CN109639637A - A kind of content detection algorithm, device and electronic equipment - Google Patents
A kind of content detection algorithm, device and electronic equipment Download PDFInfo
- Publication number
- CN109639637A CN109639637A CN201811310840.2A CN201811310840A CN109639637A CN 109639637 A CN109639637 A CN 109639637A CN 201811310840 A CN201811310840 A CN 201811310840A CN 109639637 A CN109639637 A CN 109639637A
- Authority
- CN
- China
- Prior art keywords
- network object
- detection
- network
- content
- risk
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
Abstract
The invention discloses a kind of content detection algorithm, device and electronic equipment, the relevant information of the available network object to be detected of the method;Based on the relevant information of the network object, the risk label of the network object is determined;Based on the inspection policies with the risk tag match, safety detection carried out to the corresponding content of the network object, the corresponding inspection policies of different risk labels are different.
Description
Technical field
This application involves field of computer technology more particularly to a kind of content detection algorithms, device and electronic equipment.
Background technique
In internet security field, the safety detection of the corresponding content of each network object (such as network address) is important
One of research topic.
Currently, take full dose crawl detection in need the corresponding content of network address and detect mode, Ke Yili
Solution, if necessary to the negligible amounts of the network address of detection, full dose is crawled and is detected and is easily achieved;But if necessary to examine
The quantity of the network address of survey is very big, full dose crawl and detect the computing resource for once needing to expend, time cost and manually at
This is all very high, and detection efficiency is low.
Summary of the invention
The embodiment of the present application provides a kind of content detection algorithm, device and electronic equipment, to improve detection network object
The efficiency of corresponding content.
In order to solve the above technical problems, the embodiment of the present application is achieved in that
In a first aspect, proposing a kind of content detection algorithm, which comprises
Obtain the relevant information of network object to be detected;
Based on the relevant information of the network object, the risk label of the network object is determined;
Based on the inspection policies with the risk tag match, safe inspection is carried out to the corresponding content of the network object
It surveys, the corresponding inspection policies of different risk labels are different.
Second aspect, proposes a kind of content detection device, and described device includes:
Data obtaining module, for obtaining the relevant information of network object to be detected;
Label determining module determines the risk mark of the network object for the relevant information based on the network object
Label;
First detection module, for being corresponded to the network object based on the inspection policies with the risk tag match
Content carry out safety detection, the corresponding inspection policies of different risk labels are different.
The third aspect proposes a kind of electronic equipment, comprising:
Processor;And
It is arranged to the memory of storage computer executable instructions, the executable instruction makes the place when executed
It manages device and executes following operation:
Obtain the relevant information of network object to be detected;
Based on the relevant information of the network object, the risk label of the network object is determined;
Based on the inspection policies with the risk tag match, safe inspection is carried out to the corresponding content of the network object
It surveys, the corresponding inspection policies of different risk labels are different.
Fourth aspect proposes a kind of computer readable storage medium, the computer-readable recording medium storage one
Or multiple programs, one or more of programs are when the electronic equipment for being included multiple application programs executes, so that the electricity
Sub- equipment executes following operation:
Obtain the relevant information of network object to be detected;
Based on the relevant information of the network object, the risk label of the network object is determined;
Based on the inspection policies with the risk tag match, safe inspection is carried out to the corresponding content of the network object
It surveys, the corresponding inspection policies of different risk labels are different.
As can be seen from the technical scheme provided by the above embodiments of the present application, scheme provided by the embodiments of the present application at least have as
A kind of lower technical effect: due to being the risk label for first determining network object, it is then based on the risk label with network object
Matched inspection policies carry out safety detection, and the corresponding detection plan of different risk labels to the corresponding content of the network object
It is slightly different, rather than the corresponding content of all-network object is all detected every time, this data volume that single is detected
It is opposite to reduce, therefore resource consumption can be reduced, shorten detection time, and then the effect of the corresponding content of network object can be improved
Rate.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present application, constitutes part of this application, this Shen
Illustrative embodiments and their description please are not constituted an undue limitation on the present application for explaining the application.In the accompanying drawings:
Fig. 1 is a kind of flow diagram for the content detection algorithm that this specification embodiment provides.
Fig. 2 is another flow diagram for the content detection algorithm that this specification embodiment provides.
Fig. 3 is another flow diagram for the content detection algorithm that this specification embodiment provides.
Fig. 4 is a kind of detailed process schematic diagram for the content detection algorithm that this specification embodiment provides.
Fig. 5 is the structural schematic diagram for a kind of electronic equipment that this specification embodiment provides.
Fig. 6 is a kind of structural schematic diagram for the content detection device that this specification embodiment provides.
Fig. 7 is another structural schematic diagram for the content detection device that this specification embodiment provides.
Fig. 8 is another flow diagram for the content detection device that this specification embodiment provides.
Specific embodiment
To keep the purposes, technical schemes and advantages of the application clearer, below in conjunction with the application specific embodiment and
Technical scheme is clearly and completely described in corresponding attached drawing.Obviously, described embodiment is only the application one
Section Example, instead of all the embodiments.Based on the embodiment in the application, those of ordinary skill in the art are not doing
Every other embodiment obtained under the premise of creative work out, shall fall in the protection scope of this application.
In order to improve the efficiency of the corresponding content of detection network object, this specification embodiment provides a kind of content detection side
Method and device, this method and device can be applied in the detection system for needing to detect the corresponding content of network object.
For example, this method and device can be applied to electric business and put down when the network address for the trade company that network object is a certain electric business platform
In the detection system of the corresponding content of the network address of the trade company of platform.
1 to Fig. 4 a kind of content detection algorithm that this specification embodiment provides is carried out specifically with reference to the accompanying drawing
It is bright.
As shown in Figure 1, a kind of content detection algorithm that this specification embodiment provides, may include steps of:
Step 102, the relevant information for obtaining network object to be detected.
Network object, the network object of Web content can be provided by referring to, such as the use of network address, social category application
Application in family, application market, etc..If network object is network address, the corresponding Web content provided can be network
Content in the corresponding webpage in address;If network object is the user of social category application, the corresponding Web content provided can be with
It is article, the video etc. that user issues in the social application;If network object is the application in application market, corresponding to provide
Web content can be the installation file of application.
The relevant information of network object can include but is not limited to describe the information of the network object self character and/or retouch
State the information of the owner (main body in other words) characteristic of the network object.
For example, if network object is the network address of the trade company of electric business platform, the relevant information of the network object
It may include that the flowing of access information of network address, the corresponding content of creation time information, network address of network address are gone through
History detection information etc. describe network address characteristic itself information and trade company belonging to industry type, the trading volume of trade company,
The credit rating of trade company, user are to the type of the evaluation information of trade company, trade company (for example whether belonging to commercial affairs expands trade company
The owner --- the information of the characteristic of trade company of the description such as (Business Development, BD) network object.
If network object is the user of social application, the relevant information of the network object may include the ground of user
Industry, the user hair in social application belonging to the historical content that reason position, the gender of user, user issue in social application
Whether the type of the historical content of cloth, user issued the information of the characteristic of the description network object such as information such as violation content.
If network object is the application in application market, the relevant information of the network object may include application
Type, the download of application, user describe the information of network object self character to evaluation information of application etc., and apply and open
The download of the other application of originator exploitation, the type of the other application of application developer exploitation, user open application developer
Evaluation information and the prestige record of application developer of the other application of hair etc. describe the information of owner's characteristic of network object.
In one example, step 102 can remove acquisition network pair at the appointed time or according to certain period
The relevant information of elephant, the relevant information for obtaining network object can be longer, this is because the portion in the relevant information of network object
A possibility that point passage of information at any time changes is smaller, it is possible to go to obtain with a longer period.In addition, can
To understand, the relevant information of the network object obtained in step 102 can build up preservation according to acquisition time, for some
It is not susceptible to the relevant information of variation, available primary long-time service later, this makes the data volume that step 102 once obtains
It is relatively fewer, therefore will not influence the efficiency of the corresponding content of detection network object.
Step 104, the relevant information based on the network object determine the risk label of the network object.
Risk label can be used for characterizing the height of the corresponding existing degree of risk of network object.In this specification embodiment
In, the risk label of network object can be composed of at least one risk indicator by preset logical relation, in other words wind
Dangerous label may include at least one risk indicator according to logic of propositions composition of relations.Wherein, logic of propositions relationship include but
It is not limited to the logical relations such as "AND" and "or".
As an example, when the network object is the network address of the trade company in default electric business platform, above-mentioned wind
Dangerous index can be any one of following index: whether the corresponding trade company of the network address is in white list, the network
Whether access temperature, the network address of address are newly-increased network address, the industry class of the corresponding trade company of the network address
Whether type, the trading volume of the corresponding trade company of the network address, the corresponding trade company of the network address are BD trade company and the net
The corresponding trade company in network address is with the presence or absence of rectification record, etc..
Continue so that the network object is the network address of the trade company in default electric business platform as an example, the risk of network object
Label for example can be " the access temperature of network address be greater than 10,000 daily and the corresponding trade company of network address be not in white list
Trade company ", or can be that " trading volume of the corresponding trade company of network address is not zero trade company corresponding with the network address not
It is BD trade company ", etc..
Step 106, based on the inspection policies with the risk tag match, the corresponding content of the network object is carried out
Safety detection, the corresponding inspection policies of different risk labels are different.
Optionally, before step 106, the content detection algorithm that this specification embodiment provides can also include: preparatory
The inspection policies of configuration and the risk tag match, the different corresponding inspection policies of risk label can be different.
Wherein, inspection policies may include detection cycle, detection depth, detection range and specific content detection rule
Deng.For example, when network object is network address, detection depth can be the level of the corresponding Webpage of network address
Depth, for example for a website, into after homepage, next layer can be entered later by clicking the option button in homepage
Multiple pages of grade, then the option button etc. clicked in the page of next level can also be further into more next level
Other pages;Detection range can be the quantity etc. for needing to grab the Webpage of content.
In the security fields of the corresponding content of network object, a large amount of risk is generally concentrated in a small number of network objects, such as
In electric business platform, the risk of newly-increased network address and trade company is generally higher, and some in the presence of for a long time and larger
Trade company's risk is lower, extra high information exposure height of network address temperature, etc..Therefore, risk label pair can be based on
Network object is classified, and for the risk label for representing different degrees of risk, configures different inspection policies, specifically,
When the degree of risk that a risk label represents is high, relatively stringent inspection policies can be configured, conversely, when a risk mark
When the degree of risk that label represent is high, the inspection policies compared with relative loose can be configured.
By taking inspection policies include detection cycle as an example, if the network object is the net of the trade company in default electric business platform
Network address, then when the risk label of network address is that " the access temperature of network address is higher than preset value and network address is corresponding
Trade company is not the trade company in white list " when, it is primary to can be detection in one day with the inspection policies of the risk tag match;Work as network
When the risk label of address is " amount of access of network address is zero and network address is newly-built address ", with the risk tag match
Inspection policies to can be detection in three days primary.
It is understood that, it is assumed that certain electric business platform needs to carry out safety detection to the corresponding content of 1,000,000 network address, such as
Fruit uses the relevant technologies, then detection daily will obtain this corresponding content of 100 network address and be detected, and data volume is very big, non-
It is often time-consuming.And if using the content detection algorithm that this specification embodiment provides, since foundation risk label is to network object
Risk be classified, the network object of different risk labels is then directed to, using different inspection policies, therefore can not
It must all obtain this corresponding content of 1,000,000 network address daily, but the inspection based on the risk tag match with network address
Strategy is surveyed, the corresponding content in subnetwork address for obtaining 1,000,000 network address daily is detected, and which reduce need daily
The data volume to be detected, shortens detection time, improves detection efficiency.
When specific implementation, if in inspection policies including detection cycle, step 106 may include: to determine the last time
The historical time of safety detection is carried out to the corresponding content of the network object;Based on the detection week for including in the inspection policies
Phase and the historical time carry out safety detection to the corresponding content of the network object.
Further, above-mentioned based on the detection for including in the inspection policies if the network object is network address
Period and the historical time carry out safety detection to the corresponding content of the network object, may include: based on the detection
The detection cycle for including in strategy and the historical time determine that crawl the corresponding content of the network object crawls the time;
After the time is crawled described in the arrival, the corresponding content of the network object (not crawling if not reaching and crawling the time) is crawled;
Safety detection is carried out to the corresponding content of the network object crawled.Wherein, crawling step can be realized by crawler technology, be climbed
The content got can be text, be also possible to picture or video etc..
Further, inspection policies can also include crawling depth (corresponding with detection depth above), crawling
Range (corresponding with detection range above) and content detection rule, it is described crawl the time described in the arrival after, crawl institute
State the corresponding content of network object, comprising: after crawling the time described in the arrival, crawl depth based on described and described crawl model
It encloses, crawls the corresponding content of the network object;It is corresponding to the network object crawled based on the content detection rule
Content carries out safety detection.Wherein, content detection rule can also be pre-configured with, and content detection rule can be in the related technology
Detected rule, this specification embodiment do not limit this.
In short, a kind of content detection algorithm that this specification embodiment provides, due to being the wind for first determining network object
Dangerous label is then based on the inspection policies with the risk tag match of network object, carries out to the corresponding content of the network object
Safety detection, and the corresponding inspection policies of different risk labels are different, rather than it is every time corresponding to all-network object interior
Appearance is all detected, this data volume that single is detected is opposite to be reduced, therefore when can reduce resource consumption, shorten detection
Between, and then the efficiency of the corresponding content of network object can be improved.
Optionally, in another embodiment, a kind of content detection algorithm that this specification embodiment provides, can also wrap
It includes: safety detection being carried out to the corresponding content of the network object according to the fixed test period.Wherein, the fixed test period is greater than
In the related technology to detection in need network object carry out full dose detection period.
For example, if in the related technology to detection in need network object carry out full dose detection period be 1 day,
The above-mentioned fixed test period can be 5 days or one week.
This specification embodiment is designed to provide the content safety detection scheme revealed all the details, with a longer week
Phase carries out full dose detection to the network object that needs detect, and prevents the corresponding content of the certain network objects of missing inspection.
Optionally, as shown in Fig. 2, in another embodiment, before above-mentioned steps 106, this specification embodiment is provided
A kind of content detection algorithm, can also include:
Step 108 judges whether to reach fixed test period corresponding detection time;If so, executing step 110;It is no
Then, above-mentioned steps 106 are executed.
Wherein, the fixed test period is greater than the network object progress full dose detection to institute's detection in need in the related technology
Period.
Step 110 carries out the corresponding content of the network object by the fixed test period corresponding inspection policies
Safety detection.
The purpose of this specification embodiment, which is not only in that, provides a content safety detection scheme revealed all the details, to prevent leak-stopping inspection
The corresponding content of certain network objects, also reside in prevent by fixed test cycle detection with according to the matched detection of network object
Strategy detection clashes, and makes repetition detection to the content of network object, results in waste of resources.
Optionally, as shown in figure 3, based on any of the above embodiments, in one kind that this specification embodiment provides
Hold detection method, can also include:
If step 112 detects the information for presetting safety regulation in the corresponding content of the network object comprising violating,
The supplier of the network object and/or the network object is audited.
As an example, if network object is the user of social application, the information of default safety regulation is violated
Such as can be fraud information, gambling information etc..
As an example, if network object is the network address of the trade company of electric business platform, the supplier of network object
The as trade company.
Step 114, in the supplier for auditing the determining network object and/or the network object, there are safety problems
When, take default measure to handle the supplier of the network object and/or the network object.
As an example, if network object is the network address of the trade company of electric business platform, default measure be can be down
Frame or rectification etc..
It is corresponding interior that detection network object not only can be improved in a kind of content detection algorithm that this specification embodiment provides
The efficiency of appearance, can also be in detecting the corresponding content of network object when safety regulation information default in the presence of violation, further
The supplier of network object and/or network object is audited on ground, and further takes in audit there are when safety problem
Default measure is handled.
In order to be more clearly understood that a kind of content detection algorithm for being the offer of this specification embodiment, below shown in Fig. 4
A more detailed flow diagram, to this specification embodiment provide content detection algorithm be illustrated, in the reality
It applies in example, network object is the network address of the trade company of electric business platform.
As shown in figure 4, the content detection algorithm that this specification embodiment provides can be applied to content detection system 400
In, which includes: that information management platform 41, Data Analysis Platform 42, tactical management platform 43, timed task starting are flat
Platform 44, crawler seed management platform 45, content crawl system 46, content detection system 47, auditing system 48 and processing system 49.
With continued reference to Fig. 4, a kind of content detection algorithm that this specification embodiment provides be may include steps of:
Step 401, Data Analysis Platform 42 obtain the relevant information of network object from information management platform 41.
The relevant information of step 402, Data Analysis Platform 42 based on network object analyzes the label for determining network object.
The risk label of network object is sent to tactical management platform 43 by step 404, Data Analysis Platform 42.
Step 405, tactical management platform 43 configure different inspection policies for different risk labels.
Step 406, timed task starting platform 44 start timing Detection task;For example, starting in the daily set time
Timing Detection task.
Step 407, crawler seed management platform 45 obtain the risk label with network address from tactical management platform 43
The inspection policies matched, and determined based on inspection policies whether need in the secondary timing Detection task it is corresponding to the network address
Content is detected;If desired, executing step 408;If it is not needed, waiting the starting of next timing Detection task.
Step 408, crawler seed management platform 45 are directed to the network address generation crawler seed for needing to carry out content detection.
Crawler seed is sent to content and crawls system 46 by step 409, crawler seed management platform 45.
Step 410, content, which are crawled system 46 and crawled using crawler seed, needs the network address for carrying out content detection corresponding
Content and be sent to content detection system 47.
Step 411, content detection system 47 are based on inspection policies, corresponding to the network address for needing to carry out content detection
Content is detected, and is sent to audit system comprising violating the network address of the information of default safety regulation in the content that will test out
System 48.
Step 412, the network address and/or the corresponding trade company of the network address that auditing system 48 receives are audited,
And network address and/or the corresponding trade company of the network address are determined there are when safety problem auditing, notifier processes system 49 is adopted
Default measure is taken to carry out the processing such as undercarriage to network address and/or the corresponding trade company of the network address.
It is that a kind of explanation of content detection algorithm is provided this specification above, the electronics provided below this specification is set
It is standby to be introduced.
Fig. 5 is the structural schematic diagram for the electronic equipment that one embodiment of this specification provides.Referring to FIG. 5, in hardware
Level, the electronic equipment include processor, optionally further comprising internal bus, network interface, memory.Wherein, memory can
It can include memory, such as high-speed random access memory (Random-Access Memory, RAM), it is also possible to further include non-easy
The property lost memory (non-volatile memory), for example, at least 1 magnetic disk storage etc..Certainly, which is also possible to
Including hardware required for other business.
Processor, network interface and memory can be connected with each other by internal bus, which can be ISA
(Industry Standard Architecture, industry standard architecture) bus, PCI (Peripheral
Component Interconnect, Peripheral Component Interconnect standard) bus or EISA (Extended Industry Standard
Architecture, expanding the industrial standard structure) bus etc..The bus can be divided into address bus, data/address bus, control always
Line etc..Only to be indicated with a four-headed arrow in Fig. 5, it is not intended that an only bus or a type of convenient for indicating
Bus.
Memory, for storing program.Specifically, program may include program code, and said program code includes calculating
Machine operational order.Memory may include memory and nonvolatile memory, and provide instruction and data to processor.
Processor is from the then operation into memory of corresponding computer program is read in nonvolatile memory, in logical layer
Content detection device is formed on face.Processor executes the program that memory is stored, and is specifically used for executing following operation:
Obtain the relevant information of network object to be detected;
Based on the relevant information of the network object, the risk label of the network object is determined;
Based on the inspection policies with the risk tag match, safe inspection is carried out to the corresponding content of the network object
It surveys, the corresponding inspection policies of different risk labels are different.
Content detection algorithm disclosed in the above-mentioned embodiment illustrated in fig. 1 such as this specification can be applied in processor, or
It is realized by processor.Processor may be a kind of IC chip, the processing capacity with signal.During realization, on
Each step for stating method can be completed by the integrated logic circuit of the hardware in processor or the instruction of software form.It is above-mentioned
Processor can be general processor, including central processing unit (Central Processing Unit, CPU), network processes
Device (Network Processor, NP) etc.;Can also be digital signal processor (Digital Signal Processor,
DSP), specific integrated circuit (Application Specific Integrated Circuit, ASIC), field programmable gate
Array (Field-Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or crystalline substance
Body pipe logical device, discrete hardware components.It may be implemented or execute and is in this specification one or more embodiment disclosed
Each method, step and logic diagram.General processor can be microprocessor or the processor be also possible to it is any conventional
Processor etc..The step of method in conjunction with disclosed in this specification one or more embodiment, can be embodied directly in hardware decoding
Processor executes completion, or in decoding processor hardware and software module combination execute completion.Software module can position
In random access memory, flash memory, read-only memory, programmable read only memory or electrically erasable programmable memory, register
In the storage medium of equal this fields maturation.The storage medium is located at memory, and processor reads the information in memory, in conjunction with it
Hardware completes the step of above method.
The electronic equipment can also carry out the content detection algorithm of Fig. 1, and details are not described herein for this specification.
Certainly, other than software realization mode, other implementations are not precluded in the electronic equipment of this specification, such as
Logical device or the mode of software and hardware combining etc., that is to say, that the executing subject of following process flow is not limited to each
Logic unit is also possible to hardware or logical device.
This specification embodiment also proposed a kind of computer readable storage medium, the computer-readable recording medium storage
One or more programs, the one or more program include instruction, and the instruction is when by the portable electric including multiple application programs
When sub- equipment executes, the method that the portable electronic device can be made to execute embodiment illustrated in fig. 1, and be specifically used for executing following
Operation:
Obtain the relevant information of network object to be detected;
Based on the relevant information of the network object, the risk label of the network object is determined;
Based on the inspection policies with the risk tag match, safe inspection is carried out to the corresponding content of the network object
It surveys, the corresponding inspection policies of different risk labels are different.
Fig. 6 is the structural schematic diagram for the content detection device 600 that this specification provides.Referring to FIG. 6, real in a kind of software
It applies in mode, content detection device 600 can include: data obtaining module 601, label determining module 602 and first detection module
603。
Data obtaining module 601, for obtaining the relevant information of network object to be detected.
Network object, the network object of Web content can be provided by referring to, such as the use of network address, social category application
Application in family, application market, etc..
The relevant information of network object can include but is not limited to describe the information of the network object self character and/or retouch
State the information of the owner (main body in other words) characteristic of the network object.
Label determining module 602 determines the risk of the network object for the relevant information based on the network object
Label.
Risk label can be used for characterizing the height of the corresponding existing degree of risk of network object.In this specification embodiment
In, the risk label of network object can be composed of at least one risk indicator by preset logical relation, in other words wind
Dangerous label may include at least one risk indicator according to logic of propositions composition of relations.Wherein, logic of propositions relationship include but
It is not limited to the logical relations such as "AND" and "or".
First detection module 603, for based on the inspection policies with the risk tag match, to the network object pair
The content answered carries out safety detection, and the corresponding inspection policies of different risk labels are different.
Optionally, the content detection algorithm that this specification embodiment provides can also include: configuration module, for matching in advance
Set the inspection policies with the risk tag match.
Specifically, when the degree of risk that a risk label represents is high relatively stringent inspection policies can be configured, instead
It can configure the inspection policies compared with relative loose when the degree of risk that a risk label represents is high.
Wherein, inspection policies may include detection cycle, detection depth, detection range and specific content detection rule
Deng.
When specific implementation, if including detection cycle in inspection policies, first detection module 603 can be used for: determine
The last time carries out the historical time of safety detection to the corresponding content of the network object;Based on including in the inspection policies
Detection cycle and the historical time, to the corresponding content of the network object carry out safety detection.
Further, if the network object is network address, first detection module 603 can be used for: based on described
The detection cycle for including in inspection policies and the historical time, determination crawl when crawling of the corresponding content of the network object
Between;After the time is crawled described in the arrival, crawls the corresponding content of the network object and (do not climbed if not reaching and crawling the time
It takes);Safety detection is carried out to the corresponding content of the network object crawled.Wherein, crawling step can be by crawler technology reality
Existing, the content crawled can be text, be also possible to picture or video etc..
Further, inspection policies can also include crawling depth (corresponding with detection depth above), crawling
Range (corresponding with detection range above) and content detection rule, first detection module 603 can be used for: reach institute
State after crawling the time, based on it is described crawl depth and it is described crawl range, crawl the corresponding content of the network object;Based on institute
Content detection rule is stated, safety detection is carried out to the corresponding content of the network object crawled.Wherein, content detection rule
It can be pre-configured with, content detection rule can be detected rule in the related technology, and this specification embodiment does not limit this
It is fixed.
The content detection device 600 that this specification embodiment provides, due to being the risk label for first determining network object,
The inspection policies with the risk tag match of network object are then based on, safe inspection is carried out to the corresponding content of the network object
Survey, and the corresponding inspection policies of different risk label are different, rather than every time to the corresponding content of all-network object all into
Row detection, this data volume that single is detected is opposite to be reduced, therefore can be reduced resource consumption, be shortened detection time, in turn
The efficiency of the corresponding content of network object can be improved.
Optionally, in another embodiment, this specification embodiment provide content detection device 600, can also include:
Second monitoring modular, for carrying out safety detection to the corresponding content of the network object according to the fixed test period.Wherein, Gu
Determine detection cycle be greater than in the related technology to institute detection in need network object progress full dose detection period.
This specification embodiment is designed to provide the content safety detection scheme revealed all the details, with a longer week
Phase carries out full dose detection to the network object that needs detect, and prevents the corresponding content of the certain network objects of missing inspection.
Optionally, as shown in fig. 7, in another embodiment, the content detection device 600 that this specification embodiment provides,
It can also include: judgment module 604 and the second detection module 605.
Judgment module 604 reaches fixed test period corresponding detection time for judging whether;If so, triggering the
Two detection modules 605;Otherwise, first detection module 603 is triggered.
Wherein, the fixed test period is greater than the network object progress full dose detection to institute's detection in need in the related technology
Period.
Second detection module 605, for pressing the fixed test period corresponding inspection policies to the network object pair
The content answered carries out safety detection.
The purpose of this specification embodiment, which is not only in that, provides a content safety detection scheme revealed all the details, to prevent leak-stopping inspection
The corresponding content of certain network objects, also reside in prevent by fixed test cycle detection with according to the matched detection of network object
Strategy detection clashes, and makes repetition detection to the content of network object, results in waste of resources.
Optionally, as shown in figure 8, based on any of the above embodiments, the content that this specification embodiment provides is examined
Device 600 is surveyed, can also include: auditing module 606 and processing module 607.
Auditing module 606, if for detecting in the corresponding content of the network object comprising violating default safety rule
Information then audits the supplier of the network object and/or the network object.
Processing module 607, for auditing the supplier for determining the network object and/or the network object in the presence of peace
When full problem, default measure is taken to handle the supplier of the network object and/or the network object.
It is corresponding interior that detection network object not only can be improved in the content detection device 600 that this specification embodiment provides
The efficiency of appearance, can also be in detecting the corresponding content of network object when safety regulation information default in the presence of violation, further
The supplier of network object and/or network object is audited on ground, and further takes in audit there are when safety problem
Default measure is handled.
It should be noted that the method that content detection device 600 can be realized the embodiment of the method for Fig. 1, related place can
With reference to the content detection algorithm of embodiment illustrated in fig. 1, details are not described herein again.
In short, being not intended to limit the protection of this specification the foregoing is merely the preferred embodiment of this specification
Range.With within principle, made any modification, changes equivalent replacement all spirit in this specification one or more embodiment
Into etc., it should be included within the protection scope of this specification one or more embodiment.
System, device, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity,
Or it is realized by the product with certain function.It is a kind of typically to realize that equipment is computer.Specifically, computer for example may be used
Think personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media play
It is any in device, navigation equipment, electronic mail equipment, game console, tablet computer, wearable device or these equipment
The combination of equipment.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method
Or technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data.
The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), moves
State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable
Programmable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM),
Digital versatile disc (DVD) or other optical storage, magnetic cassettes, tape magnetic disk storage or other magnetic storage devices
Or any other non-transmission medium, can be used for storage can be accessed by a computing device information.As defined in this article, it calculates
Machine readable medium does not include temporary computer readable media (transitory media), such as the data-signal and carrier wave of modulation.
It should also be noted that, the terms "include", "comprise" or its any other variant are intended to nonexcludability
It include so that the process, method, commodity or the equipment that include a series of elements not only include those elements, but also to wrap
Include other elements that are not explicitly listed, or further include for this process, method, commodity or equipment intrinsic want
Element.When not limiting more, the element that is limited by sentence "including a ...", it is not excluded that in the mistake including the element
There is also other identical elements in journey, method, commodity or equipment.
All the embodiments in this specification are described in a progressive manner, same and similar portion between each embodiment
Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for system reality
For applying example, since it is substantially similar to the method embodiment, so being described relatively simple, related place is referring to embodiment of the method
Part explanation.
Claims (13)
1. a kind of content detection algorithm, which comprises
Obtain the relevant information of network object to be detected;
Based on the relevant information of the network object, the risk label of the network object is determined;
Based on the inspection policies with the risk tag match, safety detection is carried out to the corresponding content of the network object, no
With risk label, corresponding inspection policies are different.
2. according to the method described in claim 1,
In the inspection policies based on the risk tag match, safe inspection is carried out to the corresponding content of the network object
Before survey, the method also includes:
It is pre-configured with the inspection policies with the risk tag match.
3. according to the method described in claim 2,
Wherein, the risk label includes at least one risk indicator by logic of propositions composition of relations.
4. according to the method described in claim 3,
Wherein, the network object is the network address of the trade company in default electric business platform;
Whether the risk indicator includes the corresponding trade company of the network address in white list, the access of network address heat
Whether degree, the network address are with increasing network address, the industry type of the corresponding trade company of the network address, the network newly
Whether the trading volume of the corresponding trade company in location, the corresponding trade company of the network address are that trade company and the network address pair are expanded in commercial affairs
The trade company answered is with the presence or absence of any index in rectification record.
5. according to the method described in claim 1,
It wherein, include detection cycle, the inspection policies based on the risk tag match, to institute in the inspection policies
It states the corresponding content of network object and carries out safety detection, comprising:
Determine the last historical time that safety detection is carried out to the corresponding content of the network object;
Based on the detection cycle and the historical time for including in the inspection policies, to the corresponding content of the network object into
Row safety detection.
6. according to the method described in claim 5,
Wherein, the network object is network address, described based on the detection cycle for including in the inspection policies and described to go through
The history time carries out safety detection to the corresponding content of the network object, comprising:
Based on the detection cycle and the historical time for including in the inspection policies, it is corresponding that determination crawls the network object
Content crawls the time;
After the time is crawled described in the arrival, the corresponding content of the network object is crawled;
Safety detection is carried out to the corresponding content of the network object crawled.
7. according to the method described in claim 6,
Wherein, the inspection policies further include crawling depth, crawling range and content detection rule, described to crawl described in the arrival
After time, the corresponding content of the network object is crawled, comprising:
After the time is crawled described in the arrival, based on it is described crawl depth and it is described crawl range, it is corresponding to crawl the network object
Content;
Based on the content detection rule, safety detection is carried out to the corresponding content of the network object crawled.
8. according to the described in any item methods of claim 5-7, further includes:
Safety detection is carried out to the corresponding content of the network object according to the fixed test period, the fixed test period is greater than
In the related technology to detection in need network object carry out full dose detection period.
9. according to the described in any item methods of claim 5-7,
In the inspection policies based on the risk tag match, safe inspection is carried out to the corresponding content of the network object
Before survey, the method also includes:
Judge whether to reach fixed test period corresponding detection time, the fixed test period is greater than in the related technology to institute
The network object of detection in need carries out the period of full dose detection;
If so, carrying out safe inspection to the corresponding content of the network object by the fixed test period corresponding inspection policies
It surveys;
Otherwise, execute it is described based on the inspection policies with the risk tag match, to the corresponding content of the network object into
The step of row safety detection.
10. method according to any one of claims 1-7, further includes:
If detected comprising the information for violating default safety regulation in the corresponding content of the network object, to the network pair
As and/or the supplier of the network object audit;
In the supplier for auditing the determining network object and/or the network object, there are when safety problem, take default arrange
It applies and the supplier of the network object and/or the network object is handled.
11. a kind of content detection device, described device include:
Data obtaining module, for obtaining the relevant information of network object to be detected;
Label determining module determines the risk label of the network object for the relevant information based on the network object;
First detection module, for based on the inspection policies with the risk tag match, it is corresponding to the network object in
Hold and carry out safety detection, the corresponding inspection policies of different risk labels are different.
12. a kind of electronic equipment, comprising:
Processor;And
It is arranged to the memory of storage computer executable instructions, the executable instruction makes the processor when executed
Execute following operation:
Obtain the relevant information of network object to be detected;
Based on the relevant information of the network object, the risk label of the network object is determined;
Based on the inspection policies with the risk tag match, safety detection is carried out to the corresponding content of the network object, no
With risk label, corresponding inspection policies are different.
13. a kind of computer readable storage medium, the computer-readable recording medium storage one or more program, described one
A or multiple programs are when the electronic equipment for being included multiple application programs executes, so that the electronic equipment executes following behaviour
Make:
Obtain the relevant information of network object to be detected;
Based on the relevant information of the network object, the risk label of the network object is determined;
Based on the inspection policies with the risk tag match, safety detection is carried out to the corresponding content of the network object, no
With risk label, corresponding inspection policies are different.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811310840.2A CN109639637B (en) | 2018-11-06 | 2018-11-06 | Content detection method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811310840.2A CN109639637B (en) | 2018-11-06 | 2018-11-06 | Content detection method and device and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109639637A true CN109639637A (en) | 2019-04-16 |
| CN109639637B CN109639637B (en) | 2022-04-19 |
Family
ID=66067382
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811310840.2A Active CN109639637B (en) | 2018-11-06 | 2018-11-06 | Content detection method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109639637B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103647774A (en) * | 2013-12-13 | 2014-03-19 | 扬州永信计算机有限公司 | Web content information filtering method based on cloud computing |
| CN103685308A (en) * | 2013-12-25 | 2014-03-26 | 北京奇虎科技有限公司 | Detection method and system of phishing web pages, client and server |
| CN104079559A (en) * | 2014-06-05 | 2014-10-01 | 腾讯科技(深圳)有限公司 | Web address security detecting method and device and server |
| US9253139B1 (en) * | 2011-07-19 | 2016-02-02 | West Corporation | Method and apparatus of processing social networking-based user input information |
| WO2016071718A2 (en) * | 2014-11-07 | 2016-05-12 | Fast Web Media Limited | Influencing content or access to content |
| CN106161362A (en) * | 2015-04-03 | 2016-11-23 | 阿里巴巴集团控股有限公司 | A kind of network application means of defence and equipment |
| CN107092826A (en) * | 2017-03-24 | 2017-08-25 | 北京国舜科技股份有限公司 | Web page contents real-time safety monitoring method |
| CN107403251A (en) * | 2016-05-20 | 2017-11-28 | 阿里巴巴集团控股有限公司 | Risk checking method and device |
-
2018
- 2018-11-06 CN CN201811310840.2A patent/CN109639637B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9253139B1 (en) * | 2011-07-19 | 2016-02-02 | West Corporation | Method and apparatus of processing social networking-based user input information |
| CN103647774A (en) * | 2013-12-13 | 2014-03-19 | 扬州永信计算机有限公司 | Web content information filtering method based on cloud computing |
| CN103685308A (en) * | 2013-12-25 | 2014-03-26 | 北京奇虎科技有限公司 | Detection method and system of phishing web pages, client and server |
| CN104079559A (en) * | 2014-06-05 | 2014-10-01 | 腾讯科技(深圳)有限公司 | Web address security detecting method and device and server |
| WO2016071718A2 (en) * | 2014-11-07 | 2016-05-12 | Fast Web Media Limited | Influencing content or access to content |
| CN106161362A (en) * | 2015-04-03 | 2016-11-23 | 阿里巴巴集团控股有限公司 | A kind of network application means of defence and equipment |
| CN107403251A (en) * | 2016-05-20 | 2017-11-28 | 阿里巴巴集团控股有限公司 | Risk checking method and device |
| CN107092826A (en) * | 2017-03-24 | 2017-08-25 | 北京国舜科技股份有限公司 | Web page contents real-time safety monitoring method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109639637B (en) | 2022-04-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI696194B (en) | Sorting method and device of complaint report type | |
| CN109544166A (en) | A kind of Risk Identification Method and device | |
| CN107993085A (en) | Model training method, the user's behavior prediction method and device based on model | |
| CN103902888B (en) | Method, service end and the system of website degree of belief automatic measure grading | |
| US20150310209A1 (en) | Executing third-party application | |
| CN108550046A (en) | A kind of resource and market recommendation method, apparatus and electronic equipment | |
| CN111539811B (en) | Risk account identification method and device | |
| CN109598542B (en) | Marketing equity throwing method and device and electronic equipment | |
| CN109274639A (en) | The recognition methods of open platform abnormal data access and device | |
| CN109472615A (en) | Service processing method, device and equipment and readable medium | |
| CN106033510A (en) | Method and system for identifying user equipment | |
| CN110175201A (en) | Business data processing method, system, device and electronic equipment | |
| CN110019660A (en) | A kind of Similar Text detection method and device | |
| CN109285094A (en) | The processing method and processing device of legal documents | |
| CN109598526A (en) | The analysis method and device of media contribution | |
| CN110347887A (en) | Obtain the method and device of business scenario time series data | |
| CN108492112A (en) | The method, apparatus and electronic equipment of the false resource transfers of judgement and wash sale | |
| CN109583910A (en) | A kind of merchandise authorization identification method, device and equipment | |
| CN105809379A (en) | Logistics branch evaluation method, device and electronic device | |
| CN109688178A (en) | Recommended method, device and equipment | |
| CN109639637A (en) | A kind of content detection algorithm, device and electronic equipment | |
| CN109598478A (en) | A kind of wind survey result describes generation method, device and the electronic equipment of official documents and correspondence | |
| CN110020780A (en) | The method, apparatus and electronic equipment of information output | |
| CN110033158A (en) | A kind of user credit behavior evaluation method, apparatus and electronic equipment | |
| CN110389897A (en) | SDK logic test method, device, storage medium and server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20200923 Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman, British Islands Applicant after: Innovative advanced technology Co.,Ltd. Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman, British Islands Applicant before: Advanced innovation technology Co.,Ltd. Effective date of registration: 20200923 Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman, British Islands Applicant after: Advanced innovation technology Co.,Ltd. Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands Applicant before: Alibaba Group Holding Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |