CN113452710B - Unauthorized vulnerability detection method, device, equipment and computer program product - Google Patents

Unauthorized vulnerability detection method, device, equipment and computer program product Download PDF

Info

Publication number
CN113452710B
CN113452710B CN202110722722.8A CN202110722722A CN113452710B CN 113452710 B CN113452710 B CN 113452710B CN 202110722722 A CN202110722722 A CN 202110722722A CN 113452710 B CN113452710 B CN 113452710B
Authority
CN
China
Prior art keywords
hash value
splicing
service request
similarity
response data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110722722.8A
Other languages
Chinese (zh)
Other versions
CN113452710A (en
Inventor
刘宇滨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
WeBank Co Ltd
Original Assignee
WeBank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by WeBank Co Ltd filed Critical WeBank Co Ltd
Priority to CN202110722722.8A priority Critical patent/CN113452710B/en
Publication of CN113452710A publication Critical patent/CN113452710A/en
Priority to PCT/CN2021/134315 priority patent/WO2023273139A1/en
Application granted granted Critical
Publication of CN113452710B publication Critical patent/CN113452710B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD

Abstract

The invention relates to the technical field of financial science and technology (Fintech), and discloses an unauthorized vulnerability detection method, device, equipment and product, wherein the method comprises the following steps: receiving a first service request including a first identity identifier of a system to be detected, and modifying the first identity identifier to obtain a second service request; executing the first service request and the second service request to obtain response data; respectively slicing each response data, and hashing each sliced data to obtain a first sliced hash value and a second sliced hash value; splicing the first split hash values to obtain first spliced hash values, and splicing the second split hash values to obtain second spliced hash values; and determining whether the system to be detected has the unauthorized vulnerability according to the similarity of the two spliced hash values. By carrying out fragmentation processing on the response data and then carrying out similarity comparison according to the hash value of the obtained fragmentation data, the efficiency of unauthorized vulnerability detection is improved on the premise of ensuring the unauthorized vulnerability detection precision.

Description

Unauthorized vulnerability detection method, device, equipment and computer program product
Technical Field
The present invention relates to the field of financial technology (Fintech), and in particular, to a method, apparatus, device, and computer program product for detecting unauthorized vulnerabilities.
Background
With the development of computer technology, more and more technologies (big data, distributed, blockchain, artificial intelligence, and the like) are applied to the financial field, the traditional financial industry is gradually changing to financial technology (Fintech), but higher requirements are provided for the unauthorized vulnerability detection technology due to the requirements of security and real-time performance of the financial industry.
With the recent outbreak of various high-risk vulnerabilities, network security issues have attracted increasing attention. An unauthorized vulnerability, a common security vulnerability in a Web application, refers to that a programmer is neglected, and does not strictly limit the authority/user required by a certain operation, so that a user without an operation authority can normally operate, and the threat lies in that one account can control all-station user data, that is, an attacker can use one legal account to illegally operate other account data with an unauthorized vulnerability, such as conventional database commands of query, insertion, deletion, modification and the like.
In the prior art, the detection of the override leak mainly comprises the steps of manually logging in an account and modifying the account ID to obtain request response data returned by different account IDs, and judging whether the override leak exists or not by calculating the text similarity of different response data.
Disclosure of Invention
The invention mainly aims to provide an unauthorized vulnerability detection method, an unauthorized vulnerability detection device, unauthorized vulnerability detection equipment and a computer program product, and aims to solve the technical problem that the existing unauthorized vulnerability detection is low in efficiency.
In order to achieve the above object, the present invention provides an unauthorized vulnerability detection method, which comprises the following steps:
receiving a first service request including a first identity identifier of a system to be detected, and modifying the first identity identifier in the first service request to obtain a second service request;
executing the first service request and the second service request through the system to be detected to obtain first response data corresponding to the first service request and second response data corresponding to the second service request;
respectively carrying out fragmentation processing on the first response data and the second response data, and carrying out hash operation on each fragmentation data obtained by fragmentation processing to obtain a first fragmentation hash value corresponding to the first response data and a second fragmentation hash value corresponding to the second response data;
splicing the first sliced hash value to obtain a first spliced hash value, and splicing the second sliced hash value to obtain a second spliced hash value;
and determining the similarity of the first splicing hash value and the second splicing hash value, and determining whether the system to be detected has the unauthorized vulnerability according to the similarity.
Optionally, the step of splicing the first split hash value to obtain a first spliced hash value, and the step of splicing the second split hash value to obtain a second spliced hash value includes:
performing data extraction on the first sliced hash value to obtain a first sliced extracted hash value with a second preset character length, and performing splicing processing on the first sliced extracted hash value to obtain a first spliced hash value, wherein the preset character length is smaller than the character length of the first sliced hash value;
and performing data extraction on the second split hash value to obtain a second split extracted hash value with a second preset character length, and performing splicing processing on the second split extracted hash value to obtain a second spliced hash value.
Optionally, the step of modifying the first identity identifier in the first service request to obtain a second service request includes:
deleting the first identity identifier in the first service request to obtain a second service request;
and/or the presence of a gas in the gas,
and replacing the first identity in the first service request with a second identity to obtain a second service request, wherein the second identity is different from the first identity.
Optionally, the step of determining the similarity between the first concatenation hash value and the second concatenation hash value includes:
calculating the minimum editing operation times of the first splicing hash value and the second splicing hash value;
and determining the similarity of the first splicing hash value and the second splicing hash value according to the sum of the character lengths of the first splicing hash value and the second splicing hash value and the minimum number of editing operations.
Optionally, the step of calculating the minimum number of editing operations of the first concatenation hash value and the second concatenation hash value includes:
constructing an editing operation time matrix according to the character length of the first splicing hash value, the character length of the second splicing hash value, the character content of the first splicing hash value and the character content of the second splicing hash value, and performing initialization assignment on the editing operation time matrix;
circularly calculating the editing operation times corresponding to each matrix element in the editing operation time matrix according to a preset editing operation time formula; the preset editing operation frequency formula is as follows:
dp[i,j]=min(dp[i-1,j]+1,dp[i,j-1]+1,dp[i-1,j-1]+temp),
wherein dp [ i, j ] is the editing operation times corresponding to the matrix elements of the ith row and the jth column in the editing operation time matrix;
dp [ i-1, j ] is the editing operation times corresponding to the matrix elements of the ith-1 row and the jth column in the editing operation times matrix;
dp [ i, j-1] is the editing operation times corresponding to the matrix elements of the ith row and the jth-1 column in the editing operation times matrix;
dp [ i-1, j-1] is the number of editing operation times corresponding to the matrix elements of the ith-1 row and the jth-1 column in the matrix of the number of editing operation times;
if two characters corresponding to matrix elements of an ith row and a jth column in the matrix are the same, then temp =0; if two characters corresponding to matrix elements of an ith row and a jth column in the matrix are different, temp =1;
and determining the minimum editing operation times according to the editing operation times corresponding to each matrix element.
Optionally, the step of determining whether the system to be detected has the unauthorized vulnerability according to the similarity includes:
if the similarity is larger than or equal to a preset similarity threshold, determining that the system to be detected has an unauthorized bug;
and if the similarity is smaller than a preset similarity threshold value, determining that the unauthorized vulnerability does not exist in the system to be detected.
Optionally, after the step of receiving the first service request including the first identity identifier of the system to be detected, the method further includes:
determining whether the first service request relates to sensitive information;
if yes, executing the following steps: and modifying the first identity in the first service request to obtain a second service request.
In addition, to achieve the above object, the present invention further provides an unauthorized vulnerability detection apparatus, including:
the identity modification module is used for receiving a first service request including a first identity of a system to be detected, and modifying the first identity in the first service request to obtain a second service request;
a request execution module, configured to execute the first service request and the second service request through the system to be detected, to obtain first response data corresponding to the first service request and second response data corresponding to the second service request;
the fragment hash module is used for respectively carrying out fragment processing on the first response data and the second response data, and carrying out hash operation on each fragment data obtained by the fragment processing to obtain a first fragment hash value corresponding to the first response data and a second fragment hash value corresponding to the second response data;
a Hash splicing module used for splicing the first sliced Hash value to obtain a first spliced Hash value, and splicing the second sliced Hash value to obtain a second spliced Hash value
And the override determining module is used for determining the similarity of the first splicing hash value and the second splicing hash value and determining whether the system to be detected has an override bug according to the similarity.
In addition, to achieve the above object, the present invention further provides an unauthorized vulnerability detection apparatus, including: the unauthorized vulnerability detection method comprises a memory, a processor and an unauthorized vulnerability detection program which is stored on the memory and can run on the processor, wherein the unauthorized vulnerability detection program realizes the steps of the unauthorized vulnerability detection method when being executed by the processor.
In addition, to achieve the above object, the present invention further provides a computer storage medium having an unauthorized vulnerability detection program stored thereon, wherein the unauthorized vulnerability detection program, when executed by a processor, implements the steps of the unauthorized vulnerability detection method as described above.
In addition, to achieve the above object, the present invention further provides a computer program product, which includes an unauthorized vulnerability detection program, and when the unauthorized vulnerability detection program is executed by a processor, the unauthorized vulnerability detection program implements the steps of the unauthorized vulnerability detection method as described above.
The method comprises the steps of receiving a first service request including a first identity identifier of a system to be detected, and modifying the first identity identifier in the first service request to obtain a second service request; executing the first service request and the second service request through the system to be detected to obtain first response data corresponding to the first service request and second response data corresponding to the second service request; respectively carrying out fragmentation processing on the first response data and the second response data, and carrying out hash operation on each fragmentation data obtained by fragmentation processing to obtain a first fragmentation hash value corresponding to the first response data and a second fragmentation hash value corresponding to the second response data; splicing the first split hash value to obtain a first spliced hash value, and splicing the second split hash value to obtain a second spliced hash value; and determining the similarity of the first spliced hash value and the second spliced hash value, and determining whether the unauthorized vulnerability exists in the system to be detected according to the similarity. On one hand, the similarity comparison is carried out on the hash values of the response data, so that the comparison efficiency of the similarity pair is improved, and the detection efficiency of the unauthorized vulnerability is further improved; on the other hand, the response data is subjected to fragmentation processing, and similarity comparison is performed according to the obtained hash value of the fragmentation data, so that the unauthorized vulnerability detection efficiency is improved on the premise of ensuring the unauthorized vulnerability detection precision.
Drawings
Fig. 1 is a schematic structural diagram of an unauthorized vulnerability detection apparatus in a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a first embodiment of the unauthorized vulnerability detection method according to the present invention;
fig. 3 is a schematic block diagram of the unauthorized vulnerability detection apparatus according to the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
As shown in fig. 1, fig. 1 is a schematic structural diagram of an unauthorized vulnerability detection device in a hardware operating environment according to an embodiment of the present invention.
The unauthorized vulnerability detection equipment in the embodiment of the invention can be a PC (personal computer) or server equipment, and a virtual machine runs on the unauthorized vulnerability detection equipment.
As shown in fig. 1, the unauthorized vulnerability detection apparatus may include: a processor 1001, e.g. a CPU, a network interface 1004, a user interface 1003, a memory 1005, a communication bus 1002. The communication bus 1002 is used to implement connection communication among these components. The user interface 1003 may include a Display screen (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., a WI-FI interface). The memory 1005 may be a high-speed RAM memory or a non-volatile memory (e.g., a magnetic disk memory). The memory 1005 may alternatively be a storage device separate from the processor 1001.
Those skilled in the art will appreciate that the override vulnerability detection apparatus configuration shown in fig. 1 does not constitute a limitation of the apparatus, and may include more or fewer components than shown, or some components in combination, or a different arrangement of components.
As shown in fig. 1, a memory 1005, which is a kind of computer storage medium, may include therein an operating system, a network communication module, a user interface module, and an unauthorized vulnerability detection program.
In the unauthorized vulnerability detection apparatus shown in fig. 1, the network interface 1004 is mainly used for connecting to a background server and performing data communication with the background server; the user interface 1003 is mainly used for connecting a client (user side) and performing data communication with the client; and the processor 1001 may be configured to call an unauthorized vulnerability detection program stored in the memory 1005 and perform operations in the unauthorized vulnerability detection method described below.
Based on the hardware structure, the embodiment of the unauthorized vulnerability detection method is provided.
Referring to fig. 2, fig. 2 is a schematic flow chart of a first embodiment of the unauthorized vulnerability detection method of the present invention, wherein the method includes:
step S10, receiving a first service request including a first identity identifier of a system to be detected, and modifying the first identity identifier in the first service request to obtain a second service request;
the unauthorized vulnerability detection method is applied to unauthorized vulnerability detection equipment, wherein the unauthorized vulnerability detection equipment can be a terminal, a robot or PC equipment.
In the prior art, the detection of the unauthorized vulnerability mainly comprises the steps of manually logging in an account and modifying the account ID, acquiring request response data returned by different account IDs, and judging whether the unauthorized vulnerability exists or not by calculating text similarity of different response data.
On the background, the embodiment provides an unauthorized vulnerability detection scheme, on one hand, the similarity comparison efficiency is improved by comparing the hash values of the response data, and further, the unauthorized vulnerability detection efficiency is improved; on the other hand, the response data is subjected to fragmentation processing, and similarity comparison is performed according to the obtained hash value of the fragmentation data, so that the unauthorized vulnerability detection efficiency is improved on the premise of ensuring the unauthorized vulnerability detection precision.
In this embodiment, the identity refers to information indicating an identity of an initiator of the service request, and the identity may be at least one of a cookie or a user account identifier. Where a cookie refers to data stored on the user's local terminal, a simple text file stored in the client machine, associated with a particular Web document, that stores information (e.g., user profile information) when the client machine accesses the Web document, which information is available to the Web document when the client machine accesses the Web document again.
In this embodiment, the unauthorized vulnerability detection device collects the first service request for accessing the system to be detected, and after the first service request is collected, modifies the identity identifier in the first service request, and keeps other contents in the request unchanged to obtain the second service request.
Further, the mode of modifying the identity in the first service request includes two processing modes of deletion and/or replacement, where deletion refers to deleting the first identity in the first service request and reserving other contents in the request to obtain a second service request; the replacement means replacing a first identity in the first service request with a second identity different from the first identity to obtain a second service request. The first identity mark is used for marking identity information of a first user, the second identity mark is used for marking identity information of a second user, and the first user and the second user are two legal users with different operation authorities in the system to be detected.
Step S20, executing the first service request and the second service request by the system to be detected, to obtain first response data corresponding to the first service request and second response data corresponding to the second service request;
it can be understood that, in this embodiment, the order of the generation of the second service request and the execution of the first service request is not limited, that is, after the first service request is received, the second service request may be generated first and then the first service request may be executed, the first service request may be executed first and then the second service request may be generated, or both may be executed simultaneously.
Further, after the first service request is executed to obtain corresponding first response data, whether the character length of the first response data is larger than a preset character length threshold value or not can be determined, if not, the character length of the first response data is short, the unauthorized vulnerability detection speed cannot be obviously influenced, the first response data and the second response data can be directly subjected to similarity comparison, and fragmentation and hash are not needed; if yes, it indicates that the character length of the first response data is shorter, and the similarity between the first response data and the second response data is directly compared, and the calculation speed is significantly reduced, then step S30 is performed. Therefore, the scheme with higher detection speed can be dynamically selected according to the character length of the response data.
Step S30, performing fragmentation processing on the first response data and the second response data, and performing hash operation on each piece of fragmentation data obtained by the fragmentation processing to obtain a first fragmentation hash value corresponding to the first response data and a second fragmentation hash value corresponding to the second response data;
after the first service request and the second service request are obtained, the system to be detected executes the first service request and the second service request to respectively obtain first response data corresponding to the first service request and second response data corresponding to the second service request. Generally, when the unauthorized vulnerability is detected, similarity comparison is directly performed on the first response data and the second response data, and whether the unauthorized vulnerability exists in the system to be detected is determined according to a similarity comparison result, but the comparison method generates huge workload when the character length of the response data is long, and the efficiency is low.
In order to avoid this situation, in this embodiment, after the response data is obtained, hash operation is performed on the response data, and the response data with any length is converted into a hash value with a fixed length, so as to perform similarity comparison according to the hash value of the response data in the subsequent step, thereby reducing the workload of similarity calculation; further, since the hash operation has an input change sensitivity, that is, even if the input original data has a very slight change, the output hash value will have a great change, if the similarity comparison is directly performed according to the hash values of the response data, even if the first response data and the second response data have only a slight difference, because the hash values of the two have a great difference, the similarity determined according to the hash values of the two cannot reflect the true similarity of the first response data and the second response data, so the embodiment performs the fragmentation processing on the response data first, that is, the response data is fragmented according to the first preset character length, and the response data is fragmented into a plurality of pieces of fragmented data.
The first preset character length is set by a manager according to the unauthorized vulnerability detection precision requirement and the unauthorized vulnerability detection efficiency requirement, and it can be understood that the larger the first preset character length is, the lower the unauthorized vulnerability detection precision is, and the higher the detection efficiency is; the smaller the first preset character length is, the higher the unauthorized vulnerability detection precision is, and the lower the detection efficiency is.
After the respective fragment data of the first response data and the second response data are obtained, hash operation is performed on the respective fragment data, so that a hash value of each fragment data of the first response data, namely a first fragment hash value, and a hash value of each fragment data of the second response data, namely a second fragment hash value, are obtained. The hash Algorithm may be MD5 (Message Digest MD 5), or other hash function algorithms, such as at least one of MD4, SHA1, SHA-224, SHA-256, SHA-384, and SHA-512.
Step S40, splicing the first sliced hash value to obtain a first spliced hash value, and splicing the second sliced hash value to obtain a second spliced hash value;
in this embodiment, after obtaining the first sliced hash value corresponding to the first response data, the sliced data corresponding to the first sliced hash value are spliced in the position of the first response data to obtain a first spliced hash value; after the second fragment hash value corresponding to the second response data is obtained, the fragment data corresponding to the second fragment hash value is spliced according to the position of the fragment data in the second response data, and a second spliced hash value is obtained.
And S50, determining the similarity of the first splicing hash value and the second splicing hash value, and determining whether the unauthorized vulnerability exists in the system to be detected according to the similarity.
In this embodiment, after the first splicing hash value and the second splicing hash value are obtained, the similarity between the first splicing hash value and the second splicing hash value can be calculated, the higher the similarity between the first splicing hash value and the second splicing hash value is, the higher the tendency of the unauthorized vulnerability exists, and the lower the similarity between the first splicing hash value and the second splicing hash value is, the lower the tendency of the unauthorized vulnerability exists, so that a critical similarity threshold value for distinguishing whether the unauthorized vulnerability exists or not, namely a preset similarity threshold value, can be set according to the accuracy requirement of unauthorized vulnerability detection, and if the similarity is greater than or equal to the preset similarity threshold value, the existence of the unauthorized vulnerability in the system to be detected is determined; and if the similarity is smaller than a preset similarity threshold value, determining that the unauthorized vulnerability does not exist in the system to be detected.
Further, if the first service request is a, the identity identifier in the first service request is deleted and replaced to obtain second service requests B and C, according to the foregoing embodiment, the similarity between the splicing hash value corresponding to a and the splicing hash value corresponding to B is calculated according to the response data of a and B, the similarity between the splicing hash value corresponding to a and the splicing hash value corresponding to C is calculated according to the response data of a and C, and if one of the two similarities is greater than or equal to a preset similarity threshold value, it is determined that a vulnerability exists in the system to be detected; and if the two similarities are smaller than a preset similarity threshold value, determining that the unauthorized vulnerability does not exist in the system to be detected.
Further, if it is determined that the system to be detected has the unauthorized bug, an unauthorized bug alarm can be output. The unauthorized vulnerability alarm comprises one or more of identification information of the system to be detected, the similarity of the first splicing hash value and the second splicing hash value.
Further, the step of outputting the unauthorized vulnerability alert may specifically include: and determining a corresponding alarm grade according to the similarity, and outputting the unauthorized vulnerability alarm of the corresponding grade according to the determined alarm grade.
The embodiment receives a first service request including a first identity identifier of a system to be detected, and modifies the first identity identifier in the first service request to obtain a second service request; executing the first service request and the second service request through the system to be detected to obtain first response data corresponding to the first service request and second response data corresponding to the second service request; respectively carrying out fragmentation processing on the first response data and the second response data, and carrying out hash operation on each fragmentation data obtained by fragmentation processing to obtain a first fragmentation hash value corresponding to the first response data and a second fragmentation hash value corresponding to the second response data; splicing the first sliced hash value to obtain a first spliced hash value, and splicing the second sliced hash value to obtain a second spliced hash value; and determining the similarity of the first splicing hash value and the second splicing hash value, and determining whether the system to be detected has the unauthorized vulnerability according to the similarity. On one hand, the similarity comparison is carried out on the hash values of the response data, so that the comparison efficiency of the similarity pair is improved, and the unauthorized vulnerability detection efficiency is improved; on the other hand, the response data is subjected to fragmentation processing, and similarity comparison is performed according to the obtained hash value of the fragmentation data, so that the unauthorized vulnerability detection efficiency is improved on the premise of ensuring the unauthorized vulnerability detection precision.
Further, based on the above embodiment, a second embodiment of the unauthorized vulnerability detection method is provided.
The step S40 includes:
step S41, performing data extraction on the first sliced hash value to obtain a first sliced extracted hash value with a second preset character length, and performing splicing processing on the first sliced extracted hash value to obtain a first spliced hash value, wherein the preset character length is smaller than the character length of the first sliced hash value;
and S42, performing data extraction on the second split hash value to obtain a second split extracted hash value with a second preset character length, and performing splicing processing on the second split extracted hash value to obtain a second spliced hash value.
In this embodiment, in order to further improve the unauthorized vulnerability detection efficiency, after the fragment hash value is obtained, data extraction is performed on the fragment hash value according to the second preset character length, so as to obtain a fragment extracted hash value with a character length of the second preset character length, and then the fragment extracted hash values are spliced to shorten the character length of the spliced hash value. It can be understood that the second preset character length is smaller than the character length of the fragment hash value; the data extraction mode adopted by the first sliced hash value and the second sliced hash value is the same.
The data extraction method may be to extract the hash value by taking a string with a preset specified position and a second preset character length of each shard hash value, for example, taking a string with 12 bits at the head or the tail of the shard hash value as a shard. It can be understood that the second preset character length is set by a manager according to the unauthorized vulnerability detection precision requirement and the unauthorized vulnerability detection efficiency requirement, and the larger the second preset character length is, the higher the unauthorized vulnerability detection precision is, and the lower the detection efficiency is; the smaller the first preset character length is, the lower the unauthorized vulnerability detection precision is, and the higher the detection efficiency is.
In this embodiment, the data extraction is performed on the split hash value, and then the extracted split extracted hash value is spliced, so that the character length of the spliced hash value can be shortened, the speed of similarity calculation is increased, and the efficiency of unauthorized vulnerability detection is increased.
Further, based on the above embodiments, a third embodiment of the unauthorized vulnerability detection method of the present invention is provided.
In the step S50, the step of determining the similarity between the first concatenation hash value and the second concatenation hash value includes:
step S51, calculating the minimum editing operation times of the first splicing hash value and the second splicing hash value;
and S52, determining the similarity between the first splicing hash value and the second splicing hash value according to the sum of the character lengths of the first splicing hash value and the second splicing hash value and the minimum number of editing operations.
In this embodiment, a scheme of calculating a similarity according to a minimum number of editing operations is provided, and specifically, a minimum number dp [ m, n ] of editing operations of a first concatenation hash value and a second concatenation hash value is determined, and then a sum m + n of character lengths of the first concatenation hash value and the second concatenation hash value is determined, where the similarity is dp [ m, n ]/(m + n).
Further, the step S51 includes:
step S511, establishing an editing operation time matrix according to the character length of the first splicing hash value, the character length of the second splicing hash value, the character content of the first splicing hash value and the character content of the second splicing hash value, and performing initialization assignment on the editing operation time matrix;
step S512, according to the character length of the first splicing hash value, the character length of the second splicing hash value, the character content of the first splicing hash value and the character content of the second splicing hash value, constructing an editing operation time matrix, and performing initialization assignment on the editing operation time matrix;
circularly calculating the editing operation times corresponding to each matrix element in the editing operation time matrix according to a preset editing operation time formula; the preset editing operation frequency formula is as follows:
dp[i,j]=min(dp[i-1,j]+1,dp[i,j-1]+1,dp[i-1,j-1]+temp),
wherein dp [ i, j ] is the number of times of editing operation corresponding to the matrix elements in the ith row and the jth column in the matrix of the number of times of editing operation;
dp [ i-1, j ] is the editing operation times corresponding to the matrix elements of the ith-1 row and the jth column in the editing operation times matrix;
dp [ i, j-1] is the editing operation times corresponding to the matrix elements of the ith row and the jth-1 column in the editing operation times matrix;
dp [ i-1, j-1] is the number of times of editing operation corresponding to the matrix elements of the ith-1 row and the jth-1 column in the matrix of the number of times of editing operation;
if two characters corresponding to matrix elements of an ith row and a jth column in the matrix are the same, temp =0; if two characters corresponding to matrix elements of an ith row and a jth column in the matrix are different, temp =1;
step S513, determining the minimum number of editing operations according to the number of editing operations corresponding to each matrix element.
The embodiment is a specific process for determining the minimum number of editing operations. Firstly, creating an editing operation time matrix, setting the lengths of character strings of the character lengths of a first splicing hash value and a second splicing hash value to be m and n respectively, then setting the dimension of the editing operation time matrix to be (m + 1) × (n + 1), and filling the first splicing hash value and the second splicing hash value into a first row and a first column respectively to obtain a matrix shown in the following table 1 (setting the first splicing hash value to be ABCD and the second splicing hash value to be ACD);
A B C D
A
C
D
TABLE 1
Initializing and assigning the matrix corresponding to the table 1 to enable each character of each splicing hash value to have a corresponding positioning character, and obtaining the matrix shown in the table 2;
A B C D
0 1 2 3 4
A 1
C 2
D 3
TABLE 2
And traversing from the upper left corner to the lower right corner of the matrix according to a preset editing operation frequency formula, and circularly calculating the editing operation frequency corresponding to each matrix element in the table 2 to obtain the matrix shown in the table 3, wherein the minimum editing operation frequency dp [ m, n ] is 1. The formula of the preset editing operation times is dp [ i, j ] = min (dp [ i-1, j ] +1, dp [ i, j-1] +1, dp [ i-1, j-1] + temp.), wherein dp [ i, j ] refers to the editing operation times corresponding to the matrix elements of the ith row and the jth column in the matrix; dp [ i-1, j ] refers to the number of editing operations corresponding to the matrix elements of the ith-1 row and the jth column in the matrix; dp [ i, j-1] refers to the number of editing operations corresponding to the matrix elements of the ith row and the jth-1 column in the matrix; dp [ i-1, j-1] refers to the number of editing operations corresponding to the matrix elements of the ith-1 row and the jth-1 column in the matrix; regarding temp, if two characters corresponding to matrix elements of the ith row and the jth column in the matrix are the same, then temp =0, and if two characters corresponding to matrix elements of the ith row and the jth column in the matrix are different, then temp =1.
A B C D
0 1 2 3 4
A 1 0 1 2 3
C 2 1 1 1 2
D 3 2 2 2 1
TABLE 3
In this embodiment, the similarity is determined according to the minimum number of editing operations, so that the complexity of text similarity calculation can be reduced, and the efficiency of unauthorized vulnerability detection can be improved.
Further, when the similarity between the first concatenation hash value and the second concatenation hash value is calculated, other similarity calculation methods, such as a cosine similarity calculation method, may also be used.
Further, in the step S10, after the step of receiving the first service request including the first identity identifier of the system to be detected, the method further includes:
determining whether the first service request relates to sensitive information;
if yes, executing the following steps: and modifying the first identity in the first service request to obtain a second service request.
In this embodiment, after receiving a first service request including a first identity, analyzing the first service request, obtaining request content of the first service request, determining whether the request content includes sensitive information such as a mobile phone number, an email, an account password, a bank card number or an identity card number, and if so, indicating that unauthorized vulnerability detection needs to be performed on a system to be detected corresponding to the request to prevent the sensitive information from being obtained by an unauthorized user; if not, the unauthorized vulnerability detection can be omitted.
According to the method and the device, the automatic triggering condition of the unauthorized vulnerability detection is set, so that the unauthorized vulnerability detection scheme can be automatically executed when the triggering condition is met, and the unauthorized vulnerability detection is more flexible and efficient.
The present invention also provides an unauthorized vulnerability detection apparatus, referring to fig. 3, the unauthorized vulnerability detection apparatus includes:
an identity modification module 10, configured to receive a first service request including a first identity of a system to be detected, and modify the first identity in the first service request to obtain a second service request;
a request execution module 20, configured to execute the first service request and the second service request through the system to be detected, so as to obtain first response data corresponding to the first service request and second response data corresponding to the second service request;
the fragment hashing module 30 is configured to perform fragment processing on the first response data and the second response data, and perform hash operation on each fragment data obtained through the fragment processing to obtain a first fragment hash value corresponding to the first response data and a second fragment hash value corresponding to the second response data;
a hash splicing module 40, configured to splice the first split hash values to obtain first spliced hash values, and splice the second split hash values to obtain second spliced hash values
And the override determining module 50 is configured to determine similarity between the first splicing hash value and the second splicing hash value, and determine whether an override vulnerability exists in the system to be detected according to the similarity.
Optionally, the fragment hashing module is further configured to:
performing data extraction on the first sliced hash value to obtain a first sliced extracted hash value with a second preset character length, and performing splicing processing on the first sliced extracted hash value to obtain a first spliced hash value, wherein the preset character length is smaller than the character length of the first sliced hash value;
and performing data extraction on the second split hash value to obtain a second split extracted hash value with a second preset character length, and performing splicing processing on the second split extracted hash value to obtain a second spliced hash value.
Optionally, the identity modification module is further configured to:
deleting the first identity identifier in the first service request to obtain a second service request;
and/or the presence of a gas in the gas,
and replacing the first identity in the first service request with a second identity to obtain a second service request, wherein the second identity is different from the first identity.
Optionally, the override determination module is further configured to:
calculating the minimum editing operation times of the first splicing hash value and the second splicing hash value;
and determining the similarity of the first splicing hash value and the second splicing hash value according to the sum of the character lengths of the first splicing hash value and the second splicing hash value and the minimum number of editing operations.
Optionally, the override determination module is further configured to:
constructing an editing operation time matrix according to the character length of the first splicing hash value, the character length of the second splicing hash value, the character content of the first splicing hash value and the character content of the second splicing hash value, and performing initialization assignment on the editing operation time matrix;
circularly calculating the editing operation times corresponding to each matrix element in the editing operation time matrix according to a preset editing operation time formula; the preset editing operation frequency formula is as follows:
dp[i,j]=min(dp[i-1,j]+1,dp[i,j-1]+1,dp[i-1,j-1]+temp),
wherein dp [ i, j ] is the number of times of editing operation corresponding to the matrix elements in the ith row and the jth column in the matrix of the number of times of editing operation;
dp [ i-1, j ] is the number of times of editing operation corresponding to the matrix elements of the ith-1 row and jth column in the matrix of the number of times of editing operation;
dp [ i, j-1] is the number of times of editing operation corresponding to the matrix elements of the ith row and the jth-1 column in the matrix of the number of times of editing operation;
dp [ i-1, j-1] is the number of times of editing operation corresponding to the matrix elements of the ith-1 row and the jth-1 column in the matrix of the number of times of editing operation;
if two characters corresponding to matrix elements of an ith row and a jth column in the matrix are the same, temp =0; if two characters corresponding to matrix elements of an ith row and a jth column in the matrix are different, temp =1;
and determining the minimum number of editing operations according to the number of editing operations corresponding to each matrix element.
Optionally, the override determination module is further configured to:
if the similarity is larger than or equal to a preset similarity threshold value, determining that the system to be detected has an unauthorized vulnerability;
and if the similarity is smaller than a preset similarity threshold value, determining that the unauthorized vulnerability does not exist in the system to be detected.
Optionally, the identity modification module is further configured to:
determining whether the first service request relates to sensitive information;
if yes, executing the following steps: and modifying the first identity identifier in the first service request to obtain a second service request.
The method executed by each program unit can refer to each embodiment of the unauthorized bug detection method of the present invention, and is not described herein again.
The invention also provides an unauthorized vulnerability detection device, which comprises: the memory, the processor and the unauthorized vulnerability detection program stored on the memory and capable of running on the processor, and the method for realizing the unauthorized vulnerability detection program when being executed by the processor can refer to each embodiment of the unauthorized vulnerability detection method of the invention, and the details are not repeated here.
The invention also provides a computer storage medium.
The computer storage medium of the invention stores the unauthorized vulnerability detection program, and the unauthorized vulnerability detection program realizes the steps of the unauthorized vulnerability detection method when being executed by the processor.
The method implemented when the unauthorized vulnerability detection program running on the processor is executed may refer to each embodiment of the unauthorized vulnerability detection method of the present invention, and will not be described herein again.
The invention also provides a computer program product.
The computer program product of the present invention includes an override vulnerability detection program that, when executed by a processor, implements the steps of the override vulnerability detection method described above.
The method implemented when the unauthorized vulnerability detection program running on the processor is executed may refer to each embodiment of the unauthorized vulnerability detection method of the present invention, and will not be described herein again.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of other like elements in a process, method, article, or system comprising the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention, and all equivalent structures or equivalent processes performed by the present invention or directly or indirectly applied to other related technical fields are also included in the scope of the present invention.

Claims (7)

1. An unauthorized vulnerability detection method is characterized by comprising the following steps:
receiving a first service request including a first identity identifier of a system to be detected, and modifying the first identity identifier in the first service request to obtain a second service request;
executing the first service request and the second service request through the system to be detected to obtain first response data corresponding to the first service request and second response data corresponding to the second service request;
respectively carrying out fragmentation processing on the first response data and the second response data, and carrying out hash operation on each fragmentation data obtained by fragmentation processing to obtain a first fragmentation hash value corresponding to the first response data and a second fragmentation hash value corresponding to the second response data;
splicing the first sliced hash value to obtain a first spliced hash value, and splicing the second sliced hash value to obtain a second spliced hash value;
determining the similarity of the first splicing hash value and the second splicing hash value, and determining whether the system to be detected has an unauthorized vulnerability according to the similarity;
the step of splicing the first sliced hash value to obtain a first spliced hash value and the step of splicing the second sliced hash value to obtain a second spliced hash value comprises:
performing data extraction on the first sliced hash value to obtain a first sliced extracted hash value with a second preset character length, and performing splicing processing on the first sliced extracted hash value to obtain a first spliced hash value, wherein the second preset character length is smaller than the character length of the first sliced hash value;
performing data extraction on the second sliced hash value to obtain a second sliced extracted hash value with a second preset character length, and performing splicing processing on the second sliced extracted hash value to obtain a second spliced hash value;
the step of determining whether the system to be detected has the unauthorized vulnerability according to the similarity comprises the following steps:
if the similarity is larger than or equal to a preset similarity threshold value, determining that the system to be detected has an unauthorized vulnerability;
if the similarity is smaller than a preset similarity threshold value, determining that the system to be detected has no unauthorized loophole;
when two second service requests exist and two second splicing hash values are obtained through calculation according to the two second service requests, the similarity between the first splicing hash value and the two second splicing hash values is respectively calculated to obtain two similarity values, if at least one of the two similarity values is larger than or equal to a preset similarity threshold value, it is determined that the system to be detected has the unauthorized vulnerability, and if the two similarity values are both smaller than the preset similarity threshold value, it is determined that the system to be detected does not have the unauthorized vulnerability.
2. The unauthorized vulnerability detection method of claim 1, wherein the step of determining the similarity of the first concatenation hash value and the second concatenation hash value comprises:
calculating the minimum editing operation times of the first splicing hash value and the second splicing hash value;
and determining the similarity of the first splicing hash value and the second splicing hash value according to the sum of the character lengths of the first splicing hash value and the second splicing hash value and the minimum number of editing operations.
3. The unauthorized vulnerability detection method of claim 2, wherein the step of calculating the minimum number of editing operations of the first concatenation hash value and the second concatenation hash value comprises:
constructing an editing operation time matrix according to the character length of the first splicing hash value, the character length of the second splicing hash value, the character content of the first splicing hash value and the character content of the second splicing hash value, and performing initialization assignment on the editing operation time matrix;
circularly calculating the editing operation times corresponding to each matrix element in the editing operation time matrix according to a preset editing operation time formula; the preset editing operation frequency formula is as follows:
dp[i,j]=min(dp[i-1,j]+1,dp[i,j-1]+1,dp[i-1,j-1]+temp) ,
wherein dp [ i, j ] is the editing operation times corresponding to the matrix elements of the ith row and the jth column in the editing operation time matrix;
dp [ i-1, j ] is the number of times of editing operation corresponding to the matrix elements of the ith-1 row and jth column in the matrix of the number of times of editing operation;
dp [ i, j-1] is the editing operation times corresponding to the matrix elements of the ith row and the jth-1 column in the editing operation times matrix;
dp [ i-1, j-1] is the number of times of editing operation corresponding to the matrix elements of the ith-1 row and the jth-1 column in the matrix of the number of times of editing operation;
if two characters corresponding to matrix elements of an ith row and a jth column in the matrix are the same, temp =0; if two characters corresponding to matrix elements of an ith row and a jth column in the matrix are different, temp =1;
and determining the minimum number of editing operations according to the number of editing operations corresponding to each matrix element.
4. The unauthorized vulnerability detection method of claim 1, wherein after the step of receiving a first service request including a first identity of a system to be detected, further comprising:
determining whether the first service request relates to sensitive information;
if yes, executing the following steps: and modifying the first identity identifier in the first service request to obtain a second service request.
5. The unauthorized vulnerability detection device is characterized by comprising:
the identity modification module is used for receiving a first service request including a first identity of a system to be detected, and modifying the first identity in the first service request to obtain a second service request;
a request execution module, configured to execute the first service request and the second service request through the system to be detected, so as to obtain first response data corresponding to the first service request and second response data corresponding to the second service request;
the fragment hash module is used for respectively carrying out fragment processing on the first response data and the second response data, and carrying out hash operation on each fragment data obtained by the fragment processing to obtain a first fragment hash value corresponding to the first response data and a second fragment hash value corresponding to the second response data;
the fragment hash module is further configured to perform data extraction on the first fragment hash value to obtain a first fragment extracted hash value with a second preset character length, and perform splicing processing on the first fragment extracted hash value to obtain a first spliced hash value, where the second preset character length is smaller than the character length of the first fragment hash value;
performing data extraction on the second sliced hash value to obtain a second sliced extracted hash value with a second preset character length, and performing splicing processing on the second sliced extracted hash value to obtain a second spliced hash value;
the hash splicing module is used for splicing the first sliced hash value to obtain a first spliced hash value and splicing the second sliced hash value to obtain a second spliced hash value;
the unauthorized determination module is used for determining the similarity of the first splicing hash value and the second splicing hash value and determining whether the system to be detected has an unauthorized vulnerability according to the similarity;
the override determining module is further used for determining that the override loophole exists in the system to be detected if the similarity is larger than or equal to a preset similarity threshold;
if the similarity is smaller than a preset similarity threshold value, determining that the system to be detected has no unauthorized loophole;
when two second service requests exist and two second splicing hash values are obtained through calculation according to the two second service requests, the similarity between the first splicing hash value and the second splicing hash values is calculated respectively to obtain two similarity values, if at least one of the two similarity values is larger than or equal to a preset similarity threshold value, it is determined that the system to be detected has the unauthorized vulnerability, and if the two similarity values are smaller than the preset similarity threshold value, it is determined that the system to be detected does not have the unauthorized vulnerability.
6. An unauthorized vulnerability detection apparatus, comprising: a memory, a processor and an override vulnerability detection program stored on the memory and executable on the processor, the override vulnerability detection program when executed by the processor implementing the steps of the override vulnerability detection method of any of claims 1-4.
7. A computer storage medium having an unauthorized vulnerability detection program stored thereon, the unauthorized vulnerability detection program, when executed by a processor, implementing the steps of the unauthorized vulnerability detection method of any of claims 1-4.
CN202110722722.8A 2021-06-28 2021-06-28 Unauthorized vulnerability detection method, device, equipment and computer program product Active CN113452710B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202110722722.8A CN113452710B (en) 2021-06-28 2021-06-28 Unauthorized vulnerability detection method, device, equipment and computer program product
PCT/CN2021/134315 WO2023273139A1 (en) 2021-06-28 2021-11-30 Unauthorized access vulnerability detection method, apparatus and device, and computer program product

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110722722.8A CN113452710B (en) 2021-06-28 2021-06-28 Unauthorized vulnerability detection method, device, equipment and computer program product

Publications (2)

Publication Number Publication Date
CN113452710A CN113452710A (en) 2021-09-28
CN113452710B true CN113452710B (en) 2022-12-27

Family

ID=77813550

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110722722.8A Active CN113452710B (en) 2021-06-28 2021-06-28 Unauthorized vulnerability detection method, device, equipment and computer program product

Country Status (2)

Country Link
CN (1) CN113452710B (en)
WO (1) WO2023273139A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113452710B (en) * 2021-06-28 2022-12-27 深圳前海微众银行股份有限公司 Unauthorized vulnerability detection method, device, equipment and computer program product
CN114244581B (en) * 2021-11-29 2024-03-29 西安四叶草信息技术有限公司 Cache poisoning vulnerability detection method and device, electronic equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112217835A (en) * 2020-10-23 2021-01-12 中国工商银行股份有限公司 Message data processing method and device, server and terminal equipment
WO2021051941A1 (en) * 2019-09-18 2021-03-25 平安科技(深圳)有限公司 Information processing method and apparatus
CN112818371A (en) * 2021-02-23 2021-05-18 建信金融科技有限责任公司 Resource access control method, system, device, equipment and medium

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11323484B2 (en) * 2015-10-28 2022-05-03 Qomplx, Inc. Privilege assurance of enterprise computer network environments
CN107577949A (en) * 2017-09-05 2018-01-12 郑州云海信息技术有限公司 A kind of Web goes beyond one's commission leak detection method and system
CN107508839A (en) * 2017-09-28 2017-12-22 中国银联股份有限公司 A kind of method and apparatus for controlling web system unauthorized access
CN111125718A (en) * 2019-12-24 2020-05-08 北京三快在线科技有限公司 Unauthorized vulnerability detection method, device, equipment and storage medium
CN111416811B (en) * 2020-03-16 2022-07-22 携程旅游信息技术(上海)有限公司 Unauthorized vulnerability detection method, system, equipment and storage medium
CN112115475A (en) * 2020-08-05 2020-12-22 杭州数梦工场科技有限公司 Unauthorized vulnerability detection method and device, storage medium and computer equipment
CN112612810A (en) * 2020-12-23 2021-04-06 贝壳技术有限公司 Slow SQL statement identification method and system
CN113452710B (en) * 2021-06-28 2022-12-27 深圳前海微众银行股份有限公司 Unauthorized vulnerability detection method, device, equipment and computer program product

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021051941A1 (en) * 2019-09-18 2021-03-25 平安科技(深圳)有限公司 Information processing method and apparatus
CN112217835A (en) * 2020-10-23 2021-01-12 中国工商银行股份有限公司 Message data processing method and device, server and terminal equipment
CN112818371A (en) * 2021-02-23 2021-05-18 建信金融科技有限责任公司 Resource access control method, system, device, equipment and medium

Also Published As

Publication number Publication date
WO2023273139A1 (en) 2023-01-05
CN113452710A (en) 2021-09-28

Similar Documents

Publication Publication Date Title
EP2452287B1 (en) Anti-virus scanning
KR101832533B1 (en) Reputation checking obtained files
Crussell et al. Andarwin: Scalable detection of android application clones based on semantics
CN113452710B (en) Unauthorized vulnerability detection method, device, equipment and computer program product
EP3178011B1 (en) Method and system for facilitating terminal identifiers
WO2020000743A1 (en) Webshell detection method and related device
CN111651784A (en) Log desensitization method, device, equipment and computer readable storage medium
KR101874373B1 (en) A method and apparatus for detecting malicious scripts of obfuscated scripts
KR20120078018A (en) System and method for detecting malwares in a file based on genetic map of the file
CN114172703A (en) Malicious software identification method, device and medium
CN111813845A (en) ETL task-based incremental data extraction method, device, equipment and medium
CN113472803A (en) Vulnerability attack state detection method and device, computer equipment and storage medium
CN109145589B (en) Application program acquisition method and device
WO2021258789A1 (en) Malware recognition method, system and device, and readable storage medium
KR102318714B1 (en) Computet program for detecting software vulnerability based on binary code clone
CN116028917A (en) Authority detection method and device, storage medium and electronic equipment
CN115495740A (en) Virus detection method and device
JP6258189B2 (en) Specific apparatus, specific method, and specific program
CN114143074A (en) Webshell attack recognition device and method
CN113761576A (en) Privacy protection method and device, storage medium and electronic equipment
CN114372265A (en) Malicious program detection method and device, electronic equipment and storage medium
CN114254069A (en) Domain name similarity detection method and device and storage medium
CN112015494A (en) Third-party API tool calling method, system and device
CN106789899B (en) Cross-domain message sending method and device based on HTML5
CN111159111A (en) Information processing method, device, system and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant