |
| CN107016043A (en) | A kind of information processing method and device | |
| CN113778284A (en) | Audit information display method, device, equipment and storage medium | |
| CN109460546A (en) | List generation method, device and electronic equipment | |
| CN106503111A (en) | Webpage code-transferring method, device and client terminal | |
| CN110532495A (en) | A kind of methods of exhibiting and device of webpage information | |
| CN113268260A (en) | Routing method and device for web front end | |
| CN107479868A (en) | A kind of interface loading method, device and equipment | |
| CN109783355A (en) | Page elements acquisition methods, system, computer equipment and readable storage medium storing program for executing | |
| CN106033387B (en) | The method and apparatus for testing flash intrinsic controls | |
| US20150205767A1 (en) | Link appearance formatting based on target content | |
| CN109597482B (en) | Automatic page turning method and device for electronic book, medium and electronic equipment | |
| US20120072823A1 (en) | Natural language assertion | |
| CN113408254A (en) | Page form information filling method, device, equipment and readable medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20200925 Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Patentee after: Innovative advanced technology Co.,Ltd. Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Patentee before: Advanced innovation technology Co.,Ltd. Effective date of registration: 20200925 Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Patentee after: Advanced innovation technology Co.,Ltd. Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands Patentee before: Alibaba Group Holding Ltd. |
|
| TR01 | Transfer of patent right |