CN107577941A - Intercept the method and apparatus that coding bypasses - Google Patents
Intercept the method and apparatus that coding bypasses Download PDFInfo
- Publication number
- CN107577941A CN107577941A CN201710677344.XA CN201710677344A CN107577941A CN 107577941 A CN107577941 A CN 107577941A CN 201710677344 A CN201710677344 A CN 201710677344A CN 107577941 A CN107577941 A CN 107577941A
- Authority
- CN
- China
- Prior art keywords
- request message
- character string
- decoded
- decoding
- branch
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 135
- 230000008569 process Effects 0.000 claims description 75
- 238000006243 chemical reaction Methods 0.000 claims description 30
- 230000006978 adaptation Effects 0.000 claims description 10
- 230000009286 beneficial effect Effects 0.000 abstract description 6
- 230000008859 change Effects 0.000 description 15
- 238000012360 testing method Methods 0.000 description 10
- 230000000694 effects Effects 0.000 description 7
- 230000005055 memory storage Effects 0.000 description 5
- 230000008901 benefit Effects 0.000 description 4
- 230000009931 harmful effect Effects 0.000 description 4
- 238000004590 computer program Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 241000208340 Araliaceae Species 0.000 description 1
- 235000005035 Panax pseudoginseng ssp. pseudoginseng Nutrition 0.000 description 1
- 235000003140 Panax quinquefolius Nutrition 0.000 description 1
- 241000700605 Viruses Species 0.000 description 1
- 230000002411 adverse Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000001035 drying Methods 0.000 description 1
- 235000008434 ginseng Nutrition 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a kind of method and apparatus for intercepting coding and bypassing.Wherein, this method includes:Hook up the request message of HOOK user's input;Request message is decoded, obtains the original character string of request message;Original character string is matched, determines whether it is the attack operation that coding bypasses;If so, then interception request message;If it is not, request message of then letting pass.It can be reached using the embodiment of the present invention and avoid malicious requests or malicious file from carrying out malicious attack to terminal system, further enhance the beneficial effect of the security of terminal system.
Description
The application is《Intercept the method and apparatus that coding bypasses》Divisional application:
The applying date of original application:20131220
The application number of original application:201310712429.9
The invention and created name of original application:Intercept the method and apparatus that coding bypasses.
Technical field
The present invention relates to the Internet, applications field, more particularly to a kind of method and apparatus for intercepting coding and bypassing.
Background technology
With society Informatization Development, terminal (including the plurality of devices such as computer, mobile phone) people live in increasingly
It is important.People rely on terminal and preserve personal information more and more, such as various account informations, private chat record or even some
The information such as picture photo.Therefore, if terminal system is held by the threat of malicious file (such as malice network address or computer virus)
The leakage of personal information is easily caused, incalculable damage is caused to user.Therefore, malicious file is effectively intercepted, avoids terminal
System is threatened by malicious file, ensures that the security of terminal system is particularly significant.
In the prior art, some malicious files or malicious requests identified can effectively be intercepted.But
With attacking for the technical staff (also commonly referred to as hacker) for writing malicious file or malicious requests and being carried out to terminal attack operation
Hitter's section is maked rapid progress, and hackers can be by structural string, and the change that position or form are carried out to character string bypasses
It is used for intercepting malicious file or the software (such as usually used firewall software) of malicious requests in the prior art.When malice text
After part or malicious requests bypass interception software, malicious attack can be carried out to terminal system, cause the information of terminal memory storage
Lose either leakage, the software installed in terminal or terminal system or terminal etc. can not the ill effect such as normal operation, lead
Apply the study at family or work is adversely affected, even result in consequence of the property by security threat of user.
The content of the invention
In view of the above problems, it is proposed that the present invention so as to provide one kind overcome above mentioned problem or at least in part solve on
State the method and apparatus that the interception coding of problem bypasses.
One side according to the embodiment of the present invention, there is provided a kind of method for intercepting coding and bypassing, including:Hook up HOOK
The request message of user's input;The request message is decoded, obtains the original character string of the request message;To described
Original character string is matched, and determines whether it is the attack operation that coding bypasses;If so, then intercept the request message;If
It is no, then the request message of letting pass.
Alternatively, the request message is decoded, including:The request is disappeared using different decoding processes successively
Breath is decoded, until successfully decoded.
Alternatively, the request message is decoded using different decoding processes successively, including:Using decimal system solution
Code mode decodes to the request message;And/or the request message is decoded using hex decoding mode.
Alternatively, the request message is decoded using decimal system decoding process, including:According to the decimal system solution
Code mode is formatted to the request message, increases branch after each decimal value;Search each metric number
Encoded corresponding to value, generate decoding text.
Alternatively, the request message is decoded using hex decoding mode, including:Enter according to described 16
Decoding process processed is formatted to the request message, increases branch after each hexadecimal values;Search each 16
Encoded corresponding to binary data, generate decoding text.
Alternatively, before being formatted according to the hex decoding mode to the request message, in addition to:Will
All capitalization lowers.
Alternatively, the request message is decoded using different decoding processes successively, including:Using decimal system solution
Code mode decodes to the request message;If decoding failure, continues using hex decoding mode to the request
Message is decoded.
Alternatively, the original character string form for encoding request message corresponding to the attack operation that bypasses include it is following extremely
It is one of few:The character string of part capital and small letter conversion;Decimal coded with branch after partial character string;After partial character string without
The decimal coded of branch;Hexadecimal code with branch after partial character string;Without the 16 of branch after partial character string
Scale coding.
Alternatively, the request message includes URL request.
According to another aspect of the present invention, a kind of equipment for intercepting coding and bypassing is additionally provided, including:Hooking device, match somebody with somebody
It is set to the request message for hooking up HOOK user's input;Decoder, it is configured to decode the request message, obtains described ask
Seek the original character string of message;Adaptation, it is configured to match the original character string, determines whether it is coding and bypass
Attack operation;Blocker, it is configured to if so, then intercepting the request message;Clearance device, it is configured to described in if it is not, then letting pass
Request message.
Alternatively, the decoder is additionally configured to successively solve the request message using different decoding processes
Code, until successfully decoded.
Alternatively, the decoder is additionally configured to decode the request message using decimal system decoding process;With/
Or, the request message is decoded using hex decoding mode.
Alternatively, the decoder is additionally configured to decode the request message using decimal system decoding process;If
Decoding failure, then continue to decode the request message using hex decoding mode.
In embodiments of the present invention, the request message of user's input can be hooked up, request message is decoded, and obtains
Matched to the original character string of request message, and then to original character string, and the request message is determined according to matching result
Whether it is attack operation, solves in the prior art to carry out character string position either after form or otherwise deformation,
Around effective the problem of intercepting.If matching result is yes, the request message is effectively intercepted, ensures client terminal system
Safety.If matching result is no, request message of letting pass, ensure that the request message of user's input being capable of normal operation.At this
In inventive embodiments, the request message of user's input is carried out decoding getter original character string, even if malice text can be ensured
Part or malicious requests are pretended by the change to character string, can not also pass through interception.There is provided according to embodiments of the present invention
The method that bypasses of interception coding, can ensure in the non-attacking request message of user's input on the premise of normal operation
Effectively intercept arbitrarily without pretend or by character string deformation etc. form camouflage attack operation, reach avoid malicious requests or
Person's malicious file carries out malicious attack to terminal system, further enhances the beneficial effect of the security of terminal system.Therefore, adopt
The method bypassed with interception coding provided in an embodiment of the present invention can avoid the information of terminal memory storage from losing or reveal, keep away
Exempt from software that terminal is either installed in terminal system or terminal etc. can not normal operation cause user study or work by
To harmful effect, ill effect of the property by security threat of user is even resulted in.
Described above is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention,
And can be practiced according to the content of specification, and in order to allow above and other objects of the present invention, feature and advantage can
Become apparent, below especially exemplified by the embodiment of the present invention.
According to the accompanying drawings will be brighter to the detailed description of the specific embodiment of the invention, those skilled in the art
Above-mentioned and other purposes, the advantages and features of the present invention.
Brief description of the drawings
By reading the detailed description of hereafter preferred embodiment, it is various other the advantages of and benefit it is common for this area
Technical staff will be clear understanding.Accompanying drawing is only used for showing the purpose of preferred embodiment, and is not considered as to the present invention
Limitation.And in whole accompanying drawing, identical part is denoted by the same reference numerals.In the accompanying drawings:
Fig. 1 shows the process chart according to an embodiment of the invention for intercepting the method that coding bypasses;
Fig. 2 shows the process chart for the method that interception coding in accordance with a preferred embodiment of the present invention bypasses;
Fig. 3 shows the process chart decoded to request message in accordance with a preferred embodiment of the present invention;With
And
Fig. 4 shows the structural representation according to an embodiment of the invention for intercepting the equipment that coding bypasses.
Embodiment
Algorithm and display be not inherently related to any certain computer, virtual system or miscellaneous equipment provided herein.
Various general-purpose systems can also be used together with teaching based on this.As described above, required by constructing this kind of system
Structure be obvious.In addition, the present invention is not also directed to any certain programmed language.It should be understood that it can utilize various
Programming language realizes the content of invention described herein, and the description done above to language-specific is to disclose this hair
Bright preferred forms.
Referred in correlation technique, with write malicious file or malicious requests to terminal carry out attack operation technology people
The attack meanses of member (also commonly referred to as hacker) make rapid progress, and hackers can be carried out by structural string to character string
The change of position or form is around being used for intercepting in the prior art the software of malicious file or malicious requests (as usually used
Firewall software etc.).
In order to solve the above technical problems, the embodiments of the invention provide a kind of method for intercepting coding and bypassing.Fig. 1 is shown
The process chart according to an embodiment of the invention for intercepting the method that coding bypasses.Referring to Fig. 1, the flow comprises at least step
Rapid S102 to step S110.
Step S102, the request message of HOOK user's input is hooked up.
Step S104, request message is decoded, obtains the original character string of request message.
Step S106, original character string is matched, determines whether it is the attack operation that coding bypasses, if so, touching
Step S108 is sent out, if it is not, triggering step S110.
Step S108, interception request message.
Step S110, clearance request message.
In embodiments of the present invention, the request message of user's input can be hooked up, request message is decoded, and obtains
Matched to the original character string of request message, and then to original character string, and the request message is determined according to matching result
Whether it is attack operation, solves in the prior art to carry out character string position either after form or otherwise deformation,
Around effective the problem of intercepting.If matching result is yes, the request message is effectively intercepted, ensures client terminal system
Safety.If matching result is no, request message of letting pass, ensure that the request message of user's input being capable of normal operation.At this
In inventive embodiments, the request message of user's input is carried out decoding getter original character string, even if malice text can be ensured
Part or malicious requests are pretended by the change to character string, can not also pass through interception.There is provided according to embodiments of the present invention
The method that bypasses of interception coding, can ensure in the non-attacking request message of user's input on the premise of normal operation
Effectively intercept arbitrarily without pretend or by character string deformation etc. form camouflage attack operation, reach avoid malicious requests or
Person's malicious file carries out malicious attack to terminal system, further enhances the beneficial effect of the security of terminal system.Therefore, adopt
The method bypassed with interception coding provided in an embodiment of the present invention can avoid the information of terminal memory storage from losing or reveal, keep away
Exempt from software that terminal is either installed in terminal system or terminal etc. can not normal operation cause user study or work by
To harmful effect, ill effect of the property by security threat of user is even resulted in.
As shown in the step S102 in Fig. 1, the request message for hooking up user's input of (HOOK) can be arbitrary format
Request message.In the embodiment of the present invention, preferably the request message is URL (Uniform Resource
Locator, hereinafter referred to as URL) request.URL request is position and the access method of the resource to that can be obtained from internet
A kind of succinct expression, also, each file on internet has a unique URL.Therefore, in the embodiment of the present invention
It is preferred that the request message that URL request inputs as user.
After the request message for hooking up user's input, according to step S104, request message is decoded, obtains request
The original character string of message.When being decoded to request message, the embodiment of the present invention can take different decoding processes pair
Request message is decoded.Preferably, in the embodiment of the present invention, request message is decoded using decimal system decoding process
And/or request message is decoded using hex decoding mode.Wherein, the decimal system is numeral of the composition based on 10
System, it is that a basic numeral forms by 0,1,2,3,4,5,6,7,8,9.Hexadecimal is a kind of expression side of Computer Data
Method.Hexadecimal is made up of 0-9, A-F, alphabetical case-insensitive.Hexadecimal is that 16 enter with metric corresponding relation
0-9 in system corresponds to the 0-9 in the decimal system, and the A-F in hexadecimal corresponds to the 10-15 in hexadecimal.Except described above
Outside the decimal system and hexadecimal, the embodiment of the present invention can also be using the N systems that other computer systems can identify (such as
Octal system) request message is decoded, the embodiment of the present invention is not limited to this.Wherein, N is positive integer.
When being decoded to request message, request message is decoded according to decimal system decoding process, due to original
The position of beginning character string or form etc. are deformed, and can not determine to certainly exist branch in original character string, to ensure to original
When beginning character string is matched, the form of original character string is consistent, and then ensures the accuracy of the matching to original character string, this
Inventive embodiments are formatted according to decimal system decoding process to request message, increase branch after each decimal value.
For example, by " &#00106 " format after, be converted to " j”.After formatting, search corresponding to each decimal value
Coding, and generate coding text.Request message is decoded according to hex decoding mode, first, by request message
In capitalization lower.For example, by " &#*00106A " be converted to " &#*00106a ".Next, also due to
The position of original character string or form etc. are deformed, and can not determine to certainly exist branch in original character string, to ensure right
When original character string is matched, the form of original character string is consistent, and then ensures the accuracy of the matching to original character string,
The embodiment of the present invention is formatted according to hex decoding mode to request message, is increased after each hexadecimal values
Branch.For example, by " &#*00106A " be converted to " &#*00106a;”.After formatting, it is corresponding to search each hexadecimal data
Coding, generate decoding text.
Can be taken separated from decimal system decoding process or be taken separated from hex decoding side in the embodiment of the present invention
Formula decodes to request message, can also be and request message is decoded using decimal system decoding process first, secondly, if
Decoding failure, then continue to decode request message using hex decoding mode.Or first using hexadecimal solution
Code mode decodes to request message, secondly, if decoding failure, continues to enter request message using decimal system decoding process
Row decoding.The embodiment of the present invention is to decoding process, and the priority decoded using which kind of decoding process to request message is suitable
Sequence is not limited.Decimal system decoding process and hex decoding mode are conventional decoding process.Wherein, actual fortune
More calculated using decimal system numeration is either shown or other associative operations in.It is therefore preferred that this law invention is implemented
In example, request message is decoded using decimal system decoding process, if decoding failure, continues to use hex decoding side
Formula decodes to request message.When can be decoded by decimal system decoding process to request message, then the preferred decimal system
Decoding process, avoid decoding request message using excessively complicated decoding process, cause the cumbersome of operation.When passing through ten
System decoding process decodes to request message to fail, then continues to decode request message using hex decoding mode,
When avoiding request message can not being decoded by the decimal system, can not decode request message, coding can not be intercepted by, which causing, bypasses,
Malicious file threatens the ill effect of user device system.
After being decoded to request message, the original character string in request message can be obtained.In the embodiment of the present invention,
Original character string can be any form of character string, including:The character string of part capital and small letter conversion, part decimal coded turn
Character string with branch, the character string after part decimal coded conversion without branch, the conversion of part hexadecimal code after changing
After the character string with branch and part hexadecimal code are changed afterwards without the original character string such as character string of branch form extremely
It is one of few.To illustrate and must be more clearly understood above-mentioned original character form, now above-mentioned several original character string forms are carried out
Illustrate:
The character string of part capital and small letter conversion:
http://localhost/info_Show.aspClassId=1&InfoId=17<Ahref=
JAvaScript:a lert(12345)>TEST</a>
Character string with branch after the decimal coded conversion of part:
http://localhost/info_Show.aspClassId=1&InfoId=17<Ahref=%26%
2300106%3BAvaScript:alert(12345)>TEST</a>
Without the character string of branch after the decimal coded conversion of part:
http://localhost/info_Show.aspClassId=1&InfoId=17<Ahref=%26%
2300106AvaScript:alert(12345)>TEST</a>
More above-mentioned " character string with branch after part decimal coded conversion " and " after part decimal coded conversion
Without the character string of branch ", it can be found that in " character string with branch after part decimal coded conversion ", in " %26%
After 2300106 ", character " %3B " be present.The character through the decimal system after changing into branch.The embodiment of the present invention is according to word
The different distortion for according with string carries out corresponding decoding to request message, can effectively avoid carrying out character string the change of position or form
The attack operation of change is around interception.
Character string with branch after the hexadecimal code conversion of part:
http://localhost/info_Show.aspClassId=1&InfoId=17<Ahref=%26%
23x006A%3BAvaScript:alert(12345)>TEST</a>
Without the character string of branch after the hexadecimal code conversion of part:
http://localhost/info_Show.aspClassId=1&InfoId=17<Ahref=%26%
23x006AAvaScript:alert(12345)>TEST</a>
More above-mentioned " character string with branch after the conversion of part hexadecimal code " and " part hexadecimal code turns
Without the character string of branch after changing ", it can be found that in " character string with branch after the conversion of part hexadecimal code ", in " %
After 26%23x006A ", character " %3B " be present.The character through hexadecimal after changing into branch.The embodiment of the present invention
Corresponding decoding is carried out to request message according to the different distortion of character string, can effectively avoid carrying out position or shape to character string
The attack operation of the change of formula is around interception.
As described above, the position that the original character string deformation got afterwards is decoded to request message is varied
(in such as character string capital and small letter change position), the form of deformation is varied, and (whether band branch, character string are in such as character string
Decimal coded or hexadecimal code etc.).These diversity cause some malicious files to be configured to special ask
Ask, and then by the interception to malicious file, terminal system etc. is threatened., can be by reasonable in the embodiment of the present invention
Decoding process request message is decoded, get the original character string of request message, and perform such as step S106 in Fig. 1
Shown operation, original character string is matched, original character string matched with the character string in intrusion feature database, really
Whether the fixed original character string is to encode the attack operation bypassed.If encoding the attack operation bypassed, then intercept the request and disappear
Breath, protects the security of terminal system, if it is not, request message of then letting pass.It is provided in an embodiment of the present invention to intercept what coding bypassed
Method, can be identified by the particular request message of deformation structure, and decodes it and get original character string, and then to original
Character string is matched, and judges whether the request message is intercept attack, strengthens the protection to terminal system, improves terminal system
Security, improve Consumer's Experience.
The method now bypassed with interception coding of the specific embodiment to the present invention illustrates.
Embodiment one
Fig. 2 shows the process chart for the method that interception coding in accordance with a preferred embodiment of the present invention bypasses, and uses
In the method for supporting that any one above-mentioned interception coding bypasses, the method that above-mentioned interception coding bypasses, which is illustrated, must become apparent from easily
Understand.Referring to Fig. 2, the preferred embodiment comprises at least step S202 to step S216.
Step S202, the request message of user's input is hooked up.
In this preferred embodiment, set hook up user input two request messages, respectively the first request message with
And second request message.
Step S204, request message is decoded.
The first request message hooked up and the second request message are decoded using decimal system decoding process respectively.
Step S206, judge whether successfully decoded is distinguished to the first request message and the second request message.
According to judgement, decimal system decoding process successfully decoded is used to the first request message, performs step as shown in Figure 2
S208.To the second request message using the decoding failure of decimal system decoding process, step S204 is repeated to the second request message.
When repeating, the second request message is decoded using hex decoding mode, until being decoded to the second request message
It is successful, after successfully decoded, perform step S208.
Step S208, the original character string of request message is obtained.
After being decoded to the first request message and the second request message, the first request message and are obtained respectively
Original character string corresponding to two request messages.
Step S210, original character string is matched.
The original character string of the first request message and the second request message is matched respectively, obtains matching result.
Step S212, determine whether the first request message and the second request message are attack operation according to matching result.
Specifically, in this example, determine that the first request message is not the attack operation that coding bypasses according to matching result, perform
Step S216.Second request message is determined to encode the attack operation bypassed according to matching result, performs step S214.
Step S214, interception request message, flow terminate.
After determining the attack operation that request message bypasses for coding, interception request message.
Step S216, clearance request message, flow terminate.
It is not clearance request message after the attack operation that coding bypasses to determine request message.
The method that a pair of interception codings of embodiment shown in Fig. 2 bypass is described.Such as the step S206 institutes in Fig. 2
Show, after carrying out decimal system decoding to the second request message, if decoding failure, be continuing with hex decoding mode to this
Two request messages are decoded.Fig. 3 shows the process decoded to second request message.That is, now with embodiment one
The process decoded to the second request message carries out example, to the decoding process provided in an embodiment of the present invention to request message
Illustrate.
Embodiment two
Fig. 3 shows the process chart decoded to request message in accordance with a preferred embodiment of the present invention.Ginseng
See Fig. 3, the flow comprises at least step S302 to step S316.
Step S302, on the Website server of user, the second request message of user's input is hooked up.
Step S304, the second request message is formatted using the decimal system.
Decoding trial is carried out to the second request message hooked up, i.e. request message is entered according to decimal system decoding process
Formatting lines, increase branch after each decimal value.Carried in the method that interception coding according to embodiments of the present invention bypasses
And original character string form, the character string included in request message may carry branch, it is also possible in the absence of branch.Cause
This, in this step, request message is formatted, and ensures that the original character string after decoding carries branch.Such as:
By " &#00106 " format after, be converted to " &#00106;”.
Step S306, decimal system decoding is carried out to the second request message.
Specifically, search and encoded corresponding to each metric numerical value, generate decoding text.
Step S308, judge whether decimal system decoding succeeds.If success, performing step S316, if failure, step is performed
S310。
In this example, decimal system decoding failure is such as carried out to the second request message to the explanation of step S206 in Fig. 2 above,
Then continue executing with step S310.
Step S310, lower case format is carried out to the second request message.
Before being formatted according to hex decoding mode to the second request message, all upper case characters are changed
For lowercase.Such as:
By " &#*00106A " be converted to " &#*00106a ".
Step S312, the second request message is formatted according to hexadecimal, increased after each hexadecimal values
Bonus point number.The form of the original character string referred in the method that interception coding according to embodiments of the present invention bypasses, disappears in request
The character string included in breath may carry branch, it is also possible in the absence of branch.Therefore, in this step, request message is subjected to lattice
Formula, ensure that the original character string after decoding carries branch.Such as:
By " &#*00106A " be converted to " &#*00106a;”.
Step S314, hex decoding is carried out to the second request message.
Search and encoded corresponding to each hexadecimal data, generate decoding text.
Step S316, the original character string in the second request message is obtained, flow terminates.
The method that the interception coding provided based on each preferred embodiment above is bypassed, based on same inventive concept, the present invention
Embodiment provides a kind of equipment for intercepting coding and bypassing, the method bypassed for realizing above-mentioned interception coding.
Fig. 4 shows the structural representation according to an embodiment of the invention for intercepting the equipment that coding bypasses.Referring to figure
4, the equipment that the interception coding of the embodiment of the present invention bypasses comprises at least:Hooking device 410, decoder 420, adaptation 430, intercept
Device 440, clearance device 450.
Now introduce the function and each several part of each device or composition that intercept the equipment that coding bypasses of the embodiment of the present invention
Between annexation:
Hooking device 410, it is configured to hook up the request message of HOOK user's input.
Decoder 420, it is coupled with hooking device 410, is configured to decode request message, obtains the original of request message
Beginning character string.
Adaptation 430, couple, be configured to original character respectively with encoder 420, blocker 440 and clearance device 450
String is matched, and determines whether it is the attack operation that coding bypasses.
Blocker 440, it is coupled, is configured to if so, then intercepting the request message with adaptation 430.
Clearance device 450, it is coupled, is configured to if it is not, the request message of then letting pass with adaptation 430.
In embodiments of the present invention, the request message of user's input can be hooked up, request message is decoded, and obtains
Matched to the original character string of request message, and then to original character string, and the request message is determined according to matching result
Whether it is attack operation, solves in the prior art to carry out character string position either after form or otherwise deformation,
Around effective the problem of intercepting.If matching result is yes, the request message is effectively intercepted, ensures client terminal system
Safety.If matching result is no, request message of letting pass, ensure that the request message of user's input being capable of normal operation.At this
In inventive embodiments, the request message of user's input is carried out decoding getter original character string, even if malice text can be ensured
Part or malicious requests are pretended by the change to character string, can not also pass through interception.There is provided according to embodiments of the present invention
The method that bypasses of interception coding, can ensure in the non-attacking request message of user's input on the premise of normal operation
Effectively intercept arbitrarily without pretend or by character string deformation etc. form camouflage attack operation, reach avoid malicious requests or
Person's malicious file carries out malicious attack to terminal system, further enhances the beneficial effect of the security of terminal system.Therefore, adopt
The method bypassed with interception coding provided in an embodiment of the present invention can avoid the information of terminal memory storage from losing or reveal, keep away
Exempt from software that terminal is either installed in terminal system or terminal etc. can not normal operation cause user study or work by
To harmful effect, ill effect of the property by security threat of user is even resulted in.
As shown in Figure 4, hooking device 410 hooks up the request message of (HOOK) user input, wherein, the request of user's input
Message can be the request message of arbitrary format.In the embodiment of the present invention, preferably the request message is URL request.URL request is
To the position of resource that can be obtained from internet and a kind of succinct expression of access method, also, it is every on internet
Individual file has a unique URL.Therefore, the request message that preferred URL request inputs as user in the embodiment of the present invention.
After hooking device 410 hooks up the request message of user's input, the decoder 420 being coupled with hooking device 410 is right
Request message is decoded, and obtains the original character string of request message., can be with when decoder 420 decodes to request message
Different decoding processes is taken to decode request message.Preferably, in the embodiment of the present invention, decoder 420 enters using ten
Decoding process processed is decoded to request message and/or request message is decoded using hex decoding mode.Wherein,
The decimal system is digital display circuit of the composition based on 10, is that a basic numeral forms by 0,1,2,3,4,5,6,7,8,9.16 enter
System is a kind of method for expressing of Computer Data.Hexadecimal is made up of 0-9, A-F, alphabetical case-insensitive.16 enter
System with metric corresponding relation is, the 0-9 in hexadecimal corresponds to the 0-9 in the decimal system, the A-F correspondences ten in hexadecimal
10-15 in senary.In addition to the decimal system and hexadecimal described above, the embodiment of the present invention can also use other
The N systems (such as octal system) that computer system can identify decode to request message, and the embodiment of the present invention is to this and is not added with
To limit.Wherein, N is positive integer.
When being decoded to request message, if decoder 420 is solved using decimal system decoding process to request message
Code, because the position of original character string or form etc. are deformed, can not determine to certainly exist branch in original character string, to protect
For card when being matched to original character string, the form of original character string is consistent, and then ensures the matching to original character string
Accuracy, the embodiment of the present invention are formatted according to decimal system decoding process to request message, after each decimal value
Increase branch.For example, by " &#00106 " format after, be converted to " &#00106;”.After formatting, each decimal system is searched
Encoded corresponding to numerical value, and generate coding text.Request message is decoded according to hex decoding mode, first,
By the capitalization lower in request message.For example, by " &#*00106A " be converted to " &#*00106a ".Its
It is secondary, also due to the position of original character string or form etc. are deformed, can not determine to certainly exist branch in original character string,
To ensure that the form of original character string is consistent when being matched to original character string, and then ensure to original character string
The accuracy matched somebody with somebody, the embodiment of the present invention are formatted according to hex decoding mode to request message, are entered each 16
Increase branch after numerical value processed.For example, by " &#*00106A " be converted to " &#*00106a;”.After formatting, each 16 are searched
Encoded corresponding to binary data, generate decoding text.
In the embodiment of the present invention, decoder 420 can be taken separated from decimal system decoding process or be taken separated from 16
System decoding process decodes to request message, can also be and request message is solved using decimal system decoding process first
Code, secondly, if decoding failure, continues to decode request message using hex decoding mode.Or use first
Hex decoding mode decodes to request message, secondly, if decoding failure, continues to use decimal system decoding process pair
Request message is decoded.The embodiment of the present invention is solved to decoding process, and using which kind of decoding process to request message
The sequencing of code is not limited.Decimal system decoding process and hex decoding mode are conventional decoding process.
Wherein, more calculated using decimal system numeration is either shown or other associative operations in practice.It is therefore preferred that
In this law inventive embodiments, decoder 420 is decoded using decimal system decoding process to request message, if decoding failure,
Continue to decode request message using hex decoding mode.When can be by decimal system decoding process to request message
Decoded, then the preferred decimal system decoding process of decoder 420, avoid entering request message using excessively complicated decoding process
Row decoding, causes the cumbersome of operation.Fail when being decoded by decimal system decoding process to request message, then decoder 420 continues
Request message is decoded using hex decoding mode, avoids not decoding request message by the decimal system
When, request message can not be decoded, coding can not be intercepted by, which causing, bypasses, and malicious file threatens the ill effect of user device system.
After decoder 420 decodes to request message, the original character string in request message can be obtained.The present invention
In embodiment, original character string can be any form of character string, including:The character string of part capital and small letter conversion, part ten
Character string with branch after scale coding conversion, enter after part decimal coded conversion without the character string of branch, part 16
Without original words such as the character strings of branch after the character string with branch and part hexadecimal code are changed after code conversion processed
Accord with least one string form.To illustrate and must be more clearly understood above-mentioned original character form, now to above-mentioned several original characters
String form is illustrated:
The character string of part capital and small letter conversion:
http://localhost/info_Show.aspClassId=1&InfoId=17<Ahref=
JAvaScript:a lert(12345)>TEST</a>
Character string with branch after the decimal coded conversion of part:
http://localhost/info_Show.aspClassId=1&InfoId=17<Ahref=%26%
2300106%3BAvaScript:alert(12345)>TEST</a>
Without the character string of branch after the decimal coded conversion of part:
http://localhost/info_Show.aspClassId=1&InfoId=17<Ahref=%26%
2300106AvaScript:alert(12345)>TEST</a>
More above-mentioned " character string with branch after part decimal coded conversion " and " after part decimal coded conversion
Without the character string of branch ", it can be found that in " character string with branch after part decimal coded conversion ", in " %26%
After 2300106 ", character " %3B " be present.The character through the decimal system after changing into branch.The embodiment of the present invention is according to word
The different distortion for according with string carries out corresponding decoding to request message, can effectively avoid carrying out character string the change of position or form
The attack operation of change is around interception.
Character string with branch after the hexadecimal code conversion of part:
http://localhost/info_Show.aspClassId=1&InfoId=17<Ahref=%26%
23x006A%3BAvaScript:alert(12345)>TEST</a>
Without the character string of branch after the hexadecimal code conversion of part:
http://localhost/info_Show.aspClassId=1&InfoId=17<Ahref=%26%
23x006AAvaScript:alert(12345)>TEST</a>
More above-mentioned " character string with branch after the conversion of part hexadecimal code " and " part hexadecimal code turns
Without the character string of branch after changing ", it can be found that in " character string with branch after the conversion of part hexadecimal code ", in " %
After 26%23x006A ", character " %3B " be present.The character through hexadecimal after changing into branch.The embodiment of the present invention
Corresponding decoding is carried out to request message according to the different distortion of character string, can effectively avoid carrying out position or shape to character string
The attack operation of the change of formula is around interception.
As described above, decoder 420 is decoded the position of the original character string deformation got afterwards to request message
Put varied (in such as character string capital and small letter change position), the form of deformation it is varied (in such as character string whether band point
Number, character string be decimal coded or hexadecimal code etc.).These diversity cause some malicious files can be by structure
Make as particular request, and then by the interception to malicious file, terminal system etc. is threatened.In the embodiment of the present invention, solution
Code device 420 can be decoded by rational decoding process to request message, get the original character string of request message, and
Original character string is matched by adaptation 430, original character string matched with the character string in intrusion feature database, really
Whether the fixed original character string is to encode the attack operation bypassed.If encoding the attack operation bypassed, then adaptation 430 triggers
Blocker 440 intercepts the request message, protects the security of terminal system, if it is not, then the triggering of adaptation 430 is put and put in week 450
Row request message.The method provided in an embodiment of the present invention for intercepting coding and bypassing, can be identified by the special of deformation structure please
Message is sought, and decodes it and gets original character string, and then original character string is matched, whether judges the request message
For intercept attack, strengthen the protection to terminal system, improve the security of terminal system, improve Consumer's Experience.
According to the combination of any one above-mentioned preferred embodiment or multiple preferred embodiments, the embodiment of the present invention can reach
Following beneficial effect:
In embodiments of the present invention, the request message of user's input can be hooked up, request message is decoded, and obtains
Matched to the original character string of request message, and then to original character string, and the request message is determined according to matching result
Whether it is attack operation, solves in the prior art to carry out character string position either after form or otherwise deformation,
Around effective the problem of intercepting.If matching result is yes, the request message is effectively intercepted, ensures client terminal system
Safety.If matching result is no, request message of letting pass, ensure that the request message of user's input being capable of normal operation.At this
In inventive embodiments, the request message of user's input is carried out decoding getter original character string, even if malice text can be ensured
Part or malicious requests are pretended by the change to character string, can not also pass through interception.There is provided according to embodiments of the present invention
The method that bypasses of interception coding, can ensure in the non-attacking request message of user's input on the premise of normal operation
Effectively intercept arbitrarily without pretend or by character string deformation etc. form camouflage attack operation, reach avoid malicious requests or
Person's malicious file carries out malicious attack to terminal system, further enhances the beneficial effect of the security of terminal system.Therefore, adopt
The method bypassed with interception coding provided in an embodiment of the present invention can avoid the information of terminal memory storage from losing or reveal, keep away
Exempt from software that terminal is either installed in terminal system or terminal etc. can not normal operation cause user study or work by
To harmful effect, ill effect of the property by security threat of user is even resulted in.
Embodiment of the invention discloses that:
A1, a kind of method for intercepting coding and bypassing, including:
Hook up the request message of (HOOK) user input;
The request message is decoded, obtains the original character string of the request message;
The original character string is matched, determines whether it is the attack operation that coding bypasses;
If so, then intercept the request message;
If it is not, the request message of then letting pass.
A2, the method according to A1, wherein, the request message is decoded, including:
The request message is decoded using different decoding processes successively, until successfully decoded.
A3, the method according to A2, wherein, the request message is solved using different decoding processes successively
Code, including:
The request message is decoded using decimal system decoding process;And/or
The request message is decoded using hex decoding mode.
A4, the method according to A3, wherein, the request message is decoded using decimal system decoding process, wrapped
Include:
The request message is formatted according to the decimal system decoding process, increased after each decimal value
Branch;
Search and encoded corresponding to each metric numerical value, generate decoding text.
A5, the method according to A3, wherein, the request message is decoded using hex decoding mode,
Including:
The request message is formatted according to the hex decoding mode, after each hexadecimal values
Increase branch;
Search and encoded corresponding to each hexadecimal data, generate decoding text.
A6, the method according to A5, wherein, lattice are carried out to the request message according to the hex decoding mode
Before formula, in addition to:By all capitalization lowers.
A7, the method according to A3 to any one of A6, wherein, the request is disappeared using different decoding processes successively
Breath is decoded, including:
The request message is decoded using decimal system decoding process;
If decoding failure, continues to decode the request message using hex decoding mode.
A8, the method according to A1 to any one of A7, wherein, described encode asks to disappear corresponding to the attack operation bypassed
The original character string form of breath includes at least one following:
The character string of part capital and small letter conversion;
Decimal coded with branch after partial character string;
Without the decimal coded of branch after partial character string;
Hexadecimal code with branch after partial character string;
Without the hexadecimal code of branch after partial character string.
A9, the method according to A1 to any one of A8, wherein, the request message includes uniform resource position mark URL
Request.
The embodiment of the present invention additionally provides B10, a kind of equipment for intercepting coding and bypassing, including:
Hooking device, it is configured to hook up the request message of (HOOK) user input;
Decoder, it is configured to decode the request message, obtains the original character string of the request message;
Adaptation, it is configured to match the original character string, determines whether it is the attack operation that coding bypasses;
Blocker, it is configured to if so, then intercepting the request message;
Clearance device, it is configured to if it is not, the request message of then letting pass.
B11, the equipment according to B10, wherein, the decoder is additionally configured to use different decoding processes pair successively
The request message is decoded, until successfully decoded.
B12, the equipment according to B11, wherein, the decoder is additionally configured to using decimal system decoding process to described
Request message is decoded;And/or the request message is decoded using hex decoding mode.
B13, the equipment according to B12, wherein, the decoder is additionally configured to using decimal system decoding process to described
Request message is decoded;If decoding failure, continues to decode the request message using hex decoding mode.
In the specification that this place provides, numerous specific details are set forth.It is to be appreciated, however, that the implementation of the present invention
Example can be put into practice in the case of these no details.In some instances, known method, structure is not been shown in detail
And technology, so as not to obscure the understanding of this description.
Similarly, it will be appreciated that in order to simplify the disclosure and help to understand one or more of each inventive aspect,
Above in the description to the exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes
In example, figure or descriptions thereof.However, the method for the disclosure should be construed to reflect following intention:I.e. required guarantor
The application claims of shield features more more than the feature being expressly recited in each claim.It is more precisely, such as following
Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore,
Thus the claims for following embodiment are expressly incorporated in the embodiment, wherein each claim is in itself
Separate embodiments all as the present invention.
Those skilled in the art, which are appreciated that, to be carried out adaptively to the module in the equipment in embodiment
Change and they are arranged in one or more equipment different from the embodiment.Can be the module or list in embodiment
Member or component be combined into a module or unit or component, and can be divided into addition multiple submodule or subelement or
Sub-component.In addition at least some in such feature and/or process or unit exclude each other, it can use any
Combination is disclosed to all features disclosed in this specification (including adjoint claim, summary and accompanying drawing) and so to appoint
Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification (including adjoint power
Profit requires, summary and accompanying drawing) disclosed in each feature can be by providing the alternative features of identical, equivalent or similar purpose come generation
Replace.
In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments
In included some features rather than further feature, but the combination of the feature of different embodiments means in of the invention
Within the scope of and form different embodiments.For example, in detail in the claims, embodiment claimed it is one of any
Mode it can use in any combination.
The all parts embodiment of the present invention can be realized with hardware, or to be run on one or more processor
Software module realize, or realized with combinations thereof.It will be understood by those of skill in the art that it can use in practice
Microprocessor or digital signal processor (DSP) are realized in equipment that interception coding according to embodiments of the present invention bypasses
The some or all functions of some or all parts.The present invention is also implemented as being used to perform method as described herein
Some or all equipment or program of device (for example, computer program and computer program product).Such reality
The program of the existing present invention can store on a computer-readable medium, or can have the form of one or more signal.
Such signal can be downloaded from internet website and obtained, and either be provided or in the form of any other on carrier signal
There is provided.
It should be noted that the present invention will be described rather than limits the invention for above-described embodiment, and ability
Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims,
Any reference symbol between bracket should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not
Element or step listed in the claims.Word "a" or "an" before element does not exclude the presence of multiple such
Element.The present invention can be by means of including the hardware of some different elements and being come by means of properly programmed computer real
It is existing.In if the unit claim of equipment for drying is listed, several in these devices can be by same hardware branch
To embody.The use of word first, second, and third does not indicate that any order.These words can be explained and run after fame
Claim.
So far, although those skilled in the art will appreciate that detailed herein have shown and described multiple showing for the present invention
Example property embodiment, still, still can be direct according to present disclosure without departing from the spirit and scope of the present invention
It is determined that or derive many other variations or modifications for meeting the principle of the invention.Therefore, the scope of the present invention is understood that and recognized
It is set to and covers other all these variations or modifications.
Claims (10)
1. a kind of method for intercepting coding and bypassing, including:
Hook up the request message of (HOOK) user input;
The request message is decoded, obtains the original character string of the request message;
The original character string is matched, determines whether it is the attack operation that coding bypasses;
If so, then intercept the request message;
If it is not, the request message of then letting pass.
2. according to the method for claim 1, wherein, the request message is decoded, including:
The request message is decoded using different decoding processes successively, until successfully decoded.
3. according to the method for claim 2, wherein, the request message is solved using different decoding processes successively
Code, including:
The request message is decoded using decimal system decoding process;And/or
The request message is decoded using hex decoding mode.
4. according to the method for claim 3, wherein, the request message is decoded using decimal system decoding process,
Including:
The request message is formatted according to the decimal system decoding process, the increase point after each decimal value
Number;
Search and encoded corresponding to each metric numerical value, generate decoding text.
5. according to the method for claim 3, wherein, the request message is solved using hex decoding mode
Code, including:
The request message is formatted according to the hex decoding mode, increased after each hexadecimal values
Branch;
Search and encoded corresponding to each hexadecimal data, generate decoding text.
6. according to the method for claim 5, wherein, the request message is carried out according to the hex decoding mode
Before formatting, in addition to:By all capitalization lowers.
7. according to the method described in any one of claim 3 to 6, wherein, successively using different decoding processes to the request
Message is decoded, including:
The request message is decoded using decimal system decoding process;
If decoding failure, continues to decode the request message using hex decoding mode.
8. according to the method described in any one of claim 1 to 7, wherein, described encode is asked corresponding to the attack operation bypassed
The original character string form of message includes at least one following:
The character string of part capital and small letter conversion;
Decimal coded with branch after partial character string;
Without the decimal coded of branch after partial character string;
Hexadecimal code with branch after partial character string;
Without the hexadecimal code of branch after partial character string.
9. according to the method described in any one of claim 1 to 8, wherein, the request message includes uniform resource position mark URL
Request.
10. a kind of equipment for intercepting coding and bypassing, including:
Hooking device, it is configured to hook up the request message of (HOOK) user input;
Decoder, it is configured to decode the request message, obtains the original character string of the request message;
Adaptation, it is configured to match the original character string, determines whether it is the attack operation that coding bypasses;
Blocker, it is configured to if so, then intercepting the request message;
Clearance device, it is configured to if it is not, the request message of then letting pass.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710677344.XA CN107577941B (en) | 2013-12-20 | 2013-12-20 | Method and equipment for intercepting code bypass |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710677344.XA CN107577941B (en) | 2013-12-20 | 2013-12-20 | Method and equipment for intercepting code bypass |
| CN201310712429.9A CN103699841B (en) | 2013-12-20 | 2013-12-20 | Intercept the method and apparatus that coding is bypassed |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310712429.9A Division CN103699841B (en) | 2013-12-20 | 2013-12-20 | Intercept the method and apparatus that coding is bypassed |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107577941A true CN107577941A (en) | 2018-01-12 |
| CN107577941B CN107577941B (en) | 2020-08-28 |
Family
ID=50361365
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710677344.XA Active CN107577941B (en) | 2013-12-20 | 2013-12-20 | Method and equipment for intercepting code bypass |
| CN201310712429.9A Active CN103699841B (en) | 2013-12-20 | 2013-12-20 | Intercept the method and apparatus that coding is bypassed |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310712429.9A Active CN103699841B (en) | 2013-12-20 | 2013-12-20 | Intercept the method and apparatus that coding is bypassed |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN107577941B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108108267B (en) * | 2016-11-25 | 2021-06-22 | 北京国双科技有限公司 | Data recovery method and device |
| CN107154938A (en) * | 2017-05-05 | 2017-09-12 | 北京奇虎科技有限公司 | The safety detection method and safety detection device of coding information |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102508674A (en) * | 2011-12-02 | 2012-06-20 | 方正国际软件有限公司 | Method based on JSON (javascript serialized object notation) for passing object-oriented parameters and system |
| US8252727B2 (en) * | 1999-11-03 | 2012-08-28 | Maxygen, Inc. | Antibody diversity generation |
| CN102930211A (en) * | 2012-11-07 | 2013-02-13 | 北京奇虎科技有限公司 | Method for intercepting malicious URLs in multi-kernel browser and multi-kernel browser |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101901221B (en) * | 2009-05-27 | 2012-08-29 | 北京启明星辰信息技术股份有限公司 | Method and device for detecting cross site scripting |
| CN103207877B (en) * | 2012-01-17 | 2016-12-14 | 阿里巴巴集团控股有限公司 | Coding/decoding method and device |
| CN103092922B (en) * | 2012-12-28 | 2018-04-10 | 国家计算机网络与信息安全管理中心 | A kind of automatic decoding method for after the URL codings containing spcial character |
-
2013
- 2013-12-20 CN CN201710677344.XA patent/CN107577941B/en active Active
- 2013-12-20 CN CN201310712429.9A patent/CN103699841B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8252727B2 (en) * | 1999-11-03 | 2012-08-28 | Maxygen, Inc. | Antibody diversity generation |
| CN102508674A (en) * | 2011-12-02 | 2012-06-20 | 方正国际软件有限公司 | Method based on JSON (javascript serialized object notation) for passing object-oriented parameters and system |
| CN102930211A (en) * | 2012-11-07 | 2013-02-13 | 北京奇虎科技有限公司 | Method for intercepting malicious URLs in multi-kernel browser and multi-kernel browser |
Non-Patent Citations (2)
| Title |
|---|
| 周敬利等: "基于Apache的web应用安全防护研究", 《计算机工程与科学》 * |
| 王宇: "Web应用防火墙的设计与实现", 《中国优秀硕士学位论文全文数据库》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103699841B (en) | 2017-08-25 |
| CN103699841A (en) | 2014-04-02 |
| CN107577941B (en) | 2020-08-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11593484B2 (en) | Proactive browser content analysis | |
| CN107426202B (en) | Method for automatically testing WAF (Wireless Access Filter) interception rule | |
| CN106161479B (en) | A kind of coding attack detection method and device of the supported feature across packet | |
| CN103368957B (en) | Method and system that web page access behavior is processed, client, server | |
| CN107341399B (en) | Method and device for evaluating security of code file | |
| CN109766479B (en) | Data processing method and device, electronic equipment and storage medium | |
| CN106815524B (en) | Malicious script file detection method and device | |
| CN104115117A (en) | Automatic synthesis of unit tests for security testing | |
| US8490861B1 (en) | Systems and methods for providing security information about quick response codes | |
| WO2017219733A1 (en) | Method and device for responding to request | |
| CN109040097A (en) | A kind of defence method of cross-site scripting attack, device, equipment and storage medium | |
| CN104766013A (en) | Skip list based cross-site scripting attack defense method | |
| CN110851854A (en) | Image processing method and device for preventing information leakage | |
| CN103699841B (en) | Intercept the method and apparatus that coding is bypassed | |
| CN110417746A (en) | Cross-site scripting attack defence method, device, equipment and storage medium | |
| US20200153842A1 (en) | System and method for preventing a stegosploit attack | |
| CN110727576B (en) | Web page testing method, device, equipment and storage medium | |
| CN103577188B (en) | The method and device of defence cross-site scripting attack | |
| US8464343B1 (en) | Systems and methods for providing security information about quick response codes | |
| CN109660499B (en) | Attack interception method and device, computing equipment and storage medium | |
| CN112287349A (en) | Security vulnerability detection method and server | |
| CN112953957B (en) | Intrusion prevention method, system and related equipment | |
| CN106487771B (en) | Network behavior acquisition method and device | |
| CN109218284B (en) | XSS vulnerability detection method and device, computer equipment and readable medium | |
| CN113328982A (en) | Intrusion detection method, device, equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Applicant after: QAX Technology Group Inc. Address before: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Applicant before: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |