CN109510817A - For the identification method of requested character string, system, device and storage medium - Google Patents

For the identification method of requested character string, system, device and storage medium Download PDF

Info

Publication number
CN109510817A
CN109510817A CN201811250576.8A CN201811250576A CN109510817A CN 109510817 A CN109510817 A CN 109510817A CN 201811250576 A CN201811250576 A CN 201811250576A CN 109510817 A CN109510817 A CN 109510817A
Authority
CN
China
Prior art keywords
string
character
target
character string
read
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811250576.8A
Other languages
Chinese (zh)
Inventor
刘丰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuxi Tvmining Juyuan Media Technology Co Ltd
Original Assignee
Wuxi Tvmining Juyuan Media Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuxi Tvmining Juyuan Media Technology Co Ltd filed Critical Wuxi Tvmining Juyuan Media Technology Co Ltd
Priority to CN201811250576.8A priority Critical patent/CN109510817A/en
Publication of CN109510817A publication Critical patent/CN109510817A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/20Natural language analysis
    • G06F40/205Parsing
    • G06F40/216Parsing using statistical methods
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/20Natural language analysis
    • G06F40/279Recognition of textual entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Abstract

The invention discloses the identification methods for requested character string, system, device and storage medium, the method includes according to character string read-write requests, load target string, each element in target string is extracted, the character whether each element belongs in standard character collection is judged respectively, and judging result is counted, if the element of a predetermined level is exceeded is judged as abnormal elements in target string, and position of each abnormal elements in target string meets preset relationship, then judge that target string is suspicious character string, otherwise judge that target string is security string.The present invention can quickly identify unusual character present in target string and handle, and avoid system that adverse consequences occurs due to can not correctly identify and handle unusual character.The present invention is widely used in field of information security technology.

Description

For the identification method of requested character string, system, device and storage medium
Technical field
The present invention relates to field of information security technology, in particular for the identification method of requested character string, system, device And storage medium.
Background technique
Computer system and internet system carry out a large amount of data exchange, and the main forms of these data are words Symbol string.It is usually used such as when realizing the communication between client computer and server using hypertext transfer protocol (HTTP) POST and GET instruction, to carry out being requested-responding between client and server.GET instruction is used for from specified resource Requested date, POST are instructed for submitting data to be processed to specified resource, what GET instruction and POST instruction were directed to Data be all in the form of character string existing for.
It include forbidden character in these forbidden character strings there are a large amount of forbidden character string in real network environment, These forbidden characters be for computer system it is nonsensical, when the character string comprising forbidden character is read, is written Or when executing, since the program environment of computer system cannot be adapted to these forbidden characters, it is easy because of read-write failure, generates messy code Or it falls into endless loop etc. and causes system crash.If utilizing above-mentioned technological deficiency by criminal, it will cause large-scale net Network paralysis, causes serious economic loss.
Summary of the invention
In order to solve the above-mentioned technical problem, the object of the invention is that providing the identification method for requested character string, being System, device and storage medium.
First technical solution adopted by the present invention is:
For the identification method of requested character string, comprising the following steps:
According to character string read-write requests, target string is loaded;
Each element in target string is extracted, judges the word whether each element belongs in standard character collection respectively Symbol, and judging result is counted;
If the element of a predetermined level is exceeded is judged as abnormal elements in target string, and each abnormal elements are in target Position in character string meets preset relationship, then judges that target string is suspicious character string, otherwise judge target string It is security string;The abnormal elements are the element for being not belonging to standard character character inside the set.
Further, when judging target string is security string, corresponding operating is executed with the read-write of response character string Request.
Further, when judging target string is security string, following steps are executed:
Load non-standard character collection belonging to each abnormal elements in target string;
It is according to mapping relations preset between non-standard character collection and standard character collection, exception each in target string is first Element replaces with standard character and concentrates corresponding character;
Corresponding operating is executed with response character string read-write requests.
Further, the step for execution corresponding operating is with response character string read-write requests, specifically include:
Detect the type of target string;
When judging that target string belongs to constant, target string is read out or is write according to character string read-write requests Enter;
When judging that target string belongs to variable, each element in target string is carried out according to current assignment condition Assignment generates the identical character string constant of content according to the target string after assignment, according to character string read-write requests to character String constant is read out or is written.
Further, when judging target string is suspicious character string, character string read-write requests are refused to respond.
Further, after refusing to respond character string read-write requests, being also by the origin marking of character string read-write requests can It doubts.
Further, when judging target string is suspicious character string, following steps are executed:
Abnormal elements in target string are all deleted;
Corresponding operating is executed with response character string read-write requests.
Second technical solution adopted by the present invention is:
For the identification systems of requested character string, comprising:
Character string loading module, for loading target string according to character string read-write requests;
Whether string processing module judges each element respectively for extracting each element in target string Belong to the character in standard character collection, and judging result is counted;
Character string judgment module, if the element for a predetermined level is exceeded in target string be judged as it is abnormal first Element, and position of each abnormal elements in target string meets preset relationship, then judges that target string is suspicious character String, otherwise judges that target string is security string;The abnormal elements are the element for being not belonging to standard character character inside the set.
Third technical solution adopted by the present invention is:
For the identification apparatus of requested character string, including memory and processor, the memory is for storing at least One program, the processor is for loading at least one described program to execute first technical solution the method.
4th technical solution adopted by the present invention is:
Storage medium, wherein being stored with the executable instruction of processor, the executable instruction of the processor is by handling For executing first technical solution the method when device executes.
The beneficial effects of the present invention are: when receiving character string read-write requests and clearly corresponding target string, it is right Target string is checked, can quickly be identified unusual character present in target string and be handled, avoid system Adverse consequences occurs due to can not correctly identify and handle unusual character;All character strings are swept without using antivirus applet It retouches, improves working efficiency, avoid excessively occupying Internet resources;Abnormal elements present in target string can be carried out automatic The processing such as reparation or deletion, avoids bringing impact to entire computer system or network system due to there are abnormal elements.
Detailed description of the invention
Fig. 1 is the method for the present invention flow chart.
Specific embodiment
The present invention is directed to the identification method of requested character string, referring to Fig.1, comprising the following steps:
According to character string read-write requests, target string is loaded;
Each element in target string is extracted, judges the word whether each element belongs in standard character collection respectively Symbol, and judging result is counted;
If the element of a predetermined level is exceeded is judged as abnormal elements in target string, and each abnormal elements are in target Position in character string meets preset relationship, then judges that target string is suspicious character string, otherwise judge target string It is security string;The abnormal elements are the element for being not belonging to standard character character inside the set.
Character string read-write requests specifically include character string read requests and character string write request, and wherein character string reading is asked Seeking Truth will read specific character string from local and be sent to specified network address, such as POST instruction;Character string write-in is asked Specific character string is written to local, such as GET instruction by Seeking Truth.Either character string read requests and character string write-in are asked It asks, the method for the present invention is all only handled corresponding character string, is not related to that character string read requests or character string are written Request the improvement of itself.
The character set of computer system includes ASCII, EASCII, GB2312, GBK, Unicode and BIG5 etc..Big absolutely In majority exploitation environment, a portion character set is only used, ascii character-set is generally used.Mark in the method for the present invention Quasi- character set refer in exploitation environment using to or the character set that is defined, such as ascii character-set, and side of the present invention Non-standard character collection in method refers to the character set other than standard character collection, that is, is not used or undefined character Collection.The character that non-standard character is concentrated will become messy code in exploitation environment, or even will affect the operation of program.Normally developing Under the conditions of, the character string generated when programmer is programmed or when computer program is run generally pertains only to standard character collection, only Have and just need to use non-standard character collection under a small number of necessary scenes, therefore when the element in target string is abnormal elements (i.e. element belongs to non-standard character collection), and when the quantity of abnormal elements and position meet certain relationship, it is believed that target Character string be it is unsafe, i.e., it is suspicious.
Judge that the suspicious specific standards of target string may is that when the sum of abnormal elements in target string is more than pre- Bidding judges suspicious on time;It is also possible in the target string if there is continuous multiple abnormal elements, and continuous multiple different The sum of Chang Yuansu judges suspicious when being more than preset standard.
If being not enough to judge that target string is suspicious, being judged as target string is security string.
When judging target string is security string, as the first preferred embodiment, can directly execute Corresponding operating is with response character string read-write requests.Specifically, reading target string according to character string read requests and being sent to Corresponding network address;Or according to character string write request, the target string that will acquire is written in server.
When judging target string is security string, as second of preferred embodiment, following steps are executed:
Load non-standard character collection belonging to each abnormal elements in target string;
It is according to mapping relations preset between non-standard character collection and standard character collection, exception each in target string is first Element replaces with standard character and concentrates corresponding character;
Corresponding operating is executed with response character string read-write requests.
In above-mentioned second of preferred embodiment, before executing corresponding operating with response character string read-write requests, first Corrigendum operation is carried out to the abnormal elements in target string.The basis of this corrigendum operation are as follows: according to judging target word The safe or suspicious standard of symbol string shows abnormal included in target string when target string is judged as safe Element is less, i.e. the abnormal elements expression that does not influence target string belongs to the loading error or computer program of programmer Identify mistake.For example, the English alphabet " a " that ascii character is concentrated is easy the Greek alphabet being written as in EASCII character set by mistake " α ", the English alphabet " B " that ascii character is concentrated are easy the Greek alphabet " β " being written as in EASCII character set by mistake.If Developing ascii character-set in environment is that standard character integrates, EASCII character set is non-standard character collection, then can pre-establish Greek alphabet " α " in EASCII character set is mapped to by the mapping relations between EASCII character set and ascii character-set Greek alphabet " β " in EASCII character set is mapped to ascii character concentration by the English alphabet " a " that ascii character is concentrated English alphabet " B ", to realize automatic error-correcting.
It is further used as preferred embodiment, it is described to hold in above-mentioned the first and second preferred embodiment The step for row corresponding operating is with response character string read-write requests, specifically include:
Detect the type of target string;
When judging that target string belongs to constant, target string is read out or is write according to character string read-write requests Enter;
When judging that target string belongs to variable, each element in target string is carried out according to current assignment condition Assignment generates the identical character string constant of content according to the target string after assignment, according to character string read-write requests to character String constant is read out or is written.
In the step for execution corresponding operating is with response character string read-write requests, if target string itself belongs to In constant, then show target string content be it is not modifiable, can be directly according to character string read-write requests to target word Symbol string is read out or is written.If target string belongs to variable, according to the corresponding assignment condition of the target string, Assignment is carried out to each element in target string under parameter current, so that it is determined that the particular content of target string, then right Target string carries out duplication operation, to obtain the identical character string constant of content, is equivalent to target word after assignment The content of symbol string is fixed up, and then character string constant is read out or is written according to character string read-write requests.By above-mentioned Operation to target string can determine the content of target string, its content is avoided to be tampered, and further ensure that information is pacified Entirely.
When judging target string is suspicious character string, as the first preferred embodiment, can directly refuse Response character string read-write requests.Further, after refusing to respond character string read-write requests, also character string read-write requests are come Source marking be it is suspicious, when retransmiting character string read-write requests or other requests after this source, can quickly recognize Come, and carry out specially treated, avoids destruction of the network system by malicious operation person.
When judging target string is suspicious character string, as second of preferred embodiment, following steps are executed:
Abnormal elements in target string are all deleted;
Corresponding operating is executed with response character string read-write requests.
In above-mentioned second of preferred embodiment, abnormal elements in target string will all be deleted, and retain mesh The other elements in character string are marked, the influence of abnormal elements bring can be removed, then according to character string read-write requests, to deletion Target string after abnormal elements is read out or is written.It, can be to avoid the influence of abnormal elements, together by aforesaid operations When do not interfere response to character string read-write requests, reduce due to carrying abnormal elements in target string to entire department of computer science System or the impact of network system bring.
The invention also includes the identification systems for requested character string, comprising:
Character string loading module, for loading target string according to character string read-write requests;
Whether string processing module judges each element respectively for extracting each element in target string Belong to the character in standard character collection, and judging result is counted;
Character string judgment module, if the element for a predetermined level is exceeded in target string be judged as it is abnormal first Element, and position of each abnormal elements in target string meets preset relationship, then judges that target string is suspicious character String, otherwise judges that target string is security string;The abnormal elements are the element for being not belonging to standard character character inside the set.
Each module in present system can be computer program module, be also possible to have the hardware of corresponding function to set It is standby.
The invention also includes the identification apparatus for requested character string, and described device includes memory and processor, institute Memory is stated for storing at least one program, the processor is for loading at least one described program to execute present invention side Method.
Personal computer realization can be used in apparatus of the present invention.
The invention also includes storage mediums, wherein it is stored with the executable instruction of processor, what the processor can be performed Instruction is when executed by the processor for executing the method for the present invention.
The hardware components of storage medium of the present invention can be mechanical hard disk, solid state hard disk or USB flash disk etc., according to the present invention side After method is programmed, it is situated between present invention storage just can be obtained in the hardware such as resulting computer program code write-in mechanical hard disk Matter.
To sum up, the beneficial effects of the present invention are:
When receiving character string read-write requests and clearly corresponding target string, target string is checked, It can quickly identify unusual character present in target string and be handled, avoid system because that correctly can not identify and handle Unusual character and adverse consequences occurs;
All character strings are scanned without using antivirus applet, improve working efficiency, avoid excessively occupying network money Source;
Abnormal elements present in target string can be automatically repaired or deleted etc. with processing, avoided because there are different Chang Yuansu and impact is brought to entire computer system or network system.
It is to be illustrated to preferable implementation of the invention, but the implementation is not limited to the invention above Example, those skilled in the art can also make various equivalent variations on the premise of without prejudice to spirit of the invention or replace It changes, these equivalent deformations or replacement are all included in the scope defined by the claims of the present application.

Claims (10)

1. for the identification method of requested character string, which comprises the following steps:
According to character string read-write requests, target string is loaded;
Each element in target string is extracted, judges the character whether each element belongs in standard character collection respectively, And judging result is counted;
If the element of a predetermined level is exceeded is judged as abnormal elements in target string, and each abnormal elements are in target character Position in string meets preset relationship, then judges that target string is suspicious character string, otherwise judges that target string is peace Complete chain;The abnormal elements are the element for being not belonging to standard character character inside the set.
2. the identification method according to claim 1 for requested character string, which is characterized in that when judging target character When string is security string, corresponding operating is executed with response character string read-write requests.
3. the identification method according to claim 1 for requested character string, which is characterized in that when judging target character When string is security string, following steps are executed:
Load non-standard character collection belonging to each abnormal elements in target string;
According to mapping relations preset between non-standard character collection and standard character collection, abnormal elements each in target string are replaced It is changed to standard character and concentrates corresponding character;
Corresponding operating is executed with response character string read-write requests.
4. the identification method according to claim 3 for requested character string, which is characterized in that the execution is corresponding to grasp The step for making with response character string read-write requests, specifically include:
Detect the type of target string;
When judging that target string belongs to constant, target string is read out or is written according to character string read-write requests;
When judging that target string belongs to variable, each element in target string is assigned according to current assignment condition Value generates the identical character string constant of content according to the target string after assignment, according to character string read-write requests to character string Constant is read out or is written.
5. the identification method according to claim 1-4 for requested character string, which is characterized in that work as judgement When target string is suspicious character string, character string read-write requests are refused to respond.
6. the identification method according to claim 5 for requested character string, which is characterized in that refusing to respond character It goes here and there after read-write requests, is also suspicious by the origin marking of character string read-write requests.
7. the identification method according to claim 1-4 for requested character string, which is characterized in that work as judgement When target string is suspicious character string, following steps are executed:
Abnormal elements in target string are all deleted;
Corresponding operating is executed with response character string read-write requests.
8. for the identification systems of requested character string characterized by comprising
Character string loading module, for loading target string according to character string read-write requests;
String processing module judges whether each element belongs to for extracting each element in target string respectively Character in standard character collection, and judging result is counted;
Character string judgment module, if the element for a predetermined level is exceeded in target string is judged as abnormal elements, and Position of each abnormal elements in target string meets preset relationship, then judges that target string is suspicious character string, no Then judge that target string is security string;The abnormal elements are the element for being not belonging to standard character character inside the set.
9. for the identification apparatus of requested character string, which is characterized in that including memory and processor, the memory is used for At least one program is stored, the processor requires any one of 1-7 institute for loading at least one described program with perform claim State method.
10. storage medium, wherein being stored with the executable instruction of processor, which is characterized in that the executable finger of the processor It enables when executed by the processor for executing such as any one of claim 1-7 the method.
CN201811250576.8A 2018-10-25 2018-10-25 For the identification method of requested character string, system, device and storage medium Pending CN109510817A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811250576.8A CN109510817A (en) 2018-10-25 2018-10-25 For the identification method of requested character string, system, device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811250576.8A CN109510817A (en) 2018-10-25 2018-10-25 For the identification method of requested character string, system, device and storage medium

Publications (1)

Publication Number Publication Date
CN109510817A true CN109510817A (en) 2019-03-22

Family

ID=65745978

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811250576.8A Pending CN109510817A (en) 2018-10-25 2018-10-25 For the identification method of requested character string, system, device and storage medium

Country Status (1)

Country Link
CN (1) CN109510817A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113711559A (en) * 2019-04-16 2021-11-26 北京嘀嘀无限科技发展有限公司 System and method for detecting anomalies

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113711559A (en) * 2019-04-16 2021-11-26 北京嘀嘀无限科技发展有限公司 System and method for detecting anomalies
CN113711559B (en) * 2019-04-16 2023-09-29 北京嘀嘀无限科技发展有限公司 System and method for detecting anomalies

Similar Documents

Publication Publication Date Title
CN101777062B (en) Context-aware real-time computer-protection systems and methods
US9438617B2 (en) Application security testing
CN103679031A (en) File virus immunizing method and device
CN102254111A (en) Malicious site detection method and device
US20100050257A1 (en) Confirmation method of api by the information at call-stack
CN110866258B (en) Rapid vulnerability positioning method, electronic device and storage medium
CN111125598A (en) Intelligent data query method, device, equipment and storage medium
US10007788B2 (en) Method of modeling behavior pattern of instruction set in N-gram manner, computing device operating with the method, and program stored in storage medium to execute the method in computing device
JP6282217B2 (en) Anti-malware system and anti-malware method
CN109558207A (en) The system and method for carrying out the log of the anti-virus scan of file are formed in virtual machine
CN115277677B (en) Batch file hanging method and device, computer equipment and storage medium
CN113469866A (en) Data processing method and device and server
CN110647415A (en) Database detection method, device and equipment and computer readable storage medium
CN108156127B (en) Network attack mode judging device, judging method and computer readable storage medium thereof
CN101236531A (en) Memory and its automatic protection realization method
CN109510817A (en) For the identification method of requested character string, system, device and storage medium
CN106529281A (en) Executable file processing method and device
CN111143434A (en) Intelligent data checking method, device, equipment and storage medium
CN116226865A (en) Security detection method, device, server, medium and product of cloud native application
JP2015185027A (en) Job discrimination program, device and method
CN113641702B (en) Method and device for interactive processing with database client after statement audit
US20230107164A1 (en) System and method for vulnerability detection in computer code
CN114003916A (en) Method, system, terminal and storage medium for testing WEB role longitudinal override vulnerability
CN111625825A (en) Virus detection method, device, equipment and storage medium
CN113139190A (en) Program file detection method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20190322