CN113452670B - Phishing blocking method, device, equipment and medium based on SDN network - Google Patents

Phishing blocking method, device, equipment and medium based on SDN network Download PDF

Info

Publication number
CN113452670B
CN113452670B CN202110485790.7A CN202110485790A CN113452670B CN 113452670 B CN113452670 B CN 113452670B CN 202110485790 A CN202110485790 A CN 202110485790A CN 113452670 B CN113452670 B CN 113452670B
Authority
CN
China
Prior art keywords
blocked
sdn
instruction
forwarding
website
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110485790.7A
Other languages
Chinese (zh)
Other versions
CN113452670A (en
Inventor
刘志强
王方圆
尚程
阿曼太
梁彧
蔡琳
杨满智
王杰
田野
金红
陈晓光
傅强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Eversec Beijing Technology Co Ltd
Original Assignee
Eversec Beijing Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Eversec Beijing Technology Co Ltd filed Critical Eversec Beijing Technology Co Ltd
Priority to CN202110485790.7A priority Critical patent/CN113452670B/en
Publication of CN113452670A publication Critical patent/CN113452670A/en
Application granted granted Critical
Publication of CN113452670B publication Critical patent/CN113452670B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing

Abstract

The embodiment of the invention relates to an phishing blocking method, device, equipment and medium based on an SDN network, wherein the SDN network comprises an anti-fraud application platform, an SDN controller and a plurality of SDN forwarders, and the method comprises the following steps: the anti-fraud application platform generates an instruction to be blocked, and sends the instruction to be blocked to the SDN controller through an open standard interface; the SDN controller forwards the to-be-plugged instruction to the SDN forwarders through a control forwarding communication interface; and after any SDN repeater receives the forwarding task associated with the to-be-blocked instruction, blocking the forwarding task. The invention solves the problems of low efficiency, small concurrency and easy blocking of the traditional network blocking method and can improve the blocking efficiency of phishing.

Description

Phishing blocking method, device, equipment and medium based on SDN network
Technical Field
The embodiment of the invention relates to the technical field of network security, in particular to an network fraud blocking method, device, electronic equipment and storage medium based on an SDN network.
Background
Phishing blocking: the method mainly comprises the steps that an operator receives instructions of a supervision department or a law enforcement department and performs blocking actions on specific domain names, URLs and IPs related to phishing.
The traditional phishing blocking is mostly carried out by adopting a domain name resolution system (DNS) blocking mode, and the defects of low blocking efficiency, small concurrency and easy blocking always plague operators and regulatory departments, so that the requirements of high phishing sending, large blocking quantity, high requirement speed, cooperation across operators and the like are hardly met.
Disclosure of Invention
In view of the above, the embodiments of the present invention provide an phishing blocking method, device, electronic equipment and storage medium based on an SDN network to improve the blocking efficiency of phishing.
Other features and advantages of embodiments of the invention will be apparent from the following detailed description, or may be learned by the practice of embodiments of the invention.
In a first aspect of the present disclosure, an embodiment of the present invention provides an phishing blocking method based on an SDN network, the SDN network including an anti-fraud application platform, an SDN controller, and a plurality of SDN transponders, the method including:
the anti-fraud application platform generates an instruction to be blocked, and sends the instruction to be blocked to the SDN controller through an open standard interface;
the SDN controller forwards the to-be-plugged instruction to the SDN forwarders through a control forwarding communication interface;
and after any SDN repeater receives the forwarding task associated with the to-be-blocked instruction, blocking the forwarding task.
In an embodiment, the to-be-plugged instruction includes identification information of a website or an application program to be plugged.
In an embodiment, the identification information of the website or the application program to be plugged includes: the method comprises the steps of obtaining a domain name of a website to be blocked, a uniform resource locator URL of the website to be blocked and/or a server-side IP address of an application program to be blocked.
In an embodiment, the forwarding task associated with the to-be-blocked instruction includes:
the domain name of the website to be blocked, the uniform resource locator URL of the website to be blocked and/or the service end IP address of the application program to be blocked are used as forwarding tasks of source addresses; and/or
And forwarding tasks taking the domain name of the website to be blocked, the uniform resource locator URL of the website to be blocked and/or the server-side IP address of the application program to be blocked as a target address.
In one embodiment, blocking the forwarding task includes: ignoring the forwarding task and returning a predetermined webpage to a requester of the forwarding task to prompt the user that the requested network is a fraud network.
In one embodiment, the forwarding task includes a Get request and a POST request.
In an embodiment, the generating the blocking instruction by the anti-fraud application platform includes: the anti-fraud application platform generates the to-be-plugged instruction according to phishing report information of a public security organization.
In a second aspect of the present disclosure, an embodiment of the present invention further provides an SDN network based phishing blocking device, the SDN network including an anti-fraud application platform, an SDN controller, and a plurality of SDN transponders, the device comprising:
the blocking instruction receiving unit is used for generating an instruction to be blocked by the anti-fraud application platform and sending the instruction to be blocked to the SDN controller through an open standard interface;
the blocking instruction forwarding unit is used for forwarding the instruction to be blocked to the SDN forwarders through the control forwarding communication interface by the SDN controller;
and the forwarding blocking unit is used for blocking the forwarding task after any SDN repeater receives the forwarding task associated with the instruction to be blocked.
In an embodiment, the to-be-plugged instruction includes identification information of a website or an application program to be plugged.
In an embodiment, the identification information of the website or the application program to be plugged includes: the method comprises the steps of obtaining a domain name of a website to be blocked, a uniform resource locator URL of the website to be blocked and/or a server-side IP address of an application program to be blocked.
In an embodiment, the forwarding task associated with the to-be-blocked instruction includes:
the domain name of the website to be blocked, the uniform resource locator URL of the website to be blocked and/or the service end IP address of the application program to be blocked are used as forwarding tasks of source addresses; and/or
And forwarding tasks taking the domain name of the website to be blocked, the uniform resource locator URL of the website to be blocked and/or the server-side IP address of the application program to be blocked as a target address.
In one embodiment, blocking the forwarding task includes: ignoring the forwarding task and returning a predetermined webpage to a requester of the forwarding task to prompt the user that the requested network is a fraud network.
In one embodiment, the forwarding task includes a Get request and a POST request.
In an embodiment, the blocking instruction receiving unit is configured to generate the to-be-blocked instruction by using the anti-fraud application platform, including: the anti-fraud application platform is used for generating the instruction to be blocked according to phishing report information of a public security organization.
In a third aspect of the present disclosure, an electronic device is provided. The electronic device includes: a processor; and a memory storing executable instructions that, when executed by the processor, cause the electronic device to perform the method of the first aspect.
In a fourth aspect of the present disclosure, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the method of the first aspect.
The technical scheme provided by the embodiment of the invention has the beneficial technical effects that:
the embodiment of the invention performs the following methods through the anti-fraud application platform, the SDN controller and the plurality of SDN forwarders included in the SDN network in a matching way: generating an instruction to be blocked by the anti-fraud application platform, and sending the instruction to be blocked to the SDN controller through an open standard interface; the SDN controller forwards the to-be-plugged instruction to the SDN forwarders through a control forwarding communication interface; after any SDN repeater receives the forwarding task associated with the to-be-blocked instruction, the forwarding task is blocked, the problems that a traditional network blocking method is low in efficiency, small in concurrency and easy to block are solved, and the blocking efficiency to phishing can be improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the following description will briefly explain the drawings required to be used in the description of the embodiments of the present invention, and it is apparent that the drawings in the following description are only some of the embodiments of the present invention, and other drawings may be obtained according to the contents of the embodiments of the present invention and these drawings without any inventive effort for those skilled in the art.
Fig. 1 is a schematic flow chart of an phishing blocking method based on an SDN network according to an embodiment of the present invention;
fig. 2 is a schematic diagram of an interaction flow of an phishing blocking method based on an SDN network according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an SDN network according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an phishing blocking device based on an SDN network according to an embodiment of the present invention;
fig. 5 shows a schematic diagram of an electronic device suitable for implementing an embodiment of the invention.
Detailed Description
In order to make the technical problems solved, the technical solutions adopted and the technical effects achieved by the embodiments of the present invention more clear, the technical solutions of the embodiments of the present invention will be described in further detail below with reference to the accompanying drawings, and it is apparent that the described embodiments are only some embodiments, but not all embodiments of the present invention. All other embodiments, which are obtained by a person skilled in the art without making any inventive effort, are intended to fall within the scope of protection of the embodiments of the present invention.
It should be noted that the terms "system" and "network" are often used interchangeably herein in embodiments of the present invention. Reference to "and/or" in embodiments of the invention is intended to include any and all combinations of one or more of the associated listed items. The terms first, second and the like in the description and in the claims and drawings are used for distinguishing between different objects and not for limiting a particular order.
It should be noted that, in the embodiments of the present invention, the following embodiments may be executed separately, or the embodiments may be executed in combination with each other, and the embodiments of the present invention are not limited thereto.
The names of messages or information interacted between the various devices in the embodiments of the present disclosure are for illustrative purposes only and are not intended to limit the scope of such messages or information.
The technical scheme of the embodiment of the invention is further described below by means of specific implementation mode in combination with the attached drawings.
Fig. 1 is a flow chart illustrating an network fraud blocking method based on an SDN network, where the embodiment of the present invention may be applicable to a situation that a network operator blocks a fraud network based on an SDN network, and the method may be cooperatively executed by an anti-fraud application platform, an SDN controller, and a plurality of SDN transponders included in the SDN network, as shown in fig. 1, where the network fraud blocking method based on an SDN network in this embodiment includes:
in step S110, the anti-fraud application platform generates an instruction to be plugged, and sends the instruction to be plugged to the SDN controller through an open standard interface.
The instruction to be blocked may include identification information of a website or an application program to be blocked, for example, a domain name of the website to be blocked, a URL of the website to be blocked, and/or a server IP address of the application program to be blocked.
The generation of the instruction to be blocked may take various methods, for example, the anti-fraud application platform may generate the instruction to be blocked according to phishing report information of public security authorities. As another example, the instruction to be blocked may also be generated according to a fraud network blacklist and/or a fraud APP blacklist.
In step S120, the SDN controller forwards the to-be-plugged instruction to the SDN transponders by controlling a forwarding communication interface.
It should be noted that, if the SDN network described in this embodiment serves multiple operators, such as telecommunications, communication, and mobile, the SDN network may include multiple SDN controllers, each SDN corresponds to multiple SDN transponders, and an organization schematic diagram of the SDN network corresponding to the application scenario is shown in fig. 3.
In step S130, after any SDN repeater receives a forwarding task associated with the to-be-plugged instruction, blocking the forwarding task.
The forwarding tasks associated with the to-be-blocked instruction may include various forwarding tasks, for example, forwarding tasks with a domain name of a to-be-blocked website, a uniform resource locator URL of the to-be-blocked website, and/or a server IP address of the to-be-blocked application program as a source address. Wherein the form of the forwarding task may include a Get request and a POST request.
For another example, the method can further comprise a forwarding task taking the domain name of the website to be blocked, the uniform resource locator URL of the website to be blocked and/or the service end IP address of the application program to be blocked as a target address.
The blocking of the forwarding task may be performed without performing the forwarding task, i.e. the forwarding task is ignored, and in order to improve the interface friendliness, a predetermined webpage may be returned to the requester of the forwarding task while the forwarding task is ignored, so as to prompt the user that the requested network is a fraud network.
Fig. 2 is an interactive flow diagram of an phishing blocking method based on an SDN network, as shown in fig. 2, an anti-fraud application platform sends information to be blocked (such as domain name, URL, IP, etc.) to an SDN controller, the SDN controller performs instruction forwarding by controlling a forwarding communication interface, and an SDN repeater accepts a designation to block.
For example, the blocking process may be: and the A terminal user sends a Get request to a Web server of a fraud website, meanwhile, the SDN transponder obtains the content of the Get request for research and judgment, if the content obtained by the SDN transponder belongs to the content to be blocked, the A terminal user sends a corresponding packet 'b' of a fake Get request report before a corresponding packet 'a' returned by the Web server, the blocking is successful, and the link between the terminal user A and the Web server is disconnected.
The embodiment performs the following method through cooperation of an anti-fraud application platform, an SDN controller and a plurality of SDN transponders, which are included in an SDN network: generating an instruction to be blocked by the anti-fraud application platform, and sending the instruction to be blocked to the SDN controller through an open standard interface; the SDN controller forwards the to-be-plugged instruction to the SDN forwarders through a control forwarding communication interface; after any SDN repeater receives the forwarding task associated with the to-be-blocked instruction, the forwarding task is blocked, the problems that a traditional network blocking method is low in efficiency, small in concurrency and easy to block are solved, and the blocking efficiency to phishing can be improved.
As an implementation of the method shown in the above figures, an embodiment of an SDN network-based phishing blocking device is provided, fig. 4 shows a schematic structural diagram of the SDN network-based phishing blocking device provided in the embodiment, where the SDN network includes an anti-fraud application platform, an SDN controller, and a plurality of SDN transponders, and the embodiment of the device corresponds to the embodiment of the method shown in fig. 1 to 3, and the device may be specifically applied in various electronic devices. As shown in fig. 4, the network-based phishing blocking device according to the present embodiment includes a blocking instruction receiving unit 410, a blocking instruction forwarding unit 420, and a forwarding blocking unit 430.
The blocking instruction receiving unit 410 is configured to generate an instruction to be blocked by the anti-fraud application platform, and send the instruction to be blocked to the SDN controller through an open standard interface.
The blocking instruction forwarding unit 420 is configured to forward the to-be-blocked instruction to the plurality of SDN transponders by controlling a forwarding communication interface by the SDN controller.
The forwarding blocking unit 430 is configured to block the forwarding task associated with the to-be-blocked instruction after any SDN repeater receives the forwarding task.
According to one or more embodiments of the present disclosure, the instruction to be plugged includes identification information of a website or application to be plugged.
According to one or more embodiments of the present disclosure, the identification information of the website or application program to be plugged includes: the method comprises the steps of obtaining a domain name of a website to be blocked, a uniform resource locator URL of the website to be blocked and/or a server-side IP address of an application program to be blocked.
According to one or more embodiments of the present disclosure, the forwarding task associated with the to-be-plugged instruction includes: the domain name of the website to be blocked, the uniform resource locator URL of the website to be blocked and/or the service end IP address of the application program to be blocked are used as forwarding tasks of source addresses; and/or forwarding tasks taking the domain name of the website to be blocked, the uniform resource locator URL of the website to be blocked and/or the server-side IP address of the application program to be blocked as a target address.
According to one or more embodiments of the present disclosure, blocking the forwarding task includes: ignoring the forwarding task and returning a predetermined webpage to a requester of the forwarding task to prompt the user that the requested network is a fraud network.
According to one or more embodiments of the present disclosure, the forwarding tasks include Get requests and POST requests.
According to one or more embodiments of the present disclosure, the blocking instruction receiving unit is configured to generate an instruction to be blocked by the anti-fraud application platform, including: the anti-fraud application platform is used for generating the instruction to be blocked according to phishing report information of a public security organization.
The phishing blocking device based on the SDN network provided by the embodiment can execute the phishing blocking method based on the SDN network provided by the embodiment of the method, and has the corresponding functional modules and beneficial effects of the executing method.
Referring now to fig. 5, a schematic diagram of an electronic device 500 suitable for use in implementing embodiments of the present invention is shown. The terminal device in the embodiment of the present invention is, for example, a mobile device, a computer, or an in-vehicle device built in a floating car, or any combination thereof. In some embodiments, the mobile device may include, for example, a cell phone, smart home device, wearable device, smart mobile device, virtual reality device, etc., or any combination thereof. The electronic device shown in fig. 5 is only an example and should not be construed as limiting the functionality and scope of use of the embodiments of the present invention.
As shown in fig. 5, the electronic device 500 may include a processing means (e.g., a central processing unit, a graphics processor, etc.) 501, which may perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 502 or a program loaded from a storage means 508 into a Random Access Memory (RAM) 503. In the RAM 503, various programs and data required for the operation of the electronic apparatus 500 are also stored. The processing device 501, the ROM 502, and the RAM 503 are connected to each other via a bus 504. An input/output (I/O) interface 505 is also connected to bus 504.
In general, the following devices may be connected to the I/O interface 505: input devices 506 including, for example, a touch screen, touchpad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc.; an output device 507 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage 508 including, for example, magnetic tape, hard disk, etc.; and communication means 509. The communication means 509 may allow the electronic device 500 to communicate with other devices wirelessly or by wire to exchange data. While fig. 5 shows an electronic device 500 having various means, it is to be understood that not all of the illustrated means are required to be implemented or provided. More or fewer devices may be implemented or provided instead.
In particular, according to embodiments of the present invention, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present invention include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flowcharts. In such an embodiment, the computer program may be downloaded and installed from a network via the communication means 509, or from the storage means 508, or from the ROM 502. The above-described functions defined in the method of the embodiment of the present invention are performed when the computer program is executed by the processing means 501.
It should be noted that, the computer readable medium according to the embodiment of the present invention may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In embodiments of the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In contrast, in embodiments of the present invention, the computer-readable signal medium may comprise a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, fiber optic cables, RF (radio frequency), and the like, or any suitable combination of the foregoing.
The computer readable medium may be contained in the electronic device; or may exist alone without being incorporated into the electronic device.
The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: the anti-fraud application platform generates an instruction to be blocked, and sends the instruction to be blocked to the SDN controller through an open standard interface; the SDN controller forwards the to-be-plugged instruction to the SDN forwarders through a control forwarding communication interface; and after any SDN repeater receives the forwarding task associated with the to-be-blocked instruction, blocking the forwarding task.
Computer program code for carrying out operations for embodiments of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units involved in the embodiments of the present invention may be implemented in software or in hardware. The name of the unit does not in any way constitute a limitation of the unit itself, for example the first acquisition unit may also be described as "unit acquiring at least two internet protocol addresses".
The above description is only illustrative of the preferred embodiments of the present invention and of the principles of the technology employed. It will be understood by those skilled in the art that the scope of the disclosure in the embodiments of the present invention is not limited to the specific combination of the above technical features, but encompasses other technical features formed by any combination of the above technical features or their equivalents without departing from the spirit of the disclosure. Such as the technical solution formed by mutually replacing the above features and the technical features with similar functions (but not limited to) disclosed in the embodiments of the present invention.

Claims (6)

1. An phishing blocking method based on an SDN network, wherein an anti-fraud application platform is connected with a plurality of operator networks, an SDN controller is arranged in each operator network, each SDN controller is connected with a plurality of SDN transponders, the SDN network comprises the anti-fraud application platform, the SDN controller and the plurality of SDN transponders, and the method comprises:
the anti-fraud application platform generates an instruction to be blocked, and sends the instruction to be blocked to the SDN controller through an open standard interface;
the SDN controller forwards the to-be-plugged instruction to the SDN forwarders through a control forwarding communication interface;
after any SDN repeater receives the forwarding task associated with the instruction to be blocked, blocking the forwarding task and returning a preset webpage to a requester of the forwarding task;
the forwarding task is a get request, and the blocking the forwarding task includes:
before a corresponding packet a returned by the Web server, sending a corresponding packet b of the fake Get request to the terminal user sending the Get request;
the instruction to be blocked comprises identification information of a website or an application program to be blocked; the identification information of the website or the application program to be plugged comprises: the method comprises the steps of obtaining a domain name of a website to be blocked, a uniform resource locator URL of the website to be blocked and/or a server-side IP address of an application program to be blocked.
2. The method of claim 1, wherein the forwarding task associated with the instruction to be blocked comprises:
the domain name of the website to be blocked, the uniform resource locator URL of the website to be blocked and/or the service end IP address of the application program to be blocked are used as forwarding tasks of source addresses; and/or
And forwarding tasks taking the domain name of the website to be blocked, the uniform resource locator URL of the website to be blocked and/or the server-side IP address of the application program to be blocked as a target address.
3. The method of claim 1, wherein the generating the to-be-plugged instruction by the anti-fraud application platform comprises:
the anti-fraud application platform generates the to-be-plugged instruction according to phishing report information of a public security organization.
4. An anti-fraud blocking device based on an SDN network, wherein an anti-fraud application platform is connected with a plurality of operator networks, each of the operator networks is provided with an SDN controller, each of the SDN controllers is connected with a plurality of SDN transponders, the SDN networks include an anti-fraud application platform, an SDN controller, and a plurality of SDN transponders, the device comprising:
the blocking instruction receiving unit is used for generating an instruction to be blocked by the anti-fraud application platform and sending the instruction to be blocked to the SDN controller through an open standard interface;
the blocking instruction forwarding unit is used for forwarding the instruction to be blocked to the SDN forwarders through the control forwarding communication interface by the SDN controller;
a forwarding blocking unit, configured to block a forwarding task associated with the to-be-blocked instruction after any SDN transponder receives the forwarding task, and return a predetermined webpage to a requester of the forwarding task;
the forwarding task is a get request, and the forwarding blocking unit is specifically configured to:
before a corresponding packet a returned by the Web server, sending a corresponding packet b of the fake Get request to the terminal user sending the Get request;
the instruction to be blocked comprises identification information of a website or an application program to be blocked; the identification information of the website or the application program to be plugged comprises: the method comprises the steps of obtaining a domain name of a website to be blocked, a uniform resource locator URL of the website to be blocked and/or a server-side IP address of an application program to be blocked.
5. An electronic device, comprising:
one or more processors; and
a memory for storing executable instructions that, when executed by the one or more processors, cause the electronic device to perform the method of any of claims 1-3.
6. A computer readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, implements the method according to any of claims 1-3.
CN202110485790.7A 2021-04-30 2021-04-30 Phishing blocking method, device, equipment and medium based on SDN network Active CN113452670B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110485790.7A CN113452670B (en) 2021-04-30 2021-04-30 Phishing blocking method, device, equipment and medium based on SDN network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110485790.7A CN113452670B (en) 2021-04-30 2021-04-30 Phishing blocking method, device, equipment and medium based on SDN network

Publications (2)

Publication Number Publication Date
CN113452670A CN113452670A (en) 2021-09-28
CN113452670B true CN113452670B (en) 2023-07-28

Family

ID=77809731

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110485790.7A Active CN113452670B (en) 2021-04-30 2021-04-30 Phishing blocking method, device, equipment and medium based on SDN network

Country Status (1)

Country Link
CN (1) CN113452670B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107645507A (en) * 2017-10-16 2018-01-30 北京知道创宇信息技术有限公司 A kind of data processing method, anti-swindle equipment and computer-readable recording medium
CN111865925A (en) * 2020-06-24 2020-10-30 国家计算机网络与信息安全管理中心 Network traffic based fraud group identification method, controller and medium
CN112491864A (en) * 2020-11-23 2021-03-12 恒安嘉新(北京)科技股份公司 Method, device, equipment and medium for detecting phishing deep victim user

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104601557B (en) * 2014-12-29 2018-12-21 广东顺德中山大学卡内基梅隆大学国际联合研究院 A kind of malicious websites means of defence and system based on software defined network
EP3314828A4 (en) * 2015-06-26 2018-12-19 McAfee, LLC Systems and methods for routing data using software-defined networks
US10296744B1 (en) * 2015-09-24 2019-05-21 Cisco Technology, Inc. Escalated inspection of traffic via SDN
US9948606B2 (en) * 2015-12-25 2018-04-17 Kn Group, Ghq Enhancing privacy and security on a SDN network using SDN flow based forwarding control
US20180183799A1 (en) * 2016-12-28 2018-06-28 Nanning Fugui Precision Industrial Co., Ltd. Method and system for defending against malicious website
CN109088901A (en) * 2018-10-31 2018-12-25 杭州默安科技有限公司 Deception defence method and system based on SDN building dynamic network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107645507A (en) * 2017-10-16 2018-01-30 北京知道创宇信息技术有限公司 A kind of data processing method, anti-swindle equipment and computer-readable recording medium
CN111865925A (en) * 2020-06-24 2020-10-30 国家计算机网络与信息安全管理中心 Network traffic based fraud group identification method, controller and medium
CN112491864A (en) * 2020-11-23 2021-03-12 恒安嘉新(北京)科技股份公司 Method, device, equipment and medium for detecting phishing deep victim user

Also Published As

Publication number Publication date
CN113452670A (en) 2021-09-28

Similar Documents

Publication Publication Date Title
CN111177112A (en) Database blocking method and device based on operation and maintenance management system and electronic equipment
US20190102938A1 (en) Method and Apparatus for Presenting Information
CN111163324B (en) Information processing method and device and electronic equipment
CN111818194A (en) Domain name based access system and method
CN110765334A (en) Data capture method, system, medium and electronic device
CN115357761A (en) Link tracking method and device, electronic equipment and storage medium
CN113537512B (en) Model training method, device, system, equipment and medium based on federal learning
US20190370293A1 (en) Method and apparatus for processing information
CN112748962B (en) Application loading method, device, electronic equipment and computer readable medium
CN103051722B (en) A kind ofly determine the method whether page is held as a hostage and relevant device
CN113452670B (en) Phishing blocking method, device, equipment and medium based on SDN network
CN112152879A (en) Network quality determination method and device, electronic equipment and readable storage medium
CN111273967A (en) Remote hook setting method and device suitable for Android system and electronic equipment
CN115022106B (en) Group information processing method, device, equipment and medium
CN115600964A (en) Voice approval method and device and related equipment
CN114979128A (en) Cross-region communication method and device and electronic equipment
CN113691937A (en) Method for determining position information, cloud mobile phone and terminal equipment
CN113765972A (en) Data request response method, device, system, server and storage medium
CN104978199A (en) Plug-in application method and device used for multiple browsers
CN111163156A (en) Data processing method, device and storage medium based on block chain
CN111831530A (en) Test method and device
CN114222005B (en) Request processing method, apparatus, device, computer readable storage medium and product
CN113807854B (en) Method, apparatus, system, electronic device and medium for electronic payment
CN111241368B (en) Data processing method, device, medium and equipment
CN111641692B (en) Session data processing method and device and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant