CN108920589B - Browsing hijacking identification method, device, server and storage medium - Google Patents
Browsing hijacking identification method, device, server and storage medium Download PDFInfo
- Publication number
- CN108920589B CN108920589B CN201810671182.3A CN201810671182A CN108920589B CN 108920589 B CN108920589 B CN 108920589B CN 201810671182 A CN201810671182 A CN 201810671182A CN 108920589 B CN108920589 B CN 108920589B
- Authority
- CN
- China
- Prior art keywords
- browsing page
- browsing
- url
- sampling
- resource
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The embodiment of the invention provides a browsing hijacking identification method, a browsing hijacking identification device, a server and a storage medium. The method comprises the following steps: the method comprises the steps of obtaining a page network request characteristic set uploaded by a sampling terminal, wherein the page network request characteristic set comprises browsing page URLs of all the sampling terminals, sampling terminal characteristics and resource characteristics included in browsing pages, determining a resource distinguishing characteristic set of the browsing page URLs according to the resource characteristics included in the browsing pages related to the browsing page URLs, and identifying whether the browsing page URLs are hijacked or not according to the resource distinguishing characteristic set of the browsing page URLs, the sampling times related to the browsing page URLs and the characteristics of the sampling terminals. According to the technical scheme of the embodiment of the invention, browsing hijacking identification can be carried out in a multi-party authentication mode according to the data uploaded by each sampling end, so that the problem of directional hijacking can be identified, the problem of universal hijacking can be identified, and the browsing safety is improved.
Description
Technical Field
The embodiment of the invention relates to the technical field of computer internet, in particular to a browsing hijacking identification method, a browsing hijacking identification device, a server and a storage medium.
Background
When a user uses a user terminal such as a mobile phone and a computer to access a web site, a browser or an application embedded in a browsing kernel is usually used, specifically, the user terminal sends a browsing request to a server through the browser or the application embedded in the browsing kernel, and the server feeds back browsing content to the user terminal according to the browsing request.
However, since the data transmission between the user end and the server needs to be relayed through a physical transmission device such as a router, a gateway, etc., the physical transmission device may tamper the transmitted data (i.e., perform network data hijacking), for example, forcibly guide to a commercial website, silently download invalid content, tamper the content in a webpage, or inject push content into a webpage, etc. Network hijacking has the defects of reduced access efficiency, user traffic consumption, low information reliability and the like.
In the prior art, whether network hijacking occurs or not is usually identified by relying on data transmission between a browser or an application embedded in a browsing kernel and a server of the browser, but the prior art can only identify directional hijacking but cannot identify general hijacking.
Disclosure of Invention
The browsing hijacking identification method, the browsing hijacking identification device, the server and the storage medium provided by the invention can be suitable for identifying the problems of directional hijacking and universal hijacking, and the browsing safety is improved.
In a first aspect, an embodiment of the present invention provides a browsing hijacking identification method, where the method includes:
acquiring a page network request feature set uploaded by a sampling terminal, wherein the page network request feature set comprises browsing page URLs of each sampling terminal, sampling terminal features and resource features included in browsing pages;
aiming at each browsing page URL, determining a resource distinguishing feature set of the browsing page URL according to resource features included in each browsing page related to the browsing page URL;
and identifying whether the URL of the browsing page is hijacked or not according to the resource distinguishing feature set of the URL of the browsing page, the sampling times associated with the URL of the browsing page and the features of the sampling end.
In a second aspect, an embodiment of the present invention further provides a browsing hijacking identification apparatus, where the apparatus includes:
the acquisition module is used for acquiring a page network request characteristic set uploaded by a sampling terminal, wherein the page network request characteristic set comprises browsing page URLs (uniform resource locators) of the sampling terminals, sampling terminal characteristics and resource characteristics included in browsing pages;
the determining module is used for determining a resource distinguishing feature set of each browsing page URL according to resource features included in each browsing page related to the browsing page URL;
and the identification module is used for identifying whether the URL of the browsing page is hijacked or not according to the resource distinguishing feature set of the URL of the browsing page, the sampling times associated with the URL of the browsing page and the characteristics of the sampling end.
In a third aspect, an embodiment of the present invention further provides a server, where the server includes:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement a browsing hijacking identification method as described in any one of the above.
In a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements a browsing hijacking identification method as described in any one of the above.
The embodiment of the invention provides a browsing hijacking identification method, which is used for acquiring a page network request characteristic set uploaded by a sampling terminal, wherein the page network request characteristic set comprises browsing page URLs of all the sampling terminals, sampling terminal characteristics and resource characteristics included in browsing pages, a resource distinguishing characteristic set of the browsing page URLs is determined according to the resource characteristics included in all the browsing pages related to the browsing page URLs aiming at each browsing page URL, and whether the browsing page URLs are hijacked or not is identified according to the resource distinguishing characteristic set of the browsing page URLs, the sampling times related to the browsing page URLs and the characteristics of the sampling terminals. The browsing hijacking identification method in the embodiment of the invention can carry out browsing hijacking identification in a multi-party authentication mode according to the data uploaded by each sampling end, not only can identify the problem of directional hijacking, but also can identify the problem of universal hijacking, and improves the browsing safety.
Drawings
Fig. 1 is a schematic flowchart illustrating a browsing hijacking identification method according to a first embodiment of the present invention;
fig. 2 is a schematic flowchart illustrating a browsing hijacking identification method according to a second embodiment of the present invention;
fig. 3 is a schematic structural diagram illustrating a browsing hijacking identification apparatus according to a third embodiment of the present invention;
fig. 4 shows a schematic structural diagram of a server provided in the fourth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Before discussing exemplary embodiments in more detail, it should be noted that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although a flowchart may describe the operations (or steps) as a sequential process, many of the operations can be performed in parallel, concurrently or simultaneously. In addition, the order of the operations may be re-arranged. The process may be terminated when its operations are completed, but may have additional steps not included in the figure. The processes may correspond to methods, functions, procedures, subroutines, and the like.
Example one
Fig. 1 is a schematic flow chart illustrating a browsing hijacking identification method provided in an embodiment of the present invention, where the embodiment of the present invention is applicable to a scenario of detecting whether there is a web browsing hijacking, and the method may be performed by a browsing hijacking identification device, which may be implemented in a software and/or hardware manner, and may be integrated in any server with a network communication function.
As shown in fig. 1, the browsing hijacking identification method in the embodiment of the present invention may include:
step S101, a page network request feature set uploaded by a sampling terminal is obtained, wherein the page network request feature set comprises browsing page URLs of the sampling terminals, sampling terminal features and resource features included in browsing pages.
In the embodiment of the present invention, the sampling terminal may be various terminal devices supporting web browsing, for example, the terminal devices include, but are not limited to, a smart phone, a tablet computer, a laptop portable computer, a desktop computer, and the like. Different users may use different terminal devices to interact with different servers over a network to receive or send messages. The terminal device may install various client applications. Such as a web browser or a client application embedded in a browsing kernel. The network may be various connection types such as a wired connection, a wireless communication link, an optical fiber cable connection, and the like, and the network may further include various physical transmission devices such as a router, a gateway, and the like. Each terminal device can send a page network request to each server through the network, and each server can return browsed page content corresponding to the page network request to the terminal device according to the received page network request.
Typically, a user may browse a page using a web browser provided on a terminal device or a client application embedded in a browsing kernel, at which point the user may send a web page request to a server by directly entering a web address or clicking a link in a browsed page presented in the web browser. The web address is typically represented by a Uniform Resource Locator (URL). The content of the browsed page corresponding to the page network request received by the terminal devices of different users may be different. This is the case because the content of the browsing page may be hijacked because the content needs to pass through many physical transmission devices such as routers and gateways in the process from the server to the terminal device. For example, a merchant wants to promote his/her own content, and injects the promoted content into the browsing page content transmitted by the server in a general standard format, or a malicious traffic-stealing virus injects a script capable of obtaining data in the background into the browsing page content transmitted by the server, so that the browsing page is hijacked.
In the embodiment of the invention, when each sampling terminal sends each page network request to the server, the feature set of the page network request corresponding to each page network request can be counted and generated. The page network request feature set may include a browsing page URL of each sampling terminal, sampling terminal features, and resource features included in the browsing page. The browsing page may include a web page in html format, xhtml format, asp format, php format, jsp format, shtml format, nsp format, xml format, or other format developed in the future. It is to be understood that any format of web page file that can be opened by a browser and can be used to browse the contents of pictures, animations, texts, etc. contained therein may be used as the browsing page in the present embodiment. The sampling end characteristics can comprise network environment information such as the geographical position of each sampling end when the sampling end sends the page network request, the used network type and the like. Wherein, the geographic position can include the positions of Tianjin, Shanghai, or Shenzhen, etc.; the network type may be one of a local area network, a metropolitan area network, a wide area network, and may also be one of other network types, such as a mobile communication network, a unicom network, and the like. In addition, the characteristics of the sampling end can also include the strength of the network of the sampling end, such as the network is unobstructed or the network is not unobstructed. When receiving a browsing page corresponding to the page network request returned by the server, each sampling terminal may record resource characteristics included in the browsing page. The resource characteristics included in the browsing page may include one or more of a resource URL of the browsing page content, a flow consumed by the browsing page, a script in the browsing page, a tag in the browsing page, a plug-in the browsing page, a still picture, a dynamic picture and/or a video set in the browsing page, and a text content link.
In the embodiment of the invention, when each sampling terminal generates the page network request feature set, the page network request feature set can be uploaded immediately or according to a preset time period. The preset time period may be a set time interval or a set time point, and specifically, for example, the page network request feature set may be uploaded every half hour, or the page network request feature set may be uploaded at a set fixed time point (8 points, 9 points, or 12 points). When the condition that each sampling terminal uploads the page network request feature set is detected, the browsing hijack identification device can directly acquire the page network request feature set uploaded by the sampling terminal. The page network request feature set comprises browsing page URLs of all sampling ends, sampling end features and resource features included in browsing pages.
Step S102, aiming at each browsing page URL, determining a resource distinguishing feature set of the browsing page URL according to resource features included in each browsing page related to the browsing page URL.
In the embodiment of the invention, after the browsing hijack identification device acquires the page network request feature set uploaded by the sampling terminal, each browsing page related to the URL of each browsing page can be searched from the page network request feature set uploaded by the sampling terminal, and the resource features included in each browsing page can be acquired from each browsing page. It is to be understood that the browsing pages opened by the browsing page URLs may be all used as the respective browsing pages associated with the browsing page URLs. The resource characteristics included in each of the browsing pages associated with the browsing page URL may be the same or different. For example, in consideration of the characteristics of the sampling terminals, when the same URL of the browsing page is used to send page network requests to the server through different sampling terminals, the server may return different browsing pages in response to the page network requests sent by different sampling terminals, and the resource characteristics included in the corresponding different browsing pages are different. Wherein, different sampling terminals can be understood as different geographic locations, network types and sampling terminal devices. For example, the browsing pages obtained by the user through different terminal devices using the same browsing page URL may be the same or different. In addition, the same browsing page URL is used for sending page network requests to the server through the same sampling terminal, and the server may return different browsing pages in response to the page network requests sent by the sampling terminal. For example, the browsing pages opened by using the same video browsing page URL may include different contents such as advertisements, and resource characteristics such as resource URLs of the browsing page contents included in the corresponding same browsing pages, traffic consumed by the browsing pages, scripts in the browsing pages, tags in the browsing pages, plug-ins in the browsing pages, static pictures, dynamic pictures and/or videos set in the browsing pages, and text content links may also be different.
In the embodiment of the invention, the browsing hijacking identification device can determine the resource distinguishing feature set of the browsing page URL according to the resource features included in each browsing page associated with the browsing page URL. The resource feature set can be understood as a resource feature set composed of different resource features in the resource features included in each browsing page. An optional implementation manner is provided on the basis of the above scheme, and determining the resource feature distinguishing set of the browsing page URL according to resource features included in each browsing page associated with the browsing page URL may include: according to the intersection of the resource features included in each browsing page associated with the browsing page URL as the public resource feature of the browsing page URL, the public resource feature of the browsing page URL is removed from the resource features included in each browsing page associated with the browsing page URL, and a set formed by the remaining resource features is used as a resource feature distinguishing set of the browsing page URL.
For example, suppose there are X users using the current browsing page URL to obtain the browsing page associated with the browsing page URL, where only Y users upload the page network request feature set of the browsing page URL, X > Y. At this time, the same points of the resource features in each browsing page associated with the browsing page URL can be searched in each page network request feature set, the same features of each resource feature are removed, and then the remaining resource features in each resource feature form a new set to be used as the resource feature distinguishing set of the browsing page URL.
Step S103, identifying whether the URL of the browsing page is hijacked or not according to the resource distinguishing feature set of the URL of the browsing page, the sampling times associated with the URL of the browsing page and the characteristics of a sampling end.
In the embodiment of the present invention, the sampling times associated with the browsing page URL may be understood as the usage times of the browsing page URL contained in the page network request feature set uploaded by the sampling terminal. And the sampling end can open the browsing page related to the browsing page URL according to the browsing page URL every time the sampling end uses the browsing page URL, and record the characteristics of the sampling end when the sampling end uses the browsing page URL and the resource characteristics included in the browsing page opened according to the browsing page URL. It should be noted that the resource features included in the browsing page opened according to the same browsing page URL may be different, and the specific reason is already set forth above and will not be described again here. After the resource distinguishing feature set of the browsing page URL, the sampling times associated with the browsing page URL and the sampling end features are determined, the browsing hijacking identification device can identify whether the browsing page URL is hijacked or not according to the determined resource distinguishing feature set of the browsing page URL, the sampling times associated with the browsing page URL and the sampling end features.
On the basis of the above scheme, an optional manner is provided, and identifying whether the browsing page URL is hijacked or not according to the resource feature set of the browsing page URL, the sampling times associated with the browsing page URL, and the characteristics of the sampling end may include:
and if the resource distinguishing feature set of the browsing page URL is a non-empty set, the sampling times associated with the browsing page URL are greater than a first sampling time threshold value, and the characteristics of the sampling ends are different, identifying that the browsing page URL is hijacked.
In this embodiment, the resource feature distinguishing set of the browsing page URL is a non-empty set, which may be understood as that different resource features exist among the resource features included in the browsing pages associated with the browsing page URLs of the respective sampling terminals, that is, the resource features included among the browsing pages associated with the browsing page URLs are not completely the same. Illustratively, it is assumed that each browsing page associated with the browsing page URL includes: the method comprises the steps of browsing a page 1, browsing a page 2 and browsing a page 3, wherein resource features included in the browsing page 1 are respectively an A feature, a B feature, a C feature and a D feature, resource features included in the browsing page 2 are respectively a B feature, a C feature, a D feature and an E feature, and resource features included in the browsing page 3 are respectively a B feature, a D feature, an E feature and an F feature. As can be seen from the above description, the resource features included in the browsing pages 1, 2, and 3 are not completely the same, different resource features exist between the resource feature included in the browsing page 1 and the resource feature included in the browsing page 2 as the a feature and the E feature, and different resource features exist between the resource feature included in the browsing page 2 and the resource feature included in the browsing page 3 as the C feature and the F feature, so that at this time, it can be understood that the resource feature distinguishing set of the browsing page URL determined according to the resource features included in each browsing page associated with the browsing page URL is a non-empty set.
In this embodiment, in the communication interaction process between the server and the terminal device, the browsing page may be hijacked and changed when passing through the physical transmission devices such as the router and the gateway. If the resource feature set of the browsing page URL is a non-empty set, the resource features included in the browsing pages associated with the same browsing page URL are necessarily different. Furthermore, when the resource characteristics included in each browsing page associated with the same browsing page URL are different, it may be preliminarily determined that the browsing page may be hijacked and changed by physical transmission equipment such as a router and a gateway.
In this embodiment, after determining that the resource feature set of the URL of the browsing page is a non-empty set, it is only preliminarily determined that the browsing page may be hijacked and changed by physical transmission equipment such as a router and a gateway, and the sampling frequency and the characteristics of the sampling end associated with the URL of the browsing page need to be considered for accurate determination. If the sampling times associated with the browsing page URL are larger than the first sampling time threshold value, the distinguishing resource characteristics of the browsing page URL are determined by a large amount of data uploaded by the sampling end, and thus, the number contingency caused by the adoption of a small amount of data can be avoided. The first sampling threshold may be specifically set according to actual conditions, and is not specifically limited here.
In this embodiment, since the characteristics of the sampling terminals may include network environment information such as a geographical location where each sampling terminal sends a page network request, a network type used, and the like, in a communication interaction process between the server and the terminal device, when a browsing page passes through a router, a gateway, and other physical transmission devices, hijack modification may be performed only on the browsing page on the sampling terminal having a certain sampling terminal characteristic, but no hijack modification is performed on the browsing page on the sampling terminal having other sampling terminal characteristics, and once browsing page URLs in the page network request characteristic set acquired by the browsing hijack identification apparatus are all uploaded by the sampling terminals having the same sampling terminal characteristic, false hijack identification may be caused. For example, if the browsing page URL in the page network request feature set obtained by the browsing hijack recognition is uploaded by the sampling terminal with the mobile network or the sampling terminal with the geographic location in tianjin when each sampling terminal sends the page network request, the browsing hijack recognition device recognizes the browsing page as not being hijacked and changed, but the browsing page is actually hijacked and changed, but the hijack modification is performed on the browsing page on the sampling terminal of the connected network and the browsing page on the sampling terminal with the geographic location in beijing. In this embodiment, if the characteristics of the sampling terminals are different, it is indicated that the resource feature differentiation set of the browsing page URL is determined by the resource features included in the browsing page on the sampling terminal having the different characteristics of the sampling terminals, so that the resource feature differentiation set of the browsing page URL can overcome the defect problem caused by the single characteristics of the sampling terminals in the page network request feature set uploaded by the sampling terminals, and hijack recognition can be performed on the browsing page from the different characteristics of the sampling terminals.
On the basis of the above scheme, an optional manner is further provided, and identifying whether the browsing page URL is hijacked or not according to the resource feature set of the browsing page URL, the sampling times associated with the browsing page URL, and the characteristics of the sampling end may include:
if the resource distinguishing feature set of the browsing page URL is a non-empty set, the sampling frequency associated with the browsing page URL is less than a second sampling frequency threshold value, and the sampling end features are incompletely sampled, a secondary sampling instruction is generated; the secondary sampling instruction is used for indicating secondary sampling of the URL of the browsing page and identifying whether the URL of the browsing page is hijacked or not according to a secondary sampling result, and the first sampling time threshold is larger than the second sampling time threshold.
In this embodiment, the sampling times associated with the browsing page URLs are smaller than the second sampling time threshold, which may be understood that the sampling times of the browsing page URLs in the page network request feature set acquired by the browsing hijacking identification device are relatively small, and the sampling times of a small number of browsing page URLs overcome the contingency of data, which may result in erroneous browsing hijacking identification. Therefore, optionally, when the sampling frequency associated with the browsing page URL is smaller than the second sampling frequency threshold, a secondary sampling instruction needs to be generated to re-sample the browsing page URL, and whether the browsing page URL is hijacked is identified according to the secondary sampling result. Wherein the first sampling time threshold is greater than the second sampling time threshold. In addition, the sampling-end feature sampling is not complete, which may be understood as that all the sampling-end features are not included in the page network request features uploaded by the sampling end, and there may be a defect that the sampling-end features are not completely sampled because the page network request features of a certain sampling-end feature are not included in the page network request feature set uploaded by the sampling end. Therefore, optionally, when the sampling end features have incomplete sampling, a secondary sampling instruction needs to be generated to perform secondary sampling on the browsing page URL again, and whether the browsing page URL is hijacked is identified according to a secondary sampling result. Wherein the first sampling time threshold is greater than the second sampling time threshold. Optionally, when the resource feature set of the browsing page URL is a non-empty set, the sampling frequency associated with the browsing page URL is less than a second sampling frequency threshold, and the sampling end feature has incomplete sampling, a secondary sampling instruction is generated to re-sample the browsing page URL, and whether the browsing page URL is hijacked is identified according to a secondary sampling result. Specifically, after determining that the resource feature set of the browsing page URL is a non-empty set, it is further required to determine that the number of sampling times associated with the browsing page URL is smaller than a second sampling time threshold, and the sampling end feature has a reason for an operation that the sampling is incomplete.
On the basis of the above scheme, an optional manner is further provided, and identifying whether the browsing page URL is hijacked or not according to the resource feature set of the browsing page URL, the sampling times associated with the browsing page URL, and the characteristics of the sampling end may include:
and if the resource distinguishing feature set of the browsing page URL is empty, the sampling times associated with the browsing page URL are greater than a first sampling time threshold value, and the sampling end features are all sampled, identifying that the browsing page URL is not hijacked.
In this embodiment, if the resource feature set for distinguishing the browsing page URL is empty, it indicates that the resource features included in each browsing page associated with the browsing page URL are all the same, i.e., there is no different feature between the resource features included in each browsing page. For example, assume illustratively that the respective browsing pages associated with the browsing page URLs include: the method comprises the steps of browsing a page 1, browsing a page 2 and browsing a page 3, wherein resource features included in the browsing page 1 are respectively an A feature, a B feature and a C feature, resource features included in the browsing page 2 are respectively an A feature, a B feature and a C feature, and resource features included in the browsing page 3 are respectively an A feature, a B feature and a C feature. As can be seen from the above, the resource features included in the browsing page 1, the browsing page 2, and the browsing page 3 are all the same, and it can be understood that the resource feature distinguishing set of the browsing page URL is empty. If the sampling times associated with the URL of the browsing page are larger than the first sampling time threshold, the fact that a large number of browsing pages associated with the URL of the browsing page exist in the network feature set of the page acquired by the browsing hijack recognition device is indicated, and the resource distinguishing feature set of the URL of the browsing page determined by the large number of browsing pages has certain reliability. If the sampling end features are sampled, the fact that the browsing pages aiming at various sampling end features are sampled is indicated, and therefore the diversity of the sampling end features is guaranteed.
On the basis of the above scheme, an optional manner is further provided, and identifying whether the browsing page URL is hijacked or not according to the resource feature set of the browsing page URL, the sampling times associated with the browsing page URL, and the characteristics of the sampling end may include:
if the resource distinguishing characteristic set of the browsing page URL is empty, the sampling frequency associated with the browsing page URL is smaller than a second sampling frequency threshold value, and the sampling end characteristic has the condition of incomplete sampling, generating a secondary sampling instruction; the secondary sampling instruction is used for indicating secondary sampling of the URL of the browsing page and identifying whether the URL of the browsing page is hijacked or not according to a secondary sampling result, and the first sampling time threshold is larger than the second sampling time threshold. Or, if the resource distinguishing feature set of the browsing page URL is empty, the sampling frequency associated with the browsing page URL is smaller than a second sampling frequency threshold value, and the sampling end feature has the condition of incomplete sampling, identifying whether the browsing page URL is hijacked or not in a manual identification mode.
The embodiment of the invention provides a browsing hijacking identification method, which is used for acquiring a page network request characteristic set uploaded by a sampling terminal, wherein the page network request characteristic set comprises browsing page URLs of all the sampling terminals, sampling terminal characteristics and resource characteristics included in browsing pages, aiming at each browsing page URL, a resource distinguishing characteristic set of the browsing page URL is determined according to the resource characteristics included in each browsing page related to the browsing page URL, and whether the browsing page URL is hijacked or not is identified according to the resource distinguishing characteristic set of the browsing page URL, the sampling times related to the browsing page URL and the characteristics of the sampling terminal. The browsing hijacking identification method in the embodiment of the invention can carry out browsing hijacking identification in a multi-party authentication mode according to the data uploaded by each sampling end, not only can identify the problem of directional hijacking, but also can identify the problem of universal hijacking, has strong universality and improves the browsing safety.
Example two
Fig. 2 is a flowchart illustrating a browsing hijacking identification method according to a second embodiment of the present invention. The present embodiment is further advantageous over the above-described embodiments.
As shown in fig. 2, the browsing hijacking identification method in the embodiment of the present invention may include:
step S201, obtaining a page network request feature set uploaded by a sampling end, where the page network request feature set includes a browsing page URL of each sampling end, a sampling end feature, and a resource feature included in a browsing page.
Step S202, aiming at each browsing page URL, determining a resource distinguishing feature set of the browsing page URL according to the resource features included in each browsing page associated with the browsing page URL.
Optionally, determining the resource feature differentiation set of the browsing page URL according to the resource features included in each browsing page associated with the browsing page URL may include:
taking the intersection of the resource features in each browsing page associated with the browsing page URL as the public resource feature of the browsing page URL; and removing public resource features of the browsing page URL from the resource features included in each browsing page associated with the browsing page URL, and taking a set formed by the remaining resource features as a resource distinguishing feature set of the browsing page URL.
Step S203, identifying whether the URL of the browsing page is hijacked or not according to the resource distinguishing feature set of the URL of the browsing page, the sampling times associated with the URL of the browsing page and the characteristics of a sampling end.
Optionally, identifying whether the URL of the browsing page is hijacked or not according to the resource feature set of the URL of the browsing page, the sampling times associated with the URL of the browsing page, and the characteristics of the sampling end may include:
if the resource distinguishing feature set of the browsing page URL is a non-empty set, the sampling times associated with the browsing page URL are greater than a first sampling time threshold value, and the characteristics of the sampling ends are different, the browsing page URL is identified to be hijacked; or if the resource distinguishing feature set of the browsing page URL is a non-empty set, the sampling frequency associated with the browsing page URL is less than a second sampling frequency threshold value, and the sampling end features are incompletely sampled, generating a secondary sampling instruction; the secondary sampling instruction is used for indicating secondary sampling of the URL of the browsing page and identifying whether the URL of the browsing page is hijacked or not according to a secondary sampling result, and the first sampling time threshold is larger than the second sampling time threshold.
Optionally, identifying whether the URL of the browsing page is hijacked or not according to the resource feature set of the URL of the browsing page, the sampling times associated with the URL of the browsing page, and the characteristics of the sampling end may include:
and if the resource distinguishing feature set of the browsing page URL is empty, the sampling times associated with the browsing page URL are greater than a first sampling time threshold value, and the sampling end features are all sampled, identifying that the browsing page URL is not hijacked.
And step S204, if the URL of the browsing page is identified to be hijacked, issuing hijacked reminding information to a user side browsing the URL of the browsing page.
In the embodiment of the invention, when the URL of the browsing page is identified to be hijacked, hijacked reminding information can be directly issued to a user terminal browsing the URL of the browsing page. However, if the user recognizes that the URL of the browsing page is hijacked in the browsing process, the user sends hijacked reminding information to the user side once, and as long as any hijacked change (including hijacked change of the browsing page without affecting the browsing experience of the browsing page) of the browsing page is recognized according to the above operation, the user must send the hijacked reminding information to the user side, so that the user experiences the browsing page, and the browsing of the browsing page is not smooth due to frequent sending of the reminding information. Therefore, optionally, if it is identified that the browsing page URL is hijacked, issuing hijacked reminding information to the user terminal browsing the browsing page URL, where the hijacked reminding information may specifically include: if the URL of the browsing page is identified to be hijacked, determining the hazard level of the browsing page; and intercepting the browsing page with the hazard level exceeding the preset level, and issuing hijack reminding information to a user side browsing the URL of the browsing page. Wherein, the hazard level can be divided according to the influence of hijack change content in the browsing page on the user. For example, the hazard level of hijacking changed content for information promotion, which occupies a small browsing page space, is low; the danger level of hijack change content for information promotion occupying larger browsing page space is a middle level; the danger level of hijacking change content of the background stealing user flow is a secondary serious level; hijacking of stolen user information changes the hazard level of the content to a severe level. The predetermined level may be a medium hazard level. The benefits of this are: the browsing page of the hijack content exceeding the preset level is intercepted and the hijack reminding information is issued, so that the phenomenon that the browsing page is not smooth due to the frequent interception of the browsing page of the hijack content not exceeding the preset level and the issuing of the reminding information can be avoided. It can be understood that, when the hijack reminding information is issued to the user terminal browsing the URL of the browsing page, the reminding information can be temporarily displayed on the terminal device of the user terminal in the form of a temporary pop-up box, so as to achieve the purpose of reminding the user.
On the basis of the above scheme, an optional mode is provided, and after identifying whether the URL of the browsing page is hijacked, the method may further include:
and if the difference value of the consumed flow of the browsing page by different sampling ends is determined to be larger than the flow threshold value according to the resource distinguishing feature set of the URL of the browsing page, and the manual downloading operation is not executed by the different sampling ends, determining that the browsing page has silent downloading hijacking.
In this embodiment, the resource features included in the browsing page may include one or more of a resource URL of the browsing page content, a flow consumed by the browsing page, a script in the browsing page, a tag in the browsing page, a plug-in the browsing page, a still picture, a dynamic picture and/or video set in the browsing page, and a text content link. Generally, the flow consumed by different sampling ends when the same browsing page URL is used for opening the browsing page is approximately the same and has no great difference; if the difference of the consumed flow is large when different sampling ends open the browsing page by using the same browsing page URL and the sampling ends do not execute manual downloading operation, it can be determined that the browsing page associated with the browsing page URL has silent downloading hijacking.
The embodiment of the invention provides a browsing hijacking identification method, which can acquire a page network feature set uploaded by each acquisition end, and can carry out browsing hijacking identification in a multi-party authentication mode according to data uploaded by each acquisition end, so that the accuracy of identifying the hijacking of the contents of a browsed page can be improved, the problem of directional hijacking can be identified, the problem of universal hijacking can be identified, the hijacking problem of the contents of the browsed page can be prevented and processed, and the safety of a user in the process of browsing the page can be enhanced.
EXAMPLE III
Fig. 3 is a schematic structural diagram of a browsing hijacking identification apparatus provided in the third embodiment of the present invention, which may be implemented in a software and/or hardware manner, and may be integrated in any server with a network communication function, where the server may be a cloud device.
As shown in fig. 3, the browsing hijacking identification apparatus in the embodiment of the present invention may include: an obtaining module 301, a determining module 302, and an identifying module 303, wherein:
the obtaining module 301 is configured to obtain a page network request feature set uploaded by a sampling end, where the page network request feature set includes a browsing page URL of each sampling end, a sampling end feature, and a resource feature included in a browsing page.
And the determining module is used for determining the resource distinguishing feature set of each browsing page URL according to the resource features included in each browsing page associated with the browsing page URL.
And the identification module is used for identifying whether the URL of the browsing page is hijacked or not according to the resource distinguishing feature set of the URL of the browsing page, the sampling times associated with the URL of the browsing page and the characteristics of the sampling end.
On the basis of the foregoing scheme, optionally, the determining module 302 may include: a first determination unit and a second determination unit, wherein:
and the first determining unit is used for taking the intersection of the resource features included in each browsing page associated with the browsing page URL as the public resource feature of the browsing page URL.
And the second determining unit is used for eliminating the public resource characteristics of the browsing page URL from the resource characteristics included in each browsing page associated with the browsing page URL, and taking a set formed by the residual resource characteristics as a resource distinguishing characteristic set of the browsing page URL.
On the basis of the foregoing scheme, optionally, the identifying module 303 may specifically include: a first recognition unit or a second recognition unit, wherein:
the first identification unit is used for identifying that the browsing page URL is hijacked if the resource distinguishing feature set of the browsing page URL is a non-empty set, the sampling frequency associated with the browsing page URL is greater than a first sampling frequency threshold value, and the characteristics of the sampling ends are different. Alternatively, the first and second electrodes may be,
the second identification unit is used for generating a secondary sampling instruction if the resource distinguishing feature set of the browsing page URL is a non-empty set, the sampling frequency associated with the browsing page URL is less than a second sampling frequency threshold value, and the sampling end features are incompletely sampled; the secondary sampling instruction is used for indicating secondary sampling of the URL of the browsing page and identifying whether the URL of the browsing page is hijacked or not according to a secondary sampling result, and the first sampling time threshold is larger than the second sampling time threshold.
On the basis of the foregoing scheme, optionally, the identifying module 303 may specifically include:
and the third identification unit is used for identifying that the browsing page URL is not hijacked if the resource distinguishing characteristic set of the browsing page URL is empty, the sampling frequency associated with the browsing page URL is greater than a first sampling frequency threshold value, and the characteristics of the sampling end are sampled.
On the basis of the above scheme, optionally, the browsing hijacking identification apparatus in the embodiment of the present invention may further include:
the silent downloading identification module 304 is configured to determine that the browsed page has silent downloading hijacking if it is determined that a difference between flow rates consumed by different sampling ends for the browsed page is greater than a flow rate threshold according to the resource feature set for distinguishing the URL of the browsed page, and the different sampling ends do not perform manual downloading operation.
On the basis of the above scheme, optionally, the browsing hijacking identification apparatus in the embodiment of the present invention may further include:
and the hijacking reminding module 305 is configured to issue hijacking reminding information to a user side browsing the URL of the browsing page if the URL of the browsing page is identified to be hijacked.
The browsing hijacking identification device provided by the embodiment of the invention can execute the browsing hijacking identification method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
Example four
Fig. 4 shows a schematic structural diagram of a server provided in the fourth embodiment of the present invention. The present embodiment provides a server 400, which includes: one or more processors 420; the storage device 410 is configured to store one or more programs, and when the one or more programs are executed by the one or more processors 420, the one or more processors 420 implement a browsing hijacking identification method provided in an embodiment of the present invention, the browsing hijacking identification method may include:
acquiring a page network request feature set uploaded by a sampling terminal, wherein the page network request feature set comprises browsing page URLs of each sampling terminal, sampling terminal features and resource features included in browsing pages;
aiming at each browsing page URL, determining a resource distinguishing feature set of the browsing page URL according to resource features included in each browsing page related to the browsing page URL;
and identifying whether the URL of the browsing page is hijacked or not according to the resource distinguishing feature set of the URL of the browsing page, the sampling times associated with the URL of the browsing page and the features of the sampling end.
Of course, those skilled in the art can understand that the processor 420 may also implement the technical solution of the browsing hijacking identification method provided in any embodiment of the present invention.
The server 400 shown in fig. 4 is only an example, and should not bring any limitation to the function and the scope of use of the embodiments of the present invention.
As shown in FIG. 4, the server 400 is in the form of a general purpose computing device. The components of server 400 may include, but are not limited to: one or more processors 420, a memory device 410, and a bus 450 that connects the various system components (including the memory device 410 and the processors 420).
The server 400 typically includes a variety of computer system readable media. Such media may be any available media that is accessible by electronic device 400 and includes both volatile and nonvolatile media, removable and non-removable media.
The storage 410 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM)411 and/or cache memory 412. The server 400 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 413 may be used to read from and write to non-removable, nonvolatile magnetic media (not shown in FIG. 4, and commonly referred to as a "hard drive"). Although not shown in FIG. 4, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In these cases, each drive may be connected to bus 450 by one or more data media interfaces. Storage 410 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the invention.
A program/utility 414 having a set (at least one) of program modules 415, which may be stored, for example, in storage 410, such program modules 415 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each of which or some combination thereof may comprise an implementation of a network environment. The program modules 415 generally perform the functions and/or methods of any of the embodiments described herein.
The server 400 may also communicate with one or more external devices 460 (e.g., keyboard, pointing device, display 470, etc.), with one or more devices that enable a user to interact with the server 400, and/or with any devices (e.g., network card, modem, etc.) that enable the electronic device 400 to communicate with one or more other computing devices. Such communication may occur via input/output (I/O) interfaces 430. Further, server 400 may also communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN) and/or a public network, such as the Internet) via network adapter 440. As shown in FIG. 4, the network adapter 440 communicates with the other modules of the server 400 via a bus 450. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the server 400, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
The processor 420 executes various functional applications and data processing, for example, implementing a browsing hijacking recognition method provided in an embodiment of the present invention, by executing a program stored in the storage device 410.
EXAMPLE five
In one embodiment, a storage medium containing computer-executable instructions for performing a browsing hijacking identification method when executed by a computer processor may include:
acquiring a page network request feature set uploaded by a sampling terminal, wherein the page network request feature set comprises browsing page URLs of each sampling terminal, sampling terminal features and resource features included in browsing pages;
aiming at each browsing page URL, determining a resource distinguishing feature set of the browsing page URL according to resource features included in each browsing page related to the browsing page URL;
and identifying whether the URL of the browsing page is hijacked or not according to the resource distinguishing feature set of the URL of the browsing page, the sampling times associated with the URL of the browsing page and the features of the sampling end.
Of course, the storage medium provided in the embodiment of the present invention contains computer-executable instructions, and the computer-executable instructions are not limited to the operations of the method described above, and may also perform related operations in the browsing hijacking identification method provided in any embodiment of the present invention.
Computer storage media for embodiments of the invention may employ any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.
Claims (10)
1. A browsing hijacking identification method is characterized by comprising the following steps:
acquiring a page network request feature set uploaded by a sampling terminal, wherein the page network request feature set comprises browsing page URLs of each sampling terminal, sampling terminal features and resource features included in browsing pages;
aiming at each browsing page URL, determining a resource distinguishing feature set of the browsing page URL according to resource features included in each browsing page related to the browsing page URL;
identifying whether the URL of the browsing page is hijacked or not according to the resource distinguishing feature set of the URL of the browsing page, the sampling times associated with the URL of the browsing page and the features of the sampling end; wherein identifying whether the browsing page URL is hijacked or not according to the resource distinguishing feature set of the browsing page URL, the sampling times associated with the browsing page URL and the characteristics of the sampling end comprises: and if the resource distinguishing feature set of the browsing page URL is a non-empty set, the sampling frequency associated with the browsing page URL is greater than a first sampling frequency threshold value, and the characteristics of the sampling ends are different, identifying that the browsing page URL is hijacked.
2. The method of claim 1, wherein determining the set of differentiated resource characteristics for the browsing page URL based on resource characteristics included in each browsing page associated with the browsing page URL comprises:
taking the intersection of the resource features in each browsing page associated with the browsing page URL as the public resource feature of the browsing page URL;
and removing the public resource characteristics of the browsing page URL from the resource characteristics included in each browsing page associated with the browsing page URL, and taking a set formed by the remaining resource characteristics as a resource distinguishing characteristic set of the browsing page URL.
3. The method of claim 1, wherein identifying whether the browsing page URL is hijacked according to the differentiated resource feature set of the browsing page URL, the sampling times associated with the browsing page URL, and the sampling end feature comprises:
if the resource distinguishing feature set of the browsing page URL is a non-empty set, the sampling frequency associated with the browsing page URL is smaller than a second sampling frequency threshold value, and the sampling end features are incompletely sampled, a secondary sampling instruction is generated; the secondary sampling instruction is used for indicating secondary sampling of the URL of the browsing page and identifying whether the URL of the browsing page is hijacked or not according to a secondary sampling result, and the first sampling time threshold is larger than the second sampling time threshold.
4. The method of claim 1, wherein identifying whether the browsing page URL is hijacked according to the differentiated resource feature set of the browsing page URL, the sampling times associated with the browsing page URL, and the sampling end feature comprises:
and if the resource distinguishing feature set of the browsing page URL is empty, the sampling times associated with the browsing page URL are greater than a first sampling time threshold value, and the characteristics of the sampling ends are sampled, identifying that the browsing page URL is not hijacked.
5. The method of claim 1, after identifying whether the browse page URL is hijacked, further comprising:
and if the difference value of the consumed flow of the different sampling ends to the browsed page is determined to be larger than a flow threshold value according to the resource distinguishing feature set of the URL of the browsed page, and the different sampling ends do not execute manual downloading operation, determining that the browsed page has silent downloading hijacking.
6. The method of claim 1, after identifying whether the browse page URL is hijacked, further comprising:
and if the URL of the browsing page is identified to be hijacked, transmitting hijacked reminding information to a user side browsing the URL of the browsing page.
7. A browsing hijacking identification device, said device comprising:
the acquisition module is used for acquiring a page network request characteristic set uploaded by a sampling terminal, wherein the page network request characteristic set comprises browsing page URLs (uniform resource locators) of the sampling terminals, sampling terminal characteristics and resource characteristics included in browsing pages;
the determining module is used for determining a resource distinguishing feature set of each browsing page URL according to resource features included in each browsing page related to the browsing page URL; the resource distinguishing feature set comprises a set formed by the remaining resource features after the public resource features of the URL of the browsing page are removed;
the identification module is used for identifying whether the URL of the browsing page is hijacked or not according to the resource distinguishing feature set of the URL of the browsing page, the sampling times associated with the URL of the browsing page and the characteristics of the sampling end; the identification module comprises a first identification unit, and the first identification unit is used for identifying that the browsing page URL is hijacked if the resource distinguishing feature set of the browsing page URL is a non-empty set, the sampling frequency associated with the browsing page URL is greater than a first sampling frequency threshold value, and the characteristics of the sampling ends are different.
8. The apparatus of claim 7, wherein the determining module comprises:
the first determining unit is used for taking the intersection of the resource features included in each browsing page associated with the browsing page URL as the public resource feature of the browsing page URL;
and the second determining unit is used for eliminating the public resource characteristics of the browsing page URL from the resource characteristics included in each browsing page associated with the browsing page URL, and taking a set formed by the residual resource characteristics as a resource distinguishing characteristic set of the browsing page URL.
9. A server, characterized in that the server comprises:
one or more processors;
storage means for storing one or more programs;
the one or more programs being executable by the one or more processors to cause the one or more processors to implement a browsing hijacking identification method as recited in any of claims 1-6.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out a browsing hijacking identification method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810671182.3A CN108920589B (en) | 2018-06-26 | 2018-06-26 | Browsing hijacking identification method, device, server and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810671182.3A CN108920589B (en) | 2018-06-26 | 2018-06-26 | Browsing hijacking identification method, device, server and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108920589A CN108920589A (en) | 2018-11-30 |
| CN108920589B true CN108920589B (en) | 2021-08-10 |
Family
ID=64421393
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810671182.3A Active CN108920589B (en) | 2018-06-26 | 2018-06-26 | Browsing hijacking identification method, device, server and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108920589B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113395337B (en) * | 2021-06-02 | 2022-09-27 | Oppo广东移动通信有限公司 | Method and device for preventing browser webpage from being hijacked, electronic equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101820419A (en) * | 2010-03-23 | 2010-09-01 | 北京大学 | Method for automatically positioning webpage Trojan mount point in Trojan linked webpage |
| CN103279475A (en) * | 2013-04-11 | 2013-09-04 | 广东电网公司信息中心 | Detection method and system for WEB application system content change |
| CN104156665A (en) * | 2014-07-22 | 2014-11-19 | 杭州安恒信息技术有限公司 | Web page tampering monitoring method |
| CN106911693A (en) * | 2017-02-27 | 2017-06-30 | 百度在线网络技术(北京)有限公司 | For detecting method, device and terminal device that web page contents are kidnapped |
| CN107592312A (en) * | 2017-09-18 | 2018-01-16 | 济南互信软件有限公司 | A kind of malware detection method based on network traffics |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140380477A1 (en) * | 2011-12-30 | 2014-12-25 | Beijing Qihoo Technology Company Limited | Methods and devices for identifying tampered webpage and inentifying hijacked web address |
| CN102594934B (en) * | 2011-12-30 | 2015-03-25 | 奇智软件(北京)有限公司 | Method and device for identifying hijacked website |
| US10412101B2 (en) * | 2014-06-30 | 2019-09-10 | Nippon Telegraph And Telephone Corporation | Detection device, detection method, and detection program |
| CN104125121A (en) * | 2014-08-15 | 2014-10-29 | 携程计算机技术(上海)有限公司 | Network hijacking behavior detecting system and method |
| CN105245518B (en) * | 2015-09-30 | 2018-07-24 | 小米科技有限责任公司 | The detection method and device that network address is kidnapped |
| CN107566320B (en) * | 2016-06-30 | 2020-05-26 | 中国电信股份有限公司 | Network hijacking detection method, device and network system |
| CN107124430B (en) * | 2017-06-08 | 2021-07-06 | 腾讯科技(深圳)有限公司 | Page hijacking monitoring method, device, system and storage medium |
| CN107612908B (en) * | 2017-09-15 | 2020-06-05 | 杭州安恒信息技术股份有限公司 | Webpage tampering monitoring method and device |
| CN108182370B (en) * | 2018-02-02 | 2021-07-16 | 上海斗象信息科技有限公司 | Client webpage tampering detection method based on dynamic and static separation template |
-
2018
- 2018-06-26 CN CN201810671182.3A patent/CN108920589B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101820419A (en) * | 2010-03-23 | 2010-09-01 | 北京大学 | Method for automatically positioning webpage Trojan mount point in Trojan linked webpage |
| CN103279475A (en) * | 2013-04-11 | 2013-09-04 | 广东电网公司信息中心 | Detection method and system for WEB application system content change |
| CN104156665A (en) * | 2014-07-22 | 2014-11-19 | 杭州安恒信息技术有限公司 | Web page tampering monitoring method |
| CN106911693A (en) * | 2017-02-27 | 2017-06-30 | 百度在线网络技术(北京)有限公司 | For detecting method, device and terminal device that web page contents are kidnapped |
| CN107592312A (en) * | 2017-09-18 | 2018-01-16 | 济南互信软件有限公司 | A kind of malware detection method based on network traffics |
Non-Patent Citations (2)
| Title |
|---|
| The design and implementation of a real-time webpage Tamper-Proof technology;Luo Yue-guo 等;《2011 International Conference on Mechatronic Science, Electric Engineering and Computer (MEC)》;20110822;1743-1745 * |
| 一种高性能的网页篡改检测与恢复机制;孔辉 等;《2010年全国通信安全学术会议论文集》;20100807;264-270 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108920589A (en) | 2018-11-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10635735B2 (en) | Method and apparatus for displaying information | |
| US8935798B1 (en) | Automatically enabling private browsing of a web page, and applications thereof | |
| WO2016173200A1 (en) | Malicious website detection method and system | |
| US9305174B2 (en) | Electronic clipboard protection | |
| CN109543454B (en) | Anti-crawler method and related equipment | |
| US8448260B1 (en) | Electronic clipboard protection | |
| US20140325323A1 (en) | Online video playing method and apparatus and computer readable medium | |
| US20180131779A1 (en) | Recording And Triggering Web And Native Mobile Application Events With Mapped Data Fields | |
| CN107124430B (en) | Page hijacking monitoring method, device, system and storage medium | |
| CN108134816B (en) | Access to data on remote device | |
| CN110471709B (en) | Method, device, medium and electronic equipment for accelerating webpage opening speed | |
| CN103347092A (en) | Method and device for recognizing cacheable file | |
| CN110808868B (en) | Test data acquisition method and device, computer equipment and storage medium | |
| CN110134869B (en) | Information pushing method, device, equipment and storage medium | |
| CN104023046B (en) | Mobile terminal recognition method and device | |
| CN110781437A (en) | Method and device for acquiring webpage image loading duration and electronic equipment | |
| EP3528474B1 (en) | Webpage advertisement anti-shielding methods and content distribution network | |
| CN104834588A (en) | Permanent residence cross site script vulnerability detection method and apparatus | |
| CN112637361A (en) | Page proxy method, device, electronic equipment and storage medium | |
| CN109902726B (en) | Resume information processing method and device | |
| CN112653736B (en) | Parallel source returning method and device and electronic equipment | |
| CN108920589B (en) | Browsing hijacking identification method, device, server and storage medium | |
| CN111783010B (en) | Webpage blank page monitoring method, device, terminal and storage medium | |
| CN112507259A (en) | Webpage loading method and device, electronic equipment and storage medium | |
| CN113761412A (en) | Application page display method and device, electronic equipment, medium and application system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |