CN108540466A - Based on webpage tamper monitoring and alarming system - Google Patents

Based on webpage tamper monitoring and alarming system Download PDF

Info

Publication number
CN108540466A
CN108540466A CN201810277707.5A CN201810277707A CN108540466A CN 108540466 A CN108540466 A CN 108540466A CN 201810277707 A CN201810277707 A CN 201810277707A CN 108540466 A CN108540466 A CN 108540466A
Authority
CN
China
Prior art keywords
monitoring
module
configuration
field
alarming system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810277707.5A
Other languages
Chinese (zh)
Inventor
焦述鹏
高虎强
张永亮
侯越瀚
龚贞玉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
GANSU WANWEI INFORMATION TECHNOLOGY CO LTD
Original Assignee
GANSU WANWEI INFORMATION TECHNOLOGY CO LTD
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by GANSU WANWEI INFORMATION TECHNOLOGY CO LTD filed Critical GANSU WANWEI INFORMATION TECHNOLOGY CO LTD
Priority to CN201810277707.5A priority Critical patent/CN108540466A/en
Publication of CN108540466A publication Critical patent/CN108540466A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present invention relates to technical field of network security, are based particularly on webpage tamper monitoring and alarming system.Monitoring configuration is flexible, and configuration webpage summary info field is set as basic version, and monitoring web network paths abstract fields compare field increase and decrease with basic version;Special web page summary info field can be also set simultaneously and carry out early warning.It is carried out accurately identifying whether webpage information is distorted according to configuration field, does not increase additional running equipment and operating cost, realize Cybersecurity Operation.It makes a phone call or SMS alarm prompt administrator checks whether the network operation is safe, and administrator's timely processing network distorts situation.Monitoring module configures multiple web network paths, realizes that multiple spot website monitors simultaneously.This system is run on the server of java virtual machines, and system suitability is stronger and operating cost reduces.

Description

Based on webpage tamper monitoring and alarming system
Technical field
The present invention relates to technical field of network security, are based particularly on webpage tamper monitoring and alarming system.
Background technology
With the development of Internet technology, more and more criminals dislike normal website by Internet technology Meaning Tampering attack is made a very bad impression with carrying out illegally publicity and financial swindling etc., has even more aggravated the negative of website maintenance personnel Load.To mitigate the burden of maintenance personnel, network operation safety is improved.A kind of monitoring system of market in urgent need, to allow maintenance personnel The case where webpage is tampered can be found in first time, handled with shortest time, harmful effect is preferably minimized.
Invention content
The present invention solves that the deficiencies in the prior art provide a kind of operational safety, being monitored based on webpage tamper for real time monitoring is reported Alert system.
The technical solution adopted by the present invention to solve the technical problems is:
Based on webpage tamper monitoring and alarming system, it is characterised in that including monitoring module, timing module and alarm module, the prison Control module, timing module and alarm module;
Monitoring module is the configuration of web network paths, monitoring abstract fields configuration, and web page digest information field is set as base edition This, monitoring web network paths abstract fields compare field increase and decrease situation with basic version;
Timing module configures for monitoring frequency, by adjusting monitoring frequency cycle monitoring web network path abstract fields;
Alarm module be monitoring management person's phone number configuration, web network path abstract fields make a phone call when increasing or decreasing or Sending short message prompt administrator checks abstract.
The monitoring module further includes the configuration of peak value the number of visiting people, and the number of visiting people is more than peak value the number of visiting people, passes through alarm Module is made a phone call or sending short message prompt administrator verifies network and accesses situation.
Web network paths abstract fields are monitored in the monitoring module compares field increase and decrease situation with basic version, Field comparison is unchanged, into next monitoring period;It makes a phone call when field increases or decreases or sending short message prompt administrator's core To abstract.
Special web page summary info field is configured in the monitoring module, specific information field occurs in web network paths It makes a phone call or sending short message prompt administrator checks abstract.
The server operation of the monitoring module, timing module and alarm module based on existing JAVA virtual machine.
The monitoring module configures multiple web network paths.
The monitoring frequency of the monitoring module configures 5-10min.
Described information field increase and decrease is compared by MD5 algorithms.
Beneficial effects of the present invention are:
1, monitoring configuration is flexible, and configuration webpage summary info field is set as basic version, monitoring web network paths abstract fields with Basic version compares field increase and decrease;Special web page summary info field can be also set simultaneously and carry out early warning.
2, carried out accurately identifying whether webpage information is distorted according to configuration field, do not increase additional running equipment and operation at This, realizes Cybersecurity Operation.
3, it makes a phone call or SMS alarm prompt administrator checks whether the network operation is safe, and administrator's timely processing network is usurped Change situation.
4, monitoring module configures multiple web network paths, realizes that multiple spot website monitors simultaneously.
5, this system is run on the server of java virtual machines, and system suitability is stronger and operating cost reduces.
Description of the drawings
Fig. 1 is the system operation sequence diagram of the present invention.
Specific implementation mode
Based on webpage tamper monitoring and alarming system, including monitoring module, timing module and alarm module, the monitoring mould Block, timing module and alarm module;
Monitoring module is the configuration of web network paths, monitoring abstract fields configuration, and web page digest information field is set as base edition This, monitoring web network paths abstract fields compare field increase and decrease situation with basic version;
Timing module configures for monitoring frequency, by adjusting monitoring frequency cycle monitoring web network path abstract fields;
Alarm module be monitoring management person's phone number configuration, web network path abstract fields make a phone call when increasing or decreasing or Sending short message prompt administrator checks abstract.
The monitoring module further includes the configuration of peak value the number of visiting people, and the number of visiting people is more than peak value the number of visiting people, passes through alarm Module is made a phone call or sending short message prompt administrator verifies network and accesses situation.Multi objective monitoring is realized by monitoring access personnel, It is further comprehensive to promote network operation safety.
Web network paths abstract fields are monitored in the monitoring module compares field increase and decrease situation with basic version, Field comparison is unchanged, into next monitoring period;It makes a phone call when field increases or decreases or sending short message prompt administrator's core To abstract.Setting network field basis version mode checks malice and distorts mode.
Special web page summary info field is configured in the monitoring module, specific information field occurs in web network paths It makes a phone call or sending short message prompt administrator checks abstract.Set illegal specific information field monitoring, violation or sensitive field.
The server operation of the monitoring module, timing module and alarm module based on existing JAVA virtual machine.
The monitoring module configures multiple web network paths.The monitoring frequency of the monitoring module configures 5-10min, and When early warning distort situation, distort situation conducive to administrator's timely processing within 5-10 minutes, prevent from distorting and endanger network security.
Network Security Monitor System of this system based on java language developments can directly run on existing java virtual machines. It is applied widely.Described information field increase and decrease is compared by MD5 algorithms, specific implementation monitoring configuration:
Configure the addresses webpage URL to be monitored;
The field monitored and access personnel are needed in configuration monitoring webpage;
Configure webmaster's cell-phone number;
Configuration monitoring frequency.
This system automatically generates timer according to the monitored item configured, according to monitoring frequency timing request web page monitored URL, is verified and the content to be filtered out according to the overanxious item of configuration, and result life will be obtained according to MD5 general-purpose algorithms At summary info and it is recorded as basic version.Every time obtain request results followed by basic version compared, if result one Cause then returns to FALSE, it is believed that does not distort, returns to TRUE if result is inconsistent, it is believed that distort.If distorting comparison knot Fruit is TRUE, then the webmaster configured in being configured to monitoring that sends short messages carries out manual handle.
Illustrate the embodiment of this system by taking the folk prescription website of monitoring as an example:
Monitoring configuration:Configure the webpage URL address [http to be monitored://www.dfwang.cn];Configurating filtered access people Number, and it is set as number, because the number of visiting people can change always, as long as the change of this label is verified during detection in this way The part of change is that number just filters out this partial content;Configure webmaster's cell-phone number;Configuration monitoring frequency is 10 minutes.
Monitoring operation:System automatically generated was with 10 minutes timers for frequency.System will be frequency timing with 10 minutes Access URL [http://www.dfwang.cn], request results are verified to and are filtered out the content of label, with general MD5 algorithms It generates summary info and keeps a record, the summary info that first time request results generate is set to basic version.Request knot is obtained every time Fruit followed by basic version compared, if result unanimously if return to FALSE, it is believed that do not distort, terminate this flow, such as Fruit result is inconsistent, returns to TRUE, it is believed that distorts.If it is TRUE to distort comparing result, send short messages in being configured to monitoring The webmaster configured alarms.
Maintenance personnel does not have to periodically go whether detection webpage is tampered manually, largely alleviates the burden of maintenance personnel, together When also greatly ensured website operation safety.

Claims (8)

1. being based on webpage tamper monitoring and alarming system, it is characterised in that described including monitoring module, timing module and alarm module Monitoring module, timing module and alarm module;
Monitoring module is the configuration of web network paths, monitoring abstract fields configuration, and web page digest information field is set as base edition This, monitoring web network paths abstract fields compare field increase and decrease situation with basic version;
Timing module configures for monitoring frequency, by adjusting monitoring frequency cycle monitoring web network path abstract fields;
Alarm module be monitoring management person's phone number configuration, web network path abstract fields make a phone call when increasing or decreasing or Sending short message prompt administrator checks abstract.
2. according to claim 1 be based on webpage tamper monitoring and alarming system, it is characterised in that the monitoring module also wraps The configuration of peak value the number of visiting people is included, the number of visiting people is more than peak value the number of visiting people, is made a phone call by alarm module or sending short message prompt pipe Reason person verifies network and accesses situation.
3. according to claim 1 be based on webpage tamper monitoring and alarming system, it is characterised in that supervised in the monitoring module Control web network paths abstract fields compare field increase and decrease situation with basic version, and field comparison is unchanged, and entrance is next Monitor the period;It makes a phone call when field increases or decreases or sending short message prompt administrator checks abstract.
4. according to claim 1 be based on webpage tamper monitoring and alarming system, it is characterised in that match in the monitoring module Special web page summary info field is set, occurs specific information field in web network paths and makes a phone call or sending short message prompt administrator Verification abstract.
5. according to any one of claims 1 to 4 be based on webpage tamper monitoring and alarming system, it is characterised in that the monitoring The server operation of module, timing module and alarm module based on existing JAVA virtual machine.
6. according to claim 1 be based on webpage tamper monitoring and alarming system, it is characterised in that the monitoring module configuration Multiple web network paths.
7. according to claim 1 be based on webpage tamper monitoring and alarming system, it is characterised in that the prison of the monitoring module Control frequency configuration 5-10min.
8. according to claim 1 or 4 be based on webpage tamper monitoring and alarming system, it is characterised in that described information field increases Subtract variation to be compared by MD5 algorithms.
CN201810277707.5A 2018-03-31 2018-03-31 Based on webpage tamper monitoring and alarming system Pending CN108540466A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810277707.5A CN108540466A (en) 2018-03-31 2018-03-31 Based on webpage tamper monitoring and alarming system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810277707.5A CN108540466A (en) 2018-03-31 2018-03-31 Based on webpage tamper monitoring and alarming system

Publications (1)

Publication Number Publication Date
CN108540466A true CN108540466A (en) 2018-09-14

Family

ID=63481937

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810277707.5A Pending CN108540466A (en) 2018-03-31 2018-03-31 Based on webpage tamper monitoring and alarming system

Country Status (1)

Country Link
CN (1) CN108540466A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111581672A (en) * 2020-05-14 2020-08-25 杭州安恒信息技术股份有限公司 Method, system, computer device and readable storage medium for webpage tampering detection

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102111267A (en) * 2009-12-28 2011-06-29 北京安码科技有限公司 Website safety protection method based on digital signature and system adopting same
CN103685297A (en) * 2013-12-24 2014-03-26 朱筱华 Webpage monitoring tamper-proofing alarm system
CN103716315A (en) * 2013-12-24 2014-04-09 上海天存信息技术有限公司 Method and device for detecting web page tampering
US20140254796A1 (en) * 2013-03-08 2014-09-11 The Chinese University Of Hong Kong Method and apparatus for generating and/or processing 2d barcode
CN106599242A (en) * 2016-12-20 2017-04-26 福建六壬网安股份有限公司 Webpage change monitoring method and system based on similarity calculation
CN106682529A (en) * 2017-01-04 2017-05-17 北京国舜科技股份有限公司 Anti-tampering method and anti-tampering terminal

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102111267A (en) * 2009-12-28 2011-06-29 北京安码科技有限公司 Website safety protection method based on digital signature and system adopting same
US20140254796A1 (en) * 2013-03-08 2014-09-11 The Chinese University Of Hong Kong Method and apparatus for generating and/or processing 2d barcode
CN103685297A (en) * 2013-12-24 2014-03-26 朱筱华 Webpage monitoring tamper-proofing alarm system
CN103716315A (en) * 2013-12-24 2014-04-09 上海天存信息技术有限公司 Method and device for detecting web page tampering
CN106599242A (en) * 2016-12-20 2017-04-26 福建六壬网安股份有限公司 Webpage change monitoring method and system based on similarity calculation
CN106682529A (en) * 2017-01-04 2017-05-17 北京国舜科技股份有限公司 Anti-tampering method and anti-tampering terminal

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111581672A (en) * 2020-05-14 2020-08-25 杭州安恒信息技术股份有限公司 Method, system, computer device and readable storage medium for webpage tampering detection

Similar Documents

Publication Publication Date Title
US8819807B2 (en) Apparatus and method for analyzing and monitoring sap application traffic, and information protection system using the same
CN106911514A (en) SCADA network inbreak detection methods and system based on the agreements of IEC60870 5 104
JP5430747B2 (en) Network contents tampering prevention equipment, method and system
CN108933791A (en) One kind being based on Electricity Information Network Safeguard tactics intelligent optimization method and device
CN103428186A (en) Method and device for detecting phishing website
CN102111267A (en) Website safety protection method based on digital signature and system adopting same
CN105678193B (en) A kind of anti-tamper treating method and apparatus
CN107517214A (en) System and method for providing computer network security
CN112711509A (en) Method and system for improving operation and maintenance safety of data center machine room
CN110099060A (en) A kind of network information security guard method and system
GB2532630A (en) Network intrusion alarm method and system for nuclear power station
CN114418263A (en) A defense system for power monitoring device of thermal power plant
CN113395694A (en) Intelligent security defense system and defense method based on 5G and local area base station
CN115766235A (en) Network security early warning system and early warning method
CN108540466A (en) Based on webpage tamper monitoring and alarming system
KR102159399B1 (en) Device for monitoring web server and analysing malicious code
Beigh et al. Intrusion detection and prevention system: issues and challenges
WO2018035765A1 (en) Method and apparatus for detecting network abnormity
Vigna et al. Host-based intrusion detection
CN107277070A (en) A kind of computer network instrument system of defense and intrusion prevention method
CN115442159B (en) Household routing-based risk management and control method, system and storage medium
Agrawal et al. A SURVEY ON ATTACKS AND APPROACHES OF INTRUSION DETECTION SYSTEMS.
Liu et al. A framework for database auditing
Mithu et al. Secure industrial control system with intrusion detection
CN113141274A (en) Method, system and storage medium for detecting sensitive data leakage in real time based on network hologram

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180914

RJ01 Rejection of invention patent application after publication