CN109510817A - For the identification method of requested character string, system, device and storage medium - Google Patents
For the identification method of requested character string, system, device and storage medium Download PDFInfo
- Publication number
- CN109510817A CN109510817A CN201811250576.8A CN201811250576A CN109510817A CN 109510817 A CN109510817 A CN 109510817A CN 201811250576 A CN201811250576 A CN 201811250576A CN 109510817 A CN109510817 A CN 109510817A
- Authority
- CN
- China
- Prior art keywords
- string
- character
- target
- character string
- read
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/20—Natural language analysis
- G06F40/205—Parsing
- G06F40/216—Parsing using statistical methods
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/20—Natural language analysis
- G06F40/279—Recognition of textual entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Abstract
The invention discloses the identification methods for requested character string, system, device and storage medium, the method includes according to character string read-write requests, load target string, each element in target string is extracted, the character whether each element belongs in standard character collection is judged respectively, and judging result is counted, if the element of a predetermined level is exceeded is judged as abnormal elements in target string, and position of each abnormal elements in target string meets preset relationship, then judge that target string is suspicious character string, otherwise judge that target string is security string.The present invention can quickly identify unusual character present in target string and handle, and avoid system that adverse consequences occurs due to can not correctly identify and handle unusual character.The present invention is widely used in field of information security technology.
Description
Technical field
The present invention relates to field of information security technology, in particular for the identification method of requested character string, system, device
And storage medium.
Background technique
Computer system and internet system carry out a large amount of data exchange, and the main forms of these data are words
Symbol string.It is usually used such as when realizing the communication between client computer and server using hypertext transfer protocol (HTTP)
POST and GET instruction, to carry out being requested-responding between client and server.GET instruction is used for from specified resource
Requested date, POST are instructed for submitting data to be processed to specified resource, what GET instruction and POST instruction were directed to
Data be all in the form of character string existing for.
It include forbidden character in these forbidden character strings there are a large amount of forbidden character string in real network environment,
These forbidden characters be for computer system it is nonsensical, when the character string comprising forbidden character is read, is written
Or when executing, since the program environment of computer system cannot be adapted to these forbidden characters, it is easy because of read-write failure, generates messy code
Or it falls into endless loop etc. and causes system crash.If utilizing above-mentioned technological deficiency by criminal, it will cause large-scale net
Network paralysis, causes serious economic loss.
Summary of the invention
In order to solve the above-mentioned technical problem, the object of the invention is that providing the identification method for requested character string, being
System, device and storage medium.
First technical solution adopted by the present invention is:
For the identification method of requested character string, comprising the following steps:
According to character string read-write requests, target string is loaded;
Each element in target string is extracted, judges the word whether each element belongs in standard character collection respectively
Symbol, and judging result is counted;
If the element of a predetermined level is exceeded is judged as abnormal elements in target string, and each abnormal elements are in target
Position in character string meets preset relationship, then judges that target string is suspicious character string, otherwise judge target string
It is security string;The abnormal elements are the element for being not belonging to standard character character inside the set.
Further, when judging target string is security string, corresponding operating is executed with the read-write of response character string
Request.
Further, when judging target string is security string, following steps are executed:
Load non-standard character collection belonging to each abnormal elements in target string;
It is according to mapping relations preset between non-standard character collection and standard character collection, exception each in target string is first
Element replaces with standard character and concentrates corresponding character;
Corresponding operating is executed with response character string read-write requests.
Further, the step for execution corresponding operating is with response character string read-write requests, specifically include:
Detect the type of target string;
When judging that target string belongs to constant, target string is read out or is write according to character string read-write requests
Enter;
When judging that target string belongs to variable, each element in target string is carried out according to current assignment condition
Assignment generates the identical character string constant of content according to the target string after assignment, according to character string read-write requests to character
String constant is read out or is written.
Further, when judging target string is suspicious character string, character string read-write requests are refused to respond.
Further, after refusing to respond character string read-write requests, being also by the origin marking of character string read-write requests can
It doubts.
Further, when judging target string is suspicious character string, following steps are executed:
Abnormal elements in target string are all deleted;
Corresponding operating is executed with response character string read-write requests.
Second technical solution adopted by the present invention is:
For the identification systems of requested character string, comprising:
Character string loading module, for loading target string according to character string read-write requests;
Whether string processing module judges each element respectively for extracting each element in target string
Belong to the character in standard character collection, and judging result is counted;
Character string judgment module, if the element for a predetermined level is exceeded in target string be judged as it is abnormal first
Element, and position of each abnormal elements in target string meets preset relationship, then judges that target string is suspicious character
String, otherwise judges that target string is security string;The abnormal elements are the element for being not belonging to standard character character inside the set.
Third technical solution adopted by the present invention is:
For the identification apparatus of requested character string, including memory and processor, the memory is for storing at least
One program, the processor is for loading at least one described program to execute first technical solution the method.
4th technical solution adopted by the present invention is:
Storage medium, wherein being stored with the executable instruction of processor, the executable instruction of the processor is by handling
For executing first technical solution the method when device executes.
The beneficial effects of the present invention are: when receiving character string read-write requests and clearly corresponding target string, it is right
Target string is checked, can quickly be identified unusual character present in target string and be handled, avoid system
Adverse consequences occurs due to can not correctly identify and handle unusual character;All character strings are swept without using antivirus applet
It retouches, improves working efficiency, avoid excessively occupying Internet resources;Abnormal elements present in target string can be carried out automatic
The processing such as reparation or deletion, avoids bringing impact to entire computer system or network system due to there are abnormal elements.
Detailed description of the invention
Fig. 1 is the method for the present invention flow chart.
Specific embodiment
The present invention is directed to the identification method of requested character string, referring to Fig.1, comprising the following steps:
According to character string read-write requests, target string is loaded;
Each element in target string is extracted, judges the word whether each element belongs in standard character collection respectively
Symbol, and judging result is counted;
If the element of a predetermined level is exceeded is judged as abnormal elements in target string, and each abnormal elements are in target
Position in character string meets preset relationship, then judges that target string is suspicious character string, otherwise judge target string
It is security string;The abnormal elements are the element for being not belonging to standard character character inside the set.
Character string read-write requests specifically include character string read requests and character string write request, and wherein character string reading is asked
Seeking Truth will read specific character string from local and be sent to specified network address, such as POST instruction;Character string write-in is asked
Specific character string is written to local, such as GET instruction by Seeking Truth.Either character string read requests and character string write-in are asked
It asks, the method for the present invention is all only handled corresponding character string, is not related to that character string read requests or character string are written
Request the improvement of itself.
The character set of computer system includes ASCII, EASCII, GB2312, GBK, Unicode and BIG5 etc..Big absolutely
In majority exploitation environment, a portion character set is only used, ascii character-set is generally used.Mark in the method for the present invention
Quasi- character set refer in exploitation environment using to or the character set that is defined, such as ascii character-set, and side of the present invention
Non-standard character collection in method refers to the character set other than standard character collection, that is, is not used or undefined character
Collection.The character that non-standard character is concentrated will become messy code in exploitation environment, or even will affect the operation of program.Normally developing
Under the conditions of, the character string generated when programmer is programmed or when computer program is run generally pertains only to standard character collection, only
Have and just need to use non-standard character collection under a small number of necessary scenes, therefore when the element in target string is abnormal elements
(i.e. element belongs to non-standard character collection), and when the quantity of abnormal elements and position meet certain relationship, it is believed that target
Character string be it is unsafe, i.e., it is suspicious.
Judge that the suspicious specific standards of target string may is that when the sum of abnormal elements in target string is more than pre-
Bidding judges suspicious on time;It is also possible in the target string if there is continuous multiple abnormal elements, and continuous multiple different
The sum of Chang Yuansu judges suspicious when being more than preset standard.
If being not enough to judge that target string is suspicious, being judged as target string is security string.
When judging target string is security string, as the first preferred embodiment, can directly execute
Corresponding operating is with response character string read-write requests.Specifically, reading target string according to character string read requests and being sent to
Corresponding network address;Or according to character string write request, the target string that will acquire is written in server.
When judging target string is security string, as second of preferred embodiment, following steps are executed:
Load non-standard character collection belonging to each abnormal elements in target string;
It is according to mapping relations preset between non-standard character collection and standard character collection, exception each in target string is first
Element replaces with standard character and concentrates corresponding character;
Corresponding operating is executed with response character string read-write requests.
In above-mentioned second of preferred embodiment, before executing corresponding operating with response character string read-write requests, first
Corrigendum operation is carried out to the abnormal elements in target string.The basis of this corrigendum operation are as follows: according to judging target word
The safe or suspicious standard of symbol string shows abnormal included in target string when target string is judged as safe
Element is less, i.e. the abnormal elements expression that does not influence target string belongs to the loading error or computer program of programmer
Identify mistake.For example, the English alphabet " a " that ascii character is concentrated is easy the Greek alphabet being written as in EASCII character set by mistake
" α ", the English alphabet " B " that ascii character is concentrated are easy the Greek alphabet " β " being written as in EASCII character set by mistake.If
Developing ascii character-set in environment is that standard character integrates, EASCII character set is non-standard character collection, then can pre-establish
Greek alphabet " α " in EASCII character set is mapped to by the mapping relations between EASCII character set and ascii character-set
Greek alphabet " β " in EASCII character set is mapped to ascii character concentration by the English alphabet " a " that ascii character is concentrated
English alphabet " B ", to realize automatic error-correcting.
It is further used as preferred embodiment, it is described to hold in above-mentioned the first and second preferred embodiment
The step for row corresponding operating is with response character string read-write requests, specifically include:
Detect the type of target string;
When judging that target string belongs to constant, target string is read out or is write according to character string read-write requests
Enter;
When judging that target string belongs to variable, each element in target string is carried out according to current assignment condition
Assignment generates the identical character string constant of content according to the target string after assignment, according to character string read-write requests to character
String constant is read out or is written.
In the step for execution corresponding operating is with response character string read-write requests, if target string itself belongs to
In constant, then show target string content be it is not modifiable, can be directly according to character string read-write requests to target word
Symbol string is read out or is written.If target string belongs to variable, according to the corresponding assignment condition of the target string,
Assignment is carried out to each element in target string under parameter current, so that it is determined that the particular content of target string, then right
Target string carries out duplication operation, to obtain the identical character string constant of content, is equivalent to target word after assignment
The content of symbol string is fixed up, and then character string constant is read out or is written according to character string read-write requests.By above-mentioned
Operation to target string can determine the content of target string, its content is avoided to be tampered, and further ensure that information is pacified
Entirely.
When judging target string is suspicious character string, as the first preferred embodiment, can directly refuse
Response character string read-write requests.Further, after refusing to respond character string read-write requests, also character string read-write requests are come
Source marking be it is suspicious, when retransmiting character string read-write requests or other requests after this source, can quickly recognize
Come, and carry out specially treated, avoids destruction of the network system by malicious operation person.
When judging target string is suspicious character string, as second of preferred embodiment, following steps are executed:
Abnormal elements in target string are all deleted;
Corresponding operating is executed with response character string read-write requests.
In above-mentioned second of preferred embodiment, abnormal elements in target string will all be deleted, and retain mesh
The other elements in character string are marked, the influence of abnormal elements bring can be removed, then according to character string read-write requests, to deletion
Target string after abnormal elements is read out or is written.It, can be to avoid the influence of abnormal elements, together by aforesaid operations
When do not interfere response to character string read-write requests, reduce due to carrying abnormal elements in target string to entire department of computer science
System or the impact of network system bring.
The invention also includes the identification systems for requested character string, comprising:
Character string loading module, for loading target string according to character string read-write requests;
Whether string processing module judges each element respectively for extracting each element in target string
Belong to the character in standard character collection, and judging result is counted;
Character string judgment module, if the element for a predetermined level is exceeded in target string be judged as it is abnormal first
Element, and position of each abnormal elements in target string meets preset relationship, then judges that target string is suspicious character
String, otherwise judges that target string is security string;The abnormal elements are the element for being not belonging to standard character character inside the set.
Each module in present system can be computer program module, be also possible to have the hardware of corresponding function to set
It is standby.
The invention also includes the identification apparatus for requested character string, and described device includes memory and processor, institute
Memory is stated for storing at least one program, the processor is for loading at least one described program to execute present invention side
Method.
Personal computer realization can be used in apparatus of the present invention.
The invention also includes storage mediums, wherein it is stored with the executable instruction of processor, what the processor can be performed
Instruction is when executed by the processor for executing the method for the present invention.
The hardware components of storage medium of the present invention can be mechanical hard disk, solid state hard disk or USB flash disk etc., according to the present invention side
After method is programmed, it is situated between present invention storage just can be obtained in the hardware such as resulting computer program code write-in mechanical hard disk
Matter.
To sum up, the beneficial effects of the present invention are:
When receiving character string read-write requests and clearly corresponding target string, target string is checked,
It can quickly identify unusual character present in target string and be handled, avoid system because that correctly can not identify and handle
Unusual character and adverse consequences occurs;
All character strings are scanned without using antivirus applet, improve working efficiency, avoid excessively occupying network money
Source;
Abnormal elements present in target string can be automatically repaired or deleted etc. with processing, avoided because there are different
Chang Yuansu and impact is brought to entire computer system or network system.
It is to be illustrated to preferable implementation of the invention, but the implementation is not limited to the invention above
Example, those skilled in the art can also make various equivalent variations on the premise of without prejudice to spirit of the invention or replace
It changes, these equivalent deformations or replacement are all included in the scope defined by the claims of the present application.
Claims (10)
1. for the identification method of requested character string, which comprises the following steps:
According to character string read-write requests, target string is loaded;
Each element in target string is extracted, judges the character whether each element belongs in standard character collection respectively,
And judging result is counted;
If the element of a predetermined level is exceeded is judged as abnormal elements in target string, and each abnormal elements are in target character
Position in string meets preset relationship, then judges that target string is suspicious character string, otherwise judges that target string is peace
Complete chain;The abnormal elements are the element for being not belonging to standard character character inside the set.
2. the identification method according to claim 1 for requested character string, which is characterized in that when judging target character
When string is security string, corresponding operating is executed with response character string read-write requests.
3. the identification method according to claim 1 for requested character string, which is characterized in that when judging target character
When string is security string, following steps are executed:
Load non-standard character collection belonging to each abnormal elements in target string;
According to mapping relations preset between non-standard character collection and standard character collection, abnormal elements each in target string are replaced
It is changed to standard character and concentrates corresponding character;
Corresponding operating is executed with response character string read-write requests.
4. the identification method according to claim 3 for requested character string, which is characterized in that the execution is corresponding to grasp
The step for making with response character string read-write requests, specifically include:
Detect the type of target string;
When judging that target string belongs to constant, target string is read out or is written according to character string read-write requests;
When judging that target string belongs to variable, each element in target string is assigned according to current assignment condition
Value generates the identical character string constant of content according to the target string after assignment, according to character string read-write requests to character string
Constant is read out or is written.
5. the identification method according to claim 1-4 for requested character string, which is characterized in that work as judgement
When target string is suspicious character string, character string read-write requests are refused to respond.
6. the identification method according to claim 5 for requested character string, which is characterized in that refusing to respond character
It goes here and there after read-write requests, is also suspicious by the origin marking of character string read-write requests.
7. the identification method according to claim 1-4 for requested character string, which is characterized in that work as judgement
When target string is suspicious character string, following steps are executed:
Abnormal elements in target string are all deleted;
Corresponding operating is executed with response character string read-write requests.
8. for the identification systems of requested character string characterized by comprising
Character string loading module, for loading target string according to character string read-write requests;
String processing module judges whether each element belongs to for extracting each element in target string respectively
Character in standard character collection, and judging result is counted;
Character string judgment module, if the element for a predetermined level is exceeded in target string is judged as abnormal elements, and
Position of each abnormal elements in target string meets preset relationship, then judges that target string is suspicious character string, no
Then judge that target string is security string;The abnormal elements are the element for being not belonging to standard character character inside the set.
9. for the identification apparatus of requested character string, which is characterized in that including memory and processor, the memory is used for
At least one program is stored, the processor requires any one of 1-7 institute for loading at least one described program with perform claim
State method.
10. storage medium, wherein being stored with the executable instruction of processor, which is characterized in that the executable finger of the processor
It enables when executed by the processor for executing such as any one of claim 1-7 the method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811250576.8A CN109510817A (en) | 2018-10-25 | 2018-10-25 | For the identification method of requested character string, system, device and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811250576.8A CN109510817A (en) | 2018-10-25 | 2018-10-25 | For the identification method of requested character string, system, device and storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109510817A true CN109510817A (en) | 2019-03-22 |
Family
ID=65745978
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811250576.8A Pending CN109510817A (en) | 2018-10-25 | 2018-10-25 | For the identification method of requested character string, system, device and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109510817A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113711559A (en) * | 2019-04-16 | 2021-11-26 | 北京嘀嘀无限科技发展有限公司 | System and method for detecting anomalies |
-
2018
- 2018-10-25 CN CN201811250576.8A patent/CN109510817A/en active Pending
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113711559A (en) * | 2019-04-16 | 2021-11-26 | 北京嘀嘀无限科技发展有限公司 | System and method for detecting anomalies |
CN113711559B (en) * | 2019-04-16 | 2023-09-29 | 北京嘀嘀无限科技发展有限公司 | System and method for detecting anomalies |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101777062B (en) | Context-aware real-time computer-protection systems and methods | |
US9438617B2 (en) | Application security testing | |
CN103679031A (en) | File virus immunizing method and device | |
CN102254111A (en) | Malicious site detection method and device | |
US20100050257A1 (en) | Confirmation method of api by the information at call-stack | |
CN110866258B (en) | Rapid vulnerability positioning method, electronic device and storage medium | |
CN111125598A (en) | Intelligent data query method, device, equipment and storage medium | |
US10007788B2 (en) | Method of modeling behavior pattern of instruction set in N-gram manner, computing device operating with the method, and program stored in storage medium to execute the method in computing device | |
JP6282217B2 (en) | Anti-malware system and anti-malware method | |
CN109558207A (en) | The system and method for carrying out the log of the anti-virus scan of file are formed in virtual machine | |
CN115277677B (en) | Batch file hanging method and device, computer equipment and storage medium | |
CN113469866A (en) | Data processing method and device and server | |
CN110647415A (en) | Database detection method, device and equipment and computer readable storage medium | |
CN108156127B (en) | Network attack mode judging device, judging method and computer readable storage medium thereof | |
CN101236531A (en) | Memory and its automatic protection realization method | |
CN109510817A (en) | For the identification method of requested character string, system, device and storage medium | |
CN106529281A (en) | Executable file processing method and device | |
CN111143434A (en) | Intelligent data checking method, device, equipment and storage medium | |
CN116226865A (en) | Security detection method, device, server, medium and product of cloud native application | |
JP2015185027A (en) | Job discrimination program, device and method | |
CN113641702B (en) | Method and device for interactive processing with database client after statement audit | |
US20230107164A1 (en) | System and method for vulnerability detection in computer code | |
CN114003916A (en) | Method, system, terminal and storage medium for testing WEB role longitudinal override vulnerability | |
CN111625825A (en) | Virus detection method, device, equipment and storage medium | |
CN113139190A (en) | Program file detection method and device, electronic equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20190322 |