CN107147645A - The acquisition methods and device of network security data - Google Patents

The acquisition methods and device of network security data Download PDF

Info

Publication number
CN107147645A
CN107147645A CN201710328153.2A CN201710328153A CN107147645A CN 107147645 A CN107147645 A CN 107147645A CN 201710328153 A CN201710328153 A CN 201710328153A CN 107147645 A CN107147645 A CN 107147645A
Authority
CN
China
Prior art keywords
event
web page
call function
current web
triggered
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710328153.2A
Other languages
Chinese (zh)
Other versions
CN107147645B (en
Inventor
林榆坚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING AISEC TECHNOLOGY Co Ltd
Original Assignee
BEIJING AISEC TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING AISEC TECHNOLOGY Co Ltd filed Critical BEIJING AISEC TECHNOLOGY Co Ltd
Priority to CN201710328153.2A priority Critical patent/CN107147645B/en
Publication of CN107147645A publication Critical patent/CN107147645A/en
Application granted granted Critical
Publication of CN107147645B publication Critical patent/CN107147645B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/308Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information retaining data, e.g. retaining successful, unsuccessful communication attempts, internet access, or e-mail, internet telephony, intercept related information or call content
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Abstract

The embodiments of the invention provide a kind of acquisition methods of network security data and device, wherein method includes:The corresponding call function of each event in current web page is obtained from default call function storehouse;According to the returned data of the call function, the event being triggered in current web page is determined;The corresponding content of pages of event being triggered described in obtaining;Content of pages according to corresponding to the event being triggered, obtains the network security related data in the current web page.The technical scheme of the embodiment of the present invention, can obtain the network security related data of the webpage created using Ajax modes, and then leak that may be present in current web page is analyzed, and reduce leak rate of failing to report, improve internet security.

Description

The acquisition methods and device of network security data
Technical field
The present embodiments relate to the acquisition methods and dress of network technique field, more particularly to a kind of network security data Put.
Background technology
Present the Internet, applications enter the Web2.0 epoch, and the performance of application end is increasingly enriched, for the property of front end page Also more and more higher can be required, to be supplied to the more natural viewing experience of user, many large-scale websites use asynchronous JavaScript and XML (Asychronous Javascript and XML, Ajax) loading technique loading page.
By Ajax Asynchronous loading technologies, JavaScript (clients can be used when user carries out the operation on webpage The script of end Web exploitations) and DHTML (Dynamic html, dynamic html) update the page immediately, and sent to server Asynchronous Request, is updated or inquiry database with performing.When asking to return, it is possible to use JavaScript and Cascading Style Sheet (Cascading Style Sheet, CSS) correspondingly updates the page, rather than refreshes full page.This means can be In the case of not reloading whole webpage, certain part of webpage is updated.So as to which some former servers are born Work marry again client, the disposal ability left unused beneficial to client is handled, and mitigates the burden of server and bandwidth so that Reach the space for saving ISP (Internet Service Provider, ISP) and bandwidth lease cost Purpose.
But, when Ajax Asynchronous loadings technology utilizes the JavaScript dynamic generation pages, the page does not have refresh process, because There is no new content of pages in this source code, when search engine analyzes source code using reptile, it is impossible to get new page Face content, so that search engine can not get network security related data, leads to not according to network security related data Leak analysis is carried out, leak rate of failing to report is added, internet security is relatively low.
The content of the invention
The embodiment of the present invention provides a kind of acquisition methods and device of network security data, can obtain using Ajax modes The network security related data of the webpage of establishment, and then leak that may be present in current web page is analyzed, reduce Lou Hole rate of failing to report, improves internet security.
The embodiment of the present invention provides a kind of acquisition methods of network security data, including:
The corresponding call function of each event in current web page is obtained from default call function storehouse;
According to the returned data of the call function, the event being triggered in current web page is determined;
The corresponding content of pages of event being triggered described in obtaining;
Content of pages according to corresponding to the event being triggered, the network security obtained in the current web page is related Data.
Further, in method described above, each event pair in current web page is obtained from default call function storehouse Before the call function answered, in addition to:
Obtain the source code of the current web page;
According to the source code of the current web page, the corresponding call function of each event in the current web page is determined.
Further, in method described above, according to the source code of the current web page, determine in the current web page The corresponding call function of each event, including:
Extract the corresponding data of each event in the source code;
Data corresponding to each event carry out dissection process, obtain the characteristic value of each event, the spy Value indicative carries the mark of the corresponding call function of each event;
According to the mark, the corresponding call function of each event is determined.
Further, in method described above, the corresponding content of pages of event being triggered described in acquisition, including:
Be triggered the corresponding HTML html text of event described in obtaining;
The html text is analyzed, the corresponding content of pages of event being triggered is obtained.
Further, in method described above, the network security data includes:
The link of network and/or the data source of network.
The embodiment of the present invention also provides a kind of acquisition device of network security data, including:
First acquisition module, for being obtained from default call function storehouse, each in current web page event is corresponding calls letter Number;
First determining module, for the returned data according to the call function, determines the thing being triggered in current web page Part;
Second acquisition module, for obtaining the corresponding content of pages of event being triggered, is triggered according to described Content of pages corresponding to event, obtains the network security related data in the current web page.
Further, device described above, in addition to the second determining module;
First acquisition module, is additionally operable to obtain the source code of the current web page;
Second determining module, for the source code according to the current web page, is determined every in the current web page The corresponding call function of individual event.
Further, in device described above, the second determining module, specifically for:
Extract the corresponding data of each event in the source code;
Data corresponding to each event carry out dissection process, obtain the characteristic value of each event, the spy Value indicative carries the mark of the corresponding call function of each event;
According to the mark, the corresponding call function of each event is determined.
Further, in device described above, second acquisition module, specifically for:
Be triggered the corresponding HTML html text of event described in obtaining;
The html text is analyzed, the corresponding content of pages of event being triggered is obtained.
Further, in device described above, the network security data includes:
The link of network and/or the data source of network.
The acquisition methods and device of the network security data of the embodiment of the present invention, by being obtained from default call function storehouse The corresponding call function of each event in current web page;According to the returned data of call function, determine to be triggered in current web page Event;Obtain the corresponding content of pages of event being triggered;Content of pages according to corresponding to the event being triggered, obtains and works as Network security related data in preceding webpage, realizes the network security related data of the webpage to being created using Ajax modes Crawl.The technical scheme of the embodiment of the present invention, can obtain the network security related data of the webpage created using Ajax modes, And then leak that may be present in current web page is analyzed, leak rate of failing to report is reduced, internet security is improved.
Brief description of the drawings
Accompanying drawing described herein is used for providing further understanding the embodiment of the present invention, constitutes the embodiment of the present invention A part, the schematic description and description of the embodiment of the present invention is used to explain the embodiment of the present invention, does not constitute to this hair The improper restriction of bright embodiment.In the accompanying drawings:
Fig. 1 is the flow chart of the acquisition methods embodiment one of the network security data of the embodiment of the present invention;
Fig. 2 is the flow chart of the acquisition methods embodiment two of the network security data of the embodiment of the present invention;
Fig. 3 is the structural representation of the acquisition device embodiment one of the network security data of the embodiment of the present invention;
Fig. 4 is the structural representation of the acquisition device embodiment two of the network security data of the embodiment of the present invention.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention Technical scheme of the embodiment of the present invention is clearly and completely described for specific embodiment and corresponding accompanying drawing.Obviously, it is described Embodiment is only a part of embodiment of the embodiment of the present invention, rather than whole embodiments.Based on the reality in the embodiment of the present invention Example is applied, the every other embodiment that those of ordinary skill in the art are obtained under the premise of creative work is not made all belongs to The scope protected in the embodiment of the present invention.
Below in conjunction with accompanying drawing, the technical scheme that each embodiment of the embodiment of the present invention is provided is described in detail.
Embodiment one
Fig. 1 is the flow chart of the acquisition methods embodiment one of the network security data of the embodiment of the present invention, as shown in figure 1, The acquisition methods of the network security data of the embodiment of the present invention, specifically may include steps of:
100th, the corresponding call function of each event in current web page is obtained from default call function storehouse.
During one implements, in the webpage created using Ajax modes, such as Web2.0 can have corresponding thing Part, to generate corresponding content of pages according to each event.
Due to the webpage created using Ajax modes, it can only go to obtain renewal in the case where not refreshing full page Partial content, causes after some events is performed, is, without new content of pages, to make reptile can not in the source code of webpage Learn that these events have been triggered, so that related pages content, in order to solve the above problems, the embodiment of the present invention can not be got In can pre-set a call function storehouse, each event is tied up with corresponding call function in default call function storehouse It is fixed, form the incidence relation of an event and call function.When a certain webpage is opened in user's request, according to the webpage, from default The corresponding call function of each event in the webpage is obtained in call function storehouse.
It should be noted that the current web page in the embodiment of the present invention can be understood as the net that active user's request is opened Page.
For example, corresponding event can include but not limit in the webpage created for Ajax modes, the embodiment of the present invention In:Based on the dynamic response under Ajax loading techniques, render Render, backflow Reflow, draw Painting and flow of event At least one of Event Flow, these events can artificially be made a reservation for by staff according to the data load mode of webpage Justice, can also be defined to existing webpage in advance.
101st, according to the returned data of the call function of acquisition, the event being triggered in current web page is determined.
During one implements, after webpage is opened, it is understood that there may be a variety of events, as created using Ajax modes , there is the event based on the dynamic response under Ajax loading techniques in webpage.The event can be triggered under some specific operations.Net Each event in page call function corresponding after being triggered can equally be triggered to return to corresponding data, for example, Each corresponding call function of event can return to logical value " 0 " or " 1 ", can also return character string type "Yes" or "No" Deng the embodiment of the present invention is not particularly limited.
Due to there are multiple events in current web page, but it is not that each event can be performed, thus it is each obtaining After the corresponding call function of event, the data that each call function is returned are different, and the embodiment of the present invention can be according to each The data that call function is returned, know which event is triggered, which event is not triggered, may thereby determine that in current web page The event being triggered.For example, when call function can return to logical value " 1 ", representing that its corresponding function has been triggered;Work as tune When can return to logical value " 0 " with function, represent that its corresponding function is not triggered.
102nd, the corresponding content of pages of event being triggered is obtained.
After a certain event is triggered, reptile can learn that the event is performed, and now reptile can capture and be triggered The corresponding content of pages of event.Such as:When rendering Render or drawing the generation of Painting events, the corresponding page in webpage Content, such as word, color, picture, also can and then change, now reptile can be captured corresponding to the event that these are triggered Content of pages.
103rd, the content of pages according to corresponding to the event being triggered, obtains the network security dependency number in current web page According to.
After the content of pages corresponding to the event being triggered is got, the content of pages of acquisition can be solved Analysis, so as to obtain the related source code of the content of pages, by the source code obtained from multiple events of being triggered and current web page Source code is combined, and can get source codes all in current page, and then obtain the network security phase in current web page Close data.
During one implements, also there are other links in current web page in addition to the connection of itself, and The data sources such as input username and password are needed, therefore, in order to obtain more fully network security data, the present invention is implemented Network security data in example, can include but is not limited to:The link of network and/or the data source of network.
The executive agent of the acquisition methods of the network security data of the embodiment of the present invention can obtaining for network security data Device is taken, the acquisition device of the network security data specifically can be by software come integrated, and such as network security data is obtained Device is taken to be specifically as follows an application, the present invention is to this without being particularly limited to.
The acquisition methods of the network security data of the embodiment of the present invention, by obtaining current net from default call function storehouse The corresponding call function of each event in page;According to the returned data of call function, the event being triggered in current web page is determined; Obtain the corresponding content of pages of event being triggered;Content of pages according to corresponding to the event being triggered, obtains current web page In network security related data, realize the crawl of the network security related data of the webpage to creating using Ajax modes. The technical scheme of the embodiment of the present invention, can obtain the network security related data of the webpage created using Ajax modes, and then Leak that may be present in current web page is analyzed, leak rate of failing to report is reduced, improves internet security.
Embodiment two
Fig. 2 is the flow chart of the acquisition methods embodiment two of the network security data of the embodiment of the present invention, as shown in Fig. 2 The acquisition methods of the network security data of the embodiment of the present invention are on the basis of embodiment illustrated in fig. 1, further in further detail Technical solution of the present invention is described.
As shown in Fig. 2 the acquisition methods of the network security data of the embodiment of the present invention, specifically may include steps of:
200th, the source code of current web page is obtained.
The embodiment of the present invention can by sandbox technology be applied to webpage protection in, for technology angle, be exactly from Original prevention suspect program is accessed system, is transformed into suspect program being redirected to finger to the access of disk, registration table etc. Determine under file, so as to eliminate the harm to system.
Any disk write operation that user is made by browser, all will be redirected to a specific temporary folder In.So, even if including viral, wooden horse in webpage, the rogue program such as advertisement after installing by force, also simply is installed into facing When file in, user terminal will not be caused harm.
Therefore, each webpage can be loaded into sandbox and be analyzed and processed before terminal is shown, the source generation of each webpage Code is the basis of each web page analysis, so each webpage is during sandbox is loaded into and is loaded into after sandbox, is required for obtaining Take the source code of each webpage.In the embodiment of the present invention, when user's current request opens a certain webpage, current web page can be obtained Source code.
201st, according to the source code of current web page, the corresponding call function of each event in current web page is determined.
During one implements, necessarily comprising one section of specific code in each call function, to identify the tune With function, the embodiment of the present invention can be referred to as characteristic value, therefore, after the source code of each webpage is got, Ke Yiti The corresponding data of each event in source code are taken, data corresponding to each event carry out dissection process, to obtain each thing The characteristic value of part, wherein, the characteristic value of acquisition carries the mark of the corresponding call function of each event;Getting each event Characteristic value after, the mark that can be carried according to characteristic value, it is determined that each corresponding call function of event.
202nd, the corresponding call function of each event in current web page is obtained from default call function storehouse.
The step is identical with step 100 realization mechanism in embodiment illustrated in fig. 1, and above-mentioned related record is refer in detail, It will not be repeated here.
203rd, according to the returned data of the call function of acquisition, the event being triggered in current web page is determined.
The step is identical with step 101 realization mechanism in embodiment illustrated in fig. 1, and above-mentioned related record is refer in detail, It will not be repeated here.
204th, the corresponding content of pages of event being triggered is obtained.
During one implements, after a certain event is triggered, corresponding HTML (Hyper is generated Text Markup Language, HTML) text.The corresponding content of pages of the event, such as word, face are carried in wherein HTML Color, picture etc., therefore, it is determined that after the event being triggered, the corresponding html text of the event of being triggered can be obtained, and it is right Html text is analyzed, the corresponding content of pages of the event being triggered.
205th, the content of pages according to corresponding to the event being triggered, obtains the network security dependency number in current web page According to.
The step is identical with step 103 realization mechanism in embodiment illustrated in fig. 1, and above-mentioned related record is refer in detail, It will not be repeated here.
The acquisition methods of the network security data of the embodiment of the present invention, can obtain the webpage that use Ajax modes are created Network security related data, and then leak that may be present in current web page is analyzed, leak rate of failing to report is reduced, is improved Internet security.
Embodiment three
Fig. 3 is the structural representation of the acquisition device embodiment one of the network security data of the embodiment of the present invention, such as Fig. 3 institutes Show, the acquisition device of the network security data of the embodiment of the present invention can include the first acquisition module 10, the first determining module 11 With the second acquisition module 12.
First acquisition module 10, for being obtained from default call function storehouse, each in current web page event is corresponding calls Function.
First determining module 11, for the returned data of the call function obtained according to the first acquisition module 10, it is determined that working as The event being triggered in preceding webpage.
Second acquisition module 12, for obtaining the corresponding content of pages of event being triggered, according to the event institute being triggered Corresponding content of pages, obtains the network security related data in current web page.
For example, in the embodiment of the present invention, network security data can include but is not limited to:The link of network and/or net The data source of network.
It should be appreciated that although in embodiments of the present invention acquisition module may be described using the grade of term first, second, But these acquisition modules should not necessarily be limited by these terms, these terms are only used for acquisition module being distinguished from each other out.Do not taking off for example In the case of from range of embodiment of the invention, the first acquisition module 10 can also be referred to as the second acquisition module 12, and similarly second Acquisition module 12 can also be referred to as the first acquisition module 10.
The acquisition device of the network security data of the embodiment of the present invention, realizes by using above-mentioned each module and obtains network peace The realization mechanism of total evidence is identical with the realization mechanism of above-mentioned embodiment illustrated in fig. 1, and implementation shown in above-mentioned Fig. 1 is may be referred in detail The record of example, will not be repeated here.
The acquisition device of the network security data of the embodiment of the present invention, can be from default call function by above-mentioned each module The corresponding call function of each event in current web page is obtained in storehouse;According to the returned data of call function, current web page is determined In the event that is triggered;Obtain the corresponding content of pages of event being triggered;In the page according to corresponding to the event being triggered Hold, obtain the network security related data in current web page, realize the network security of the webpage to being created using Ajax modes The crawl of related data.The technical scheme of the embodiment of the present invention, can obtain the network peace of the webpage created using Ajax modes Total correlation data, and then leak that may be present in current web page is analyzed, leak rate of failing to report is reduced, network is improved Security.
Example IV
Fig. 4 is the structural representation of the acquisition device embodiment two of the network security data of the embodiment of the present invention, such as Fig. 4 institutes Show, the acquisition device of the network security data of the embodiment of the present invention can also further be wrapped on the basis of embodiment illustrated in fig. 3 Include the second determining module 13.
During one implements, the first acquisition module 10 is additionally operable to obtain the source code of current web page;
Second determining module 13, for the source code according to current web page, determines each event correspondence in current web page Call function.
Specifically, the second determining module 13 can extract the corresponding data of each event in source code;To each event Corresponding data carry out dissection process, obtain the characteristic value of each event, and characteristic value carries the corresponding call function of each event Mark;According to mark, it is determined that the corresponding call function of each event.
Second acquisition module 12, specifically for:Acquisition is triggered the corresponding HTML html text of event;It is right Html text is analyzed, the corresponding content of pages of the event being triggered.
The acquisition device of the network security data of the embodiment of the present invention, realizes by using above-mentioned each module and obtains network peace The realization mechanism of total evidence is identical with the realization mechanism of above-mentioned embodiment illustrated in fig. 2, and implementation shown in above-mentioned Fig. 2 is may be referred in detail The record of example, will not be repeated here.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or computer program Product.Therefore, the present invention can be using the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware Apply the form of example.Moreover, the present invention can be used in one or more computers for wherein including computer usable program code The computer program production that usable storage medium is implemented on (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.) The form of product.
The present invention is the flow with reference to method according to embodiments of the present invention, equipment (system) and computer program product Figure and/or block diagram are described.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided The processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which is produced, to be included referring to Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that in meter Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, thus in computer or The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in individual square frame or multiple square frames.
In a typical configuration, computing device includes one or more processors (CPU), input/output interface, net Network interface and internal memory.
Internal memory potentially includes the volatile memory in computer-readable medium, random access memory (RAM) and/or The forms such as Nonvolatile memory, such as read-only storage (ROM) or flash memory (flash RAM).Internal memory is computer-readable medium Example.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method Or technology come realize information store.Information can be computer-readable instruction, data structure, the module of program or other data. The example of the storage medium of computer includes, but are not limited to phase transition internal memory (PRAM), static RAM (SRAM), moved State random access memory (DRAM), other kinds of random access memory (RAM), read-only storage (ROM), electric erasable Programmable read only memory (EEPROM), fast flash memory bank or other memory techniques, read-only optical disc read-only storage (CD-ROM), Digital versatile disc (DVD) or other optical storages, magnetic cassette tape, the storage of tape magnetic rigid disk or other magnetic storage apparatus Or any other non-transmission medium, the information that can be accessed by a computing device available for storage.Define, calculate according to herein Machine computer-readable recording medium does not include temporary computer readable media (transitory media), such as data-signal and carrier wave of modulation.
It should also be noted that, term " comprising ", "comprising" or its any other variant are intended to nonexcludability Comprising so that process, method, commodity or equipment including a series of key elements are not only including those key elements, but also wrap Include other key elements being not expressly set out, or also include for this process, method, commodity or equipment intrinsic want Element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that wanted including described Also there is other identical element in process, method, commodity or the equipment of element.
It will be understood by those skilled in the art that the embodiment of the embodiment of the present invention can be provided as method, system or computer journey Sequence product.Therefore, the embodiment of the present invention can be using complete hardware embodiment, complete software embodiment or with reference to software and hardware side The form of the embodiment in face.Moreover, the embodiment of the present invention can be used wherein includes computer available programs one or more Implement in the computer-usable storage medium (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.) of code The form of computer program product.
Embodiments herein is the foregoing is only, the application is not limited to.For those skilled in the art For, the application can have various modifications and variations.It is all any modifications made within spirit herein and principle, equivalent Replace, improve etc., it should be included within the scope of claims hereof.

Claims (10)

1. a kind of acquisition methods of network security data, it is characterised in that including:
The corresponding call function of each event in current web page is obtained from default call function storehouse;
According to the returned data of the call function, the event being triggered in current web page is determined;
The corresponding content of pages of event being triggered described in obtaining;
Content of pages according to corresponding to the event being triggered, obtains the network security dependency number in the current web page According to.
2. according to the method described in claim 1, it is characterised in that obtain each in current web page from default call function storehouse Before the corresponding call function of event, in addition to:
Obtain the source code of the current web page;
According to the source code of the current web page, the corresponding call function of each event in the current web page is determined.
3. method according to claim 2, it is characterised in that according to the source code of the current web page, it is determined that described work as The corresponding call function of each event in preceding webpage, including:
Extract the corresponding data of each event in the source code;
Data corresponding to each event carry out dissection process, obtain the characteristic value of each event, the characteristic value Carry the mark of the corresponding call function of each event;
According to the mark, the corresponding call function of each event is determined.
4. according to any described methods of claim 1-3, it is characterised in that the corresponding page of event being triggered described in obtaining Content, including:
Be triggered the corresponding HTML html text of event described in obtaining;
The html text is analyzed, the corresponding content of pages of event being triggered is obtained.
5. according to any described methods of claim 1-3, it is characterised in that the network security data includes:
The link of network and/or the data source of network.
6. a kind of acquisition device of network security data, it is characterised in that including:
First acquisition module, for obtaining the corresponding call function of each event in current web page from default call function storehouse;
First determining module, for the returned data according to the call function, determines the event being triggered in current web page;
Second acquisition module, for obtaining the corresponding content of pages of event being triggered, according to the event being triggered Corresponding content of pages, obtains the network security related data in the current web page.
7. device according to claim 6, it is characterised in that also including the second determining module;
First acquisition module, is additionally operable to obtain the source code of the current web page;
Second determining module, for the source code according to the current web page, determines each thing in the current web page The corresponding call function of part.
8. device according to claim 7, it is characterised in that the second determining module, specifically for:
Extract the corresponding data of each event in the source code;
Data corresponding to each event carry out dissection process, obtain the characteristic value of each event, the characteristic value Carry the mark of the corresponding call function of each event;
According to the mark, the corresponding call function of each event is determined.
9. according to any devices of claim 6-8, it is characterised in that second acquisition module, specifically for:
Be triggered the corresponding HTML html text of event described in obtaining;
The html text is analyzed, the corresponding content of pages of event being triggered is obtained.
10. according to any devices of claim 6-8, it is characterised in that the network security data includes:
The link of network and/or the data source of network.
CN201710328153.2A 2017-05-11 2017-05-11 Method and device for acquiring network security data Active CN107147645B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710328153.2A CN107147645B (en) 2017-05-11 2017-05-11 Method and device for acquiring network security data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710328153.2A CN107147645B (en) 2017-05-11 2017-05-11 Method and device for acquiring network security data

Publications (2)

Publication Number Publication Date
CN107147645A true CN107147645A (en) 2017-09-08
CN107147645B CN107147645B (en) 2020-05-05

Family

ID=59778514

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710328153.2A Active CN107147645B (en) 2017-05-11 2017-05-11 Method and device for acquiring network security data

Country Status (1)

Country Link
CN (1) CN107147645B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108038218A (en) * 2017-12-22 2018-05-15 联想(北京)有限公司 A kind of distributed reptile method, electronic equipment and server
CN110069683A (en) * 2017-09-18 2019-07-30 北京国双科技有限公司 A kind of method and device crawling data based on browser
CN111274574A (en) * 2020-01-16 2020-06-12 恩亿科(北京)数据科技有限公司 Webpage event anti-shaking method and device, server and computer readable storage medium
US20210326240A1 (en) * 2019-11-13 2021-10-21 Google Llc Framework For Providing Binary Release Isolation For Parts Of A Web Application
CN115905660A (en) * 2022-11-10 2023-04-04 广州似锦科技有限公司 Network security data acquisition method, device, equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103268361A (en) * 2013-06-07 2013-08-28 百度在线网络技术(北京)有限公司 Extracting method, device and system of hidden URL (Uniform Resource Locator) in webpage
CN103279710A (en) * 2013-04-12 2013-09-04 深圳市易聆科信息技术有限公司 Method and system for detecting malicious codes of Internet information system
CN104881607A (en) * 2015-05-21 2015-09-02 北京工业大学 XSS vulnerability detection method based on simulating browser behavior
CN104881608A (en) * 2015-05-21 2015-09-02 北京工业大学 XSS vulnerability detection method based on simulating browser behavior
US20160191548A1 (en) * 2008-05-07 2016-06-30 Cyveillance, Inc. Method and system for misuse detection
CN105991554A (en) * 2015-02-04 2016-10-05 阿里巴巴集团控股有限公司 Vulnerability detection method and equipment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160191548A1 (en) * 2008-05-07 2016-06-30 Cyveillance, Inc. Method and system for misuse detection
CN103279710A (en) * 2013-04-12 2013-09-04 深圳市易聆科信息技术有限公司 Method and system for detecting malicious codes of Internet information system
CN103268361A (en) * 2013-06-07 2013-08-28 百度在线网络技术(北京)有限公司 Extracting method, device and system of hidden URL (Uniform Resource Locator) in webpage
CN105991554A (en) * 2015-02-04 2016-10-05 阿里巴巴集团控股有限公司 Vulnerability detection method and equipment
CN104881607A (en) * 2015-05-21 2015-09-02 北京工业大学 XSS vulnerability detection method based on simulating browser behavior
CN104881608A (en) * 2015-05-21 2015-09-02 北京工业大学 XSS vulnerability detection method based on simulating browser behavior

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110069683A (en) * 2017-09-18 2019-07-30 北京国双科技有限公司 A kind of method and device crawling data based on browser
CN110069683B (en) * 2017-09-18 2021-08-13 北京国双科技有限公司 Method and device for crawling data based on browser
CN108038218A (en) * 2017-12-22 2018-05-15 联想(北京)有限公司 A kind of distributed reptile method, electronic equipment and server
US20210326240A1 (en) * 2019-11-13 2021-10-21 Google Llc Framework For Providing Binary Release Isolation For Parts Of A Web Application
US11748235B2 (en) * 2019-11-13 2023-09-05 Google Llc Framework for providing binary release isolation for parts of a web application
CN111274574A (en) * 2020-01-16 2020-06-12 恩亿科(北京)数据科技有限公司 Webpage event anti-shaking method and device, server and computer readable storage medium
CN115905660A (en) * 2022-11-10 2023-04-04 广州似锦科技有限公司 Network security data acquisition method, device, equipment and storage medium
CN115905660B (en) * 2022-11-10 2023-10-24 广东三鼎智慧信息科技有限公司 Network security data acquisition method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN107147645B (en) 2020-05-05

Similar Documents

Publication Publication Date Title
CN107147645A (en) The acquisition methods and device of network security data
US10102306B2 (en) Patching base document object model (DOM) with DOM-differentials to generate high fidelity replay of webpage user interactions
CN104461491B (en) The operation method and system of a kind of Hybrid components
US20140282464A1 (en) Systems and methods for intercepting, processing, and protecting user data through web application pattern detection
CN109376291B (en) Website fingerprint information scanning method and device based on web crawler
US8869286B1 (en) Systems and methods for analyzing client-side storage security for internet applications
CN106897347A (en) A kind of web page display method, Action Events recording method and device
CN106126693A (en) The sending method of the related data of a kind of webpage and device
Wu et al. A countermeasure to SQL injection attack for cloud environment
US20180075003A1 (en) Verifying content of resources in markup language documents
CN110209909A (en) Data crawling method, device, computer equipment and storage medium
CN106886547A (en) A kind of scenario generation method and device
CN110213105A (en) It is a kind of cross-platform micro- using creation method
CN111309578A (en) Method and device for identifying object
CN103377194A (en) Method, device and browser for accelerating access to web pages
EP3863252A1 (en) Advertisement anti-shielding method and device
CN104899217A (en) Method and apparatus for implementing customized function
CN116569165A (en) Page display method and device, storage medium and electronic equipment
US9436669B1 (en) Systems and methods for interfacing with dynamic web forms
US8607201B2 (en) Augmenting visualization of a call stack
EP4180951A1 (en) Generating lossless static object models of dynamic webpages
US10346388B2 (en) Performance and quality optimized architecture for cloud applications
Naseem et al. Extending HTML5 local storage to save more data; efficiently and in more structured way
Ablahd et al. Using flask for SQLIA detection and protection
US10268536B2 (en) Secure debugging with an encrypted token

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant