CN110691090A - Website detection method, device, equipment and storage medium - Google Patents
Website detection method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN110691090A CN110691090A CN201910937974.5A CN201910937974A CN110691090A CN 110691090 A CN110691090 A CN 110691090A CN 201910937974 A CN201910937974 A CN 201910937974A CN 110691090 A CN110691090 A CN 110691090A
- Authority
- CN
- China
- Prior art keywords
- information
- account information
- access request
- resource access
- website
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/23—Clustering techniques
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
Abstract
The invention discloses a website detection method, a device, equipment and a storage medium, wherein the method comprises the following steps: acquiring resource access requests of various access resources in a website; extracting reference account information corresponding to the resource access request; acquiring running environment information and running performance information of the access equipment for logging in the reference account information; comparing the running environment information and the running performance information with preset standard information respectively; and determining abnormal account information in the reference account information according to the comparison result, and intercepting a resource access request corresponding to the abnormal account information. The invention obtains the attribute information of the using equipment by obtaining the operating environment information and the operating performance information of the using equipment, and further judges whether the using equipment is real or not, thereby realizing more accurate identification of the attack mode of the network.
Description
Technical Field
The present invention relates to the field of website security technologies, and in particular, to a website detection method, apparatus, device, and storage medium.
Background
CAPTCHA (CAPTCHA) is an inverse turing test that is used for human-machine differentiation, blocking machine interaction requests. The traditional identifying code is a character type, and machine recognition is resisted by deforming, distorting and increasing interference on characters in a picture.
With the continuous development of the technology, various cracking modes such as simulator cracking, interface cracking and the like appear, the simulator cracking means that automatic dragging, clicking and other operations are realized by operating a google browser kernel through various automatic testing tools such as a Selenium automatic testing tool (Selenium), and the interface cracking means that an interface program is used for cracking correct key parameters, so that the verification codes are cracked.
However, at present, analysis is mainly performed in a manner of collecting behavior tracks, so that recognition of a cracking manner is achieved, and due to the fact that the recognition manner is too single, along with the fact that the manner of simulating user behaviors is more and more real, the accuracy of recognition in a traditional manner is not high.
Disclosure of Invention
The invention mainly aims to provide a website detection method, a website detection device, website detection equipment and a website detection storage medium, and aims to solve the technical problem of accurately identifying the attack mode of a network.
In order to achieve the above object, the present invention provides a website detection method, which comprises the following steps:
when a resource access request to a target website is received, extracting reference account information corresponding to the resource access request;
acquiring running environment information and running performance information of the access equipment for logging in the reference account information;
comparing the running environment information and the running performance information with preset standard information respectively;
and determining abnormal account information in the reference account information according to the comparison result, and intercepting a resource access request corresponding to the abnormal account information.
Preferably, when receiving a resource access request to a target website, extracting reference account information corresponding to the resource access request includes:
when a resource access request to a target website is received, calling a parameter extraction instruction, and extracting token information in the resource access request through the parameter extraction instruction;
accessing a single sign-on system according to the token information, and inquiring whether corresponding historical account information exists in a preset key value database or not through the single sign-on system;
and taking the stored historical account information as reference account information.
Preferably, the acquiring the operating environment information and the operating performance information of the access device logging in the reference account information includes:
calling a script program to enable the script program to capture the equipment information of the access equipment logging in the reference account information;
acquiring preset keyword information, and cutting out feature information from the equipment information according to the preset keyword information;
and splicing the characteristic information by adopting a preset rule to obtain the running environment information and the running performance information of the access equipment.
Preferably, before comparing the operating environment information and the operating performance information with preset standard information, the method further includes:
acquiring historical environment information containing the operating environment information and historical performance information containing operating performance information;
and generating white list information according to the historical environment information and the historical performance information, and taking the white list information as preset standard information.
Preferably, before comparing the operating environment information and the operating performance information with preset standard information, the method further includes:
acquiring reference environment information and reference performance information of other account information;
clustering the reference environment information and the reference performance information, generating blacklist information by using the clustered reference environment information and the clustered reference performance information, and using the blacklist information as preset standard information.
Preferably, the determining, according to the comparison result, abnormal account information in the reference account information and intercepting a resource access request corresponding to the abnormal account information includes:
obtaining difference values between the searched running environment information and running performance information and preset standard information respectively according to the comparison result;
and when the difference exceeds a preset error interval, taking account information corresponding to the difference exceeding the preset error interval as abnormal account information, and intercepting a resource access request corresponding to the abnormal account information.
Preferably, when the difference exceeds a preset error interval, taking account information corresponding to the difference exceeding the preset error interval as abnormal account information, and intercepting a resource access request corresponding to the abnormal account information, includes:
when the difference exceeds a preset error interval, taking account information corresponding to the difference exceeding the preset error interval as abnormal account information;
sending verification request information to the abnormal account information;
and receiving feedback information of the verification request information, and intercepting a resource access request corresponding to the abnormal account information when the feedback information is verification failure information.
In addition, to achieve the above object, the present invention further provides a website detecting apparatus, including:
the extraction module is used for extracting reference account information corresponding to a resource access request when the resource access request to a target website is received;
the acquisition module is used for acquiring the running environment information and the running performance information of the access equipment for logging in the reference account information;
the comparison module is used for comparing the running environment information and the running performance information with preset standard information respectively;
and the intercepting module is used for determining abnormal account information in the reference account information according to the comparison result and intercepting the resource access request corresponding to the abnormal account information.
In addition, to achieve the above object, the present invention further provides a website detecting apparatus, including: a memory, a processor and a website detection program stored on the memory and executable on the processor, the website detection program configured to implement the steps of the website detection method as described above.
In addition, to achieve the above object, the present invention further provides a storage medium having a website detection program stored thereon, wherein the website detection program, when executed by a processor, implements the steps of the website detection method as described above.
The website detection method provided by the invention comprises the steps of acquiring resource access requests of all access resources in a website; extracting reference account information corresponding to the resource access request; acquiring running environment information and running performance information of the access equipment for logging in the reference account information; comparing the running environment information and the running performance information with preset standard information respectively; and determining abnormal account information in the reference account information according to the comparison result, and intercepting a resource access request corresponding to the abnormal account information. The invention obtains the attribute information of the using equipment by obtaining the operating environment information and the operating performance information of the using equipment, and further judges whether the resource access request corresponding to the using equipment is real or not, thereby realizing more accurately identifying the attack mode of the network.
Drawings
FIG. 1 is a schematic diagram of an apparatus architecture of a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a website detecting method according to a first embodiment of the present invention;
FIG. 3 is a flowchart illustrating a website detecting method according to a second embodiment of the present invention;
FIG. 4 is a flowchart illustrating a website detecting method according to a third embodiment of the present invention;
FIG. 5 is a functional block diagram of a website detecting device according to a first embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, fig. 1 is a schematic device structure diagram of a hardware operating environment according to an embodiment of the present invention.
As shown in fig. 1, the apparatus may include: a processor 1001, such as a Central Processing Unit (CPU), a communication bus 1002, a user interface 1003, a network interface 1004, and a memory 1005. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may comprise a Display screen (Display), an input unit such as keys, and the optional user interface 1003 may also comprise a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The Memory 1005 may be a Random Access Memory (RAM) or a non-volatile Memory (e.g., a disk Memory). The memory 1005 may alternatively be a storage device separate from the processor 1001.
Those skilled in the art will appreciate that the configuration of the apparatus shown in fig. 1 is not intended to be limiting of the apparatus and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
As shown in fig. 1, a memory 1005, which is a storage medium, may include therein an operating system, a network communication module, a user interface module, and a website detection program.
In the device shown in fig. 1, the network interface 1004 is mainly used for connecting an external network and performing data communication with other network devices; the user interface 1003 is mainly used for connecting user equipment and performing data communication with the equipment; the device of the present invention calls the website detection program stored in the memory 1005 through the processor 1001, and executes the website detection implementation method provided by the embodiment of the present invention.
Based on the hardware structure, the embodiment of the website detection method is provided.
Referring to fig. 2, fig. 2 is a flowchart illustrating a website detecting method according to a first embodiment of the present invention.
In a first embodiment, the website detection method includes the following steps:
step S10, when receiving a resource access request to a target website, extracting reference account information corresponding to the resource access request.
It should be noted that, the execution subject of the embodiment is a website detection device, and may also be other devices that can achieve the same or similar functions.
It can be understood that the resource access request is to access a web page through a normal browser, or open an Application (APP) on the mobile phone device, and the like, and may also be other access manners, which is not limited in this embodiment.
In this embodiment, the reference account information is information of a plurality of accounts accessing the current page, such as an account 3435, an account 0537, and the like, so as to identify the account.
In a specific implementation, the resource access request is compared with a preset keyword, and the reference account information is obtained according to a result, for example, the preset keyword may be account, and the account information is identified by comparing the preset keyword with the preset keyword.
Step S20, acquiring the operating environment information and the operating performance information of the access device that logs in the reference account information.
It should be noted that the operating environment information includes attribute characteristics of the device, such as resolution, a size width of the screen, and the like, and the operating performance information includes operating performance information of the motherboard, such as a throughput rate of the whole device is greater than or equal to 5Gbps, an encryption throughput rate is greater than or equal to 400Mbps, a maximum concurrent connection number is greater than or equal to 220 ten thousand, and the like, and also includes other performance information, which is not limited in this embodiment.
And step S30, comparing the operating environment information and the operating performance information with preset standard information, respectively.
In this embodiment, the operating environment information and the operating performance information are respectively compared with the preset standard information through preset standard information, so as to determine the difference between the operating environment information and the operating performance information and the normal operating environment information and the operating performance information.
In a specific implementation, for example, the operating environment information and the operating performance information of the access device corresponding to the current account are obtained, where the operating environment information is Mozilla/5.0 (Macintosh; Intel Mac OSX 10.10; rv:56.0) Gecko/20100101firefox/56.0, the operating performance information is a complete machine throughput rate of 6Gbps, and when the preset standard information is Mozilla/4.0, and the operating performance information is a complete machine throughput rate greater than or equal to 5Gbps, the current real device information can be identified within a standard range, so as to identify the device usage information.
Step S40, determining abnormal account information in the reference account information according to the comparison result, and intercepting a resource access request corresponding to the abnormal account information.
According to the scheme, the resource access requests of all the access resources in the website are acquired; extracting reference account information corresponding to the resource access request; acquiring running environment information and running performance information of the access equipment for logging in the reference account information; comparing the running environment information and the running performance information with preset standard information respectively; and determining abnormal account information in the reference account information according to the comparison result, and intercepting a resource access request corresponding to the abnormal account information. The invention obtains the attribute information of the using equipment by obtaining the operating environment information and the operating performance information of the using equipment, and further judges whether the using equipment is real or not, thereby realizing more accurate identification of the attack mode of the network.
Further, as shown in fig. 3, a second embodiment of the website detecting method according to the present invention is proposed based on the first embodiment, in this embodiment, before the step S10, the method further includes:
and taking each access resource in the website as node information, and monitoring the node information by adopting a monitoring program.
It should be noted that the monitoring program may be a monitoring program of the website detection device itself, and may also be a third-party application program, and the monitoring of the access resource is realized through the third-party application program.
Accordingly, the step S10 includes:
acquiring access information of each access resource in a website through the monitoring program, acquiring access packet header information of the access information, and taking packet header information with a packet header type as a request type in the access packet header information as the resource access request.
It can be understood that the access information includes all information for accessing the current resource, for example, information of a used account, and the access information of each accessed resource in the website is obtained by the monitoring program, so that effective analysis of user data is realized.
In this embodiment, in order to improve analysis efficiency, the resource access request information is mainly analyzed, for example, access information whose packet header type is a request type in the access packet header information is acquired, and identification of the request information is achieved through the packet header type, for example, the packet header type is a request form of the request type, and is the request information.
In a specific implementation, in order to improve data processing efficiency, the resource access request information is obtained by identifying a packet header type in the access information, and since data in the access information is numerous, the embodiment only processes the request information, and processes the identified request information again, thereby improving data processing efficiency.
Further, step S10 includes:
when a resource access request to a target website is received, a parameter extraction instruction is called, and token information in the resource access request is extracted through the parameter extraction instruction.
It should be noted that, in order to obtain the account information, firstly, when a resource access request to a target website is received, a parameter extraction instruction is called, and token information in the resource access request is extracted through the parameter extraction instruction, where the token information may be token information or token information in a form, which is not limited in this embodiment.
And accessing the single sign-on system according to the token information, and inquiring whether corresponding historical account information exists in a preset key value database or not through the single sign-on system.
And taking the stored historical account information as reference account information.
Further, step S20 includes:
step S201, a script program is called, so that the script program captures device information of the access device that logs in the reference account information.
It should be noted that the script program may be a Javascript script program, or may also be another script program that can implement the same or similar functions, which is not limited in this embodiment, and the Javascript script program is taken as an example in this embodiment for description.
In specific implementation, the script information is set at the preset port, and the device information of the corresponding access device can be captured through the script information, so that the device information of the access device can be more comprehensively obtained.
Step S202, acquiring preset keyword information, and cutting out characteristic information from the equipment information according to the preset keyword information.
In this embodiment, the preset keyword information may be keyword information of a host, a browser, a display screen, or the like, and may also be preset keyword information including other information.
And step S203, splicing the characteristic information by adopting a preset rule to obtain the running environment information and the running performance information of the access equipment.
It can be understood that the preset rule may be that other information such as the host version information, the browser version information and the like are spliced according to different types of sequences to obtain the operating environment information and the operating performance information of the corresponding access device.
According to the scheme provided by the embodiment, when a resource access request to a target website is received, a parameter extraction instruction is called, token information in the resource access request is extracted through the parameter extraction instruction, then a single sign-on system is accessed according to the token information, whether corresponding historical account information exists in a preset key value database or not is inquired through the single sign-on system, and the stored historical account information is used as reference account information, so that the accuracy of obtaining the account information is improved.
Further, as shown in fig. 4, a third embodiment of the website detecting method according to the present invention is proposed based on the first embodiment or the second embodiment, and in this embodiment, the description is made based on the first embodiment,
further, before the step S30, the method further includes:
in order to acquire preset standard information, historical environment information containing the operating environment information and historical performance information containing the operating performance information are acquired, then white list information is generated according to the historical environment information and the historical performance information, the white list information is used as the preset standard information, so that the corresponding historical environment information and the historical performance information can be acquired through various equipment information, normal equipment information is acquired, and whether the current equipment information is normal or not can be accurately judged by comparing the normal equipment information with the current equipment information, so that the equipment information is identified.
Further, before the step S30, the method further includes:
acquiring reference environment information and reference performance information of other account information; clustering the reference environment information and the reference performance information, generating blacklist information by using the clustered reference environment information and the clustered reference performance information, and using the blacklist information as preset standard information.
In specific implementation, for example, reference environment information and reference performance information of 10 pieces of account information are acquired, the reference environment information and the reference performance information are clustered to obtain clustered reference environment information and reference performance information, and if the difference between the operating environment information and the operating performance information corresponding to the current account information and the clustered reference environment information and the clustered reference performance information is not large, it is indicated that the operating environment information and the operating performance information corresponding to the current account information are abnormal, so that the device information is identified.
Further, the step S40 includes:
step S401, obtaining the difference value between the searched running environment information and running performance information and the preset standard information respectively according to the comparison result.
In this embodiment, for example, if the obtained operation performance information is obtained by 50 points and the preset standard information is more than 70 points, the difference between the obtained operation performance information and the preset standard information is 20 points, so as to obtain the difference between the obtained operation performance information and the preset standard information.
Step S402, when the difference exceeds a preset error interval, taking account information corresponding to the difference exceeding the preset error interval as abnormal account information, and intercepting a resource access request corresponding to the abnormal account information.
It should be noted that the preset error interval may be a difference between 10 and 15, or may also be other parameter information, which is not limited in this embodiment, and in this embodiment, the preset error interval may be 10 to 15 as an example for description.
In this embodiment, if the difference between the operation performance information and the preset standard information is 20 minutes, the error interval is exceeded, and it is seen that the device information corresponding to the current account is abnormal device information, so that the identification of the abnormal device is realized.
Further, the step S402 includes:
when the difference exceeds a preset error interval, taking account information corresponding to the difference exceeding the preset error interval as abnormal account information; sending verification request information to the abnormal account information; and receiving feedback information of the verification request information, and intercepting a resource access request corresponding to the abnormal account information when the feedback information is verification failure information.
It can be understood that, when the abnormal device is identified, the verification request information is obtained by triggering the verification request information; and when the verification request information is verification passing information, stopping interception, adding the abnormal account information into a white list, and responding to a resource access request corresponding to the abnormal account information.
In the specific implementation, by sending the verification request information, when the verification request information is that verification passes, it is indicated that the current device is authorized device information, and the current device is not used as a resource access request of an abnormal device, so that flexibility of data processing is improved.
According to the scheme provided by the embodiment, by sending the verification request information, when the verification request information is verified to pass, interception is stopped, the abnormal account information is added into a white list, and a resource access request corresponding to the abnormal account information is responded, so that the accuracy of data processing is improved.
The invention further provides a website detection device.
Referring to fig. 5, fig. 5 is a functional module diagram of the website detecting device according to the first embodiment of the present invention.
In a first embodiment of the website detecting apparatus of the present invention, the website detecting apparatus includes:
the extraction module 10 is configured to, when a resource access request to a target website is received, extract reference account information corresponding to the resource access request.
It can be understood that the resource access request is to access a web page through a normal browser, or open an Application (APP) on the mobile phone device, and the like, and may also be other access manners, which is not limited in this embodiment.
In this embodiment, the reference account information is information of a plurality of accounts accessing the current page, such as an account 3435, an account 0537, and the like, so as to identify the account.
In a specific implementation, the resource access request is compared with a preset keyword, and the reference account information is obtained according to a result, for example, the preset keyword may be account, and the account information is identified by comparing the preset keyword with the preset keyword.
The obtaining module 20 is configured to obtain the operating environment information and the operating performance information of the access device that logs in the reference account information.
It should be noted that the operating environment information includes attribute characteristics of the device, such as resolution, a size width of the screen, and the like, and the operating performance information includes operating performance information of the motherboard, such as a throughput rate of the whole device is greater than or equal to 5Gbps, an encryption throughput rate is greater than or equal to 400Mbps, a maximum concurrent connection number is greater than or equal to 220 ten thousand, and the like, and also includes other performance information, which is not limited in this embodiment.
And the comparison module 30 is configured to compare the operating environment information and the operating performance information with preset standard information, respectively.
In this embodiment, the operating environment information and the operating performance information are respectively compared with the preset standard information through preset standard information, so as to determine the difference between the operating environment information and the operating performance information and the normal operating environment information and the operating performance information.
In a specific implementation, for example, the operating environment information and the operating performance information of the access device corresponding to the current account are obtained, where the operating environment information is Mozilla/5.0 (Macintosh; Intel Mac OSX 10.10; rv:56.0) Gecko/20100101firefox/56.0, the operating performance information is a complete machine throughput rate of 6Gbps, and when the preset standard information is Mozilla/4.0, and the operating performance information is a complete machine throughput rate greater than or equal to 5Gbps, the current real device information can be identified within a standard range, so as to identify the device usage information.
And the intercepting module 40 is configured to determine abnormal account information in the reference account information according to the comparison result, and intercept the resource access request corresponding to the abnormal account information.
According to the scheme, the resource access requests of all the access resources in the website are acquired; extracting reference account information corresponding to the resource access request; acquiring running environment information and running performance information of the access equipment for logging in the reference account information; comparing the running environment information and the running performance information with preset standard information respectively; and determining abnormal account information in the reference account information according to the comparison result, and intercepting a resource access request corresponding to the abnormal account information. The invention obtains the attribute information of the using equipment by obtaining the operating environment information and the operating performance information of the using equipment, and further judges whether the using equipment is real or not, thereby realizing more accurate identification of the attack mode of the network.
Since the website detection device adopts all the technical solutions of all the embodiments, at least all the beneficial effects brought by the technical solutions of the embodiments are achieved, and no further description is given here.
In addition, an embodiment of the present invention further provides a storage medium, where the storage medium stores a website detection program, and the website detection program is executed by a processor to perform the steps of the website detection method described above.
Since the storage medium adopts all technical solutions of all the embodiments, at least all the beneficial effects brought by the technical solutions of the embodiments are achieved, and no further description is given here.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a computer-readable storage medium (such as ROM/RAM, magnetic disk, optical disk) as described above, and includes several instructions for enabling an intelligent terminal (which may be a mobile phone, a computer, a terminal, an air conditioner, or a network terminal) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. A website detection method is characterized by comprising the following steps:
when a resource access request to a target website is received, extracting reference account information corresponding to the resource access request;
acquiring running environment information and running performance information of the access equipment for logging in the reference account information;
comparing the running environment information and the running performance information with preset standard information respectively;
and determining abnormal account information in the reference account information according to the comparison result, and intercepting a resource access request corresponding to the abnormal account information.
2. The website detection method according to claim 1, wherein when receiving a resource access request to a target website, extracting reference account information corresponding to the resource access request includes:
when a resource access request to a target website is received, calling a parameter extraction instruction, and extracting token information in the resource access request through the parameter extraction instruction;
accessing a single sign-on system according to the token information, and inquiring whether corresponding historical account information exists in a preset key value database or not through the single sign-on system;
and taking the stored historical account information as reference account information.
3. The website detection method according to claim 1, wherein the acquiring the operating environment information and the operating performance information of the access device logged in the reference account information includes:
calling a script program to enable the script program to capture the equipment information of the access equipment logging in the reference account information;
acquiring preset keyword information, and cutting out feature information from the equipment information according to the preset keyword information;
and splicing the characteristic information by adopting a preset rule to obtain the running environment information and the running performance information of the access equipment.
4. The website detection method according to any one of claims 1 to 3, wherein before comparing the operation environment information and the operation performance information with preset standard information, respectively, the method further comprises:
acquiring historical environment information containing the operating environment information and historical performance information containing operating performance information;
and generating white list information according to the historical environment information and the historical performance information, and taking the white list information as preset standard information.
5. The website detection method according to any one of claims 1 to 3, wherein before comparing the operation environment information and the operation performance information with preset standard information, respectively, the method further comprises:
acquiring reference environment information and reference performance information of other account information;
clustering the reference environment information and the reference performance information, generating blacklist information by using the clustered reference environment information and the clustered reference performance information, and using the blacklist information as preset standard information.
6. The website detection method according to any one of claims 1 to 3, wherein the determining abnormal account information in the reference account information according to the comparison result and intercepting a resource access request corresponding to the abnormal account information includes:
obtaining difference values between the searched running environment information and running performance information and preset standard information respectively according to the comparison result;
and when the difference exceeds a preset error interval, taking account information corresponding to the difference exceeding the preset error interval as abnormal account information, and intercepting a resource access request corresponding to the abnormal account information.
7. The website detection method according to claim 6, wherein when the difference exceeds a preset error interval, taking account information corresponding to the difference exceeding the preset error interval as abnormal account information, and intercepting a resource access request corresponding to the abnormal account information, comprises:
when the difference exceeds a preset error interval, taking account information corresponding to the difference exceeding the preset error interval as abnormal account information;
sending verification request information to the abnormal account information;
and receiving feedback information of the verification request information, and intercepting a resource access request corresponding to the abnormal account information when the feedback information is verification failure information.
8. A website detecting apparatus, comprising:
the extraction module is used for extracting reference account information corresponding to a resource access request when the resource access request to a target website is received;
the acquisition module is used for acquiring the running environment information and the running performance information of the access equipment for logging in the reference account information;
the comparison module is used for comparing the running environment information and the running performance information with preset standard information respectively;
and the intercepting module is used for determining abnormal account information in the reference account information according to the comparison result and intercepting the resource access request corresponding to the abnormal account information.
9. A website detection device, characterized in that the website detection device comprises: a memory, a processor, and a website detection program stored on the memory and executable on the processor, the website detection program configured to implement the steps of the website detection method of any one of claims 1 to 7.
10. A storage medium having stored thereon a website detection program, which when executed by a processor, implements the steps of the website detection method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910937974.5A CN110691090B (en) | 2019-09-29 | 2019-09-29 | Website detection method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910937974.5A CN110691090B (en) | 2019-09-29 | 2019-09-29 | Website detection method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110691090A true CN110691090A (en) | 2020-01-14 |
| CN110691090B CN110691090B (en) | 2022-04-01 |
Family
ID=69111068
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910937974.5A Active CN110691090B (en) | 2019-09-29 | 2019-09-29 | Website detection method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110691090B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112967139A (en) * | 2021-03-24 | 2021-06-15 | 北京人人云图信息技术有限公司 | Security user quality assessment method based on equipment data |
| CN114757599A (en) * | 2022-06-15 | 2022-07-15 | 武汉极意网络科技有限公司 | Method for measuring flow quality based on extra cost |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110131652A1 (en) * | 2009-05-29 | 2011-06-02 | Autotrader.Com, Inc. | Trained predictive services to interdict undesired website accesses |
| CN102664877A (en) * | 2012-03-30 | 2012-09-12 | 北京千橡网景科技发展有限公司 | Method and device for exception handling in login process |
| CN103634268A (en) * | 2012-08-20 | 2014-03-12 | 中国联合网络通信集团有限公司 | A safety control method and an apparatus |
| US20180359244A1 (en) * | 2017-06-09 | 2018-12-13 | Lookout, Inc. | Use of device risk evaluation to manage access to services |
-
2019
- 2019-09-29 CN CN201910937974.5A patent/CN110691090B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110131652A1 (en) * | 2009-05-29 | 2011-06-02 | Autotrader.Com, Inc. | Trained predictive services to interdict undesired website accesses |
| CN102664877A (en) * | 2012-03-30 | 2012-09-12 | 北京千橡网景科技发展有限公司 | Method and device for exception handling in login process |
| CN103634268A (en) * | 2012-08-20 | 2014-03-12 | 中国联合网络通信集团有限公司 | A safety control method and an apparatus |
| US20180359244A1 (en) * | 2017-06-09 | 2018-12-13 | Lookout, Inc. | Use of device risk evaluation to manage access to services |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112967139A (en) * | 2021-03-24 | 2021-06-15 | 北京人人云图信息技术有限公司 | Security user quality assessment method based on equipment data |
| CN114757599A (en) * | 2022-06-15 | 2022-07-15 | 武汉极意网络科技有限公司 | Method for measuring flow quality based on extra cost |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110691090B (en) | 2022-04-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110324311B (en) | Vulnerability detection method and device, computer equipment and storage medium | |
| CN108256322B (en) | Security testing method and device, computer equipment and storage medium | |
| CN108491321B (en) | Method and device for determining test case range and storage medium | |
| CN108280348B (en) | Android malicious software identification method based on RGB image mapping | |
| CN109101815B (en) | Malicious software detection method and related equipment | |
| CN101964026A (en) | Method and system for detecting web page horse hanging | |
| CN110704816B (en) | Interface cracking recognition method, device, equipment and storage medium | |
| CN113489713A (en) | Network attack detection method, device, equipment and storage medium | |
| CN110691090B (en) | Website detection method, device, equipment and storage medium | |
| CN109460653B (en) | Rule engine based verification method, verification device, storage medium and apparatus | |
| CN104980421A (en) | Method and system for processing batch requests | |
| CN111404949A (en) | Flow detection method, device, equipment and storage medium | |
| CN113535823B (en) | Abnormal access behavior detection method and device and electronic equipment | |
| CN109299592B (en) | Man-machine behavior characteristic boundary construction method, system, server and storage medium | |
| CN109815702B (en) | Software behavior safety detection method, device and equipment | |
| CN113765850B (en) | Internet of things abnormality detection method and device, computing equipment and computer storage medium | |
| CN111314326B (en) | Method, device, equipment and medium for confirming HTTP vulnerability scanning host | |
| CN111291377A (en) | Application vulnerability detection method and system | |
| CN110460620B (en) | Website defense method, device, equipment and storage medium | |
| CN110795706A (en) | Hash-based verification method, equipment, storage medium and device | |
| CN108509796B (en) | Method for detecting risk and server | |
| CN110719274B (en) | Network security control method, device, equipment and storage medium | |
| CN115643044A (en) | Data processing method, device, server and storage medium | |
| CN114422186A (en) | Attack detection method and device, electronic equipment and storage medium | |
| CN112688944B (en) | Local area network security state detection method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |