CN107147645A - The acquisition methods and device of network security data - Google Patents
The acquisition methods and device of network security data Download PDFInfo
- Publication number
- CN107147645A CN107147645A CN201710328153.2A CN201710328153A CN107147645A CN 107147645 A CN107147645 A CN 107147645A CN 201710328153 A CN201710328153 A CN 201710328153A CN 107147645 A CN107147645 A CN 107147645A
- Authority
- CN
- China
- Prior art keywords
- event
- web page
- call function
- current web
- triggered
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/308—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information retaining data, e.g. retaining successful, unsuccessful communication attempts, internet access, or e-mail, internet telephony, intercept related information or call content
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Abstract
The embodiments of the invention provide a kind of acquisition methods of network security data and device, wherein method includes:The corresponding call function of each event in current web page is obtained from default call function storehouse;According to the returned data of the call function, the event being triggered in current web page is determined;The corresponding content of pages of event being triggered described in obtaining;Content of pages according to corresponding to the event being triggered, obtains the network security related data in the current web page.The technical scheme of the embodiment of the present invention, can obtain the network security related data of the webpage created using Ajax modes, and then leak that may be present in current web page is analyzed, and reduce leak rate of failing to report, improve internet security.
Description
Technical field
The present embodiments relate to the acquisition methods and dress of network technique field, more particularly to a kind of network security data
Put.
Background technology
Present the Internet, applications enter the Web2.0 epoch, and the performance of application end is increasingly enriched, for the property of front end page
Also more and more higher can be required, to be supplied to the more natural viewing experience of user, many large-scale websites use asynchronous
JavaScript and XML (Asychronous Javascript and XML, Ajax) loading technique loading page.
By Ajax Asynchronous loading technologies, JavaScript (clients can be used when user carries out the operation on webpage
The script of end Web exploitations) and DHTML (Dynamic html, dynamic html) update the page immediately, and sent to server
Asynchronous Request, is updated or inquiry database with performing.When asking to return, it is possible to use JavaScript and Cascading Style Sheet
(Cascading Style Sheet, CSS) correspondingly updates the page, rather than refreshes full page.This means can be
In the case of not reloading whole webpage, certain part of webpage is updated.So as to which some former servers are born
Work marry again client, the disposal ability left unused beneficial to client is handled, and mitigates the burden of server and bandwidth so that
Reach the space for saving ISP (Internet Service Provider, ISP) and bandwidth lease cost
Purpose.
But, when Ajax Asynchronous loadings technology utilizes the JavaScript dynamic generation pages, the page does not have refresh process, because
There is no new content of pages in this source code, when search engine analyzes source code using reptile, it is impossible to get new page
Face content, so that search engine can not get network security related data, leads to not according to network security related data
Leak analysis is carried out, leak rate of failing to report is added, internet security is relatively low.
The content of the invention
The embodiment of the present invention provides a kind of acquisition methods and device of network security data, can obtain using Ajax modes
The network security related data of the webpage of establishment, and then leak that may be present in current web page is analyzed, reduce Lou
Hole rate of failing to report, improves internet security.
The embodiment of the present invention provides a kind of acquisition methods of network security data, including:
The corresponding call function of each event in current web page is obtained from default call function storehouse;
According to the returned data of the call function, the event being triggered in current web page is determined;
The corresponding content of pages of event being triggered described in obtaining;
Content of pages according to corresponding to the event being triggered, the network security obtained in the current web page is related
Data.
Further, in method described above, each event pair in current web page is obtained from default call function storehouse
Before the call function answered, in addition to:
Obtain the source code of the current web page;
According to the source code of the current web page, the corresponding call function of each event in the current web page is determined.
Further, in method described above, according to the source code of the current web page, determine in the current web page
The corresponding call function of each event, including:
Extract the corresponding data of each event in the source code;
Data corresponding to each event carry out dissection process, obtain the characteristic value of each event, the spy
Value indicative carries the mark of the corresponding call function of each event;
According to the mark, the corresponding call function of each event is determined.
Further, in method described above, the corresponding content of pages of event being triggered described in acquisition, including:
Be triggered the corresponding HTML html text of event described in obtaining;
The html text is analyzed, the corresponding content of pages of event being triggered is obtained.
Further, in method described above, the network security data includes:
The link of network and/or the data source of network.
The embodiment of the present invention also provides a kind of acquisition device of network security data, including:
First acquisition module, for being obtained from default call function storehouse, each in current web page event is corresponding calls letter
Number;
First determining module, for the returned data according to the call function, determines the thing being triggered in current web page
Part;
Second acquisition module, for obtaining the corresponding content of pages of event being triggered, is triggered according to described
Content of pages corresponding to event, obtains the network security related data in the current web page.
Further, device described above, in addition to the second determining module;
First acquisition module, is additionally operable to obtain the source code of the current web page;
Second determining module, for the source code according to the current web page, is determined every in the current web page
The corresponding call function of individual event.
Further, in device described above, the second determining module, specifically for:
Extract the corresponding data of each event in the source code;
Data corresponding to each event carry out dissection process, obtain the characteristic value of each event, the spy
Value indicative carries the mark of the corresponding call function of each event;
According to the mark, the corresponding call function of each event is determined.
Further, in device described above, second acquisition module, specifically for:
Be triggered the corresponding HTML html text of event described in obtaining;
The html text is analyzed, the corresponding content of pages of event being triggered is obtained.
Further, in device described above, the network security data includes:
The link of network and/or the data source of network.
The acquisition methods and device of the network security data of the embodiment of the present invention, by being obtained from default call function storehouse
The corresponding call function of each event in current web page;According to the returned data of call function, determine to be triggered in current web page
Event;Obtain the corresponding content of pages of event being triggered;Content of pages according to corresponding to the event being triggered, obtains and works as
Network security related data in preceding webpage, realizes the network security related data of the webpage to being created using Ajax modes
Crawl.The technical scheme of the embodiment of the present invention, can obtain the network security related data of the webpage created using Ajax modes,
And then leak that may be present in current web page is analyzed, leak rate of failing to report is reduced, internet security is improved.
Brief description of the drawings
Accompanying drawing described herein is used for providing further understanding the embodiment of the present invention, constitutes the embodiment of the present invention
A part, the schematic description and description of the embodiment of the present invention is used to explain the embodiment of the present invention, does not constitute to this hair
The improper restriction of bright embodiment.In the accompanying drawings:
Fig. 1 is the flow chart of the acquisition methods embodiment one of the network security data of the embodiment of the present invention;
Fig. 2 is the flow chart of the acquisition methods embodiment two of the network security data of the embodiment of the present invention;
Fig. 3 is the structural representation of the acquisition device embodiment one of the network security data of the embodiment of the present invention;
Fig. 4 is the structural representation of the acquisition device embodiment two of the network security data of the embodiment of the present invention.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention
Technical scheme of the embodiment of the present invention is clearly and completely described for specific embodiment and corresponding accompanying drawing.Obviously, it is described
Embodiment is only a part of embodiment of the embodiment of the present invention, rather than whole embodiments.Based on the reality in the embodiment of the present invention
Example is applied, the every other embodiment that those of ordinary skill in the art are obtained under the premise of creative work is not made all belongs to
The scope protected in the embodiment of the present invention.
Below in conjunction with accompanying drawing, the technical scheme that each embodiment of the embodiment of the present invention is provided is described in detail.
Embodiment one
Fig. 1 is the flow chart of the acquisition methods embodiment one of the network security data of the embodiment of the present invention, as shown in figure 1,
The acquisition methods of the network security data of the embodiment of the present invention, specifically may include steps of:
100th, the corresponding call function of each event in current web page is obtained from default call function storehouse.
During one implements, in the webpage created using Ajax modes, such as Web2.0 can have corresponding thing
Part, to generate corresponding content of pages according to each event.
Due to the webpage created using Ajax modes, it can only go to obtain renewal in the case where not refreshing full page
Partial content, causes after some events is performed, is, without new content of pages, to make reptile can not in the source code of webpage
Learn that these events have been triggered, so that related pages content, in order to solve the above problems, the embodiment of the present invention can not be got
In can pre-set a call function storehouse, each event is tied up with corresponding call function in default call function storehouse
It is fixed, form the incidence relation of an event and call function.When a certain webpage is opened in user's request, according to the webpage, from default
The corresponding call function of each event in the webpage is obtained in call function storehouse.
It should be noted that the current web page in the embodiment of the present invention can be understood as the net that active user's request is opened
Page.
For example, corresponding event can include but not limit in the webpage created for Ajax modes, the embodiment of the present invention
In:Based on the dynamic response under Ajax loading techniques, render Render, backflow Reflow, draw Painting and flow of event
At least one of Event Flow, these events can artificially be made a reservation for by staff according to the data load mode of webpage
Justice, can also be defined to existing webpage in advance.
101st, according to the returned data of the call function of acquisition, the event being triggered in current web page is determined.
During one implements, after webpage is opened, it is understood that there may be a variety of events, as created using Ajax modes
, there is the event based on the dynamic response under Ajax loading techniques in webpage.The event can be triggered under some specific operations.Net
Each event in page call function corresponding after being triggered can equally be triggered to return to corresponding data, for example,
Each corresponding call function of event can return to logical value " 0 " or " 1 ", can also return character string type "Yes" or "No"
Deng the embodiment of the present invention is not particularly limited.
Due to there are multiple events in current web page, but it is not that each event can be performed, thus it is each obtaining
After the corresponding call function of event, the data that each call function is returned are different, and the embodiment of the present invention can be according to each
The data that call function is returned, know which event is triggered, which event is not triggered, may thereby determine that in current web page
The event being triggered.For example, when call function can return to logical value " 1 ", representing that its corresponding function has been triggered;Work as tune
When can return to logical value " 0 " with function, represent that its corresponding function is not triggered.
102nd, the corresponding content of pages of event being triggered is obtained.
After a certain event is triggered, reptile can learn that the event is performed, and now reptile can capture and be triggered
The corresponding content of pages of event.Such as:When rendering Render or drawing the generation of Painting events, the corresponding page in webpage
Content, such as word, color, picture, also can and then change, now reptile can be captured corresponding to the event that these are triggered
Content of pages.
103rd, the content of pages according to corresponding to the event being triggered, obtains the network security dependency number in current web page
According to.
After the content of pages corresponding to the event being triggered is got, the content of pages of acquisition can be solved
Analysis, so as to obtain the related source code of the content of pages, by the source code obtained from multiple events of being triggered and current web page
Source code is combined, and can get source codes all in current page, and then obtain the network security phase in current web page
Close data.
During one implements, also there are other links in current web page in addition to the connection of itself, and
The data sources such as input username and password are needed, therefore, in order to obtain more fully network security data, the present invention is implemented
Network security data in example, can include but is not limited to:The link of network and/or the data source of network.
The executive agent of the acquisition methods of the network security data of the embodiment of the present invention can obtaining for network security data
Device is taken, the acquisition device of the network security data specifically can be by software come integrated, and such as network security data is obtained
Device is taken to be specifically as follows an application, the present invention is to this without being particularly limited to.
The acquisition methods of the network security data of the embodiment of the present invention, by obtaining current net from default call function storehouse
The corresponding call function of each event in page;According to the returned data of call function, the event being triggered in current web page is determined;
Obtain the corresponding content of pages of event being triggered;Content of pages according to corresponding to the event being triggered, obtains current web page
In network security related data, realize the crawl of the network security related data of the webpage to creating using Ajax modes.
The technical scheme of the embodiment of the present invention, can obtain the network security related data of the webpage created using Ajax modes, and then
Leak that may be present in current web page is analyzed, leak rate of failing to report is reduced, improves internet security.
Embodiment two
Fig. 2 is the flow chart of the acquisition methods embodiment two of the network security data of the embodiment of the present invention, as shown in Fig. 2
The acquisition methods of the network security data of the embodiment of the present invention are on the basis of embodiment illustrated in fig. 1, further in further detail
Technical solution of the present invention is described.
As shown in Fig. 2 the acquisition methods of the network security data of the embodiment of the present invention, specifically may include steps of:
200th, the source code of current web page is obtained.
The embodiment of the present invention can by sandbox technology be applied to webpage protection in, for technology angle, be exactly from
Original prevention suspect program is accessed system, is transformed into suspect program being redirected to finger to the access of disk, registration table etc.
Determine under file, so as to eliminate the harm to system.
Any disk write operation that user is made by browser, all will be redirected to a specific temporary folder
In.So, even if including viral, wooden horse in webpage, the rogue program such as advertisement after installing by force, also simply is installed into facing
When file in, user terminal will not be caused harm.
Therefore, each webpage can be loaded into sandbox and be analyzed and processed before terminal is shown, the source generation of each webpage
Code is the basis of each web page analysis, so each webpage is during sandbox is loaded into and is loaded into after sandbox, is required for obtaining
Take the source code of each webpage.In the embodiment of the present invention, when user's current request opens a certain webpage, current web page can be obtained
Source code.
201st, according to the source code of current web page, the corresponding call function of each event in current web page is determined.
During one implements, necessarily comprising one section of specific code in each call function, to identify the tune
With function, the embodiment of the present invention can be referred to as characteristic value, therefore, after the source code of each webpage is got, Ke Yiti
The corresponding data of each event in source code are taken, data corresponding to each event carry out dissection process, to obtain each thing
The characteristic value of part, wherein, the characteristic value of acquisition carries the mark of the corresponding call function of each event;Getting each event
Characteristic value after, the mark that can be carried according to characteristic value, it is determined that each corresponding call function of event.
202nd, the corresponding call function of each event in current web page is obtained from default call function storehouse.
The step is identical with step 100 realization mechanism in embodiment illustrated in fig. 1, and above-mentioned related record is refer in detail,
It will not be repeated here.
203rd, according to the returned data of the call function of acquisition, the event being triggered in current web page is determined.
The step is identical with step 101 realization mechanism in embodiment illustrated in fig. 1, and above-mentioned related record is refer in detail,
It will not be repeated here.
204th, the corresponding content of pages of event being triggered is obtained.
During one implements, after a certain event is triggered, corresponding HTML (Hyper is generated
Text Markup Language, HTML) text.The corresponding content of pages of the event, such as word, face are carried in wherein HTML
Color, picture etc., therefore, it is determined that after the event being triggered, the corresponding html text of the event of being triggered can be obtained, and it is right
Html text is analyzed, the corresponding content of pages of the event being triggered.
205th, the content of pages according to corresponding to the event being triggered, obtains the network security dependency number in current web page
According to.
The step is identical with step 103 realization mechanism in embodiment illustrated in fig. 1, and above-mentioned related record is refer in detail,
It will not be repeated here.
The acquisition methods of the network security data of the embodiment of the present invention, can obtain the webpage that use Ajax modes are created
Network security related data, and then leak that may be present in current web page is analyzed, leak rate of failing to report is reduced, is improved
Internet security.
Embodiment three
Fig. 3 is the structural representation of the acquisition device embodiment one of the network security data of the embodiment of the present invention, such as Fig. 3 institutes
Show, the acquisition device of the network security data of the embodiment of the present invention can include the first acquisition module 10, the first determining module 11
With the second acquisition module 12.
First acquisition module 10, for being obtained from default call function storehouse, each in current web page event is corresponding calls
Function.
First determining module 11, for the returned data of the call function obtained according to the first acquisition module 10, it is determined that working as
The event being triggered in preceding webpage.
Second acquisition module 12, for obtaining the corresponding content of pages of event being triggered, according to the event institute being triggered
Corresponding content of pages, obtains the network security related data in current web page.
For example, in the embodiment of the present invention, network security data can include but is not limited to:The link of network and/or net
The data source of network.
It should be appreciated that although in embodiments of the present invention acquisition module may be described using the grade of term first, second,
But these acquisition modules should not necessarily be limited by these terms, these terms are only used for acquisition module being distinguished from each other out.Do not taking off for example
In the case of from range of embodiment of the invention, the first acquisition module 10 can also be referred to as the second acquisition module 12, and similarly second
Acquisition module 12 can also be referred to as the first acquisition module 10.
The acquisition device of the network security data of the embodiment of the present invention, realizes by using above-mentioned each module and obtains network peace
The realization mechanism of total evidence is identical with the realization mechanism of above-mentioned embodiment illustrated in fig. 1, and implementation shown in above-mentioned Fig. 1 is may be referred in detail
The record of example, will not be repeated here.
The acquisition device of the network security data of the embodiment of the present invention, can be from default call function by above-mentioned each module
The corresponding call function of each event in current web page is obtained in storehouse;According to the returned data of call function, current web page is determined
In the event that is triggered;Obtain the corresponding content of pages of event being triggered;In the page according to corresponding to the event being triggered
Hold, obtain the network security related data in current web page, realize the network security of the webpage to being created using Ajax modes
The crawl of related data.The technical scheme of the embodiment of the present invention, can obtain the network peace of the webpage created using Ajax modes
Total correlation data, and then leak that may be present in current web page is analyzed, leak rate of failing to report is reduced, network is improved
Security.
Example IV
Fig. 4 is the structural representation of the acquisition device embodiment two of the network security data of the embodiment of the present invention, such as Fig. 4 institutes
Show, the acquisition device of the network security data of the embodiment of the present invention can also further be wrapped on the basis of embodiment illustrated in fig. 3
Include the second determining module 13.
During one implements, the first acquisition module 10 is additionally operable to obtain the source code of current web page;
Second determining module 13, for the source code according to current web page, determines each event correspondence in current web page
Call function.
Specifically, the second determining module 13 can extract the corresponding data of each event in source code;To each event
Corresponding data carry out dissection process, obtain the characteristic value of each event, and characteristic value carries the corresponding call function of each event
Mark;According to mark, it is determined that the corresponding call function of each event.
Second acquisition module 12, specifically for:Acquisition is triggered the corresponding HTML html text of event;It is right
Html text is analyzed, the corresponding content of pages of the event being triggered.
The acquisition device of the network security data of the embodiment of the present invention, realizes by using above-mentioned each module and obtains network peace
The realization mechanism of total evidence is identical with the realization mechanism of above-mentioned embodiment illustrated in fig. 2, and implementation shown in above-mentioned Fig. 2 is may be referred in detail
The record of example, will not be repeated here.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or computer program
Product.Therefore, the present invention can be using the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware
Apply the form of example.Moreover, the present invention can be used in one or more computers for wherein including computer usable program code
The computer program production that usable storage medium is implemented on (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of product.
The present invention is the flow with reference to method according to embodiments of the present invention, equipment (system) and computer program product
Figure and/or block diagram are described.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram
Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided
The processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real
The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which is produced, to be included referring to
Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or
The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that in meter
Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, thus in computer or
The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in individual square frame or multiple square frames.
In a typical configuration, computing device includes one or more processors (CPU), input/output interface, net
Network interface and internal memory.
Internal memory potentially includes the volatile memory in computer-readable medium, random access memory (RAM) and/or
The forms such as Nonvolatile memory, such as read-only storage (ROM) or flash memory (flash RAM).Internal memory is computer-readable medium
Example.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method
Or technology come realize information store.Information can be computer-readable instruction, data structure, the module of program or other data.
The example of the storage medium of computer includes, but are not limited to phase transition internal memory (PRAM), static RAM (SRAM), moved
State random access memory (DRAM), other kinds of random access memory (RAM), read-only storage (ROM), electric erasable
Programmable read only memory (EEPROM), fast flash memory bank or other memory techniques, read-only optical disc read-only storage (CD-ROM),
Digital versatile disc (DVD) or other optical storages, magnetic cassette tape, the storage of tape magnetic rigid disk or other magnetic storage apparatus
Or any other non-transmission medium, the information that can be accessed by a computing device available for storage.Define, calculate according to herein
Machine computer-readable recording medium does not include temporary computer readable media (transitory media), such as data-signal and carrier wave of modulation.
It should also be noted that, term " comprising ", "comprising" or its any other variant are intended to nonexcludability
Comprising so that process, method, commodity or equipment including a series of key elements are not only including those key elements, but also wrap
Include other key elements being not expressly set out, or also include for this process, method, commodity or equipment intrinsic want
Element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that wanted including described
Also there is other identical element in process, method, commodity or the equipment of element.
It will be understood by those skilled in the art that the embodiment of the embodiment of the present invention can be provided as method, system or computer journey
Sequence product.Therefore, the embodiment of the present invention can be using complete hardware embodiment, complete software embodiment or with reference to software and hardware side
The form of the embodiment in face.Moreover, the embodiment of the present invention can be used wherein includes computer available programs one or more
Implement in the computer-usable storage medium (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.) of code
The form of computer program product.
Embodiments herein is the foregoing is only, the application is not limited to.For those skilled in the art
For, the application can have various modifications and variations.It is all any modifications made within spirit herein and principle, equivalent
Replace, improve etc., it should be included within the scope of claims hereof.
Claims (10)
1. a kind of acquisition methods of network security data, it is characterised in that including:
The corresponding call function of each event in current web page is obtained from default call function storehouse;
According to the returned data of the call function, the event being triggered in current web page is determined;
The corresponding content of pages of event being triggered described in obtaining;
Content of pages according to corresponding to the event being triggered, obtains the network security dependency number in the current web page
According to.
2. according to the method described in claim 1, it is characterised in that obtain each in current web page from default call function storehouse
Before the corresponding call function of event, in addition to:
Obtain the source code of the current web page;
According to the source code of the current web page, the corresponding call function of each event in the current web page is determined.
3. method according to claim 2, it is characterised in that according to the source code of the current web page, it is determined that described work as
The corresponding call function of each event in preceding webpage, including:
Extract the corresponding data of each event in the source code;
Data corresponding to each event carry out dissection process, obtain the characteristic value of each event, the characteristic value
Carry the mark of the corresponding call function of each event;
According to the mark, the corresponding call function of each event is determined.
4. according to any described methods of claim 1-3, it is characterised in that the corresponding page of event being triggered described in obtaining
Content, including:
Be triggered the corresponding HTML html text of event described in obtaining;
The html text is analyzed, the corresponding content of pages of event being triggered is obtained.
5. according to any described methods of claim 1-3, it is characterised in that the network security data includes:
The link of network and/or the data source of network.
6. a kind of acquisition device of network security data, it is characterised in that including:
First acquisition module, for obtaining the corresponding call function of each event in current web page from default call function storehouse;
First determining module, for the returned data according to the call function, determines the event being triggered in current web page;
Second acquisition module, for obtaining the corresponding content of pages of event being triggered, according to the event being triggered
Corresponding content of pages, obtains the network security related data in the current web page.
7. device according to claim 6, it is characterised in that also including the second determining module;
First acquisition module, is additionally operable to obtain the source code of the current web page;
Second determining module, for the source code according to the current web page, determines each thing in the current web page
The corresponding call function of part.
8. device according to claim 7, it is characterised in that the second determining module, specifically for:
Extract the corresponding data of each event in the source code;
Data corresponding to each event carry out dissection process, obtain the characteristic value of each event, the characteristic value
Carry the mark of the corresponding call function of each event;
According to the mark, the corresponding call function of each event is determined.
9. according to any devices of claim 6-8, it is characterised in that second acquisition module, specifically for:
Be triggered the corresponding HTML html text of event described in obtaining;
The html text is analyzed, the corresponding content of pages of event being triggered is obtained.
10. according to any devices of claim 6-8, it is characterised in that the network security data includes:
The link of network and/or the data source of network.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710328153.2A CN107147645B (en) | 2017-05-11 | 2017-05-11 | Method and device for acquiring network security data |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710328153.2A CN107147645B (en) | 2017-05-11 | 2017-05-11 | Method and device for acquiring network security data |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107147645A true CN107147645A (en) | 2017-09-08 |
CN107147645B CN107147645B (en) | 2020-05-05 |
Family
ID=59778514
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710328153.2A Active CN107147645B (en) | 2017-05-11 | 2017-05-11 | Method and device for acquiring network security data |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107147645B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108038218A (en) * | 2017-12-22 | 2018-05-15 | 联想(北京)有限公司 | A kind of distributed reptile method, electronic equipment and server |
CN110069683A (en) * | 2017-09-18 | 2019-07-30 | 北京国双科技有限公司 | A kind of method and device crawling data based on browser |
CN111274574A (en) * | 2020-01-16 | 2020-06-12 | 恩亿科(北京)数据科技有限公司 | Webpage event anti-shaking method and device, server and computer readable storage medium |
US20210326240A1 (en) * | 2019-11-13 | 2021-10-21 | Google Llc | Framework For Providing Binary Release Isolation For Parts Of A Web Application |
CN115905660A (en) * | 2022-11-10 | 2023-04-04 | 广州似锦科技有限公司 | Network security data acquisition method, device, equipment and storage medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103268361A (en) * | 2013-06-07 | 2013-08-28 | 百度在线网络技术(北京)有限公司 | Extracting method, device and system of hidden URL (Uniform Resource Locator) in webpage |
CN103279710A (en) * | 2013-04-12 | 2013-09-04 | 深圳市易聆科信息技术有限公司 | Method and system for detecting malicious codes of Internet information system |
CN104881607A (en) * | 2015-05-21 | 2015-09-02 | 北京工业大学 | XSS vulnerability detection method based on simulating browser behavior |
CN104881608A (en) * | 2015-05-21 | 2015-09-02 | 北京工业大学 | XSS vulnerability detection method based on simulating browser behavior |
US20160191548A1 (en) * | 2008-05-07 | 2016-06-30 | Cyveillance, Inc. | Method and system for misuse detection |
CN105991554A (en) * | 2015-02-04 | 2016-10-05 | 阿里巴巴集团控股有限公司 | Vulnerability detection method and equipment |
-
2017
- 2017-05-11 CN CN201710328153.2A patent/CN107147645B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160191548A1 (en) * | 2008-05-07 | 2016-06-30 | Cyveillance, Inc. | Method and system for misuse detection |
CN103279710A (en) * | 2013-04-12 | 2013-09-04 | 深圳市易聆科信息技术有限公司 | Method and system for detecting malicious codes of Internet information system |
CN103268361A (en) * | 2013-06-07 | 2013-08-28 | 百度在线网络技术(北京)有限公司 | Extracting method, device and system of hidden URL (Uniform Resource Locator) in webpage |
CN105991554A (en) * | 2015-02-04 | 2016-10-05 | 阿里巴巴集团控股有限公司 | Vulnerability detection method and equipment |
CN104881607A (en) * | 2015-05-21 | 2015-09-02 | 北京工业大学 | XSS vulnerability detection method based on simulating browser behavior |
CN104881608A (en) * | 2015-05-21 | 2015-09-02 | 北京工业大学 | XSS vulnerability detection method based on simulating browser behavior |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110069683A (en) * | 2017-09-18 | 2019-07-30 | 北京国双科技有限公司 | A kind of method and device crawling data based on browser |
CN110069683B (en) * | 2017-09-18 | 2021-08-13 | 北京国双科技有限公司 | Method and device for crawling data based on browser |
CN108038218A (en) * | 2017-12-22 | 2018-05-15 | 联想(北京)有限公司 | A kind of distributed reptile method, electronic equipment and server |
US20210326240A1 (en) * | 2019-11-13 | 2021-10-21 | Google Llc | Framework For Providing Binary Release Isolation For Parts Of A Web Application |
US11748235B2 (en) * | 2019-11-13 | 2023-09-05 | Google Llc | Framework for providing binary release isolation for parts of a web application |
CN111274574A (en) * | 2020-01-16 | 2020-06-12 | 恩亿科(北京)数据科技有限公司 | Webpage event anti-shaking method and device, server and computer readable storage medium |
CN115905660A (en) * | 2022-11-10 | 2023-04-04 | 广州似锦科技有限公司 | Network security data acquisition method, device, equipment and storage medium |
CN115905660B (en) * | 2022-11-10 | 2023-10-24 | 广东三鼎智慧信息科技有限公司 | Network security data acquisition method, device, equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN107147645B (en) | 2020-05-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107147645A (en) | The acquisition methods and device of network security data | |
US10102306B2 (en) | Patching base document object model (DOM) with DOM-differentials to generate high fidelity replay of webpage user interactions | |
CN104461491B (en) | The operation method and system of a kind of Hybrid components | |
US20140282464A1 (en) | Systems and methods for intercepting, processing, and protecting user data through web application pattern detection | |
CN109376291B (en) | Website fingerprint information scanning method and device based on web crawler | |
US8869286B1 (en) | Systems and methods for analyzing client-side storage security for internet applications | |
CN106897347A (en) | A kind of web page display method, Action Events recording method and device | |
CN106126693A (en) | The sending method of the related data of a kind of webpage and device | |
Wu et al. | A countermeasure to SQL injection attack for cloud environment | |
US20180075003A1 (en) | Verifying content of resources in markup language documents | |
CN110209909A (en) | Data crawling method, device, computer equipment and storage medium | |
CN106886547A (en) | A kind of scenario generation method and device | |
CN110213105A (en) | It is a kind of cross-platform micro- using creation method | |
CN111309578A (en) | Method and device for identifying object | |
CN103377194A (en) | Method, device and browser for accelerating access to web pages | |
EP3863252A1 (en) | Advertisement anti-shielding method and device | |
CN104899217A (en) | Method and apparatus for implementing customized function | |
CN116569165A (en) | Page display method and device, storage medium and electronic equipment | |
US9436669B1 (en) | Systems and methods for interfacing with dynamic web forms | |
US8607201B2 (en) | Augmenting visualization of a call stack | |
EP4180951A1 (en) | Generating lossless static object models of dynamic webpages | |
US10346388B2 (en) | Performance and quality optimized architecture for cloud applications | |
Naseem et al. | Extending HTML5 local storage to save more data; efficiently and in more structured way | |
Ablahd et al. | Using flask for SQLIA detection and protection | |
US10268536B2 (en) | Secure debugging with an encrypted token |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |