CN114090931A - Information interception method, equipment, storage medium and device - Google Patents

Information interception method, equipment, storage medium and device Download PDF

Info

Publication number
CN114090931A
CN114090931A CN202111252020.4A CN202111252020A CN114090931A CN 114090931 A CN114090931 A CN 114090931A CN 202111252020 A CN202111252020 A CN 202111252020A CN 114090931 A CN114090931 A CN 114090931A
Authority
CN
China
Prior art keywords
information
interception
suspicious
list
router
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111252020.4A
Other languages
Chinese (zh)
Inventor
李进
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Panorama Intelligent Technology Co ltd
Original Assignee
Chengdu Panorama Intelligent Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Panorama Intelligent Technology Co ltd filed Critical Chengdu Panorama Intelligent Technology Co ltd
Priority to CN202111252020.4A priority Critical patent/CN114090931A/en
Publication of CN114090931A publication Critical patent/CN114090931A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/958Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/955Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
    • G06F16/9566URL specific, e.g. using aliases, detecting broken or misspelled links
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Data Mining & Analysis (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to the technical field of Internet, and discloses an information interception method, equipment, a storage medium and a device, wherein the method comprises the following steps: when suspicious information is detected to exist in router traffic, the suspicious information is sent to a user terminal, the user terminal receives an interception configuration instruction fed back by the suspicious information, characteristic information corresponding to the suspicious information is obtained, a target interception list is generated according to the characteristic information and the interception configuration instruction, information to be intercepted in the router traffic is identified according to the target interception list, and the information to be intercepted is intercepted; according to the invention, before information interception is carried out, suspicious information is sent to the user terminal so that a user can select whether to intercept according to actual requirements, and an interception list is generated according to user selection for information interception, thereby improving the interactivity of information interception and meeting the actual interception requirements of the user.

Description

Information interception method, equipment, storage medium and device
Technical Field
The present invention relates to the field of internet technologies, and in particular, to an information interception method, device, storage medium, and apparatus.
Background
At present, when a router intercepts suspicious information, the information is generally intercepted directly based on an interception rule provided by a routing manufacturer, and a user cannot participate, so that the interactivity is poor, and the actual interception requirement of the user cannot be met.
The above is only for the purpose of assisting understanding of the technical aspects of the present invention, and does not represent an admission that the above is prior art.
Disclosure of Invention
The invention mainly aims to provide an information interception method, equipment, a storage medium and a device, and aims to solve the technical problems that when a router intercepts suspicious information, the router usually intercepts the information directly based on an interception rule, and a user cannot participate in the information interception, so that the interactivity is poor, and the actual interception requirements of the user cannot be met.
In order to achieve the above object, the present invention provides an information interception method, including the following steps:
when suspicious information is detected to exist in router flow, the suspicious information is sent to a user terminal;
receiving an interception configuration instruction fed back by the user terminal according to the suspicious information;
acquiring feature information corresponding to the suspicious information, and generating a target interception list according to the feature information and the interception configuration instruction;
and identifying information to be intercepted in the router flow according to the target interception list, and intercepting the information to be intercepted.
Optionally, the step of sending the suspicious information to the user terminal when detecting that the suspicious information exists in the router traffic includes:
when suspicious information is detected to exist in router flow, acquiring the information type of the suspicious information;
and when the information type is the picture type, sending the suspicious information to a user terminal.
Optionally, after the step of obtaining the information type of the suspicious information when it is detected that the suspicious information exists in the router traffic, the method further includes:
when the information type is not the picture type, acquiring basic information of the suspicious information;
and generating reminding information according to the basic information, and sending the reminding information to a user terminal.
Optionally, the step of obtaining the information type of the suspicious information when detecting that the suspicious information exists in the router traffic includes:
when suspicious information is detected to exist in router flow, the suspicious information is sent to a server side;
receiving a verification result fed back by the server side according to the suspicious information;
and when the verification result is that the verification is passed, acquiring the information type of the suspicious information.
Optionally, the step of obtaining feature information corresponding to the suspicious information and generating a target interception list according to the feature information and the interception configuration instruction includes:
acquiring the information type of the suspicious information, and acquiring the characteristic information corresponding to the suspicious information according to the information type;
and generating a target interception list according to the characteristic information and the interception configuration instruction.
Optionally, the step of generating a target interception list according to the feature information and the interception configuration instruction includes:
acquiring user information, and generating an interception configuration strategy according to the user information and the interception configuration instruction;
and generating a target interception list according to the characteristic information and the interception configuration strategy.
Optionally, the identifying information to be intercepted in the router traffic according to the target interception list, and intercepting the information to be intercepted includes:
extracting interception features from the target interception list and acquiring traffic features of the router traffic;
matching the interception feature with the traffic feature;
and identifying the information to be intercepted in the router flow according to the matching result, and intercepting the information to be intercepted.
Optionally, before the step of sending the suspicious information to the user terminal when it is detected that the suspicious information exists in the router traffic, the method further includes:
acquiring interception configuration information from a server side, and determining an interception rule according to the interception configuration information;
acquiring router flow, and matching the router flow with the interception rule to obtain a matching result;
and detecting whether suspicious information exists in the router flow according to the matching result.
Optionally, the step of obtaining the router traffic and matching the router traffic with the interception rule to obtain a matching result includes:
acquiring router flow, and extracting content characters from the router flow;
determining the text similarity between the content characters and the interception rules through a preset text analysis model;
and judging whether the text similarity is greater than a preset threshold value or not, and generating a matching result of the router flow and the interception rule according to a judgment result.
Optionally, after the step of identifying information to be intercepted in the router traffic according to the target interception list and intercepting the information to be intercepted, the method further includes:
acquiring router information;
and generating an interception log according to the information to be intercepted and the router information, and sending the interception log to a server side.
Optionally, after the step of generating an interception log according to the information to be intercepted and the router information, and sending the interception log to a server, the method further includes:
receiving list updating information fed back by the server according to the interception log;
and updating the target interception list according to the list updating information to obtain an updated target interception list.
Optionally, the step of updating the target interception list according to the list update information to obtain an updated target interception list includes:
sending the list updating information to the user terminal, and receiving confirmation information fed back by the user terminal according to the list updating information;
and when the confirmation information is confirmation update, updating the target interception list according to the list update information to obtain an updated target interception list.
In addition, to achieve the above object, the present invention further provides an information interception apparatus, which includes a memory, a processor, and an information interception program stored on the memory and operable on the processor, where the information interception program is configured to implement the information interception method as described above.
In addition, to achieve the above object, the present invention further provides a storage medium having an information interception program stored thereon, wherein the information interception program, when executed by a processor, implements the information interception method as described above.
In addition, to achieve the above object, the present invention further provides an information intercepting apparatus, including: the system comprises an information sending module, an instruction receiving module, a list generating module and an information intercepting module;
the information sending module is used for sending suspicious information to the user terminal when detecting that the suspicious information exists in the router flow;
the instruction receiving module is used for receiving an interception configuration instruction fed back by the user terminal according to the suspicious information;
the list generating module is used for acquiring the characteristic information corresponding to the suspicious information and generating a target interception list according to the characteristic information and the interception configuration instruction;
and the information interception module is used for identifying the information to be intercepted in the router flow according to the target interception list and intercepting the information to be intercepted.
Optionally, the information sending module is further configured to, when suspicious information is detected to exist in router traffic, obtain an information type of the suspicious information;
the information sending module is further configured to send the suspicious information to the user terminal when the information type is the picture type.
Optionally, the information sending module is further configured to obtain basic information of the suspicious information when the information type is not a picture type;
and the information sending module is also used for generating reminding information according to the basic information and sending the reminding information to the user terminal.
Optionally, the information sending module is further configured to send suspicious information to a server when the suspicious information is detected to exist in router traffic;
the information sending module is further used for receiving a verification result fed back by the server according to the suspicious information;
the information sending module is further configured to obtain the information type of the suspicious information when the verification result is that the verification is passed.
Optionally, the list generating module is further configured to obtain an information type of the suspicious information, and obtain feature information corresponding to the suspicious information according to the information type;
and the list generation module is also used for generating a target interception list according to the characteristic information and the interception configuration instruction.
Optionally, the list generating module is further configured to obtain user information, and generate an interception configuration policy according to the user information and the interception configuration instruction;
and the list generation module is also used for generating a target interception list according to the characteristic information and the interception configuration strategy.
The invention discloses that when suspicious information exists in router flow, the suspicious information is sent to a user terminal, the interception configuration instruction fed back by the user terminal according to the suspicious information is received, characteristic information corresponding to the suspicious information is obtained, a target interception list is generated according to the characteristic information and the interception configuration instruction, information to be intercepted in the router flow is identified according to the target interception list, and the information to be intercepted is intercepted; according to the invention, before information interception is carried out, suspicious information is sent to the user terminal so that a user can select whether to intercept according to actual requirements, and an interception list is generated according to user selection for information interception, thereby improving the interactivity of information interception and meeting the actual interception requirements of the user.
Drawings
Fig. 1 is a schematic structural diagram of an information intercepting device of a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a first embodiment of an information interception method according to the present invention;
FIG. 3 is a flowchart illustrating a second embodiment of an information interception method according to the present invention;
FIG. 4 is a flowchart illustrating a third embodiment of an information interception method according to the present invention;
fig. 5 is a block diagram of an information intercepting apparatus according to a first embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, fig. 1 is a schematic structural diagram of an information intercepting device in a hardware operating environment according to an embodiment of the present invention.
As shown in fig. 1, the information intercepting apparatus may include: a processor 1001, such as a Central Processing Unit (CPU), a communication bus 1002, a user interface 1003, a network interface 1004, and a memory 1005. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may include a Display screen (Display), and the optional user interface 1003 may further include a standard wired interface and a wireless interface, and the wired interface for the user interface 1003 may be a USB interface in the present invention. The network interface 1004 may optionally include a standard wired interface, a WIreless interface (e.g., a WIreless-FIdelity (WI-FI) interface). The Memory 1005 may be a Random Access Memory (RAM) Memory or a Non-volatile Memory (NVM), such as a disk Memory. The memory 1005 may alternatively be a storage device separate from the processor 1001.
Those skilled in the art will appreciate that the configuration shown in fig. 1 does not constitute a limitation of the information intercepting apparatus and may include more or less components than those shown, or some components may be combined, or a different arrangement of components.
As shown in fig. 1, a memory 1005, identified as one of the computer storage media, may include an operating system, a network communication module, a user interface module, and an information interception program therein.
In the information interception apparatus shown in fig. 1, the network interface 1004 is mainly used for connecting to a backend server and performing data communication with the backend server; the user interface 1003 is mainly used for connecting user equipment; the information interception device calls an information interception program stored in the memory 1005 through the processor 1001, and executes the information interception method provided by the embodiment of the present invention.
Based on the hardware structure, the embodiment of the information interception method is provided.
Referring to fig. 2, fig. 2 is a flowchart illustrating a first embodiment of an information interception method according to the present invention.
In a first embodiment, the information interception method includes the steps of:
step S10: and when suspicious information is detected to exist in the router flow, sending the suspicious information to a user terminal.
It should be understood that the executing body of the method of this embodiment may be an information intercepting device having data processing, network communication and program running functions, for example, a router or the like, or other electronic devices capable of implementing the same or similar functions, which is not limited in this embodiment.
It should be noted that the suspicious information may be information that satisfies the interception rule in the router traffic. Wherein, the interception rule can be preset.
In a particular implementation, for example, the interception rule may be "keystr": adv.
It is understood that the sending of the suspicious information to the user terminal may be sending the suspicious information directly to the user terminal so that the user can completely know the suspicious information.
Step S20: and receiving an interception configuration instruction fed back by the user terminal according to the suspicious information.
It can be understood that the user terminal can display the suspicious information and generate the interception button after receiving the suspicious information, the user can send an interception configuration instruction by clicking the interception button, and the user terminal sends the interception configuration instruction to the router.
Step S30: and acquiring feature information corresponding to the suspicious information, and generating a target interception list according to the feature information and the interception configuration instruction.
It should be noted that the feature information may be at least one of a URL, information content, and an application to which the information belongs, and this embodiment is not limited thereto.
It should be understood that, according to the feature information and the interception configuration instruction, when the interception configuration instruction is interception, the feature information is added into the initial interception list to obtain a target interception list; and when the interception configuration instruction is not intercepted, deleting the characteristic information from the initial interception list to obtain a target interception list. Wherein, the initial interception list can be preset.
Step S40: and identifying information to be intercepted in the router flow according to the target interception list, and intercepting the information to be intercepted.
It can be understood that, identifying the information to be intercepted in the router traffic according to the target interception list may be matching the information in the router traffic with the target interception list, and using the information in the router traffic whose matching result is successful as the information to be intercepted.
In the first embodiment, the method discloses that when suspicious information is detected to exist in router traffic, the suspicious information is sent to a user terminal, an interception configuration instruction fed back by the user terminal according to the suspicious information is received, feature information corresponding to the suspicious information is obtained, a target interception list is generated according to the feature information and the interception configuration instruction, information to be intercepted in the router traffic is identified according to the target interception list, and the information to be intercepted is intercepted; in the embodiment, before information interception, suspicious information is sent to the user terminal, so that a user can select whether to intercept the information according to actual requirements, and an interception list is generated according to user selection to intercept the information, thereby improving the interactivity of information interception and meeting the actual interception requirements of the user.
Referring to fig. 3, fig. 3 is a flowchart illustrating a second embodiment of the information interception method according to the present invention, and the second embodiment of the information interception method according to the present invention is proposed based on the first embodiment shown in fig. 2.
In the second embodiment, the step S10 includes:
step S101: and when suspicious information is detected to exist in the router flow, acquiring the information type of the suspicious information.
It should be understood that in practical applications, different types of suspicious information correspond to different transmission contents. Therefore, in this embodiment, the information type of the suspicious information needs to be obtained first.
It should be noted that the information type may include a picture type and a non-picture type.
Further, the router itself is only used for detecting the suspicious information, and the situation of misjudgment can exist. The step S101 includes:
when suspicious information is detected to exist in router flow, the suspicious information is sent to a server side;
receiving a verification result fed back by the server side according to the suspicious information;
and when the verification result is that the verification is passed, acquiring the information type of the suspicious information.
It can be understood that, after receiving the suspicious information, the server may invoke a verification engine to verify the suspicious information, and when the verification passes, it indicates that no misjudgment occurs in the router and the suspicious information needs to be intercepted; when the verification fails, the router is judged to be misjudged, and the suspicious information does not need to be intercepted. The verification engine is used for verifying whether the router has misjudgment or not, and can be updated in real time.
It should be understood that when the verification result is that the verification is passed, the router does not make a false judgment, and the suspicious information needs to be intercepted, so that subsequent steps need to be performed.
And when the verification result is that the verification fails, the router is judged to be misjudged, and the suspicious information does not need to be intercepted. At this time, it is necessary to generate erroneous judgment prompting information.
Step S102: and when the information type is the picture type, sending the suspicious information to a user terminal.
It can be understood that when the information type is the image type, the suspicious information is directly displayed on the user terminal, so that the user can visually know the suspicious information. Therefore, in this example, when the information type is the picture type, the suspicious information is sent to the user terminal.
Further, when the information type is not the picture type, the suspicious information includes a plurality of interference information, and if the suspicious information is directly sent to the user terminal, the user may not accurately know the suspicious content. Therefore, in order to overcome the above-mentioned drawback, after step S101, the method further includes:
when the information type is not the picture type, acquiring basic information of the suspicious information;
and generating reminding information according to the basic information, and sending the reminding information to a user terminal.
It should be noted that the basic information may include information such as an application to which the information belongs, a type of the information, a position where the information appears in the screen, and a URL of the data stream.
It should be understood that the reminder may be that some type of suspicious information is present at some location within some application.
In a second embodiment, the method discloses that when suspicious information is detected to exist in router flow, the information type of the suspicious information is obtained, and when the information type is a picture type, the suspicious information is sent to a user terminal; in the embodiment, the suspicious information is of the picture type, and can be directly sent to the user terminal for displaying, so that the picture type suspicious information can be visually displayed at the user terminal, and a user can know more details of the suspicious information conveniently.
In the second embodiment, the step S30 includes:
step S301: and acquiring the information type of the suspicious information, and acquiring the characteristic information corresponding to the suspicious information according to the information type.
It should be understood that when interception is performed, different types of information correspond to different interception features. Therefore, in this embodiment, the information type of the suspicious information needs to be obtained first, and the feature information corresponding to the suspicious information is obtained according to the information type.
It should be noted that the feature information may be at least one of a URL, information content, and an application to which the information belongs, and this embodiment is not limited thereto.
It can be understood that the feature information corresponding to the suspicious information is obtained according to the information type, and the feature information corresponding to the information type is searched in the preset information table. The preset information table comprises a corresponding relation between the information type and the characteristic information, and the corresponding relation between the information type and the characteristic information can be pre-recorded.
Step S302: and generating a target interception list according to the characteristic information and the interception configuration instruction.
It should be understood that, according to the feature information and the interception configuration instruction, when the interception configuration instruction is interception, the feature information is added into the initial interception list to obtain a target interception list; and when the interception configuration instruction is not intercepted, deleting the characteristic information from the initial interception list to obtain a target interception list. Wherein, the initial interception list can be preset.
Further, different users have different configuration habits. Therefore, in order to improve the user experience, the step S302 includes:
acquiring user information, and generating an interception configuration strategy according to the user information and the interception configuration instruction;
and generating a target interception list according to the characteristic information and the interception configuration strategy.
It should be noted that the user information may include a history configuration record, user account information, and the like.
The interception configuration policy may be full information interception or partial information interception, which is not limited in this embodiment.
It can be understood that, the generating of the interception configuration policy according to the user information and the interception configuration instruction may be to use the user information and the interception configuration information as reference information, and search for an interception configuration policy corresponding to the reference information in a preset policy table. The preset policy table includes a corresponding relationship between the reference information and the interception configuration policy, and the corresponding relationship between the reference information and the interception configuration policy may be pre-entered.
In a second embodiment, the method comprises the steps of obtaining an information type of suspicious information, obtaining feature information corresponding to the suspicious information according to the information type, and generating a target interception list according to the feature information and an interception configuration instruction; in the embodiment, different target interception lists can be generated according to different suspicious information, so that the reliability of the target interception lists is improved.
In the second embodiment, step S40 includes:
step S401: and extracting interception features from the target interception list, and acquiring the traffic features of the router traffic.
It should be understood that, in practical application, matching the router traffic with the target interception list one by one results in large data volume and slow data processing. Therefore, in order to overcome the above defect, in this embodiment, the interception feature may be extracted from the target interception list, the traffic feature of the router traffic may be obtained, and the information to be intercepted in the router traffic may be determined according to the interception feature and the traffic feature.
It should be noted that the interception feature may be at least one of a URL, information content, and an application to which the information belongs, and this embodiment is not limited thereto.
Step S402: and matching the interception feature with the flow feature.
It can be understood that the step of matching the interception feature with the traffic feature may be determining a text similarity between the interception feature and the traffic feature through a preset text analysis model, and generating a matching result between the interception feature and the traffic feature according to the text similarity.
Step S403: and identifying the information to be intercepted in the router flow according to the matching result, and intercepting the information to be intercepted.
It should be understood that, the identification of the information to be intercepted in the router traffic according to the matching result may be to use the information in the router traffic whose matching result is successful as the information to be intercepted.
Or extracting the interception features from the target interception list, acquiring the traffic features of the router traffic, matching the interception features with the traffic features, identifying the information to be intercepted in the router traffic according to the matching result, and intercepting the information to be intercepted.
It should be noted that the interception feature may be at least one of a URL, information content, and an application to which the information belongs, and this embodiment is not limited thereto.
It can be understood that the step of matching the interception feature with the traffic feature may be determining a text similarity between the interception feature and the traffic feature through a preset text analysis model, and generating a matching result between the interception feature and the traffic feature according to the text similarity.
In the second embodiment, the method discloses that interception features are extracted from a target interception list, flow features of router flow are obtained, the interception features are matched with the flow features, information to be intercepted in the router flow is identified according to matching results, and the information to be intercepted is intercepted; the identification process of the information to be intercepted can be simplified in the embodiment, so that the identification speed of the information to be intercepted is increased, and the information interception speed is increased.
Referring to fig. 4, fig. 4 is a flowchart illustrating an information interception method according to a third embodiment of the present invention, and the third embodiment of the information interception method is proposed based on the first embodiment shown in fig. 2.
In the third embodiment, before the step S10, the method further includes:
step S01: acquiring interception configuration information from a server side, and determining an interception rule according to the interception configuration information.
It should be noted that the interception configuration information may be stored in the server in advance, and the interception configuration information may include information such as an interception rule, an information type, an application to which the information belongs, and a position where the information appears in the screen.
In a specific implementation, for example, when the interception configuration information is configuration information { "appid":9863169, "type":1, "keystr": adv. kuaikuaica. com/openapp. png "," local ":4}," keystr ": adv. kuaikuaica. com" indicates the interception rule, "type":1 indicates that the information type is embedded advertisement, "appid":9863169 indicates the application to which the information belongs, and "local":4 indicates the position where the information appears in the screen.
It should be understood that the router may obtain the interception configuration information from the server side at preset time intervals to ensure timeliness of the interception configuration information. Wherein the preset time period may be preset.
It is to be understood that determining the interception rule according to the interception configuration information may be extracting the interception rule from the interception configuration information according to the information identification. Wherein the information identifier is used for representing the information content.
Step S02: and acquiring router flow, and matching the router flow with the interception rule to obtain a matching result.
It should be understood that, matching the router traffic with the interception rule, and obtaining the matching result may be matching the router traffic with the interception rule one by one, and obtaining the matching result.
Furthermore, the router flow and the interception rule are matched one by one, so that the calculation amount is large, and the processing speed is low. In order to overcome the above drawback, step S02 includes:
acquiring router flow, and extracting content characters from the router flow;
determining the text similarity between the content characters and the interception rules through a preset text analysis model;
and judging whether the text similarity is greater than a preset threshold value or not, and generating a matching result of the router flow and the interception rule according to a judgment result.
It should be appreciated that extracting the content characters from the router traffic may be invoking a preset character recognition script to extract the content characters from the router traffic. Wherein the preset character recognition script may be preset.
It should be noted that the predetermined text analysis model may be at least one of a euclidean distance model, a cosine distance model, and a Jacard similarity model, which is not limited in this embodiment.
The text similarity is used for representing a similarity program between the content characters and the interception rule, and the larger the text similarity is, the more similar the content characters are to the interception rule.
It can be understood that when the text similarity is greater than the preset threshold, the content characters are similar to the interception rule, and it can be determined that the router traffic is successfully matched with the interception rule.
Step S03: and detecting whether suspicious information exists in the router flow according to the matching result.
It should be understood that, detecting whether suspicious information exists in the router traffic according to the matching result may be determining that suspicious information exists in the router traffic when the matching result is that matching is successful; and when the matching result is matching failure, judging that no suspicious information exists in the router flow.
In a specific implementation, for example, the router traffic is matched with "keystr" adv. Thus, it may be determined that suspicious information is present in the router traffic.
In the third embodiment, the method discloses that interception configuration information is obtained from a server side, an interception rule is determined according to the interception configuration information, router traffic is obtained, the router traffic is matched with the interception rule to obtain a matching result, and whether suspicious information exists in the router traffic is detected according to the matching result; in the embodiment, whether suspicious information exists in the router flow is detected through the interception rule in the interception configuration information, so that the accuracy of suspicious information detection can be improved.
In the third embodiment, after the step S40, the method further includes:
step S50: and acquiring the router information.
It should be understood that after intercepting the information to be intercepted, an interception log needs to be generated for the user to query. Therefore, in this embodiment, the interception log is generated according to the information to be intercepted and the router information.
It should be noted that the router information may include information such as a router identifier, a router model, and a router operation duration.
Step S60: and generating an interception log according to the information to be intercepted and the router information, and sending the interception log to a server side.
It can be understood that, generating the interception log according to the information to be intercepted and the router information may be to perform information aggregation on the information to be intercepted and the router information to obtain the interception log.
Further, in practical applications, there may also be a situation of an interception error. Therefore, in order to facilitate the server to remotely update the interception list, after step S60, the method further includes:
receiving list updating information fed back by the server according to the interception log;
and updating the target interception list according to the list updating information to obtain an updated target interception list.
It should be noted that the list update information may include interception feature addition information, interception feature deletion information, and interception feature modification information.
It should be understood that the updating of the target interception list according to the list updating information may be adding, deleting or modifying interception features in the target interception list according to the list updating information.
Further, the user can know the updating condition of the list conveniently. Therefore, the step of updating the target interception list according to the list update information to obtain an updated target interception list includes:
sending the list updating information to the user terminal, and receiving confirmation information fed back by the user terminal according to the list updating information;
and when the confirmation information is confirmation update, updating the target interception list according to the list update information to obtain an updated target interception list.
It can be understood that, after receiving the list update information, the user terminal may display the list update information and generate an update confirmation button, and the user may send the confirmation information by clicking the update confirmation button, and the user terminal sends the confirmation information to the router.
In the third embodiment, the method comprises the steps of obtaining router information, generating an interception log according to information to be intercepted and the router information, and sending the interception log to a server side; in the embodiment, the interception logs can be automatically generated and sent to the server, so that the visibility of the interception information is ensured.
In addition, an embodiment of the present invention further provides a storage medium, where an information interception program is stored on the storage medium, and the information interception program, when executed by a processor, implements the information interception method described above.
In addition, referring to fig. 5, an embodiment of the present invention further provides an information intercepting apparatus, where the information intercepting apparatus includes: the system comprises an information sending module 10, an instruction receiving module 20, a list generating module 30 and an information intercepting module 40;
the information sending module 10 is configured to send suspicious information to a user terminal when detecting that the suspicious information exists in router traffic.
It should be noted that the suspicious information may be information that satisfies the interception rule in the router traffic. Wherein, the interception rule can be preset.
In a particular implementation, for example, the interception rule may be "keystr": adv.
It is understood that the sending of the suspicious information to the user terminal may be sending the suspicious information directly to the user terminal so that the user can completely know the suspicious information.
The instruction receiving module 20 is configured to receive an interception configuration instruction fed back by the user terminal according to the suspicious information.
It can be understood that the user terminal can display the suspicious information and generate the interception button after receiving the suspicious information, the user can send an interception configuration instruction by clicking the interception button, and the user terminal sends the interception configuration instruction to the router.
The list generating module 30 is configured to obtain feature information corresponding to the suspicious information, and generate a target interception list according to the feature information and the interception configuration instruction.
It should be noted that the feature information may be at least one of a URL, information content, and an application to which the information belongs, and this embodiment is not limited thereto.
It should be understood that, according to the feature information and the interception configuration instruction, when the interception configuration instruction is interception, the feature information is added into the initial interception list to obtain a target interception list; and when the interception configuration instruction is not intercepted, deleting the characteristic information from the initial interception list to obtain a target interception list. Wherein, the initial interception list can be preset.
The information intercepting module 40 is configured to identify information to be intercepted in the router traffic according to the target intercepting list, and intercept the information to be intercepted.
It can be understood that, identifying the information to be intercepted in the router traffic according to the target interception list may be matching the information in the router traffic with the target interception list, and using the information in the router traffic whose matching result is successful as the information to be intercepted.
Or extracting the interception features from the target interception list, acquiring the traffic features of the router traffic, matching the interception features with the traffic features, identifying the information to be intercepted in the router traffic according to the matching result, and intercepting the information to be intercepted.
It should be noted that the interception feature may be at least one of a URL, information content, and an application to which the information belongs, and this embodiment is not limited thereto.
It can be understood that the step of matching the interception feature with the traffic feature may be determining a text similarity between the interception feature and the traffic feature through a preset text analysis model, and generating a matching result between the interception feature and the traffic feature according to the text similarity.
In this embodiment, it is disclosed that when suspicious information is detected in router traffic, the suspicious information is sent to a user terminal, an interception configuration instruction fed back by the user terminal according to the suspicious information is received, feature information corresponding to the suspicious information is obtained, a target interception list is generated according to the feature information and the interception configuration instruction, information to be intercepted in the router traffic is identified according to the target interception list, and the information to be intercepted is intercepted; in the embodiment, before information interception, suspicious information is sent to the user terminal, so that a user can select whether to intercept the information according to actual requirements, and an interception list is generated according to user selection to intercept the information, thereby improving the interactivity of information interception and meeting the actual interception requirements of the user.
Other embodiments or specific implementation manners of the information intercepting apparatus of the present invention may refer to the above method embodiments, and are not described herein again.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of the words first, second, third, etc. do not denote any order, but rather the words first, second, third, etc. are to be interpreted as names.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention or portions thereof that contribute to the prior art may be embodied in the form of a software product, where the computer software product is stored in a storage medium (e.g., a Read Only Memory (ROM)/Random Access Memory (RAM), a magnetic disk, an optical disk), and includes several instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
The invention discloses A1 and an information interception method, which comprises the following steps:
when suspicious information is detected to exist in router flow, the suspicious information is sent to a user terminal;
receiving an interception configuration instruction fed back by the user terminal according to the suspicious information;
acquiring feature information corresponding to the suspicious information, and generating a target interception list according to the feature information and the interception configuration instruction;
and identifying information to be intercepted in the router flow according to the target interception list, and intercepting the information to be intercepted.
The information interception method according to a2 or a1, wherein the step of sending the suspicious information to the user terminal when the suspicious information is detected to exist in the router traffic includes:
when suspicious information is detected to exist in router flow, acquiring the information type of the suspicious information;
and when the information type is the picture type, sending the suspicious information to a user terminal.
The information interception method according to A3 and according to a2, after the step of obtaining the information type of the suspicious information when the suspicious information is detected to exist in the router traffic, the method further includes:
when the information type is not the picture type, acquiring basic information of the suspicious information;
and generating reminding information according to the basic information, and sending the reminding information to a user terminal.
A4, the information interception method according to a2, wherein the step of obtaining the information type of the suspicious information when the suspicious information is detected to exist in the router traffic includes:
when suspicious information is detected to exist in router flow, the suspicious information is sent to a server side;
receiving a verification result fed back by the server side according to the suspicious information;
and when the verification result is that the verification is passed, acquiring the information type of the suspicious information.
A5, the information interception method according to a1, wherein the step of obtaining the feature information corresponding to the suspicious information and generating a target interception list according to the feature information and the interception configuration instruction includes:
acquiring the information type of the suspicious information, and acquiring the characteristic information corresponding to the suspicious information according to the information type;
and generating a target interception list according to the characteristic information and the interception configuration instruction.
A6, the information interception method of A5, wherein the step of generating a target interception list according to the feature information and the interception configuration instruction includes:
acquiring user information, and generating an interception configuration strategy according to the user information and the interception configuration instruction;
and generating a target interception list according to the characteristic information and the interception configuration strategy.
The information intercepting method according to any one of a1-a6, as described in a7, wherein the step of identifying information to be intercepted in the router traffic according to the target interception list and intercepting the information to be intercepted includes:
extracting interception features from the target interception list and acquiring traffic features of the router traffic;
matching the interception feature with the traffic feature;
and identifying the information to be intercepted in the router flow according to the matching result, and intercepting the information to be intercepted.
The information interception method according to any of A8 and a1-a6, wherein before the step of sending the suspicious information to the user terminal when the suspicious information is detected to exist in the router traffic, the method further includes:
acquiring interception configuration information from a server side, and determining an interception rule according to the interception configuration information;
acquiring router flow, and matching the router flow with the interception rule to obtain a matching result;
and detecting whether suspicious information exists in the router flow according to the matching result.
A9, the information interception method according to A8, wherein the step of obtaining the router traffic and matching the router traffic with the interception rule to obtain the matching result includes:
acquiring router flow, and extracting content characters from the router flow;
determining the text similarity between the content characters and the interception rules through a preset text analysis model;
and judging whether the text similarity is greater than a preset threshold value or not, and generating a matching result of the router flow and the interception rule according to a judgment result.
The information intercepting method according to any one of a1-a6, as recited in a10, further including, after the step of identifying information to be intercepted in the router traffic according to the target interception list and intercepting the information to be intercepted:
acquiring router information;
and generating an interception log according to the information to be intercepted and the router information, and sending the interception log to a server side.
A11, the information intercepting method as in a10, further comprising, after the step of generating an interception log according to the information to be intercepted and the router information, and sending the interception log to a server:
receiving list updating information fed back by the server according to the interception log;
and updating the target interception list according to the list updating information to obtain an updated target interception list.
A12, the information intercepting method according to a11, wherein the step of updating the target intercepting list according to the list updating information to obtain an updated target intercepting list includes:
sending the list updating information to the user terminal, and receiving confirmation information fed back by the user terminal according to the list updating information;
and when the confirmation information is confirmation update, updating the target interception list according to the list update information to obtain an updated target interception list.
The invention also discloses B13 and an information interception device, wherein the information interception device comprises: the information interception program comprises a memory, a processor and an information interception program which is stored on the memory and can run on the processor, wherein when the information interception program is executed by the processor, the information interception program realizes the method such as the method information interception method.
The invention also discloses C14 and a storage medium, wherein the storage medium is stored with an information interception program, and the information interception program is executed by the processor to realize the information interception method such as the method.
The invention also discloses D15 and an information interception device, wherein the information interception device comprises: the system comprises an information sending module, an instruction receiving module, a list generating module and an information intercepting module;
the information sending module is used for sending suspicious information to the user terminal when detecting that the suspicious information exists in the router flow;
the instruction receiving module is used for receiving an interception configuration instruction fed back by the user terminal according to the suspicious information;
the list generating module is used for acquiring the characteristic information corresponding to the suspicious information and generating a target interception list according to the characteristic information and the interception configuration instruction;
and the information interception module is used for identifying the information to be intercepted in the router flow according to the target interception list and intercepting the information to be intercepted.
D16, the information interception apparatus according to D15, where the information sending module is further configured to obtain an information type of suspicious information when the suspicious information is detected in router traffic;
the information sending module is further configured to send the suspicious information to the user terminal when the information type is the picture type.
D17, the information intercepting apparatus as described in D16, the information sending module is further configured to obtain basic information of the suspicious information when the information type is not a picture type;
and the information sending module is also used for generating reminding information according to the basic information and sending the reminding information to the user terminal.
D18, the information interception apparatus according to D16, where the information sending module is further configured to send suspicious information to the server when detecting that the suspicious information exists in the router traffic;
the information sending module is further used for receiving a verification result fed back by the server according to the suspicious information;
the information sending module is further configured to obtain the information type of the suspicious information when the verification result is that the verification is passed.
D19, the information interception apparatus according to D15, the list generation module is further configured to obtain an information type of the suspicious information, and obtain feature information corresponding to the suspicious information according to the information type;
and the list generation module is also used for generating a target interception list according to the characteristic information and the interception configuration instruction.
D20, the information intercepting apparatus as described in D19, the list generating module is further configured to obtain user information, and generate an intercepting configuration policy according to the user information and the intercepting configuration instruction;
and the list generation module is also used for generating a target interception list according to the characteristic information and the interception configuration strategy.

Claims (10)

1. An information interception method, characterized by comprising the steps of:
when suspicious information is detected to exist in router flow, the suspicious information is sent to a user terminal;
receiving an interception configuration instruction fed back by the user terminal according to the suspicious information;
acquiring feature information corresponding to the suspicious information, and generating a target interception list according to the feature information and the interception configuration instruction;
and identifying information to be intercepted in the router flow according to the target interception list, and intercepting the information to be intercepted.
2. The information interception method according to claim 1, wherein the step of sending the suspicious information to the user terminal when detecting that the suspicious information exists in the router traffic includes:
when suspicious information is detected to exist in router flow, acquiring the information type of the suspicious information;
and when the information type is the picture type, sending the suspicious information to a user terminal.
3. The information interception method according to claim 2, wherein after the step of obtaining the information type of the suspicious information when the suspicious information is detected to exist in the router traffic, the method further comprises:
when the information type is not the picture type, acquiring basic information of the suspicious information;
and generating reminding information according to the basic information, and sending the reminding information to a user terminal.
4. The information interception method according to claim 2, wherein the step of obtaining the information type of the suspicious information when detecting that the suspicious information exists in the router traffic includes:
when suspicious information is detected to exist in router flow, the suspicious information is sent to a server side;
receiving a verification result fed back by the server side according to the suspicious information;
and when the verification result is that the verification is passed, acquiring the information type of the suspicious information.
5. The information interception method according to claim 1, wherein the step of obtaining feature information corresponding to the suspicious information and generating a target interception list according to the feature information and the interception configuration instruction includes:
acquiring the information type of the suspicious information, and acquiring the characteristic information corresponding to the suspicious information according to the information type;
and generating a target interception list according to the characteristic information and the interception configuration instruction.
6. The information interception method according to claim 5, wherein said step of generating a target interception list according to said feature information and said interception configuration instruction comprises:
acquiring user information, and generating an interception configuration strategy according to the user information and the interception configuration instruction;
and generating a target interception list according to the characteristic information and the interception configuration strategy.
7. The information interception method according to any of claims 1-6, wherein said step of identifying information to be intercepted in said router traffic according to said target interception list and intercepting said information to be intercepted includes:
extracting interception features from the target interception list and acquiring traffic features of the router traffic;
matching the interception feature with the traffic feature;
and identifying the information to be intercepted in the router flow according to the matching result, and intercepting the information to be intercepted.
8. An information intercepting apparatus, comprising: a memory, a processor, and an information interception program stored on the memory and executable on the processor, the information interception program implementing the information interception method of any one of claims 1 to 7 when executed by the processor.
9. A storage medium having an information interception program stored thereon, the information interception program implementing the information interception method according to any one of claims 1 to 7 when executed by a processor.
10. An information intercepting apparatus, characterized by comprising: the system comprises an information sending module, an instruction receiving module, a list generating module and an information intercepting module;
the information sending module is used for sending suspicious information to the user terminal when detecting that the suspicious information exists in the router flow;
the instruction receiving module is used for receiving an interception configuration instruction fed back by the user terminal according to the suspicious information;
the list generating module is used for acquiring the characteristic information corresponding to the suspicious information and generating a target interception list according to the characteristic information and the interception configuration instruction;
and the information interception module is used for identifying the information to be intercepted in the router flow according to the target interception list and intercepting the information to be intercepted.
CN202111252020.4A 2021-10-26 2021-10-26 Information interception method, equipment, storage medium and device Pending CN114090931A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111252020.4A CN114090931A (en) 2021-10-26 2021-10-26 Information interception method, equipment, storage medium and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111252020.4A CN114090931A (en) 2021-10-26 2021-10-26 Information interception method, equipment, storage medium and device

Publications (1)

Publication Number Publication Date
CN114090931A true CN114090931A (en) 2022-02-25

Family

ID=80297766

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111252020.4A Pending CN114090931A (en) 2021-10-26 2021-10-26 Information interception method, equipment, storage medium and device

Country Status (1)

Country Link
CN (1) CN114090931A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117278948A (en) * 2023-09-18 2023-12-22 江苏力争信息科技有限公司 System and method for discriminating short message type of enterprise short message

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117278948A (en) * 2023-09-18 2023-12-22 江苏力争信息科技有限公司 System and method for discriminating short message type of enterprise short message
CN117278948B (en) * 2023-09-18 2024-05-14 江苏力争信息科技有限公司 System and method for discriminating short message type of enterprise short message

Similar Documents

Publication Publication Date Title
CN113098870B (en) Phishing detection method and device, electronic equipment and storage medium
CN105704005B (en) Malicious user reporting method and device, and reported information processing method and device
CN109241709B (en) User behavior identification method and device based on slider verification code verification
CN108427731B (en) Page code processing method and device, terminal equipment and medium
JP6500086B2 (en) Two-dimensional code analysis method and apparatus, computer-readable storage medium, computer program, and terminal device
CN109271762B (en) User authentication method and device based on slider verification code
CN109547426B (en) Service response method and server
CN106294317A (en) The form information method of calibration at a kind of cloud platform interface and system
CN116366338B (en) Risk website identification method and device, computer equipment and storage medium
CN113190838A (en) Web attack behavior detection method and system based on expression
CN114090931A (en) Information interception method, equipment, storage medium and device
CN113438225B (en) Vehicle-mounted terminal vulnerability detection method, system, equipment and storage medium
CN107623696B (en) User identity verification method and device based on user behavior characteristics
CN112699369A (en) Method and device for detecting abnormal login through stack backtracking
CN110795706B (en) Hash-based verification method, equipment, storage medium and device
CN110503504B (en) Information identification method, device and equipment of network product
CN109361707B (en) Batch query method, device, server and storage medium
CN114866434B (en) Network asset security assessment method and application
CN108182355B (en) Login verification method, server and computer readable storage medium
CN114745681A (en) Rich media information display method and device and computer storage medium
CN114201701A (en) Method and device for identifying operating environment, storage medium, server and client
CN114398994A (en) Method, device, equipment and medium for detecting business abnormity based on image identification
CN111625805B (en) Verification method, verification device, electronic equipment and storage medium
CN113923190A (en) Method and device for identifying equipment identification jump, server and storage medium
CN108924270B (en) Method for updating terminal contact information, server and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination