CN114357446A - Method, system, equipment and storage medium for improving computer security performance - Google Patents
Method, system, equipment and storage medium for improving computer security performance Download PDFInfo
- Publication number
- CN114357446A CN114357446A CN202111611707.2A CN202111611707A CN114357446A CN 114357446 A CN114357446 A CN 114357446A CN 202111611707 A CN202111611707 A CN 202111611707A CN 114357446 A CN114357446 A CN 114357446A
- Authority
- CN
- China
- Prior art keywords
- link
- user
- url
- domain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 58
- 238000004590 computer program Methods 0.000 claims description 4
- 230000002708 enhancing effect Effects 0.000 claims description 4
- 230000008569 process Effects 0.000 description 31
- 238000004891 communication Methods 0.000 description 10
- 230000006399 behavior Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention provides a method for improving the safety performance of a computer, which comprises the following steps: acquiring mail information to be analyzed selected by a user; retrieving the mail to be analyzed from the mailbox based on the information of the mail to be analyzed; writing an interception code in the mail to be analyzed to obtain a new mail; sending the new mail to a user; judging whether the user clicks a link in the new mail or not; if yes, entering the next step; sending the URL of the link to a link analysis server; acquiring a link path of the URL; sending to the computing device the names of all domains in the link path and the input URL for each domain; displaying the path domain and the button for accessing each domain at the user terminal; judging whether a user clicks a button or not; if yes, directly connecting to the input URL of the selected domain at the user side; otherwise, returning to judge whether the user clicks the link in the new mail.
Description
Technical Field
The invention relates to the technical field of computer security, in particular to a method, a system, equipment and a storage medium for improving the security performance of a computer.
Background
Phishing links entice users to visit malicious websites that then impersonate known websites (e.g., bank websites) or immediately install malware on the user's computer. With malware installed, a hacker can capture all access information and other more information, obtain login credentials and a host of other compromised information.
Despite the widespread use of the most advanced security measures, the number of hacking actions that are successful through malicious web attacks is still growing. When providing protection against access to malicious sites, current systems and methods generally provide three types of security:
(1) blacklists are used to prevent users from accessing known malicious web sites.
(2) The e-mail client displays the sender of the e-mail; when the cursor hovers over a link, the browser will display the URL of each link.
(3) Links are scanned in real-time to determine if they contain any malicious code and if they are redirected to other sites that provide the malicious code.
This results in the first security method (blacklist) becoming obsolete and hence ineffective. And spearphishing attacks can simulate counterfeiting into a trusted sender, altering the email header, including sender and other fields, making the second security method (sender display) not only ineffective, but even encouraging the user to trust these phishing websites.
The shortcomings of the first two methods have led to the third method (link scan) and are currently the most advanced security method. However, link scanning provides only one security artifact. Using secure service access links to confirm link ratings, or using the same or proxy IP to scan links, hackers have a way to bypass link scanning by programming links to have different behaviors. At the end, links are dynamic, and the behavior of the link is completely dependent on the creativity of hackers, so the behavior of a given link is unlimited.
Despite the advances taken by those skilled in the art, solving the phishing link problem remains a need for a long-felt need for a thorough solution.
The client device communicates with the WEB site and the WEB application server via the HTTP communication protocol, and since the birth of the protocol, link redirection has become an indispensable application. Traditional internet communications include security level flows ("security processes") and user level flows ("user processes"). In traditional communications, the security process will follow a link redirection: all links in the path are scanned for malware, and if all security tests have passed, the user process is allowed to connect to the original link. Thus, the user process itself will eventually follow the link redirection whenever the security service allows it.
As described above, conventional client-side link scanning still lets user processes connect to the initial link in the path, which can create a hole for hackers to programmatically send user processes to other paths. In this case, regardless of the protection method adopted, the hacker has a way to attack success.
A problem with traditional internet communications is that the user process follows a redirect, which is just a point that hackers exploit. Because user clicks on links involve link redirections and most of these redirections result in other redirections, the present invention proposes ways to alter the flow of the vast majority of connection traffic from user-selected links in email, text messaging applications, social media, etc. applications. This is an innovative solution: a new mode is set, the fixed rule is tripped and the link redirections are deleted from the client application in an out-of-box manner. In this mode, the conventional methods cracked by hackers are all ineffective, so that the utilization capacity of the hackers is completely cancelled, and the problem is completely solved.
Disclosure of Invention
The invention aims to provide a method, a system, equipment and a storage medium for improving the safety performance of a computer. So as to solve the technical problems existing in the background technology.
In order to achieve the purpose, the invention adopts the following technical scheme:
a method of increasing computer security, comprising: acquiring mail information to be analyzed selected by a user; retrieving the mail to be analyzed from the mailbox based on the information of the mail to be analyzed; writing an interception code in the mail to be analyzed to obtain a new mail; sending the new mail to a user; judging whether the user clicks a link in the new mail or not; if yes, entering the next step; sending the URL of the link to a link analysis server; acquiring a link path of the URL; sending to the computing device the names of all domains in the link path and the input URL for each domain; displaying the path domain and the button for accessing each domain at the user terminal; judging whether a user clicks a button or not; if yes, directly connecting to the input URL of the selected domain at the user side; otherwise, returning to judge whether the user clicks the link in the new mail.
In some embodiments, the operation required by the user comprises at least one of:
viewing the final target URL;
determining whether the final target URL is a website desired to be accessed;
and clicking an access link, and directly entering the final target URL or giving up the access link.
In some embodiments, the link path includes an initial link, a final target URL, and one or more sites between the initial link and the final target URL.
In some embodiments, the link analysis server is used to determine path security.
Meanwhile, the invention also discloses a system for improving the safety performance of the computer, which comprises the following steps:
the first acquisition module is used for acquiring the mail information to be analyzed selected by a user;
the retrieval module is used for retrieving the mails to be analyzed from the mailbox based on the information of the mails to be analyzed;
a writing module, configured to write an interception code in the mail to be analyzed to obtain a new mail;
the first sending module is used for sending the new mail to a user;
the first judgment module is used for judging whether the user clicks the link in the new mail; if yes, entering the next step;
the second sending module is used for sending the URL of the link to the link analysis server;
the second acquisition module is used for acquiring the link path of the URL;
a third sending module, configured to send, to the computing device, names of all domains in the link path and an input URL of each domain;
the display module is used for displaying the path domain and accessing the button of each domain at the user side;
the second acquisition module is used for judging whether the user clicks the button or not;
if yes, directly connecting to the input URL of the selected domain at the user side; otherwise, returning to judge whether the user clicks the link in the new mail.
Meanwhile, the invention also discloses computer equipment which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor realizes the method when executing the computer program.
Meanwhile, the invention also discloses a computer readable storage medium, wherein the storage medium stores computer instructions, and after the computer reads the computer instructions in the storage medium, the computer executes the method.
Advantageous effects
Compared with the prior art, the invention has the following remarkable advantages:
the method, the system, the equipment and the storage medium for improving the safety performance of the computer change the whole mode of internet communication flow, jump out of the mode that the user process of the traditional communication must follow link redirection, enable the user process to be directly connected to the final target URL by utilizing the target website expected by the user, prevent the phishing attack of hackers, thereby protecting the application program from being attacked by malicious URL links and solving the phishing link problem once and for all.
Drawings
FIG. 1 is a schematic diagram of a system for enhancing security of a computer according to an embodiment;
FIG. 2 is a schematic diagram of an application scenario of a system for improving computer security performance according to the present embodiment;
fig. 3 is a flowchart illustrating a method for improving computer security according to this embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
On the contrary, this application is intended to cover any alternatives, modifications, equivalents, and alternatives that may be included within the spirit and scope of the application as defined by the appended claims. Furthermore, in the following detailed description of the present application, certain specific details are set forth in order to provide a better understanding of the present application. It will be apparent to one skilled in the art that the present application may be practiced without these specific details.
An apparatus for improving the security of a computer according to an embodiment of the present application will be described in detail with reference to fig. 1 to 3. It is to be noted that the following examples are only for explaining the present application and do not constitute a limitation to the present application.
A system 10 for enhancing computer security, comprising:
a first obtaining module 100, configured to obtain mail information to be analyzed selected by a user;
a retrieving module 110, configured to retrieve the mail to be analyzed from the mailbox based on the information of the mail to be analyzed;
a writing module 120, configured to write an interception code in the mail to be analyzed to obtain a new mail;
a first sending module 130, configured to send the new email to a user;
a first judging module 140, configured to judge whether the user clicks a link in the new email; if yes, entering the next step;
a second sending module 150, configured to send the URL of the link to a link analysis server; in some embodiments, the link analysis server is used to determine path security.
A second obtaining module 160, configured to obtain a link path of the URL; in some embodiments, the link path includes an initial link, a final target URL, and one or more sites between the initial link and the final target URL.
A third sending module 170, configured to send, to the computing device, names of all domains in the link path and an input URL of each domain;
a display module 180 for displaying the path fields and buttons for accessing each field at the user side;
the second obtaining module 190 is configured to determine whether the user clicks a button;
if yes, directly connecting to the input URL of the selected domain at the user side; otherwise, returning to judge whether the user clicks the link in the new mail.
In some embodiments, the operation required by the user comprises at least one of:
viewing the final target URL;
determining whether the final target URL is a website desired to be accessed;
and clicking an access link, and directly entering the final target URL or giving up the access link.
In the system of this embodiment, an application program with a user selectable link, a final target URL determination process module (e.g., a second acquisition module, hereinafter abbreviated as FDDP) and a corresponding display-enabled module (e.g., the display module 18), and a user process for connecting the application program to a remote website; wherein: the FDDP module finds the final URL of the link redirection path when the user selects the link; specifically, the display function shows the final URL and the option of whether to connect; in all cases, the FDDP block will track the link path through the following steps to enable the user process to connect directly to the final URL.
In the whole system operation process, a user clicks a link (such as an email, a text, a chat or an online social media platform) in a message application program; the link is intercepted and sent to a server for analysis; the server tracks a link redirection path; the server sends the full path, partial path or final target URL to the user's computer; the user computer displays the complete path or partial path, or only the final target URL; the user has the opportunity to submit the link or drop the link; after selection, the user may go directly to the final target URL.
In this way, the user process may connect directly to the final URL, rather than to the original URL link, bypassing the link redirection caused by traditional Internet communications.
In some embodiments of the invention, the server determines a path and sends the path to the computing device. The analysis engine of the server may analyze the path to determine path security, i.e., to confirm whether the path is secure or non-secure for the computing device due to the possible presence of malicious code at some sites in the path. Eventually enabling the user to easily avoid phishing links.
Through analysis, the technical scheme depends on the final target URL expected by human. The final target URL is presented to the user and gives the user the opportunity to express whether the final target URL is a web address that the user intends to access. If so, using the input device, the user may direct the computing device to the final target URL. If the system displays or otherwise indicates that the final target URL is not the web site that the user intends to visit, the user may avoid the site altogether by refusing to follow the link.
The FDDP module may be implemented on both the server and client devices, as with conventional security services, and may even be integrated into the client application. While client implementations do disclose the user's IP address, they do not suffer from greater problems than traditional client-link scanning does.
Thus, by implementing the FDDP module on a server, a client, an intervening device such as a router, etc., high security may be achieved. The location of the FDDP block does not affect the end result of sending the user process directly to the final target URL, and thus the FDDP block may execute from any location, and may even execute its own components from multiple locations. Wherein the one or more FDDP modules enable one or more user processes to connect directly to the final target URL.
Fig. 2 is an application scenario of the system for improving the security performance of the computer according to the present invention. The user device accesses the email through an internet web application residing on the link analysis server.
The method for improving the security performance of the computer is characterized by being a system for protecting an application program and computing equipment from malicious URL link attack. The system includes a computing device having a processor and associated memory, a software application running on the computing device and including a link, a communication network, a final destination URL determination process, and a user process for connecting the software application to a remote web site. The computing device is communicatively connected to a communication network. The final target URL determination process identifies the linked final target URL, and the user process connects directly to the final target URL.
As shown in fig. 3, in some embodiments, the method 200 includes the steps of:
in step 201, a user selects an e-mail to be read.
For example, the link analysis server rewrites the email by injecting a link interception code into the email (so that the user's link selection does not automatically connect to the original URL)
and step 212, otherwise, returning to judge whether the user clicks the link in the new mail.
It can be known that the flow of the method of the present invention is that the user selects the e-mail to be read first; then, the email reading request is sent to the server, and the server retrieves the email from the email server; then, the link analysis server rewrites the email by injecting a link interception code into the email (so that the user's link selection does not automatically connect to the original URL); then, sending the rewritten email to the computing device; displaying the rewritten email on a display communicatively connected to the computing device; the user may not click on any links in the email, in which case the user may simply select another email to read; then, or the user may click on a link in the email, in which case the link interception code sends the URL of the link to the link analysis server; then, the link analysis server sends the names of all domains in the path and the input URL of each domain to the computing device; the computing device then displays (on its communicatively connected display) the path fields and the buttons or icons that "access" each field; then, select the "access" button, the computing device connects to the final target URL; finally, choose not to visit any domain; in this case, the user may click on another link in the email or even select another email to read.
For example, an application with a user selectable link; a final destination URL determination procedure ("FDDP") module; a display function; a user process connecting the application to a remote web site; wherein the FDDP finds a final target URL of the link URL redirect path when the user selects the link; the display function displays the final target URL and the selection of whether to connect; if the user chooses to connect, the user application connects directly to the final target URL, bypassing all other URLs in the redirect path. In this way, the user process connects directly to the final target URL (rather than to the original URL link), as opposed to traditional network communications.
The corresponding actual case may be as follows: suppose a hacker sends an email stating it is a security alert from a bank. The user trusts the email and clicks on the link, and the hacker's server sends a final target URL determination process module (FDDP) along a redirection path ending with xxbank. (however, the hacker's intent is to send the user process to a malicious site when accessing the original link.) in a first embodiment, the user will be presented as "xxbank. Thus, the hacker cannot send the user process to other paths because the user process never attempts to access the original link. Com, the user may see that the final target URL is not an intended web address and thus choose not to connect if the hacker's server transmits FDDP to a final site other than xxbank. Wherever the hacker sends the FDDP, the user process is safely out of the hacker's control.
In another scenario, the website's login URL is redirected to other URLs within the same domain ("in-domain redirection"). For example, http:// xxbank.com to https:// xxbank.com is intra-domain redirection; and from http:// example.com to http:// xxbank.com is a cross-domain redirect. Thus, in the second embodiment, the final target URL may be the first URL of the final domain, and the intra-domain redirect may be safely accepted and followed.
For example, a malicious email that mimics a bank contains a series of redirections that ultimately span three domains in the following order: example.com → keyogger-install.com → bank website. (the intention of the hacker is to install a keylogger before connecting the user to the bank). The final domain has the following intra-domain redirections: https:// xxbank.com/mapping-page/user ═ xyz → https:// xxbank.com/user/Info/index in this example, assuming that going directly to the last URL would suggest an error (because the web site wants traffic from the landing page), the second embodiment can be implemented where this might occur. In a second embodiment, the final destination URL is the first URL of the last domain, i.e. the bank's landing page. Also, since in the second embodiment intra-domain redirection is allowed, the login page will safely take the user to the final URL.
In another scenario, the final target URL is based on a domain group. It is not uncommon for legitimate intended domains to be redirected to an external email tracking service and then redirected back to other URLs on the intended domain. In this example, there are a series of intra-domain and cross-domain redirections: an intra-domain redirect over the intended domain, then a cross-domain redirect to an external email tracking service, then an intra-domain redirect over the email tracking service, then a cross-domain redirect to another URL over the intended domain, then an intra-domain redirect over the intended domain. In the present invention, we refer to each cross-domain redirection as unmarking a new domain group. Thus, in this example, there are three domain groups: expected domain URLs (domain group 1), marketing services URLs (domain group 2), and other URLs for expected domains (domain group 3). In calculating the final target URL, using the first URL of the last domain will result in the input URL for domain group 1. This may not be a desirable result for embodiments where it is desirable to layer privacy from phishing protection. Thus, privacy-centric embodiments may choose to compute the final target URL as the first URL of the last domain group. In such a determination, the first URL of domain group 3 would be the final target URL. In this way, the user process can bypass not only the ability of hackers to redirect them to malicious paths, but also the ability of email marketing services to track user activity.
In view of the above, any implementation of one or more URLs that allow one or more user processes to bypass the original link path is within the spirit and scope of the present invention. This includes redirecting the user to other URLs not contained in the original link path. Any embodiment in which one or more URLs in the original link path are bypassed by one or more user processes is included within the spirit and scope of the present invention.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.
Claims (10)
1. A method for improving the security performance of a computer, comprising:
acquiring mail information to be analyzed selected by a user;
retrieving the mail to be analyzed from the mailbox based on the information of the mail to be analyzed;
writing an interception code in the mail to be analyzed to obtain a new mail;
sending the new mail to a user;
judging whether the user clicks a link in the new mail or not; if yes, entering the next step;
sending the URL of the link to a link analysis server;
acquiring a link path of the URL;
sending to the computing device the names of all domains in the link path and the input URL for each domain;
displaying the path domain and the button for accessing each domain at the user terminal;
judging whether a user clicks a button or not;
if yes, directly connecting to the input URL of the selected domain at the user side; otherwise, returning to judge whether the user clicks the link in the new mail.
2. The method for improving the security of the computer according to claim 1, wherein the operation required by the user comprises at least one of the following:
viewing the final target URL;
determining whether the final target URL is a website desired to be accessed;
and clicking an access link, and directly entering the final target URL or giving up the access link.
3. The method of claim 1, wherein the link path comprises an initial link, a final target URL, and one or more sites between the initial link and the final target URL.
4. The method of claim 1, wherein the link analysis server is configured to determine path security.
5. A system for enhancing the security of a computer, comprising:
the first acquisition module is used for acquiring the mail information to be analyzed selected by a user;
the retrieval module is used for retrieving the mails to be analyzed from the mailbox based on the information of the mails to be analyzed;
a writing module, configured to write an interception code in the mail to be analyzed to obtain a new mail;
the first sending module is used for sending the new mail to a user;
the first judgment module is used for judging whether the user clicks the link in the new mail; if yes, entering the next step;
the second sending module is used for sending the URL of the link to the link analysis server;
the second acquisition module is used for acquiring the link path of the URL;
a third sending module, configured to send, to the computing device, names of all domains in the link path and an input URL of each domain;
the display module is used for displaying the path domain and accessing the button of each domain at the user side;
the second acquisition module is used for judging whether the user clicks the button or not;
if yes, directly connecting to the input URL of the selected domain at the user side; otherwise, returning to judge whether the user clicks the link in the new mail.
6. The system for improving computer security of claim 5, wherein the operation required by the user comprises at least one of:
viewing the final target URL;
determining whether the final target URL is a website desired to be accessed;
and clicking an access link, and directly entering the final target URL or giving up the access link.
7. The system for enhancing computer security of claim 5, wherein the link path comprises an initial link, a final target URL, and one or more sites between the initial link and the final target URL.
8. The system of claim 5, wherein the link analysis server is configured to determine path security.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method according to any of claims 1-4 when executing the computer program.
10. A computer-readable storage medium storing computer instructions, wherein when the computer instructions in the storage medium are read by a computer, the computer performs the method of any one of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111611707.2A CN114357446A (en) | 2021-12-27 | 2021-12-27 | Method, system, equipment and storage medium for improving computer security performance |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111611707.2A CN114357446A (en) | 2021-12-27 | 2021-12-27 | Method, system, equipment and storage medium for improving computer security performance |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114357446A true CN114357446A (en) | 2022-04-15 |
Family
ID=81100874
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111611707.2A Pending CN114357446A (en) | 2021-12-27 | 2021-12-27 | Method, system, equipment and storage medium for improving computer security performance |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114357446A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050197892A1 (en) * | 1999-10-06 | 2005-09-08 | Stamps.Com Inc. | Apparatus, systems and methods for zone level rating for each of multiple carriers |
| CN109672607A (en) * | 2018-12-20 | 2019-04-23 | 东软集团股份有限公司 | A kind of email processing method, device and storage equipment, program product |
| WO2019089418A1 (en) * | 2017-10-31 | 2019-05-09 | Wood Michael C | Computer security system and method based on user-intended final destination |
| CN111538929A (en) * | 2020-07-08 | 2020-08-14 | 腾讯科技(深圳)有限公司 | Network link identification method and device, storage medium and electronic equipment |
-
2021
- 2021-12-27 CN CN202111611707.2A patent/CN114357446A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050197892A1 (en) * | 1999-10-06 | 2005-09-08 | Stamps.Com Inc. | Apparatus, systems and methods for zone level rating for each of multiple carriers |
| WO2019089418A1 (en) * | 2017-10-31 | 2019-05-09 | Wood Michael C | Computer security system and method based on user-intended final destination |
| CN109672607A (en) * | 2018-12-20 | 2019-04-23 | 东软集团股份有限公司 | A kind of email processing method, device and storage equipment, program product |
| CN111538929A (en) * | 2020-07-08 | 2020-08-14 | 腾讯科技(深圳)有限公司 | Network link identification method and device, storage medium and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11245662B2 (en) | Registering for internet-based proxy services | |
| US12001504B2 (en) | Internet-based proxy service to modify internet responses | |
| US10855798B2 (en) | Internet-based proxy service for responding to server offline errors | |
| US20160226897A1 (en) | Risk Ranking Referential Links in Electronic Messages | |
| US20080082662A1 (en) | Method and apparatus for controlling access to network resources based on reputation | |
| US11785044B2 (en) | System and method for detection of malicious interactions in a computer network | |
| US11044228B2 (en) | Computer security system and method based on user-intended final destination | |
| Wang et al. | A cost-effective ocr implementation to prevent phishing on mobile platforms | |
| US20210234832A1 (en) | Computer Security System and Method Based on User-Intended Final Destination | |
| WO2019089418A1 (en) | Computer security system and method based on user-intended final destination | |
| CN114357446A (en) | Method, system, equipment and storage medium for improving computer security performance |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |