CN107948179A - Network payment monitoring method and system - Google Patents

Network payment monitoring method and system Download PDF

Info

Publication number
CN107948179A
CN107948179A CN201711270496.4A CN201711270496A CN107948179A CN 107948179 A CN107948179 A CN 107948179A CN 201711270496 A CN201711270496 A CN 201711270496A CN 107948179 A CN107948179 A CN 107948179A
Authority
CN
China
Prior art keywords
address
server
network
target data
payment request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711270496.4A
Other languages
Chinese (zh)
Other versions
CN107948179B (en
Inventor
赵殿乐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Knownsec Information Technology Co Ltd
Original Assignee
Beijing Knownsec Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Knownsec Information Technology Co Ltd filed Critical Beijing Knownsec Information Technology Co Ltd
Priority to CN201711270496.4A priority Critical patent/CN107948179B/en
Publication of CN107948179A publication Critical patent/CN107948179A/en
Application granted granted Critical
Publication of CN107948179B publication Critical patent/CN107948179B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/325Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention provides a kind of network payment monitoring method and system, method and is applied to system.System includes the detection device and server being in communication with each other, the output terminal electric connection of detection device and gateway device, and server is used to provide payment services.Method includes:Detection device obtains the data message of gateway device output, and whether the destination address for detecting the data message is default malice network address, if the first prompt message of output, to prompt the destination address of user's data message as malice network address;When detecting user in the access operational order inputted after receiving the first prompt message, detection device record includes the public network IP address of the data message and the target data of private network IP address and is sent to server;When receiving payment request, whether the public network IP address and private network IP address that judge the payment request match server with the target data, the pause response payment request in matching.

Description

Network payment monitoring method and system
Technical field
The present invention relates to network monitor technical field, in particular to a kind of network payment monitoring method and system.
Background technology
During user surfs the Internet, some malicious websites are may have access to, swindle, gambling are contained in these malicious websites The hostile contents such as rich, false sale.It may occur to turn by swindle in these malicious websites in the case where user does not discover The behaviors such as account, so that the property to user causes damages.
The content of the invention
In view of this, it is an object of the invention to provide a kind of network payment monitoring method and system, to improve above-mentioned ask Topic.
In order to achieve the above object, the embodiment of the present invention provides a kind of network payment monitoring method, applied to being in communication with each other Detection device and server, the output terminal of the detection device and gateway device is electrically connected, and the server is used to provide Payment services, the described method includes:
The detection device obtains the data message of the gateway device output, and detects the destination of the data message Whether location is default malice network address, if so, the first prompt message of output, to prompt the destination address of data message described in user For malice network address;
When detecting user in the access operational order inputted after receiving first prompt message, the detection is set Note includes the public network IP address of the data message and the target data of private network IP address and sends the target data To the server;
The server judges the public network IP address and private network IP address of the payment request when receiving payment request Whether matched with the target data, the pause response payment request in matching.
Alternatively, the server judges the public network IP address and private network IP address and the number of targets of the payment request According to whether matching, including:
Identify the public network IP address and private network IP address of the payment request;
With the presence or absence of the public network IP address for including the payment request in the target data that the whois lookup receives And the target data of private network IP address, if including judging public network IP address and private network IP address and the institute of the payment request State target data matching.
Alternatively, the target data further includes the subscriber identity information obtained according to the private network IP of the data message, The method further includes:
It is described when the public network IP address and private network IP address that the payment request includes are mismatched with the target data Server obtains the corresponding subscriber identity information of the payment request, and searches in the target data of record with the presence or absence of including institute The target data of subscriber identity information is stated, if in the presence of pause responds the payment request.
Alternatively, the target data further includes the term of validity of the target data;The method further includes:
The server deletes the target data for reaching the term of validity.
Alternatively, the method further includes:
The server exports the second prompt message, to prompt user described when pause responds the payment request Malicious websites were accessed in the term of validity;
When receiving access operational order associated with second prompt message input by user, the server is rung Answer the payment request.
The embodiment of the present invention also provides a kind of network payment monitoring method, applied to detection device and the detection device The first server of communication connection and the second server with first server communication connection, the detection device and net The output terminal for closing equipment is electrically connected, and the second server is used to provide payment services, the described method includes:
The detection device obtains the data message of the gateway device output, and detects the destination of the data message Whether location is default malice network address, if so, the first prompt message of output, to prompt the destination address of data message described in user For malice network address;
When detecting user in the access operational order inputted after receiving first prompt message, the detection is set Note includes the public network IP address of the data message and the target data of private network IP address and sends the target data To the first server;
The second server obtains the number of targets of current record in the first server when receiving payment request According to, and judge whether the public network IP address of the payment request and private network IP address match with the target data, in matching Pause responds the payment request.
Alternatively, the second server judges the public network IP address and private network IP address and the mesh of the payment request Whether mark data match, including:
Identify the public network IP address and private network IP address of the payment request;
Search in the target data got with the presence or absence of public network IP address and the private network IP for including the payment request The target data of location, if in the presence of judging the public network IP address and private network IP address and the target data of the payment request Matching.
Alternatively, the target data further includes the subscriber identity information obtained according to the private network IP of the data message, The method further includes:
It is described when the public network IP address and private network IP address that the payment request includes are mismatched with the target data Second server obtains the corresponding subscriber identity information of the payment request, and searches in the target data of record with the presence or absence of bag The target data of the subscriber identity information is included, if in the presence of pause responds the payment request.
The embodiment of the present invention also provides a kind of network payment monitoring system, including the detection device being in communication with each other and service Device, the output terminal of the detection device and gateway device are electrically connected, and the server is used to provide payment services;
The detection device, for obtaining the data message of the gateway device output, and detects the data message Whether destination address is default malice network address, if so, the first prompt message of output, to prompt the mesh of data message described in user Address be malice network address;
The detection device, is additionally operable to the access behaviour inputted after detecting that user is receiving first prompt message When instructing, record includes the public network IP address of the data message and the target data of private network IP address and by the number of targets According to being sent to the server;
The server, for when receiving payment request, judging the public network IP address and private network of the payment request Whether IP address matches with the target data, the pause response payment request in matching.
The embodiment of the present invention also provides a kind of network payment monitoring system, including detection device, leads to the detection device Believe the first server of connection and the second server with first server communication connection, the detection device and gateway The output terminal of equipment is electrically connected, and the second server is used to provide payment services;
The detection device, for obtaining the data message of the gateway device output, and detects the data message Whether destination address is default malice network address, if so, the first prompt message of output, to prompt the mesh of data message described in user Address be malice network address;
The detection device, is additionally operable to the access behaviour inputted after detecting that user is receiving first prompt message When instructing, record includes the public network IP address of the data message and the target data of private network IP address and by the number of targets According to being sent to the first server;
The second server, for when receiving payment request, obtaining current record in the first server Target data, and judge whether the public network IP address of the payment request and private network IP address match with the target data, Pause responds the payment request during matching.
In terms of existing technologies, the embodiment of the present invention has the advantages that:
The embodiment of the present invention provides a kind of network payment monitoring method and system, and it is defeated to obtain gateway device by detection device The data message gone out, and detect whether the destination address of data message got is default malice network address, if so, output the One prompt message, to prompt the destination address of user's data message as malice network address.When detect user receive this During the access operational order inputted after one prompt message, detection device records the public network IP address and private network for including the data message The target data is simultaneously sent to server by the target data of IP address.Server judges to pay when receiving payment request Whether the public network IP address and private network IP address of request match with the target data, the pause response payment request in matching.Such as This, can transfer accounts to avoid user in malicious websites by swindle.
Brief description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be to needed in the embodiment attached Figure is briefly described, it will be appreciated that the following drawings illustrate only certain embodiments of the present invention, therefore be not construed as pair The restriction of scope, for those of ordinary skill in the art, without creative efforts, can also be according to this A little attached drawings obtain other relevant attached drawings.
Fig. 1 is that a kind of network payment that first embodiment of the invention provides monitors system and gateway device and user terminal Interaction schematic diagram;
Fig. 2 is a kind of block diagram for detection device that first embodiment of the invention provides;
Fig. 3 is a kind of flow diagram for network payment monitoring method that first embodiment of the invention provides;
Fig. 4 is that a kind of network payment that second embodiment of the invention provides monitors system and gateway device and user terminal Interaction schematic diagram;
Fig. 5 is a kind of flow diagram for network payment monitoring method that second embodiment of the invention provides.
Icon:100 (400)-network payment monitoring system;110 (410)-detection device;111- memories;112- processing Device;113- communication units;120- servers;420- first servers;430- second servers;200- gateway devices;300- is used Family terminal.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, the technical solution in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is Part of the embodiment of the present invention, instead of all the embodiments.The present invention implementation being usually described and illustrated herein in the accompanying drawings The component of example can be arranged and designed with a variety of configurations.
Therefore, below the detailed description of the embodiment of the present invention to providing in the accompanying drawings be not intended to limit it is claimed The scope of the present invention, but be merely representative of the present invention selected embodiment.Based on the embodiments of the present invention, this area is common Technical staff's all other embodiments obtained without creative efforts, belong to the model that the present invention protects Enclose.
It should be noted that:Similar label and letter represents similar terms in following attached drawing, therefore, once a certain Xiang Yi It is defined, then it further need not be defined and explained in subsequent attached drawing in a attached drawing.
First embodiment
Fig. 1 is refer to, is network payment monitoring system 100, gateway device 200 and user's end provided in an embodiment of the present invention The interaction schematic diagram at end 300.The network payment monitoring system 100 includes the detection device 110 and server being in communication with each other 120。
Wherein, the output terminal of the detection device 110 and gateway device 200 is electrically connected, that is, the detection device 110 data messages got from the gateway device 200 be by NAT (Network Address Translation, Network address translation) message.
The input terminal of the user terminal 300 and gateway device 200 communicates to connect, in the present embodiment, can have one, Two or more user terminals 300 are communicated to connect with the gateway device 200, and the user terminal 300 can pass through The gateway device 200 sends datagram to public network.The detection device 110, which is used to obtain, passes through the gateway device 200 The data message sent to public network.
In the present embodiment, the server 120 is used to provide payment services, for example, the server 120 can be branch The corresponding server of the client such as Fu Bao, bank paying client.
As shown in Fig. 2, it is a kind of block diagram of detection device 110 provided in an embodiment of the present invention.The detection is set Standby 110 include memory 111, processor 112 and communication unit 113.
The memory 111, processor 112 and 113 each element of communication unit are directly or indirectly electrical between each other Connection, to realize the transmission of data or interaction.For example, these elements can pass through one or more communication bus or letter between each other Number line, which is realized, to be electrically connected.At least one and network payment provided in an embodiment of the present invention is stored with the memory 111 to supervise The corresponding function module of survey method.The processor 112 is used for when receiving execute instruction, performs in the memory 111 Executable module.Wherein, the memory 111 may be, but not limited to, random access memory (Random Access Memory, RAM), read-only storage (Read Only Memory, ROM), programmable read only memory (Programmable Read-Only Memory, PROM), erasable read-only memory (Erasable Programmable Read-Only Memory, EPROM), electricallyerasable ROM (EEROM) (Electric Erasable Programmable Read-Only Memory, EEPROM) etc..
The processor 112 is probably a kind of IC chip, has the disposal ability of signal.Above-mentioned processor can To be general processor, including central processing unit (Central Processing Unit, CPU), network processing unit (Network Processor, NP) etc.;Can also be digital signal processor (DSP)), application-specific integrated circuit (ASIC), field programmable gate Array (FPGA) either other programmable logic device, discrete gate or transistor logic, discrete hardware components.Can be real Now or perform the embodiment of the present invention in disclosed each method, step and logic diagram.General processor can be microprocessor Device or the processor can also be any conventional processors etc..
The communication unit 113 is used to establish the communication connection with the server 120, to realize and the server 120 data interaction.
It should be appreciated that in the present embodiment, the structure shown in Fig. 2 is only to illustrate.The detection device can also have than More or less component shown in Fig. 2, or there is the configuration different from shown in Fig. 2.In addition, each component shown in Fig. 2 can Realized in the form of software, hardware or its combination.
In the present embodiment, connection relation and the detection between the server 120 includes component and each component Equipment 110 is similar, and details are not described herein.
Study and find through inventor, in practical applications, since the method for existing identification malicious websites has inaccuracy Place, thus, to user carry out malicious websites prompting while be provided to user continue access passage.And user Once continue to access, it is possible to swindled, so as to carry out corresponding bank transfer, caused damages.
In view of the above-mentioned problems, inventor's design limits the payment behavior for accessing the user of malicious websites, so as to keep away Exempt from the user to be swindled.
Fig. 3 is refer to, is a kind of flow diagram of network payment monitoring method provided in an embodiment of the present invention, the net Network pays the network payment that monitoring method is applied to shown in Fig. 1 and monitors system 100.
Step S110, the detection device 110 obtain the data message that the gateway device 200 exports, and described in detection Whether the destination address of data message is default malice network address, if so, the first prompt message of output, to prompt number described in user Destination address according to message is malice network address.
In the present embodiment, the data message that the gateway device 200 exports is the message by NAT, that is, gateway is set Standby 200 by private network IP (Internet Protocol) address conversions of the data message received into corresponding public network IP address, So that the data message can be sent in public network.
In the present embodiment, the default malice network address refers to default malice URL (Uniform Resource Locator) address.Alternatively, when the detection device 110 starts, malice URL storehouses can be downloaded from corresponding high in the clouds, and Malice URL storehouses that can be in real time with the high in the clouds synchronize.Wherein, the malice URL storehouses are with including multiple malice URL Location.
During implementation, the destination address that the detection device 110 detects the data message whether there is in the malice URL In storehouse, if, it is determined that the destination address of the data message is malice network address, and exports the first prompt message.
Alternatively, in the present embodiment, the detection device 110 can export the first prompting letter as follows Breath:
The destination address of the data message is redirected to default malice and reminds the page.
In detail, the detection device 110 can be by http protocol 302 by the destination address weight of the data message It is directed to the malice and reminds the page, so that the user terminal 300 for sending the data message jumps to the malice and reminds page Face.
In the present embodiment, the malice, which is reminded, can show on the page just like " website that you access is malicious websites " etc. Signal language, chooses whether to continue the option-tag accessed in addition, the malice reminds to show on the page for user.When When user selects the malice to remind the label of " continuing to access " on the page, the user terminal 300 of the user is to the detection Equipment send with the malice remind the associated access operational order of the page, namely with the associated access of the first prompt message Operational order.
Step S120, when receiving access operational order associated with first prompt message input by user, institute Stating the record of detection device 110 includes the public network IP address of the data message and the target data of private network IP address and by the mesh Mark data sending gives the server 120.
In the present embodiment, when user is selecting to continue to access corresponding malice network address after receiving the first prompt message, The payment behavior of the user is limited.
During implementation, the detection device 110 obtains the public network IP address and private network IP address of the data message, record bag Include the target data of the public network IP address and private network IP address and the target data is sent to the server 120. In the present embodiment, since the detection device 110 is connected to the output terminal of the gateway device 200, thus, the detection device 110 can get the public network IP address of the data message.
Study and find through inventor, existing detection method or equipment be typically directly by the identity information of user (e.g., Identity card, cell-phone number etc.) identify a user, however, and can all carry the identity of user in not all data message Information, therefore, the situation for having inaccuracy often occur.
Therefore in the present embodiment, inventor's design passes through public network IP address and private network IP address of the user during online To uniquely identify a user.Inventor's analysis finds that user is during online, if having been dispensed into public network IP address And private network IP address, then in a short time, its public network IP address and private network IP address will not change.Also, in same local In net, the private network IP address of each user will not must repeat, therefore, it is possible to the group by public network IP address and private network IP address Close to uniquely identify a user.
Step S130, the server 120 judge the public network IP address of the payment request when receiving payment request And whether private network IP address matches with the target data, the pause response payment request in matching.
In the present embodiment, the target data refers to the target data that the server 120 records.
The server 120 docks received payment request and is monitored, if the public network IP of the payment request received Location and private network IP address are matched with any one in the target data recorded, then pause responds the payment request.
Inventor further study show that, in practical applications, the NAT mechanism of a few devices business can cause the equipment vendor It is different from the public network IP for accessing payment mechanism that user accesses malice URL network address, so as to can not pass through private network IP address or public network IP The combination identification user of address.Thus, in this situation, in the step S130, judge the public network IP of the payment request The step of whether address and private network IP address match with the target data, can include following sub-step:
Identify the public network IP address and private network IP address of the payment request;
The server 120 is searched in the target data received with the presence or absence of the public network IP for including the payment request Location and the target data of private network IP address, if including, judge the payment request public network IP address and private network IP address with The target data matching.
For the user of a few devices business, due to its payment request and the public network for the request for accessing malice URL network address IP address and private network IP address are originally different, its payment request can not necessarily match with target data.In this situation, institute State target data and further include the subscriber identity information obtained according to the private network IP of the data message, the method can also include Following steps:
It is described when the public network IP address and private network IP address that the payment request includes are mismatched with the target data Server 120 obtains the corresponding subscriber identity information of the payment request, and searches in the target data of record with the presence or absence of bag The target data of the subscriber identity information is included, if in the presence of pause responds the payment request.
By above-mentioned design, the network payment behavior of most of user can be monitored, so as to avoid the big portion User is divided to transfer accounts by swindle.
Alternatively, in the present embodiment, in order to avoid to user pay limitations affect to the user in other normal websites Payment behavior, can be the target data set the term of validity.That is, the target data further includes the target data The term of validity.Correspondingly, in the present embodiment, the method can also include the following steps:
The server 120 deletes the target data for reaching the term of validity in the target data of record.
Alternatively, inventor it has been investigated that, in practical applications, it is understood that there may be malicious websites erroneous judgement situation, and, In some cases, although the website that user accesses is malicious websites, the payment behavior of user is not to be subject to swindle 's.For said circumstances, the method can also include the following steps:
The server 120 exports the second prompt message, to prompt user in institute when pause responds the payment request State and malicious websites were accessed in the term of validity;
When receiving access operational order associated with second prompt message input by user, the server The 120 response payment requests.
In the present embodiment, can include choosing whether to continue the option mark accessed for user in second prompt message Label, when user clicks on the option-tag for wherein " continuing to access ", the corresponding user terminal 300 of the user can be to the server 120 send and the associated access operational order of second prompt message.
By above-mentioned design, in malicious websites swindle can be subject to transfer accounts to avoid user, so as to cause any property loss.
Second embodiment
As shown in figure 4, be a kind of network payment monitoring system 400 provided in an embodiment of the present invention with gateway device 200 and The interaction schematic diagram of user terminal 300, the system comprises detection device 410, with the detection device 410 communication connection One server 420 and the second server 430 with the first server 420 communication connection.
Wherein, the output terminal of the detection device 410 and the gateway device 200 is electrically connected, the second server 430 are used to provide payment services, and in the present embodiment, the second server 430 is equivalent to the server in first embodiment 120。
In the present embodiment, shown in the detection device 410, first server 420 and second server 430 and Fig. 2 Detection device 110 included by component and each component between connection relation it is similar, details are not described herein.
The present embodiment is substantially similar with first embodiment, its difference is, in the present embodiment, the network payment prison Examining system 400 includes being used to store the first server 420 of target data, thus, the detection device 410 is by the target of record Data sending is obtained to first server 420, the second server 430 when receiving payment request from first server 420 Take target data.
As shown in figure 5, it is a kind of network applied to the monitoring system 400 of network payment shown in Fig. 4 provided in this embodiment Pay monitoring method.The specific steps and flow of method shown in Fig. 5 are elaborated below.
Step S210, the detection device 410 obtain the data message that the gateway device 200 exports, and described in detection Whether the destination address of data message is default malice network address, if so, the first prompt message of output, to prompt number described in user Destination address according to message is malice network address.
Step S220, when receiving access operational order associated with first prompt message input by user, institute Stating the record of detection device 410 includes the public network IP address of the data message and the target data of private network IP address and by the mesh Mark data sending gives the first server 420.
Step S230, the second server 430 are obtained in the first server 430 when receiving payment request The target data of current record, and judge that the public network IP address of the payment request and private network IP address are with the target data No matching, the pause response payment request in matching.
Wherein, in step S230, the second server 430 judges the public network IP address and private network IP of the payment request The step of whether address matches with the target data, can include following sub-step:
Identify the public network IP address and private network IP address of the payment request;
Search in the target data got with the presence or absence of public network IP address and the private network IP for including the payment request The target data of location, if in the presence of judging the public network IP address and private network IP address and the target data of the payment request Matching.
Alternatively, the target data further includes the subscriber identity information obtained according to the private network IP of the data message, The method can also include the following steps:
It is described when the public network IP address and private network IP address that the payment request includes are mismatched with the target data Whether second server 430 obtains the corresponding subscriber identity information of the payment request, and search in the target data of record and deposit Including the target data of the subscriber identity information, if in the presence of pause responds the payment request.
Alternatively, in the present embodiment, the target data further includes the term of validity of the target data.In this situation Under, the target data can also include the following steps:
The first server 420 deletes the target data for reaching the term of validity in the target data of record.
In conclusion a kind of network payment monitoring method provided in an embodiment of the present invention and system, pass through detection device 110 (410) data message that gateway device 200 exports is obtained, and whether the destination address for detecting the data message got is default Malice network address, if so, output the first prompt message, to prompt the destination address of user's data message as malice network address.When User is detected in the access operational order inputted after receiving first prompt message, detection device 110 (410) record bag Include the public network IP address of the data message and the target data of private network IP address and the target data is sent to server 120 (or first server 420).Server 120 (or second server 430) judges payment request when receiving payment request Whether public network IP address and private network IP address match with the target data, the pause response payment request in matching.In this way, can be with User is avoided to transfer accounts in malicious websites by swindle.
In embodiment provided herein, it should be understood that disclosed apparatus and method, can also be by other Mode realize.Device embodiment described above is only schematical, for example, the flow chart and block diagram in attached drawing are shown The device of multiple embodiments according to the present invention, the architectural framework in the cards of method and computer program product, function And operation.At this point, each square frame in flow chart or block diagram can represent one of a module, program segment or code Point, a part for the module, program segment or code includes one or more and is used for realization the executable of defined logic function Instruction.It should also be noted that at some as in the implementation replaced, the function of being marked in square frame can also be with different from attached The order marked in figure occurs.For example, two continuous square frames can essentially perform substantially in parallel, they also may be used sometimes To perform in the opposite order, this is depending on involved function.It is it is also noted that each in block diagram and/or flow chart The combination of square frame and the square frame in block diagram and/or flow chart, function or the dedicated of action can be based on as defined in execution The system of hardware is realized, or can be realized with the combination of specialized hardware and computer instruction.
In addition, each function module in each embodiment of the present invention can integrate to form an independent portion Point or modules individualism, can also two or more modules be integrated to form an independent part.
If the function is realized in the form of software function module and is used as independent production marketing or in use, can be with It is stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially in other words The part to contribute to the prior art or the part of the technical solution can be embodied in the form of software product, the meter Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be People's computer, server, or network equipment etc.) perform all or part of step of each embodiment the method for the present invention. And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only Memory), arbitrary access are deposited Reservoir (RAM, Random Access Memory), magnetic disc or CD etc. are various can be with the medium of store program codes.
It should be noted that herein, relational terms such as first and second and the like are used merely to a reality Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation In any this actual relation or order.Moreover, term " comprising ", "comprising" or its any other variant are intended to Non-exclusive inclusion, so that process, method, article or equipment including a series of elements not only will including those Element, but also including other elements that are not explicitly listed, or further include as this process, method, article or equipment Intrinsic key element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that Also there are other identical element in process, method, article or equipment including the key element.
The above description is merely a specific embodiment, but protection scope of the present invention is not limited thereto, any Those familiar with the art the invention discloses technical scope in, change or replacement can be readily occurred in, should all be contained Cover within protection scope of the present invention.Therefore, protection scope of the present invention answers the scope of the claims of being subject to.

Claims (10)

1. a kind of network payment monitoring method, it is characterised in that applied to the detection device and server being in communication with each other, the inspection The output terminal of measurement equipment and gateway device is electrically connected, and the server is used to provide payment services, the described method includes:
The detection device obtains the data message of the gateway device output, and the destination address for detecting the data message is No is default malice network address, if so, the first prompt message of output, to prompt the destination address of data message described in user as evil Meaning network address;
When receiving access operational order associated with first prompt message input by user, the detection device record The target data is simultaneously sent to described by the target data of public network IP address and private network IP address including the data message Server;
The server judges public network IP address and private network IP address and the institute of the payment request when receiving payment request State whether target data matches, the pause response payment request in matching.
2. according to the method described in claim 1, it is characterized in that, the server with judging the public network IP of the payment request Whether location and private network IP address match with the target data, including:
Identify the public network IP address and private network IP address of the payment request;
With the presence or absence of public network IP address and the private for including the payment request in the target data that the whois lookup receives The target data of net IP address, if including judging the public network IP address and private network IP address and the mesh of the payment request Mark Data Matching.
3. method according to claim 1 or 2, it is characterised in that the target data is further included according to the datagram The subscriber identity information that the private network IP of text is obtained, the method further include:
When the public network IP address and private network IP address that the payment request includes are mismatched with the target data, the service Device obtains the corresponding subscriber identity information of the payment request, and searches in the target data of record with the presence or absence of including the use The target data of family identity information, if in the presence of pause responds the payment request.
4. method according to claim 1 or 2, it is characterised in that the target data further includes the target data The term of validity;The method further includes:
The server deletes the target data for reaching the term of validity.
5. according to the method described in claim 4, it is characterized in that, the method further includes:
The server exports the second prompt message when pause responds the payment request, to prompt user described effective Malicious websites were accessed in phase;
When receiving access operational order associated with second prompt message input by user, the server responds institute State payment request.
6. a kind of network payment monitoring method, it is characterised in that communicated to connect applied to detection device, with the detection device First server and with the first server communication connection second server, the detection device and gateway device it is defeated Outlet is electrically connected, and the second server is used to provide payment services, the described method includes:
The detection device obtains the data message of the gateway device output, and the destination address for detecting the data message is No is default malice network address, if so, the first prompt message of output, to prompt the destination address of data message described in user as evil Meaning network address;
When receiving access operational order associated with first prompt message input by user, the detection device record The target data is simultaneously sent to described by the target data of public network IP address and private network IP address including the data message First server;
The second server obtains the target data of current record in the first server when receiving payment request, And judge whether the public network IP address of the payment request and private network IP address match with the target data, suspend in matching Respond the payment request.
7. according to the method described in claim 6, it is characterized in that, the second server judges the public network of the payment request Whether IP address and private network IP address match with the target data, including:
Identify the public network IP address and private network IP address of the payment request;
Search in the target data got with the presence or absence of the public network IP address and private network IP address for including the payment request Target data, if in the presence of the public network IP address and private network IP address for judging the payment request are matched with the target data.
8. the method according to claim 6 or 7, it is characterised in that the target data is further included according to the datagram The subscriber identity information that the private network IP of text is obtained, the method further include:
When the public network IP address and private network IP address that the payment request includes are mismatched with the target data, described second Server obtains the corresponding subscriber identity information of the payment request, and searches in the target data of record with the presence or absence of including institute The target data of subscriber identity information is stated, if in the presence of pause responds the payment request.
9. a kind of network payment monitors system, it is characterised in that including the detection device and server being in communication with each other, the detection The output terminal of equipment and gateway device is electrically connected, and the server is used to provide payment services;
The detection device, for obtaining the data message of the gateway device output, and detects the purpose of the data message Whether address is default malice network address, if so, the first prompt message of output, to prompt the destination of data message described in user Location is malice network address;
The detection device, is additionally operable to that the input by user and associated access operational order of first prompt message ought be received When, record includes the public network IP address of the data message and the target data of private network IP address and sends the target data To the server;
The server, for when receiving payment request, judging public network IP address and the private network IP of the payment request Whether location matches with the target data, the pause response payment request in matching.
10. a kind of network payment monitors system, it is characterised in that is communicated to connect including detection device, with the detection device First server and with the first server communication connection second server, the detection device and gateway device it is defeated Outlet is electrically connected, and the second server is used to provide payment services;
The detection device, for obtaining the data message of the gateway device output, and detects the purpose of the data message Whether address is default malice network address, if so, the first prompt message of output, to prompt the destination of data message described in user Location is malice network address;
The detection device, is additionally operable to that the input by user and associated access operational order of first prompt message ought be received When, record includes the public network IP address of the data message and the target data of private network IP address and sends the target data To the first server;
The second server, for when receiving payment request, obtaining the target of current record in the first server Data, and judge whether the public network IP address of the payment request and private network IP address match with the target data, matching When pause respond the payment request.
CN201711270496.4A 2017-12-05 2017-12-05 Network payment monitoring method and system Active CN107948179B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711270496.4A CN107948179B (en) 2017-12-05 2017-12-05 Network payment monitoring method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711270496.4A CN107948179B (en) 2017-12-05 2017-12-05 Network payment monitoring method and system

Publications (2)

Publication Number Publication Date
CN107948179A true CN107948179A (en) 2018-04-20
CN107948179B CN107948179B (en) 2020-09-18

Family

ID=61944815

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711270496.4A Active CN107948179B (en) 2017-12-05 2017-12-05 Network payment monitoring method and system

Country Status (1)

Country Link
CN (1) CN107948179B (en)

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102065573A (en) * 2010-12-28 2011-05-18 北京高信达通信技术有限公司福州分公司 WAP gateway agent service data processing method and server
CN102111417A (en) * 2011-03-01 2011-06-29 中国工商银行股份有限公司 Method, device, service and system for online banking data authentication
CN102402620A (en) * 2011-12-26 2012-04-04 余姚市供电局 Method and system for defending malicious webpage
CN102647417A (en) * 2012-03-31 2012-08-22 奇智软件(北京)有限公司 Method, device and system realizing network access and network system
CN102694772A (en) * 2011-03-23 2012-09-26 腾讯科技(深圳)有限公司 Apparatus, system and method for accessing internet web pages
CN102882886A (en) * 2012-10-17 2013-01-16 北京奇虎科技有限公司 Network terminal and method for presenting visited website associated information
CN102930211A (en) * 2012-11-07 2013-02-13 北京奇虎科技有限公司 Method for intercepting malicious URLs in multi-kernel browser and multi-kernel browser
CN103001856A (en) * 2012-12-05 2013-03-27 华为软件技术有限公司 Information sharing method and system and instant messaging (IM) client and server
US20150295951A1 (en) * 2012-12-24 2015-10-15 Tencent Technology (Shenzhen) Company Limited Method, server, and system for automatically rating reputation of a web site
CN106131016A (en) * 2016-07-13 2016-11-16 北京知道创宇信息技术有限公司 Maliciously URL detection interference method, system and device
CN106789980A (en) * 2016-12-07 2017-05-31 北京亚鸿世纪科技发展有限公司 A kind of monitoring administration method and device of website legitimacy

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102065573A (en) * 2010-12-28 2011-05-18 北京高信达通信技术有限公司福州分公司 WAP gateway agent service data processing method and server
CN102111417A (en) * 2011-03-01 2011-06-29 中国工商银行股份有限公司 Method, device, service and system for online banking data authentication
CN102694772A (en) * 2011-03-23 2012-09-26 腾讯科技(深圳)有限公司 Apparatus, system and method for accessing internet web pages
CN102402620A (en) * 2011-12-26 2012-04-04 余姚市供电局 Method and system for defending malicious webpage
CN102647417A (en) * 2012-03-31 2012-08-22 奇智软件(北京)有限公司 Method, device and system realizing network access and network system
CN102882886A (en) * 2012-10-17 2013-01-16 北京奇虎科技有限公司 Network terminal and method for presenting visited website associated information
CN102930211A (en) * 2012-11-07 2013-02-13 北京奇虎科技有限公司 Method for intercepting malicious URLs in multi-kernel browser and multi-kernel browser
CN103001856A (en) * 2012-12-05 2013-03-27 华为软件技术有限公司 Information sharing method and system and instant messaging (IM) client and server
US20150295951A1 (en) * 2012-12-24 2015-10-15 Tencent Technology (Shenzhen) Company Limited Method, server, and system for automatically rating reputation of a web site
CN106131016A (en) * 2016-07-13 2016-11-16 北京知道创宇信息技术有限公司 Maliciously URL detection interference method, system and device
CN106789980A (en) * 2016-12-07 2017-05-31 北京亚鸿世纪科技发展有限公司 A kind of monitoring administration method and device of website legitimacy

Also Published As

Publication number Publication date
CN107948179B (en) 2020-09-18

Similar Documents

Publication Publication Date Title
US20240061550A1 (en) Systems and methods for proactive analysis of artifacts associated with information resources
CN103875015B (en) Gathered using the multiple-factor identity fingerprint of user behavior
US8307431B2 (en) Method and apparatus for identifying phishing websites in network traffic using generated regular expressions
US8893286B1 (en) Systems and methods for preventing fraudulent activity associated with typo-squatting procedures
US20120151045A1 (en) System and method for improved detection and monitoring of online accounts
CN109039987A (en) A kind of user account login method, device, electronic equipment and storage medium
CN104935605B (en) The detection method of fishing website, apparatus and system
CN104239577A (en) Method and device for detecting authenticity of webpage data
US20160337378A1 (en) Method and apparatus for detecting security of online shopping environment
CN102710770A (en) Identification method for network access equipment and implementation system for identification method
CN107172064B (en) Data access control method and device and server
CN105897947B (en) The Network Access Method and device of mobile terminal
CN103491543A (en) Method for detecting malicious websites through wireless terminal, and wireless terminal
US8141150B1 (en) Method and apparatus for automatic identification of phishing sites from low-level network traffic
CN109889511B (en) Process DNS activity monitoring method, equipment and medium
CN105516192B (en) A kind of mail address is safe to identify control method and device
CN102255778A (en) Anti-hijacking domain name authorization monitoring system
Afroz et al. Exploring server-side blocking of regions
CN107395650A (en) Even method and device is returned based on sandbox detection file identification wooden horse
CN105515882B (en) Website security detection method and device
CN111225038B (en) Server access method and device
CN110995542B (en) Network state detection method, system and related equipment
CN115051867B (en) Illegal external connection behavior detection method and device, electronic equipment and medium
CN105450462A (en) On-line state monitoring method and system
US9904661B2 (en) Real-time agreement analysis

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: Room 311501, Unit 1, Building 5, Courtyard 1, Futong East Street, Chaoyang District, Beijing

Applicant after: Beijing Zhichuangyu Information Technology Co., Ltd.

Address before: Room 803, Jinwei Building, 55 Lanindichang South Road, Haidian District, Beijing

Applicant before: Beijing Knows Chuangyu Information Technology Co.,Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant