CN107277025A - A kind of Secure Network Assecc method, mobile terminal and computer-readable recording medium - Google Patents

A kind of Secure Network Assecc method, mobile terminal and computer-readable recording medium Download PDF

Info

Publication number
CN107277025A
CN107277025A CN201710512304.XA CN201710512304A CN107277025A CN 107277025 A CN107277025 A CN 107277025A CN 201710512304 A CN201710512304 A CN 201710512304A CN 107277025 A CN107277025 A CN 107277025A
Authority
CN
China
Prior art keywords
address
domain name
target
request
mobile terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710512304.XA
Other languages
Chinese (zh)
Inventor
陈祥
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Vivo Mobile Communication Co Ltd
Original Assignee
Vivo Mobile Communication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Vivo Mobile Communication Co Ltd filed Critical Vivo Mobile Communication Co Ltd
Priority to CN201710512304.XA priority Critical patent/CN107277025A/en
Publication of CN107277025A publication Critical patent/CN107277025A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiments of the invention provide a kind of Secure Network Assecc method, mobile terminal and computer-readable recording medium, methods described includes:The server connection request that user sends is received, and determines the corresponding domain name of server to be connected;Request name server is parsed to domain name, obtains at least one corresponding IP address of domain name;Positional information based on mobile terminal, the corresponding IP address of selection optimum link is used as target ip address;When target ip address is with positional information corresponding IP address matching under domain name of historical storage, data cube computation passage is set up based on target ip address and server to be connected;When sending access request by data cube computation passage, the authenticity to access request judges, intercepts false access request.By Secure Network Assecc scheme provided in an embodiment of the present invention, it not only can guarantee that the reliability of request recipient but also can guarantee that the authenticity of transmitted access request, therefore ensure that the security for subscriber network access.

Description

A kind of Secure Network Assecc method, mobile terminal and computer-readable recording medium
Technical field
The present invention relates to communication technical field, more particularly to a kind of Secure Network Assecc method, mobile terminal and calculating Machine readable storage medium storing program for executing.
Background technology
Network attack with it is anti-be all the time internet industry long talk a problem, be also to promote internet security flourishing The power of development.Along with O2O, smart cloud, big data, cloud terminal, net networking+etc. new industrial chain emergence, information security A new height has been mentioned again.In recent years, be no lack of there is criminal to be intercepted by individual privacy information, internet worm plant Enter, the profiteering user profile of means malice such as network fraud or swindle, therefore how effectively to be visited by network security Ask, to protect the problem that individual privacy information is current general concern.
Depend at present after data waiting for transmission are encrypted and transmit to protect individual privacy information.This kind of mode In, although transmitted in a network after data encryption, but can not ensure that the data of encryption will not be by third party during transmission Interception is decrypted.Specifically, network hacker can be connected to same wifi by some approach and user, in LAN Multiple transmitting messages of user are obtained by sniffer packet capturing, conventional AES are compared and iteratively faster and then solution outgoing packet Content, destination information of being forged after message content is released more very allows user to access some illegal websites.It can be seen that, prior art Individual subscriber privacy information can not be protected effectively by being controlled to Secure Network Assecc.
The content of the invention
The embodiment of the present invention provides a kind of Secure Network Assecc method, mobile terminal and computer-readable recording medium, with The problem of solving effectively not protecting individual subscriber privacy information present in prior art.
According to one aspect of the present invention, there is provided a kind of Secure Network Assecc method, applied to mobile terminal, the side Method includes:The server connection request that user sends is received, and determines the corresponding domain name of server to be connected;Ask domain name service Device is parsed to domain name, obtains at least one corresponding IP address of domain name, one link of each IP address correspondence; Based on the positional information of the mobile terminal, the corresponding IP address of selection optimum link is used as target ip address;When the target The positional information of IP address and historical storage is when corresponding IP address is matched under domain name, based on the Target IP Data cube computation passage is set up in location with server to be connected;When sending access request by the data cube computation passage, to described The authenticity of access request is judged, and intercepts false access request.
According to another aspect of the present invention there is provided a kind of mobile terminal, including:Receiving module, for receiving user's hair The server connection request sent, and determine the corresponding domain name of server to be connected;Request module, for asking name server pair Domain name is parsed, and obtains at least one corresponding IP address of domain name, one link of each IP address correspondence;Selection Module, for the positional information based on the mobile terminal, the corresponding IP address of selection optimum link is used as target ip address;It is logical Module is set up in road, for the positional information when the target ip address and historical storage under domain name corresponding IP When location is matched, data cube computation passage is set up based on the target ip address and server to be connected;Determination module, for passing through When the data cube computation passage sends access request, the authenticity to the access request judges, and intercepts false access Request.
According to another aspect of the invention there is provided a kind of mobile terminal, including:Memory, processor and it is stored in institute The Secure Network Assecc program that can be run on memory and on the processor is stated, the Secure Network Assecc program is described The step of any one Secure Network Assecc method described in the embodiment of the present invention is realized during computing device.
In accordance with a further aspect of the present invention there is provided a kind of computer-readable recording medium, the computer-readable storage Be stored with Secure Network Assecc program on medium, realizes that the present invention is implemented when the Secure Network Assecc program is executed by processor Example described in any one Secure Network Assecc method the step of.
Compared with prior art, the present invention has advantages below:
Secure Network Assecc method and mobile terminal that the present invention is provided, on the one hand, receiving server connection request When, the target ip address that name server is parsed IP address progress corresponding with the current location information of historical storage Match somebody with somebody, if the two is matched, it is determined that target ip address is the malicious IP addresses of known address and genuine, corresponding with target ip address Server set up the reliability that data cube computation passage ensure that request recipient.On the other hand, mobile terminal takes with purpose When being engaged between device by data cube computation passage transmission access request, the authenticity to access request judges, and intercepts falseness Access request, can avoid the corresponding message of access request from being forced user to access malice net after illegal distort in transmitting procedure Location.It can be seen that, the Secure Network Assecc scheme provided in the embodiment of the present invention not only can guarantee that the reliability but also energy of request recipient Ensure the authenticity of transmitted access request, therefore ensure that the security for subscriber network access lifts the use body of user Test.
Described above is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention, And can be practiced according to the content of specification, and in order to allow above and other objects of the present invention, feature and advantage can Become apparent, below especially exemplified by the embodiment of the present invention.
Brief description of the drawings
By reading the detailed description of hereafter preferred embodiment, various advantages and benefit are for ordinary skill people Member will be clear understanding.Accompanying drawing is only used for showing preferred embodiment, and is not considered as limitation of the present invention.And In whole accompanying drawing, identical part is denoted by the same reference numerals.In the accompanying drawings:
Fig. 1 is the step flow chart of a kind of according to embodiments of the present invention one Secure Network Assecc method;
Fig. 2 is the step flow chart of a kind of according to embodiments of the present invention two Secure Network Assecc method;
Fig. 3 is a kind of structured flowchart of according to embodiments of the present invention three mobile terminal;
Fig. 4 is a kind of structured flowchart of according to embodiments of the present invention four mobile terminal;
Fig. 5 is a kind of structured flowchart of according to embodiments of the present invention five mobile terminal;
Fig. 6 is a kind of structured flowchart of according to embodiments of the present invention six mobile terminal.
Embodiment
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although showing the disclosure in accompanying drawing Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here Limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure Complete conveys to those skilled in the art.
Embodiment one
Reference picture 1, shows a kind of step flow chart of Secure Network Assecc method of the embodiment of the present invention one.
The Secure Network Assecc method of the embodiment of the present invention comprises the following steps:
Step 101:The server connection request that user sends is received, and determines the corresponding domain name of server to be connected.
When user asks a page presentation, an access or a certification to log in such short connection or request one Duan Yuyin, when attempting a voice call or the isometric connection of a Video chat, it is required to send to respective server and connects Request is connect, after data cube computation passage is set up with server, the access knot that access request, the reception server are returned can be just sent Really.
Connection request is generally website links such as " http://www.163.com/ " by website links be can determine that it is required The domain name of the server of connection.
Step 102:Request name server is parsed to domain name, obtains at least one corresponding IP address of domain name.
Name server survey be stored with the mobile terminal in different geographic regions, history access the clothes that the domain name is connected The IP address of business device.
For example:Mobile terminal once accessed the server of 163 websites in tri- cities of A, B and C, due to 163 websites Maintenance depends not only upon a server, therefore the destination server finally connected when each city accesses 163 website is not Together, corresponding three IP address of 163 website domain names that therefore may be stored with the terminal.
Step 103:Positional information based on mobile terminal, the corresponding IP address of selection optimum link is as Target IP Location.
The positional information of mobile terminal can be the location information of mobile terminal, or mobile terminal is current connected The positional information of router.
One link of each IP address correspondence.In link selection, only it can be determined most by location information of mobile terminal Excellent link;Can also the positional information based on mobile terminal, the bandwidth of each link, handling capacity etc. determine optimum link.
Positional information selection link based on mobile terminal, the corresponding server of selected outgoing link apart from mobile terminal most Closely, therefore efficiency of transmission subsequently can be lifted in data transfer.
Step 104:When target ip address is with positional information corresponding IP address matching under domain name of historical storage, base Data cube computation passage is set up in target ip address and server to be connected.
Target ip address is server ip address, when the two is matched, then can determine that target ip address is known IP address, Therefore can determine that the corresponding server of the target ip address is reliable request recipient.
If the two is mismatched, it is determined that the server that history was once connected may have occurred address transitions, or because by the Tripartite distorts LDNS cache contents, distorts the domain that Authorized Domain content, ARP deception abduction Authorized Domain, light splitting abduction etc. cause to ask It is illegal that name address becomes.
Step 105:When sending access request by data cube computation passage, the authenticity to access request judges, And intercept false access request.
When the authenticity to access judges, by way of polling request message or fuzzy matching can be passed through The form of request message, filters out spurious requests message.Spurious requests message can log in for ad-request message, fishing website Message, IP address attack message etc., thus reach automatic fitration advertisement, fishing website, maliciously redirect, IP address attack mesh 's.
Secure Network Assecc method provided in an embodiment of the present invention, on the one hand, when receiving server connection request, will The target ip address that name server is parsed IP address corresponding with the current location information of historical storage is matched, if two Person matches, it is determined that target ip address is the malicious IP addresses of known address and genuine, service corresponding with target ip address Device sets up the reliability that data cube computation passage ensure that request recipient.On the other hand, mobile terminal and destination server it Between when sending access request by data cube computation passage, the authenticity to access request judges, and intercepts false access and ask Ask, the corresponding message of access request can be avoided to be forced user to access malice network address after illegal distort in transmitting procedure.Can See that the Secure Network Assecc scheme provided in the embodiment of the present invention not only can guarantee that the reliability of request recipient but also can guarantee that institute The authenticity of access request is sent, therefore ensure that the security for subscriber network access lifts the usage experience of user.
Embodiment two
Reference picture 2, shows a kind of step flow chart of Secure Network Assecc method of the embodiment of the present invention two.
Illustrated in the embodiment of the present invention so that mobile terminal accesses the corresponding server of certain domain name first as an example, the present invention The Secure Network Assecc method of embodiment specifically includes following steps:
Step 201:The server connection request that user sends is received, and determines the corresponding domain name of server to be connected.
One domain name of each connection request correspondence, and a domain name may correspond to multiple servers, therefore please by connection Seek the domain name for the server that can determine that required connection.Wherein connection request can be that long connection request can also be that short connection please Ask, be typically that after certain application program is opened, server connection is initiated in the application program in user during implementing Request.
A kind of preferred mode be after connection request is received, judge initiation the connection request application program whether be Limited applications program, if then directly intercepting this connection request.Operating system in mobile terminal is provided with Linux bottoms One of fire wall, the connection request of limited applications program can be intercepted by the fire wall.Simultaneously untethered should for current connection request During with connection request transmitted by program, the connection request that can just let pass performs subsequent operation.
It should be noted that the selection of the different then limited applications programs of use demand is also different, therefore limited applications program It can be according to the actual requirements configured, this is not particularly limited by those skilled in the art in the embodiment of the present invention.For example: It is to avoid flow from expending excessively to set fire wall purpose, therefore limited applications program could be arranged to the related application of video playback Program.
Step 202:Request name server is parsed to domain name, obtains at least one corresponding IP address of domain name.
Name server determines the IP address of each name server by the domain name lookup name server.Each IP Address one link of correspondence, because IP address is different therefore the terminal of each link is different.
Step 203:Positional information based on mobile terminal, the corresponding IP address of selection optimum link is as Target IP Location.
Select optimum link when, can only in accordance with mobile terminal positional information, can also the position based on mobile terminal Confidence breath, the bandwidth of each link and handling capacity determine optimum link.
Step 204:Judge that the corresponding IP address under the domain name is target ip address with the positional information of historical storage No matching;If mismatching, step 205 is performed;If matching, step 208 is directly performed.
If mobile terminal is accesses the domain name first, due to not storing the positional information during historical operation in the domain name Under corresponding IP address, therefore target ip address without matching object, therefore matching result for mismatch.
If there is the positional information during not accessing in the position domain name, therefore historical operation first in mobile terminal The corresponding IP address under the domain name, therefore need the two being compared, determines matching if the two is identical, on the contrary then determine two Person mismatches.
Either mobile terminal accesses the Target IP that the IP address of the domain name or historical storage is resolved to this first Address is differed, then is required to perform IP address detection mechanism, it is ensured that the corresponding IP of domain name that name server request is returned The legitimacy of location.The idiographic flow of IP address detection is as shown in step 205 to step 207.
This be due to mobile terminal to name server ask domain name mapping when, LDNS may be distorted by third party and is delayed Deposit content, distort Authorized Domain content, ARP deception kidnap Authorized Domain, light splitting kidnap etc. cause request domain name become it is illegal, therefore IP address detection is carried out in order to solve the problem.
Step 205:Send the request of nslookup to name server by different routers respectively, obtain domain name service Each IP address that device is returned.
Because the IP of domain name is usually changeless, based on this principle when carrying out IP address detection, by multiple The mode of route handoff, nslookup obtains the IP address of name server return.
Step 206:Judge each IP address whether all same;If so, performing step 207;Step is performed if it is not, then returning 205。
If obtained each IP address all same, just it is stored in domain name is corresponding with resulting IP address in database; If obtained each IP address has difference, Domain Hijacking phenomenon is there may be when illustrating by the switching of some router, is needed IP address detection is carried out again, until each IP address all same finally detected.
Step 207:By identical, the IP address is defined as target ip address, and stores target ip address, domain name and shifting Corresponding relation between the positional information of dynamic terminal;Then step 208 is performed.
Corresponding relation between the three of this storage, when next mobile terminal accesses the domain name in the position, you can The IP address that history is accessed is determined by the corresponding relation, the IP address that history is accessed is used as the target for judging to determine next time The whether reliable judgment basis of IP address.
Step 208:Data cube computation passage is set up based on target ip address and server to be connected.
After on the move and server sets up data cube computation passage, access request can be sent to server, clothes are received The access result that business device is returned.
Step 209:When sending access request by data cube computation passage, the authenticity to access request judges, And intercept false access request.
In the embodiment of the present invention, in order to avoid the corresponding message of access request is forced in transmitting procedure after illegal distort User accesses malice network address, the true row of access request is judged, and intercept false access request.Wherein, it is real to visit It is the request that user truly needs to ask request, and false access request is illegally is added the request distorted, for example:Access and fish The request at fishnet station, the request for obtaining advertising message, request of IP address attack etc..
When the authenticity to access request judges, can send access request when by way of poll or Whether the access request that the mode of fuzzy matching distinguishes transmitted is true.
Whether real the access request mode that a kind of mode preferably through poll distinguishes transmitted be as follows:
First, poll intercepts the request message sent to Target IP;
Access request is transmitted in the form of request message, it is therefore desirable to intercept the request message that is sent to Target IP and to please The attribute of message is asked to be judged.
Secondly, for each request message, the attribute of request message is determined, and judges whether attribute is black in preset attribute In list;
Wherein, the attribute of various malicious requests messages is previously stored with attribute blacklist, fishing website request message Attribute, the attribute of ad-request message, attribute of IP address query-attack message etc..
Finally, if then determining that request message is spurious requests message, and spurious requests message is intercepted.
Whether real the access request mode that a kind of mode preferably through fuzzy matching distinguishes transmitted be as follows:
First, the whole request messages sent to Target IP are intercepted;
Secondly, the otherness between each request message is compared;
Finally, spurious requests message is gone out based on otherness fuzzy matching, and intercepts spurious requests message.
Step 210:After this connection is terminated, record this and connect corresponding domain name, target ip address and user's visit Ask custom parameter.
Wherein, user's access habits parameter includes:The position of period and mobile terminal belonging to connection duration, connection Information.
Step 211:The correspondence pass of user's access habits parameter, domain name and the target ip address recorded based on history System, is that user recommends different access links in different periods.
The user's access habits parameter recorded by history, it may be determined that user each place, in each period, visited The frequency for each domain name asked, so as to further determine that the access habits of user.
For example:The user's access habits parameter recorded by history can be analyzed, user morning 8 points to 9 points warps Taobao website is asked in frequentation, is linked when to 8 points of access for then recommending Taobao website to user in morning, user can be according to actual need Ask and choose whether to access the link.
It should be noted that step 210 and step 211 are optional step, it can not also be held during implementing The two steps of row, recommend to access link to user.
Secure Network Assecc method provided in an embodiment of the present invention, except with the Secure Network Assecc shown in embodiment one Outside method has the advantage that, also terminate postscript in each connection and employ family access habits, habit is accessed based on user's history It is used to recommend to access link for user, the usage experience of user can be lifted by being easy to user to access.
Embodiment three
Reference picture 3, shows a kind of structured flowchart of mobile terminal of the embodiment of the present invention three.
The mobile terminal of the embodiment of the present invention includes:Receiving module 301, the server connection for receiving user's transmission please Ask, and determine the corresponding domain name of server to be connected;Request module 302, for asking name server to carry out domain name Parsing, obtains at least one corresponding IP address of domain name, one link of each IP address correspondence;Selecting module 303, is used for Based on the positional information of the mobile terminal, the corresponding IP address of selection optimum link is used as target ip address;Path Setup mould Block 304, for the positional information when the target ip address and historical storage under domain name corresponding IP address Timing, data cube computation passage is set up based on the target ip address and server to be connected;Determination module 305, for passing through When the data cube computation passage sends access request, the authenticity to the access request judges, and intercepts false access Request.
Mobile terminal provided in an embodiment of the present invention, on the one hand, when receiving server connection request, by domain name service The target ip address that device is parsed IP address corresponding with the current location information of historical storage is matched, if the two is matched, The malicious IP addresses that target ip address is known address and genuine are then determined, server corresponding with target ip address sets up number The reliability of request recipient is ensure that according to interface channel.On the other hand, number is passed through between mobile terminal and destination server When sending access request according to interface channel, the authenticity to access request judges, and intercepts false access request, can keep away Exempt from the corresponding message of access request is forced user to access malice network address in transmitting procedure after illegal distort.It can be seen that, the present invention The mobile terminal provided in embodiment to server send connection request when, not only can guarantee that request recipient reliability but also The authenticity of transmitted access request is can guarantee that, therefore ensure that the security for subscriber network access lifts the use body of user Test.
Example IV
Reference picture 4, shows a kind of structured flowchart of mobile terminal of the embodiment of the present invention four.
The mobile terminal of the embodiment of the present invention is the further optimization to the mobile terminal in embodiment three, the shifting after optimization Dynamic terminal includes:Receiving module 401, for receiving the server connection request of user's transmission, and determines server pair to be connected The domain name answered;Request module 402, for asking name server to parse domain name, obtains domain name corresponding At least one IP address, one link of each IP address correspondence;Selecting module 403, for the position based on the mobile terminal Information, the corresponding IP address of selection optimum link is used as target ip address;Path setup module 404, for when the Target IP The positional information of address and historical storage is when corresponding IP address is matched under domain name, based on the target ip address Data cube computation passage is set up with server to be connected;Determination module 405, for sending access by the data cube computation passage During request, the authenticity to the access request judges, and intercepts false access request.
Preferably, the mobile terminal also includes:Router handover module 406, for when the target ip address is with going through The positional information of history storage is when corresponding IP address is mismatched under domain name, respectively by different routers to described Name server sends the request of inquiry domain name, obtains each IP address of name server return;Address judgment module 407, for judge each IP address whether all same;Performing module 408, if the judgement knot for the address judgment module Fruit is yes, then IP address described in identical is defined as into target ip address, and store the target ip address, domain name and Corresponding relation between the positional information of the mobile terminal, and call the execution path setup module;If the address is sentenced The judged result of disconnected module is no, then returns and perform the router handover module.
Preferably, the determination module 405 includes:First interception submodule, intercepts for poll and is sent out to the Target IP The request message sent;Attribute decision sub-module, for for each request message, determining the attribute of the request message, and sentences Whether the attribute that breaks is in preset attribute blacklist;If, it is determined that the request message is spurious requests message, and is blocked Cut the spurious requests message.
Preferably, the determination module 405 includes:Second interception submodule, for intercepting what is sent to the Target IP Whole request messages;Submodule is compared, for comparing the otherness between each request message;Based on the otherness fuzzy matching Go out spurious requests message, and intercept the spurious requests message.
Preferably, the mobile terminal also includes:Logging modle 409, for intercepting false visit in the determination module 405 Ask after asking, after this connection is terminated, record this and connect corresponding domain name, target ip address and user's access habits ginseng Number, wherein user's access habits parameter includes:The position letter of period and the mobile terminal belonging to connection duration, connection Breath.
Preferably, the mobile terminal also includes:Recommending module 410, the user for being recorded based on history, which is accessed, to practise The corresponding relation of used parameter, domain name and target ip address, is that user recommends different access links in different periods.
The mobile terminal of the embodiment of the present invention is used to realize that corresponding network security to be visited in previous embodiment one, embodiment two Method is asked, and with beneficial effect corresponding with embodiment of the method, be will not be repeated here.
Embodiment five
Reference picture 5, shows a kind of structured flowchart of mobile terminal of the embodiment of the present invention five.
The mobile terminal 700 of the embodiment of the present invention includes:At least one processor 701, memory 702, at least one net Network interface 704 and other users interface 703.Each component in mobile terminal 700 is coupled by bus system 705. It is understood that bus system 705 is used to realize the connection communication between these components.Bus system 705 except include data/address bus it Outside, in addition to power bus, controlling bus and status signal bus in addition.But for the sake of clear explanation, in Figure 5 will be various total Line is all designated as bus system 705.
Wherein, user interface 703 can include display, keyboard or pointing device (for example, mouse, trace ball (track ball), touch-sensitive plate or touch-screen etc..
It is appreciated that the memory 702 in the embodiment of the present invention can be volatile memory or nonvolatile memory, Or may include both volatibility and nonvolatile memory.Wherein, nonvolatile memory can be read-only storage (Read- Only Memory, ROM), programmable read only memory (Programmable ROM, PROM), the read-only storage of erasable programmable Device (Erasable PROM, EPROM), Electrically Erasable Read Only Memory (Electrically EPROM, EEPROM) or Flash memory.Volatile memory can be random access memory (Random Access Memory, RAM), and it is used as outside high Speed caching.By exemplary but be not restricted explanation, the RAM of many forms can use, such as static RAM (Static RAM, SRAM), dynamic random access memory (Dynamic RAM, DRAM), Synchronous Dynamic Random Access Memory (Synchronous DRAM, SDRAM), double data speed synchronous dynamic RAM (Double DataRate SDRAM, DDRSDRAM), enhanced Synchronous Dynamic Random Access Memory (Enhanced SDRAM, ESDRAM), synchronized links Dynamic random access memory (Synchlink DRAM, SLDRAM) and direct rambus random access memory (Direct Ram bus RAM, DRRAM).The embodiment of the present invention description system and method memory 702 be intended to including but not limited to this The memory of a little and any other suitable type.
In some embodiments, memory 702 stores following element, can perform module or data structure, or Their subset of person, or their superset:Operating system 7021 and application program 7022.
Wherein, operating system 7021, comprising various system programs, such as ccf layer, core library layer, driving layer, are used for Realize various basic businesses and handle hardware based task.Application program 7022, includes various application programs, such as media Player (Media Player), browser (Browser) etc., for realizing various applied business.Realize the embodiment of the present invention The program of method may be embodied in application program 7022.
In embodiments of the present invention, by calling program or the instruction of the storage of memory 702, specifically, can be application The program stored in program 7022 or instruction, processor 701 are used for the server connection request for receiving user's transmission, and determine to treat The corresponding domain name of connection server;Request name server is parsed to domain name, obtains domain name corresponding at least One IP address, one link of each IP address correspondence;Based on the positional information of the mobile terminal, selection optimum link correspondence IP address be used as target ip address;When the target ip address and historical storage the positional information under domain name it is right During the IP address matching answered, data cube computation passage is set up based on the target ip address and server to be connected;By described When data cube computation passage sends access request, the authenticity to the access request judges, and intercepts false access request.
The method that the embodiments of the present invention are disclosed can apply in processor 701, or be realized by processor 701. Processor 701 is probably a kind of IC chip, the disposal ability with signal.In implementation process, the above method it is each Step can be completed by the integrated logic circuit of the hardware in processor 701 or the instruction of software form.Above-mentioned processing Device 701 can be general processor, digital signal processor (Digital Signal Processor, DSP), special integrated electricity Road (Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field Programmable Gate Array, FPGA) or other PLDs, discrete gate or transistor logic, Discrete hardware components.It can realize or perform disclosed each method, step and the logic diagram in the embodiment of the present invention.It is general Processor can be microprocessor or the processor can also be any conventional processor etc..With reference to institute of the embodiment of the present invention The step of disclosed method, can be embodied directly in hardware decoding processor and perform completion, or with the hardware in decoding processor And software module combination performs completion.Software module can be located at random access memory, and flash memory, read-only storage may be programmed read-only In the ripe storage medium in this area such as memory or electrically erasable programmable memory, register.The storage medium is located at Memory 702, processor 701 reads the information in memory 702, the step of completing the above method with reference to its hardware.
It is understood that embodiments described herein can with hardware, software, firmware, middleware, microcode or its Combine to realize.Realized for hardware, processing unit can be realized in one or more application specific integrated circuit (Application Specific Integrated Circuits, ASIC), digital signal processor (Digital Signal Processing, DSP), digital signal processing appts (DSP Device, DSPD), programmable logic device (Programmable Logic Device, PLD), field programmable gate array (Field-Programmable Gate Array, FPGA), general processor, In controller, microcontroller, microprocessor, other electronic units for performing herein described function or its combination.
Realized for software, can be by performing the module of function described in the embodiment of the present invention (such as process, function) To realize the technology described in the embodiment of the present invention.Software code is storable in memory and by computing device.Storage Device can be realized within a processor or outside processor.
Alternatively, processor 701 is additionally operable to:When the positional information of the target ip address and historical storage is described When corresponding IP address is mismatched under domain name, inquiry domain name is sent to domain name server by different routers respectively Request, obtain name server return each IP address;Judge each IP address whether all same;If so, then will be identical The IP address be defined as target ip address, and store the target ip address, domain name and the mobile terminal Corresponding relation between positional information, performs and described set up data cube computation based on the target ip address and server to be connected and lead to The step of road;The domain is inquired about if it is not, then returning and performing described sent respectively by different routers to domain name server The step of request of name.
Alternatively, the authenticity of 701 pairs of access requests of processor judges, and when intercepting false access request, Specifically for:Poll intercepts the request message sent to the Target IP;For each request message, the request message is determined Attribute, and judge the attribute whether be in preset attribute blacklist in;If, it is determined that the request message is asked to be false Message is sought, and intercepts the spurious requests message.
Alternatively, the authenticity of 701 pairs of access requests of processor judges, and when intercepting false access request, Specifically for:Intercept the whole request messages sent to the Target IP;Compare the otherness between each request message;Based on institute State otherness fuzzy matching and go out spurious requests message, and intercept the spurious requests message.
Alternatively, processor 701 is additionally operable to after the false access of interception is asked:After this connection is terminated, this is recorded Corresponding domain name, target ip address and user's access habits parameter are connected, wherein user's access habits parameter includes:During connection The positional information of period and the mobile terminal belonging to long, connection.
Alternatively, processor 701 is additionally operable to:User's access habits parameter, domain name and the target recorded based on history The corresponding relation of IP address, is that user recommends different access links in different periods.
Mobile terminal 700 can realize each process that mobile terminal is realized in previous embodiment, to avoid repeating, here Repeat no more.
Mobile terminal provided in an embodiment of the present invention, on the one hand, when receiving server connection request, by domain name service The target ip address that device is parsed IP address corresponding with the current location information of historical storage is matched, if the two is matched, The malicious IP addresses that target ip address is known address and genuine are then determined, server corresponding with target ip address sets up number The reliability of request recipient is ensure that according to interface channel.On the other hand, number is passed through between mobile terminal and destination server When sending access request according to interface channel, the authenticity to access request judges, and intercepts false access request, can keep away Exempt from the corresponding message of access request is forced user to access malice network address in transmitting procedure after illegal distort.It can be seen that, the present invention The mobile terminal provided in embodiment to server send connection request when, not only can guarantee that request recipient reliability but also The authenticity of transmitted access request is can guarantee that, therefore ensure that the security for subscriber network access lifts the use body of user Test.
Embodiment six
Reference picture 6, shows a kind of structured flowchart of mobile terminal of the embodiment of the present invention six.
Mobile terminal in the embodiment of the present invention can be mobile phone, tablet personal computer, personal digital assistant (Personal Digital Assistant, PDA) or vehicle-mounted computer etc..
Mobile terminal in Fig. 6 includes radio frequency (Radio Frequency, RF) circuit 810, memory 820, input block 830th, display unit 840, processor 860, voicefrequency circuit 870, WiFi (Wireless Fidelity) modules 880 and power supply 890。
Wherein, input block 830 can be used for the numeral or character information for receiving user's input, and produce and mobile terminal User set and function control it is relevant signal input.Specifically, in the embodiment of the present invention, the input block 830 can be with Including contact panel 831.Contact panel 831, also referred to as touch-screen, collect touch operation (ratio of the user on or near it Such as user uses the operation of finger, any suitable object of stylus or annex on contact panel 831), and according to setting in advance Fixed formula drives corresponding attachment means.Optionally, contact panel 831 may include touch detecting apparatus and touch controller two Individual part.Wherein, touch detecting apparatus detects the touch orientation of user, and detects the signal that touch operation is brought, and signal is passed Give touch controller;Touch controller receives touch information from touch detecting apparatus, and is converted into contact coordinate, then Give the processor 860, and the order sent of reception processing device 860 and can be performed.Furthermore, it is possible to using resistance-type, electricity The polytypes such as appearance formula, infrared ray and surface acoustic wave realize contact panel 831.Except contact panel 831, input block 830 Other input equipments 832 can also be included, other input equipments 832 can include but is not limited to physical keyboard, function key (such as Volume control button, switch key etc.), trace ball, mouse, the one or more in action bars etc..
Wherein, display unit 840 can be used for information and the movement for showing the information inputted by user or being supplied to user The various menu interfaces of terminal.Display unit 840 may include display panel 841, optionally, can use LCD or organic light emission The forms such as diode (Organic Light-Emitting Diode, OLED) configure display panel 841.
It should be noted that contact panel 831 can cover display panel 841, touch display screen is formed, when touch display screen inspection Measure after the touch operation on or near it, processor 860 is sent to determine the type of touch event, with preprocessor 860 provide corresponding visual output according to the type of touch event in touch display screen.
Touch display screen includes Application Program Interface viewing area and conventional control viewing area.The Application Program Interface viewing area And arrangement mode of the conventional control viewing area is not limited, can be arranged above and below, left-right situs etc. can distinguish two and show Show the arrangement mode in area.The Application Program Interface viewing area is displayed for the interface of application program.Each interface can be with The interface element such as the icon comprising at least one application program and/or widget desktop controls.The Application Program Interface viewing area It can also be the empty interface not comprising any content.The conventional control viewing area is used to show the higher control of utilization rate, for example, Application icons such as settings button, interface numbering, scroll bar, phone directory icon etc..
Wherein processor 860 is the control centre of mobile terminal, utilizes each of various interfaces and connection whole mobile phone Individual part, by operation or performs and is stored in software program and/or module in first memory 821, and calls and be stored in Data in second memory 822, perform the various functions and processing data of mobile terminal, so as to be carried out to mobile terminal overall Monitoring.Optionally, processor 860 may include one or more processing units.
In embodiments of the present invention, by call store the first memory 821 in software program and/or module and/ Or the data in the second memory 822, processor 860 is used for the server connection request for receiving user's transmission, and determines to treat The corresponding domain name of connection server;Request name server is parsed to domain name, obtains domain name corresponding at least One IP address, one link of each IP address correspondence;Based on the positional information of the mobile terminal, selection optimum link correspondence IP address be used as target ip address;When the target ip address and historical storage the positional information under domain name it is right During the IP address matching answered, data cube computation passage is set up based on the target ip address and server to be connected;By described When data cube computation passage sends access request, the authenticity to the access request judges, and intercepts false access request.
Alternatively, processor 860 is additionally operable to:When the positional information of the target ip address and historical storage is described When corresponding IP address is mismatched under domain name, inquiry domain name is sent to domain name server by different routers respectively Request, obtain name server return each IP address;Judge each IP address whether all same;If so, then will be identical The IP address be defined as target ip address, and store the target ip address, domain name and the mobile terminal Corresponding relation between positional information, performs and described set up data cube computation based on the target ip address and server to be connected and lead to The step of road;The domain is inquired about if it is not, then returning and performing described sent respectively by different routers to domain name server The step of request of name.
Alternatively, the authenticity of 860 pairs of access requests of processor judges, and when intercepting false access request, Specifically for:Poll intercepts the request message sent to the Target IP;For each request message, the request message is determined Attribute, and judge the attribute whether be in preset attribute blacklist in;If, it is determined that the request message is asked to be false Message is sought, and intercepts the spurious requests message.
Alternatively, the authenticity of 860 pairs of access requests of processor judges, and when intercepting false access request, Specifically for:Intercept the whole request messages sent to the Target IP;Compare the otherness between each request message;Based on institute State otherness fuzzy matching and go out spurious requests message, and intercept the spurious requests message.
Alternatively, processor 860 is additionally operable to after the false access of interception is asked:After this connection is terminated, this is recorded Corresponding domain name, target ip address and user's access habits parameter are connected, wherein user's access habits parameter includes:During connection The positional information of period and the mobile terminal belonging to long, connection.
Alternatively, processor 860 is additionally operable to:User's access habits parameter, domain name and the target recorded based on history The corresponding relation of IP address, is that user recommends different access links in different periods.
Mobile terminal provided in an embodiment of the present invention, on the one hand, when receiving server connection request, by domain name service The target ip address that device is parsed IP address corresponding with the current location information of historical storage is matched, if the two is matched, The malicious IP addresses that target ip address is known address and genuine are then determined, server corresponding with target ip address sets up number The reliability of request recipient is ensure that according to interface channel.On the other hand, number is passed through between mobile terminal and destination server When sending access request according to interface channel, the authenticity to access request judges, and intercepts false access request, can keep away Exempt from the corresponding message of access request is forced user to access malice network address in transmitting procedure after illegal distort.It can be seen that, the present invention The mobile terminal provided in embodiment to server send connection request when, not only can guarantee that request recipient reliability but also The authenticity of transmitted access request is can guarantee that, therefore ensure that the security for subscriber network access lifts the use body of user Test.
The embodiment of the present invention additionally provides a kind of mobile terminal, including:Memory, processor and it is stored in the memory Secure Network Assecc program that is upper and can running on a processor, when the Secure Network Assecc program is by the computing device The step of realizing described Secure Network Assecc method.
The embodiment of the present invention is additionally provided deposits on a kind of computer-readable recording medium, the computer-readable recording medium Secure Network Assecc program is contained, described Secure Network Assecc is realized when the Secure Network Assecc program is executed by processor The step of method.
For device embodiment, because it is substantially similar to embodiment of the method, so description is fairly simple, it is related Part illustrates referring to the part of embodiment of the method.
Secure Network Assecc scheme is not intrinsic with any certain computer, virtual system or miscellaneous equipment provided herein It is related.Various general-purpose systems can also be used together with based on teaching in this.As described above, construction has the present invention Structure required by the system of scheme is obvious.In addition, the present invention is not also directed to any certain programmed language.Should be bright In vain, it is possible to use various programming languages realize the content of invention described herein, that and language-specific is done above retouches State be in order to disclose the present invention preferred forms.
In the specification that this place is provided, numerous specific details are set forth.It is to be appreciated, however, that the implementation of the present invention Example can be put into practice in the case of these no details.In some instances, known method, structure is not been shown in detail And technology, so as not to obscure the understanding of this description.
Similarly, it will be appreciated that in order to simplify the disclosure and help to understand one or more of each inventive aspect, exist Above in the description of the exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes In example, figure or descriptions thereof.However, the method for the disclosure should be construed to reflect following intention:It is i.e. required to protect The application claims of shield features more more than the feature being expressly recited in each claim.More precisely, such as right As claim reflects, inventive aspect is all features less than single embodiment disclosed above.Therefore, it then follows tool Thus claims of body embodiment are expressly incorporated in the embodiment, wherein the conduct of each claim in itself The separate embodiments of the present invention.
Those skilled in the art, which are appreciated that, to be carried out adaptively to the module in the equipment in embodiment Change and they are arranged in one or more equipment different from the embodiment.Can be the module or list in embodiment Member or component be combined into a module or unit or component, and can be divided into addition multiple submodule or subelement or Sub-component.In addition at least some in such feature and/or process or unit exclude each other, it can use any Combination is disclosed to all features disclosed in this specification (including adjoint claim, summary and accompanying drawing) and so to appoint Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification (including adjoint power Profit is required, summary and accompanying drawing) disclosed in each feature can or similar purpose identical, equivalent by offer alternative features come generation Replace.
Although in addition, it will be appreciated by those of skill in the art that some embodiments described herein include other embodiments In included some features rather than further feature, but the combination of the feature of be the same as Example does not mean in of the invention Within the scope of and form different embodiments.For example, in detail in the claims, embodiment claimed it is one of any Mode it can use in any combination.
The present invention all parts embodiment can be realized with hardware, or with one or more processor run Software module realize, or realized with combinations thereof.It will be understood by those of skill in the art that can use in practice Microprocessor or digital signal processor (DSP) realize one in Secure Network Assecc scheme according to embodiments of the present invention The some or all functions of a little or whole parts.The present invention is also implemented as performing method as described herein Some or all equipment or program of device (for example, computer program and computer program product).It is such to realize The program of the present invention can be stored on a computer-readable medium, or can have the form of one or more signal.This The signal of sample can be downloaded from internet website and obtained, and either provided or carried in any other form on carrier signal For.
It should be noted that the present invention will be described rather than limits the invention for above-described embodiment, and ability Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims, Any reference symbol between bracket should not be configured to limitations on claims.Word "comprising" is not excluded the presence of not Element or step listed in the claims.Word "a" or "an" before element does not exclude the presence of multiple such Element.The present invention can be by means of including the hardware of some different elements and coming real by means of properly programmed computer It is existing.In if the unit claim of equipment for drying is listed, several in these devices can be by same hardware branch To embody.The use of word first, second, and third does not indicate that any order.These words can be explained and run after fame Claim.

Claims (14)

1. a kind of Secure Network Assecc method, applied to mobile terminal, it is characterised in that methods described includes:
The server connection request that user sends is received, and determines the corresponding domain name of server to be connected;
Request name server is parsed to domain name, obtains at least one corresponding IP address of domain name, each IP Address one link of correspondence;
Based on the positional information of the mobile terminal, the corresponding IP address of selection optimum link is used as target ip address;
When the target ip address is with the positional information corresponding IP address matching under domain name of historical storage, base Data cube computation passage is set up in the target ip address and server to be connected;
When sending access request by the data cube computation passage, the authenticity to the access request judges, and blocks Cut false access request.
2. according to the method described in claim 1, it is characterised in that methods described also includes:
When the target ip address is with the positional information corresponding IP address mismatch under domain name of historical storage, Send the request for inquiring about domain name to domain name server by different routers respectively, obtain name server return Each IP address;
Judge each IP address whether all same;
If so, IP address described in identical then is defined as into target ip address, and store the target ip address, domain name with And the corresponding relation between the positional information of the mobile terminal, execution is described to be based on the target ip address and service to be connected The step of device sets up data cube computation passage;
Asking for domain name is inquired about if it is not, then returning and performing described sent respectively by different routers to domain name server The step of asking.
3. according to the method described in claim 1, it is characterised in that the authenticity to the access request judges, And the step of intercept false access request, including:
Poll intercepts the request message sent to the Target IP;
For each request message, the attribute of the request message is determined, and judges whether the attribute is black in preset attribute In list;
If, it is determined that the request message is spurious requests message, and intercepts the spurious requests message.
4. according to the method described in claim 1, it is characterised in that the authenticity to the access request judges, And the step of intercept false access request, including:
Intercept the whole request messages sent to the Target IP;
Compare the otherness between each request message;
Spurious requests message is gone out based on the otherness fuzzy matching, and intercepts the spurious requests message.
5. according to the method described in claim 1, it is characterised in that described after the step of false access of the interception is asked Method also includes:
After this connection is terminated, record this and connect corresponding domain name, target ip address and user's access habits parameter, its Middle user's access habits parameter includes:The positional information of period and the mobile terminal belonging to connection duration, connection.
6. method according to claim 5, it is characterised in that methods described also includes:
The corresponding relation of the user's access habits parameter, domain name and the target ip address that are recorded based on history, in different periods Recommend different access links for user.
7. a kind of mobile terminal, it is characterised in that including:
Receiving module, for receiving the server connection request of user's transmission, and determines the corresponding domain name of server to be connected;
Request module, for asking name server to parse domain name, obtain domain name it is corresponding at least one IP address, one link of each IP address correspondence;
Selecting module, for the positional information based on the mobile terminal, the corresponding IP address of selection optimum link is used as target IP address;
Path setup module, for the positional information when the target ip address and historical storage under domain name it is corresponding IP address matching when, data cube computation passage is set up based on the target ip address and server to be connected;
Determination module, for when sending access request by the data cube computation passage, to the authenticity of the access request Judged, and intercept false access request.
8. mobile terminal according to claim 7, it is characterised in that the mobile terminal also includes:
Router handover module, for the positional information when the target ip address and historical storage under domain name it is right When the IP address answered is mismatched, the request for inquiring about domain name is sent to domain name server by different routers respectively, Obtain each IP address of name server return;
Address judgment module, for judge each IP address whether all same;
Performing module, if the judged result for the address judgment module is yes, IP address described in identical is defined as Target ip address, and store the correspondence between the positional information of the target ip address, domain name and the mobile terminal Relation, and call the execution path setup module;If the judged result of the address judgment module is no, returns and perform institute State router handover module.
9. mobile terminal according to claim 7, it is characterised in that the determination module includes:
First interception submodule, the request message sent to the Target IP is intercepted for poll;
Attribute decision sub-module, for for each request message, determining the attribute of the request message, and judges the attribute Whether it is in preset attribute blacklist;If, it is determined that the request message is spurious requests message, and intercepts the falseness Request message.
10. mobile terminal according to claim 7, it is characterised in that the determination module includes:
Second interception submodule, for intercepting the whole request messages sent to the Target IP;
Submodule is compared, for comparing the otherness between each request message;False ask based on the otherness fuzzy matching Message is sought, and intercepts the spurious requests message.
11. mobile terminal according to claim 7, it is characterised in that the mobile terminal also includes:
Logging modle, after being asked in the false access of determination module interception, after this connection termination, records this company Corresponding domain name, target ip address and user's access habits parameter are connect, wherein user's access habits parameter includes:During connection The positional information of period and the mobile terminal belonging to long, connection.
12. mobile terminal according to claim 11, it is characterised in that the mobile terminal also includes:
Recommending module, the correspondence of user's access habits parameter, domain name and target ip address for being recorded based on history is closed System, is that user recommends different access links in different periods.
13. a kind of mobile terminal, it is characterised in that including:Memory, processor and it is stored on the memory and can be in institute The Secure Network Assecc program run on processor is stated, the Secure Network Assecc program is realized such as during the computing device The step of Secure Network Assecc method any one of claim 1 to 6.
14. a kind of computer-readable recording medium, it is characterised in that the network that is stored with the computer-readable recording medium is pacified It is complete to access program, realized when the Secure Network Assecc program is executed by processor as any one of claim 1 to 6 The step of Secure Network Assecc method.
CN201710512304.XA 2017-06-28 2017-06-28 A kind of Secure Network Assecc method, mobile terminal and computer-readable recording medium Pending CN107277025A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710512304.XA CN107277025A (en) 2017-06-28 2017-06-28 A kind of Secure Network Assecc method, mobile terminal and computer-readable recording medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710512304.XA CN107277025A (en) 2017-06-28 2017-06-28 A kind of Secure Network Assecc method, mobile terminal and computer-readable recording medium

Publications (1)

Publication Number Publication Date
CN107277025A true CN107277025A (en) 2017-10-20

Family

ID=60070180

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710512304.XA Pending CN107277025A (en) 2017-06-28 2017-06-28 A kind of Secure Network Assecc method, mobile terminal and computer-readable recording medium

Country Status (1)

Country Link
CN (1) CN107277025A (en)

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109241458A (en) * 2018-07-11 2019-01-18 上海斐讯数据通信技术有限公司 A kind of Ad blocking method and router based on router
CN109699043A (en) * 2018-12-25 2019-04-30 北京云中融信网络科技有限公司 Link establishing method and device
CN110347501A (en) * 2019-06-20 2019-10-18 北京大米科技有限公司 A kind of service testing method, device, storage medium and electronic equipment
CN110505272A (en) * 2019-07-12 2019-11-26 杭州海康威视数字技术股份有限公司 A kind of internetwork connection establishing method, device, receiver equipment and send method, apparatus
CN110677492A (en) * 2019-10-11 2020-01-10 北京字节跳动网络技术有限公司 Access request processing method and device, electronic equipment and storage medium
CN111127050A (en) * 2018-10-29 2020-05-08 北京奇虎科技有限公司 Content channel evaluation method and device, electronic equipment and storage medium
CN111585978A (en) * 2020-04-21 2020-08-25 微梦创科网络科技(中国)有限公司 Method, client, server and system for intercepting false requests
CN111741538A (en) * 2020-07-22 2020-10-02 北京自如信息科技有限公司 Communication link establishing method based on gateway, equipment control method and device
CN111800466A (en) * 2020-06-03 2020-10-20 香港乐蜜有限公司 Method and device for establishing long connection service, electronic equipment and storage medium
CN111901348A (en) * 2020-07-29 2020-11-06 北京宏达隆和科技有限公司 Method and system for active network threat awareness and mimicry defense
CN111953811A (en) * 2020-08-07 2020-11-17 腾讯科技(深圳)有限公司 Site access method, site registration method, device, equipment and storage medium
CN112035490A (en) * 2020-01-09 2020-12-04 吴金凤 Electric vehicle information monitoring method, device and system based on cloud platform
CN112305926A (en) * 2019-07-31 2021-02-02 广东美的制冷设备有限公司 Distribution network control method, distribution network control device, household appliance and storage medium
CN112422501A (en) * 2020-09-28 2021-02-26 广东电力信息科技有限公司 Forward and reverse tunnel protection method, device, equipment and storage medium
CN112637254A (en) * 2019-09-24 2021-04-09 拉扎斯网络科技(上海)有限公司 Data processing method and device, electronic equipment and computer readable storage medium
CN113301028A (en) * 2021-05-13 2021-08-24 广东电网有限责任公司广州供电局 Gateway protection method and data labeling method
CN113438336A (en) * 2021-06-24 2021-09-24 平安科技(深圳)有限公司 Network request method, device, equipment and storage medium
CN113810510A (en) * 2021-07-30 2021-12-17 绿盟科技集团股份有限公司 Domain name access method and device and electronic equipment
CN114006935A (en) * 2020-07-14 2022-02-01 成都鼎桥通信技术有限公司 Private network terminal network access method, device and equipment
CN114286335A (en) * 2020-09-17 2022-04-05 华为技术有限公司 Server selection method and device
CN114666303A (en) * 2022-03-18 2022-06-24 唯品会(广州)软件有限公司 DNS (Domain name System) scheduling method and device and computer equipment
CN114710308A (en) * 2021-09-28 2022-07-05 北京卫达信息技术有限公司 Method and system for controlling network equipment access
CN115102712A (en) * 2022-05-17 2022-09-23 刘勇 Enhanced terminal identification method and device, electronic equipment and storage medium
CN116436649A (en) * 2023-03-23 2023-07-14 北京神州安付科技股份有限公司 Network security system and method based on cloud server crypto machine

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102611763A (en) * 2011-01-25 2012-07-25 中国移动通信集团公司 DNS (Domain Name Server) inquiring method and equipment
CN103117998A (en) * 2012-11-28 2013-05-22 北京用友政务软件有限公司 Safety reinforcing method based on JavaEE application system
CN103825895A (en) * 2014-02-24 2014-05-28 联想(北京)有限公司 Information processing method and electronic device
CN104158919A (en) * 2014-08-20 2014-11-19 安一恒通(北京)科技有限公司 Webpage access implementation method, server and client
CN106230861A (en) * 2016-09-07 2016-12-14 上海斐讯数据通信技术有限公司 A kind of router fire wall lower network access method and router
CN106341376A (en) * 2015-07-15 2017-01-18 广州市动景计算机科技有限公司 Network attack judgment method, secure network data transmission method and corresponding devices
CN106470214A (en) * 2016-10-21 2017-03-01 杭州迪普科技股份有限公司 Attack detection method and device

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102611763A (en) * 2011-01-25 2012-07-25 中国移动通信集团公司 DNS (Domain Name Server) inquiring method and equipment
CN103117998A (en) * 2012-11-28 2013-05-22 北京用友政务软件有限公司 Safety reinforcing method based on JavaEE application system
CN103825895A (en) * 2014-02-24 2014-05-28 联想(北京)有限公司 Information processing method and electronic device
CN104158919A (en) * 2014-08-20 2014-11-19 安一恒通(北京)科技有限公司 Webpage access implementation method, server and client
CN106341376A (en) * 2015-07-15 2017-01-18 广州市动景计算机科技有限公司 Network attack judgment method, secure network data transmission method and corresponding devices
CN106230861A (en) * 2016-09-07 2016-12-14 上海斐讯数据通信技术有限公司 A kind of router fire wall lower network access method and router
CN106470214A (en) * 2016-10-21 2017-03-01 杭州迪普科技股份有限公司 Attack detection method and device

Cited By (37)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109241458A (en) * 2018-07-11 2019-01-18 上海斐讯数据通信技术有限公司 A kind of Ad blocking method and router based on router
CN111127050A (en) * 2018-10-29 2020-05-08 北京奇虎科技有限公司 Content channel evaluation method and device, electronic equipment and storage medium
CN109699043B (en) * 2018-12-25 2022-10-21 北京云中融信网络科技有限公司 Link establishment method and device
CN109699043A (en) * 2018-12-25 2019-04-30 北京云中融信网络科技有限公司 Link establishing method and device
CN110347501A (en) * 2019-06-20 2019-10-18 北京大米科技有限公司 A kind of service testing method, device, storage medium and electronic equipment
CN110505272A (en) * 2019-07-12 2019-11-26 杭州海康威视数字技术股份有限公司 A kind of internetwork connection establishing method, device, receiver equipment and send method, apparatus
CN110505272B (en) * 2019-07-12 2022-04-29 杭州海康威视数字技术股份有限公司 Network connection establishing method and device, receiver equipment and sender equipment
CN112305926A (en) * 2019-07-31 2021-02-02 广东美的制冷设备有限公司 Distribution network control method, distribution network control device, household appliance and storage medium
CN112637254A (en) * 2019-09-24 2021-04-09 拉扎斯网络科技(上海)有限公司 Data processing method and device, electronic equipment and computer readable storage medium
CN112637254B (en) * 2019-09-24 2023-04-07 拉扎斯网络科技(上海)有限公司 Data processing method and device, electronic equipment and computer readable storage medium
CN110677492A (en) * 2019-10-11 2020-01-10 北京字节跳动网络技术有限公司 Access request processing method and device, electronic equipment and storage medium
CN110677492B (en) * 2019-10-11 2022-08-02 北京字节跳动网络技术有限公司 Access request processing method and device, electronic equipment and storage medium
CN112035490A (en) * 2020-01-09 2020-12-04 吴金凤 Electric vehicle information monitoring method, device and system based on cloud platform
CN112035490B (en) * 2020-01-09 2022-05-03 人民出行(南宁)科技有限公司 Electric vehicle information monitoring method, device and system based on cloud platform
CN111585978B (en) * 2020-04-21 2023-09-26 微梦创科网络科技(中国)有限公司 Method, client, server and system for intercepting false request
CN111585978A (en) * 2020-04-21 2020-08-25 微梦创科网络科技(中国)有限公司 Method, client, server and system for intercepting false requests
CN111800466A (en) * 2020-06-03 2020-10-20 香港乐蜜有限公司 Method and device for establishing long connection service, electronic equipment and storage medium
CN114006935A (en) * 2020-07-14 2022-02-01 成都鼎桥通信技术有限公司 Private network terminal network access method, device and equipment
CN114006935B (en) * 2020-07-14 2023-11-21 成都鼎桥通信技术有限公司 Private network terminal network access method, device and equipment
CN111741538A (en) * 2020-07-22 2020-10-02 北京自如信息科技有限公司 Communication link establishing method based on gateway, equipment control method and device
CN111741538B (en) * 2020-07-22 2022-06-07 北京自如信息科技有限公司 Communication link establishing method based on gateway, equipment control method and device
CN111901348A (en) * 2020-07-29 2020-11-06 北京宏达隆和科技有限公司 Method and system for active network threat awareness and mimicry defense
CN111953811A (en) * 2020-08-07 2020-11-17 腾讯科技(深圳)有限公司 Site access method, site registration method, device, equipment and storage medium
CN111953811B (en) * 2020-08-07 2024-02-06 腾讯科技(深圳)有限公司 Site access method, site registration method, device, equipment and storage medium
CN114286335A (en) * 2020-09-17 2022-04-05 华为技术有限公司 Server selection method and device
CN112422501B (en) * 2020-09-28 2024-03-01 南方电网数字企业科技(广东)有限公司 Forward and reverse tunnel protection method, device, equipment and storage medium
CN112422501A (en) * 2020-09-28 2021-02-26 广东电力信息科技有限公司 Forward and reverse tunnel protection method, device, equipment and storage medium
CN113301028A (en) * 2021-05-13 2021-08-24 广东电网有限责任公司广州供电局 Gateway protection method and data labeling method
CN113438336A (en) * 2021-06-24 2021-09-24 平安科技(深圳)有限公司 Network request method, device, equipment and storage medium
CN113810510A (en) * 2021-07-30 2021-12-17 绿盟科技集团股份有限公司 Domain name access method and device and electronic equipment
CN114710308A (en) * 2021-09-28 2022-07-05 北京卫达信息技术有限公司 Method and system for controlling network equipment access
CN114666303B (en) * 2022-03-18 2024-01-30 唯品会(广州)软件有限公司 DNS scheduling method and device and computer equipment
CN114666303A (en) * 2022-03-18 2022-06-24 唯品会(广州)软件有限公司 DNS (Domain name System) scheduling method and device and computer equipment
CN115102712B (en) * 2022-05-17 2024-04-16 刘勇 Enhanced terminal identification method, enhanced terminal identification device, electronic equipment and storage medium
CN115102712A (en) * 2022-05-17 2022-09-23 刘勇 Enhanced terminal identification method and device, electronic equipment and storage medium
CN116436649B (en) * 2023-03-23 2024-02-09 北京神州安付科技股份有限公司 Network security system and method based on cloud server crypto machine
CN116436649A (en) * 2023-03-23 2023-07-14 北京神州安付科技股份有限公司 Network security system and method based on cloud server crypto machine

Similar Documents

Publication Publication Date Title
CN107277025A (en) A kind of Secure Network Assecc method, mobile terminal and computer-readable recording medium
US9882916B2 (en) Method for verifying sensitive operations, terminal device, server, and verification system
Thomas et al. Adapting social spam infrastructure for political censorship
US8984649B2 (en) Method and system for authenticating user access to a restricted resource across a computer network
CN101771676B (en) Setting and authentication method for cross-domain authorization and relevant device and system
US20160036849A1 (en) Method, Apparatus and System for Detecting and Disabling Computer Disruptive Technologies
US20120324568A1 (en) Mobile web protection
Giani et al. Data exfiltration and covert channels
CN103561121A (en) Method and device for analyzing DNS and browser
US20160337378A1 (en) Method and apparatus for detecting security of online shopping environment
CN105407074A (en) Authentication method, apparatus and system
CN110602137A (en) Malicious IP and malicious URL intercepting method, device, equipment and medium
US20170237749A1 (en) System and Method for Blocking Persistent Malware
CN109861968A (en) Resource access control method, device, computer equipment and storage medium
CN107241292B (en) Vulnerability detection method and device
CN104135467B (en) Identify method and the device of malicious websites
CN106302332B (en) Access control method, the apparatus and system of user data
EP3508999B1 (en) Dissuading stolen password reuse
CN108259514A (en) Leak detection method, device, computer equipment and storage medium
CN104079575A (en) Home network security management method and device and system
US20190020664A1 (en) System and Method for Blocking Persistent Malware
CN108574721A (en) A kind of login method, device and server, user terminal, readable storage medium storing program for executing
CN104836696A (en) Method and device for detecting IP address
CN104954340A (en) Proxy IP address detection method and device
CN104683290A (en) Method and device for monitoring phishing and terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20171020