CN114938297A - Malicious information processing method, system, electronic device and storage medium - Google Patents
Malicious information processing method, system, electronic device and storage medium Download PDFInfo
- Publication number
- CN114938297A CN114938297A CN202210519572.5A CN202210519572A CN114938297A CN 114938297 A CN114938297 A CN 114938297A CN 202210519572 A CN202210519572 A CN 202210519572A CN 114938297 A CN114938297 A CN 114938297A
- Authority
- CN
- China
- Prior art keywords
- information
- access request
- malicious
- server
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 230000010365 information processing Effects 0.000 title claims abstract description 42
- 238000003672 processing method Methods 0.000 title claims abstract description 33
- 230000004044 response Effects 0.000 claims abstract description 45
- 238000000034 method Methods 0.000 claims abstract description 17
- 230000000903 blocking effect Effects 0.000 claims abstract description 11
- 238000004891 communication Methods 0.000 claims description 29
- 238000013475 authorization Methods 0.000 claims description 17
- 238000004590 computer program Methods 0.000 claims description 15
- 230000005540 biological transmission Effects 0.000 claims description 11
- 238000012544 monitoring process Methods 0.000 claims description 6
- 238000001514 detection method Methods 0.000 abstract description 8
- 230000008569 process Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 239000000969 carrier Substances 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000001360 synchronised effect Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
The application relates to a malicious information processing method, a system, an electronic device and a storage medium, wherein the malicious information processing method is applied to a firewall of a terminal and comprises the following steps: capturing a first access request, and decrypting the first access request to obtain decryption information; acquiring malicious information, matching the decryption information with the malicious information, and at least blocking the decryption information under the condition of successful matching; and under the condition of failed matching, sending a second access request to the server according to the decryption information, acquiring first response information of the server aiming at the second access request, and encrypting and storing the first response information. By the method and the device, the problems of low malicious information identification efficiency and easiness in missing detection are solved, and the malicious information can be quickly and effectively identified.
Description
Technical Field
The present application relates to the field of malicious information processing, and in particular, to a malicious information processing method, system, electronic device, and storage medium.
Background
The network is accelerating to merge with the daily life of residents, and the malicious information of the telecommunication network has new changing and new characteristics. For example, the output of malicious information facing to individuals is changed into the output of malicious information facing to enterprises, and the malicious information is transferred to e-mails and counterfeit website carriers by telephones and short message carriers. From the first-line case data analysis, malicious information for enterprises generally uses emails, counterfeit websites and chat tools as carriers to implement illegal behaviors on the names of remittance, contracts, security deposit, donation and the like.
In order to process malicious information received by an enterprise in the related art, the processing logic of a system firewall is strengthened by an intelligent identification method, and the malicious information is identified and intercepted. However, the processing technology is applied to the network side, and due to the data security encryption technology, a large amount of disguised malicious information is not only slow in identification efficiency, but also easy to be missed by a system firewall, so that a user is cheated and property loss is caused.
Aiming at the problems of low efficiency and easy omission of malicious information identification in the related technology, no effective solution is provided at present.
Disclosure of Invention
The embodiment provides a malicious information processing method, a malicious information processing system, an electronic device and a storage medium, so as to solve the problems of slow malicious information identification efficiency and easy missed detection in the related art.
In a first aspect, in this embodiment, a malicious information processing method is provided, which is applied to a firewall of a terminal, and includes:
capturing a first access request, and decrypting the first access request to obtain decryption information;
acquiring malicious information, matching the decryption information with the malicious information, and at least blocking the decryption information under the condition of successful matching;
and under the condition of failed matching, sending a second access request to the server according to the decryption information, acquiring first response information of the server for the second access request, and encrypting and storing the first response information.
In some of these embodiments, said capturing the first access request comprises:
acquiring interception authorization information of terminal software, sending a firewall public key to the terminal software according to the interception authorization information, and acquiring the first access request generated by the terminal software encrypting an initial access request according to the firewall public key; wherein the initial access request is obtained by the terminal software.
In some embodiments, after the sending the firewall public key to the terminal software according to the interception authorization information, the method further includes:
and sending server public key query information to the server, and acquiring and storing a server public key of the server aiming at the server public key query information.
In some embodiments, the decrypting the first access request to obtain decryption information includes:
and decrypting the first access request according to a firewall private key to obtain decryption information.
In some embodiments, the decryption information includes a terminal software communication password and first communication content, and in case of successful matching, the method further includes:
sending a return status code and second communication content to the terminal software;
acquiring a third access request of the terminal software for the return status code and the second communication content;
sending the third access request to the server, acquiring second response information of the server aiming at the third access request, and decrypting and monitoring the second response information according to a server public key;
and encrypting and storing the second response information according to the terminal software communication password.
In some embodiments, the encrypting and storing the first response information includes:
encrypting the first response information according to the terminal software communication password in the decryption information to obtain encrypted information, and storing the encrypted information;
and sending the encryption information to the terminal software.
In some embodiments, the obtaining malicious information intelligence, and matching the decryption information with the malicious information intelligence includes:
acquiring the malicious information from a remote server in real time and storing the malicious information into a local cache;
and reading the malicious information intelligence from the local cache, and matching the decryption information with the malicious information intelligence.
In a second aspect, there is provided in this embodiment a malicious information processing system including: a terminal device, a transmission device and a server device; the terminal equipment is connected with the server equipment through the transmission equipment;
the terminal device is configured to execute the malicious information processing method according to the first aspect;
the transmission device is used for transmitting a second access request and first response information aiming at the second access request;
the server device is used for sending first response information aiming at the second access request.
In a third aspect, in this embodiment, there is provided an electronic apparatus, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor executes the computer program to implement the malicious information processing method according to the first aspect.
In a fourth aspect, in the present embodiment, there is provided a storage medium having stored thereon a computer program which, when executed by a processor, implements the malicious information processing method described in the first aspect above.
Compared with the related art, the malicious information processing method, the malicious information processing system, the electronic device and the storage medium provided by the embodiment are applied to a firewall of a terminal, and decryption information is obtained by capturing a first access request and decrypting the first access request; acquiring malicious information, matching the decryption information with the malicious information, and at least blocking the decryption information under the condition of successful matching; and under the condition of failed matching, sending a second access request to the server according to the decryption information, acquiring first response information of the server aiming at the second access request, encrypting and storing the first response information, solving the problems of low malicious information identification efficiency and easy omission, and realizing quick and effective identification of malicious information.
The details of one or more embodiments of the application are set forth in the accompanying drawings and the description below to provide a more concise and understandable description of the application, and features, objects, and advantages of the application.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
FIG. 1 is a diagram of an application scenario of a malicious information processing method in an embodiment;
FIG. 2 is a flowchart illustrating a malicious information processing method according to an embodiment;
FIG. 3 is a flowchart illustrating a malicious information processing method according to another embodiment;
FIG. 4 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
For a clearer understanding of the objects, aspects and advantages of the present application, reference is made to the following description and accompanying drawings.
Unless defined otherwise, technical or scientific terms used herein shall have the same general meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The use of the terms "a" and "an" and "the" and similar referents in the context of this application do not denote a limitation of quantity, either in the singular or the plural. The terms "comprises," "comprising," "has," "having," and any variations thereof, as referred to in this application, are intended to cover non-exclusive inclusions; for example, a process, method, and system, article, or apparatus that comprises a list of steps or modules (elements) is not limited to the listed steps or modules, but may include other steps or modules (elements) not listed or inherent to such process, method, article, or apparatus. Reference throughout this application to "connected," "coupled," and the like is not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. Reference to "a plurality" in this application means two or more. "and/or" describes an association relationship of associated objects, meaning that three relationships may exist, for example, "A and/or B" may mean: a exists alone, A and B exist simultaneously, and B exists alone. In general, the character "/" indicates a relationship in which the objects associated before and after are an "or". The terms "first," "second," "third," and the like in this application are used for distinguishing between similar items and not necessarily for describing a particular sequential or chronological order.
The malicious information processing method provided by the application can be applied to the application environment shown in fig. 1. Wherein the terminal device 102 communicates with the server device 104 via a network. The terminal device 102 captures the first access request, and decrypts the first access request to obtain decryption information; the terminal equipment 102 acquires malicious information, matches the decryption information with the malicious information, and at least blocks the decryption information under the condition of successful matching; and the terminal device 102 sends a second access request to the server according to the decryption information under the condition of failed matching, acquires first response information of the server for the second access request, and encrypts and stores the first response information. The terminal device 102 may be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices, and the server device 104 may be implemented by an independent server or a server cluster formed by multiple servers.
In this embodiment, a malicious information processing method is provided, which is applied to a firewall of a terminal, and fig. 2 is a flowchart of the malicious information processing method of this embodiment, as shown in fig. 2, the flowchart includes the following steps:
step S202, the first access request is captured, and the first access request is decrypted to obtain decryption information.
The first access request refers to a server access request sent by terminal software on the terminal device 102, and the first access request is captured by a firewall on the terminal device 102; the first access request may contain malicious information.
Step S204, malicious information is obtained, the decryption information is matched with the malicious information, and at least blocking operation is carried out on the decryption information under the condition of successful matching.
The blocking operation may be that the terminal device 102 directly blocks the decryption information, or that the user is prompted in a pop-up manner, and the user determines whether to perform the blocking operation.
Step S206, in case of a matching failure, sending a second access request to the server according to the decryption information, and acquiring first response information of the server for the second access request, and encrypting and storing the first response information.
The second access request refers to a server HTTPS access request sent by a terminal firewall on the terminal device 102 to the server device 104; the first response message is a response message to the HTTPS request.
Through the steps, the terminal firewall captures the first access request of the terminal software, performs malicious information matching on the decrypted information of the first access request, executes blocking operation under the condition of successful matching, sends an HTTPS request to the server equipment 104 by the terminal firewall and acquires the returned first response information under the condition of failed matching, and acts as an intermediary between the terminal software and the server without an additional malicious information detection algorithm, so that the malicious information processing time is saved; the access request sent by the terminal software needs to be verified through the verification of malicious information intelligence matching of the terminal firewall, and the terminal firewall simulates the terminal software to access the server equipment 104 after verification, so that the malicious information processing on one side of the terminal equipment 102 is realized, the terminal software is prevented from directly accessing the server and suffering malicious attack, meanwhile, the malicious information which is missed in detection on the terminal software is prevented from being spread to the server, the problems that the malicious information identification efficiency is low and the malicious information is easy to miss in detection are solved, and the rapid and effective identification of the malicious information is realized.
In some of these embodiments, the capturing the first access request includes:
acquiring interception authorization information of terminal software, sending a firewall public key to the terminal software according to the interception authorization information, and acquiring a first access request generated by encrypting an initial access request by the terminal software according to the firewall public key; wherein the initial access request is obtained by the terminal software.
The interception authorization information refers to authorization information that the terminal software authorizes the terminal firewall to intercept, the interception authorization information includes initial public key query information and an authentication certificate of the terminal software to the server device 104, and the firewall sends a firewall public key to the terminal software according to the initial public key query information of the interception authorization information; the initial access request is obtained by the terminal software acquiring the network access request input by the user.
Specifically, a terminal firewall firstly sends an interception authorization request to terminal software, and intercepts the terminal software after acquiring interception authorization information; in order to establish communication connection with the server device 104, the terminal software sends the initial public key query information while sending the authentication certificate to acquire the public key of the server device 104; the terminal firewall captures the initial public key query information in interception, and returns a firewall public key to the terminal software according to the initial public key query information; and the terminal software encrypts the initial access request according to the firewall public key to generate a first access request, and the terminal firewall acquires the first access request.
Through the steps, the terminal firewall is used as a middleman, when the terminal software queries the public key of the server, in order to ensure the data communication safety, the terminal firewall returns the firewall public key of the terminal firewall to the terminal software, so that the terminal software encrypts the initial access request by using the firewall public key to obtain the first access request, and the terminal software indirectly communicates with the server equipment 104 through the terminal firewall, thereby improving the protection level of the terminal firewall on the terminal software communication and solving the problem that malicious information is easy to miss-detect by the terminal.
In some embodiments, after sending the firewall public key to the terminal software according to the interception authorization information, the method further includes:
and sending the server public key query information to the server, and acquiring and storing the server public key of the server aiming at the server public key query information.
The server public key inquiry information is sent by the terminal firewall, and the acquisition and storage of the server public key are executed by the terminal firewall.
Through the steps, the terminal firewall serves as a middleman, communication data is intercepted and forwarded between the terminal software and the server equipment 104 in order to guarantee data communication safety, and communication connection is directly established with the server equipment 104, so that the terminal software indirectly communicates with the server equipment 104 through the terminal firewall, the protection level of the terminal firewall on the communication of the terminal software is improved, and the problem that malicious information is easily missed by the terminal is solved.
In some embodiments, the decrypting the first access request to obtain decryption information includes:
and decrypting the first access request according to the firewall private key to obtain decryption information.
It should be noted that, the terminal software encrypts the initial access request according to the firewall public key to generate the first access request, and when decrypting the first access request, the terminal firewall needs to decrypt according to the firewall private key corresponding to the firewall public key.
Through the steps, the terminal firewall is used as a middleman to capture and decrypt the first access request sent by the terminal software, so that the decrypted information is obtained, the condition that malicious information is missed and spread due to direct communication between the terminal software and the server device 104 can be avoided, the protection level of the terminal firewall on the communication of the terminal software is improved, and the problem that the malicious information is easily missed by the terminal is solved.
In some embodiments, the decryption information includes a terminal software communication password and the first communication content, and in case of successful matching, the method further includes:
sending a return status code and second communication content to the terminal software;
acquiring a third access request of the terminal software for the return status code and the second communication content;
sending the third access request to the server, acquiring second response information of the server for the third access request, and decrypting and monitoring the second response information according to the server public key;
and encrypting and storing the second response information according to the terminal software communication password.
The first communication content refers to initial HTTPS communication information sent by the terminal software, and the HTTPS communication information refers to a target website and/or an email address accessed by the first access request; the returned status code indicates whether the target website and/or the email address is a valid status code, and the returned status code has a value of 302 under the condition that the target website and/or the email address is invalid and is used for indicating the terminal software to send a third access request to redirect the website and/or the email address; the second communication information refers to Location response header information of the terminal firewall indicating the terminal software to generate a third access request; the Location response header information comprises a new address of a website and/or an email address or a URL of a preset address; the third access request is generated according to the value 302 of the return status code and the Location response header information; the second response message is a new website and/or e-mail address searched by the server according to the third access request;
after the second response message is decrypted and monitored, the second response message is encrypted and stored according to the communication password of the terminal software under the condition that the monitoring result is the safety message, and the encrypted second response message is sent to the terminal software; and under the condition that the monitoring result is malicious information, intercepting the malicious information and returning the intercepting result to the terminal software, or resending a return state code and third communication information to the terminal software to indicate the terminal software to generate a fourth access request to redirect the target website and/or the e-mail address until the monitoring result is safety information.
Through the steps, under the condition that the decryption information is successfully matched with the malicious information, the terminal firewall can indicate the terminal software to generate a third access request through the return status code and the second communication content, so that a target website and/or an e-mail address which needs to be accessed are redirected, the redirection function of the terminal firewall serving as a middleman is realized, the protection level of the terminal firewall on the communication of the terminal software is improved, and the problem that the malicious information is easy to miss-detect by the terminal is solved.
In some embodiments, the encrypting and storing the first response information comprises:
encrypting the first response information according to the terminal software communication password in the decryption information to obtain encrypted information, and storing the encrypted information;
and sending the encrypted information to the terminal software.
Through the steps, the security information which fails to be matched is encrypted by adopting the terminal software communication password, and the encrypted information is sent to the terminal software for processing, so that the protection level of the terminal firewall on the communication of the terminal software is improved, and the problem that malicious information is easy to miss detection by the terminal is solved.
In some embodiments, the obtaining malicious information intelligence, matching the decryption information with the malicious information intelligence, comprises:
the malicious information is acquired from a remote server in real time and is stored in a local cache;
and reading the malicious information from the local cache, and matching the decryption information with the malicious information.
Wherein, the matching of the decryption information and the malicious information means: and matching the first communication content in the decryption information with the malicious information intelligence, specifically, matching a target website and/or an e-mail address accessed by the first access request with a malicious website and/or a malicious e-mail address in the malicious information intelligence, wherein if one of the target website and/or the malicious e-mail address is matched, the decryption information is the malicious information and needs to be intercepted or redirected.
Through the steps, the decryption information is matched with malicious information, the protection level of a terminal firewall on the communication of terminal software is improved, and the problem that the malicious information is easy to miss-detect by a terminal is solved.
The embodiment also provides a malicious information processing method. Fig. 3 is a flowchart of another malicious information processing method according to this embodiment, and as shown in fig. 3, the flowchart includes the following steps:
step S302, a terminal firewall obtains interception authorization information of terminal software in advance to obtain interception authorization of the terminal software;
s304 to S308, the terminal firewall captures a first access request of the terminal software and decrypts the first access request to obtain decryption information; extracting a website address and/or an email address to be accessed from the first communication information of the decryption information;
step S310 to step S318, the terminal firewall obtains malicious information from the cloud and loads the malicious information into a local cache library; matching the website address and/or the email address to be accessed with a malicious website address and/or a malicious email address in malicious information, redirecting or blocking the decryption information under the condition of successful matching, and sending reminding information to terminal software; the reminder information may be a pop-up reminder.
Through the steps, the terminal firewall captures the first access request of the terminal software, malicious information matching is carried out on the decrypted information of the first access request, blocking operation or redirection operation is executed under the condition of successful matching, the terminal firewall acts as an intermediary between the terminal software and the server, an additional malicious information detection algorithm is not needed, the malicious information processing time is saved, the problems that malicious information is low in identification efficiency and easy to miss detection are solved, and rapid and effective identification of malicious information is achieved.
It should be understood that although the various steps in the flow charts of fig. 2-3 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not limited to being performed in the exact order illustrated and, unless explicitly stated herein, may be performed in other orders. Moreover, at least some of the steps in fig. 2-3 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternating with other steps or at least some of the sub-steps or stages of other steps.
In this embodiment, a malicious information processing system is further provided, including: a terminal device 102, a transmission device, and a server device 104; wherein, the terminal device 102 is connected to the server device 104 through the transmission device;
the terminal device 102 is configured to execute any one of the malicious information processing methods described above;
the transmission device is used for transmitting a second access request and first response information aiming at the second access request;
the server device 104 is configured to send the first response information for the second access request.
There is also provided in this embodiment an electronic device comprising a memory having a computer program stored therein and a processor arranged to run the computer program to perform the steps of any of the above method embodiments.
Optionally, the electronic apparatus may further include a transmission device and an input/output device, wherein the transmission device is connected to the processor, and the input/output device is connected to the processor.
Optionally, in this embodiment, the processor may be configured to execute the following steps by a computer program:
s1, capturing the first access request, and decrypting the first access request to obtain decryption information.
S2, obtaining the malicious information, matching the decryption information with the malicious information, and at least blocking the decryption information if the matching is successful.
And S3, when the matching fails, sending a second access request to the server according to the decryption information, acquiring first response information of the server for the second access request, and encrypting and storing the first response information.
It should be noted that, for specific examples in this embodiment, reference may be made to the examples described in the foregoing embodiments and optional implementations, and details are not described again in this embodiment.
In addition, in combination with the malicious information processing method provided in the foregoing embodiment, a storage medium may also be provided in this embodiment. The storage medium having stored thereon a computer program; the computer program, when executed by a processor, implements any one of the malicious information processing methods in the above embodiments.
In one embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be as shown in fig. 4. The computer device includes a processor, a memory, a network interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operating system and the computer program to run on the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a malicious information processing method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on a shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.
Those skilled in the art will appreciate that the architecture shown in fig. 4 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database or other medium used in the embodiments provided herein can include non-volatile and/or volatile memory. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
It should be understood that the specific embodiments described herein are merely illustrative of this application and are not intended to be limiting. All other embodiments, which can be derived by a person skilled in the art from the examples provided herein without inventive step, shall fall within the scope of protection of the present application.
It is obvious that the drawings are only examples or embodiments of the present application, and it is obvious to those skilled in the art that the present application can be applied to other similar cases according to the drawings without creative efforts. Moreover, it should be appreciated that in the development of any such actual implementation, as in any engineering or design project, numerous implementation-specific decisions must be made to achieve the developers' specific goals, such as compliance with system-related and business-related constraints, which may vary from one implementation to another.
The term "embodiment" is used herein to mean that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the present application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is to be expressly or implicitly understood by one of ordinary skill in the art that the embodiments described in this application may be combined with other embodiments without conflict.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the patent protection. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present application should be subject to the appended claims.
Claims (10)
1. A malicious information processing method is applied to a firewall of a terminal, and comprises the following steps:
capturing a first access request, and decrypting the first access request to obtain decryption information;
acquiring malicious information, matching the decryption information with the malicious information, and at least blocking the decryption information under the condition of successful matching;
and under the condition of failed matching, sending a second access request to the server according to the decryption information, acquiring first response information of the server aiming at the second access request, and encrypting and storing the first response information.
2. The malicious information processing method according to claim 1, wherein the capturing the first access request includes:
acquiring interception authorization information of terminal software, sending a firewall public key to the terminal software according to the interception authorization information, and acquiring the first access request generated by the terminal software encrypting an initial access request according to the firewall public key; wherein the initial access request is obtained by the terminal software.
3. The malicious information processing method according to claim 2, further comprising, after the sending of the firewall public key to the terminal software according to the interception authorization information:
and sending server public key query information to the server, and acquiring and storing a server public key of the server aiming at the server public key query information.
4. The malicious information processing method according to claim 1, wherein the decrypting the first access request to obtain decrypted information includes:
and decrypting the first access request according to a firewall private key to obtain decryption information.
5. The malicious information processing method according to claim 1, wherein the decryption information includes a terminal software communication password and first communication content, and in case of successful matching, the method further includes:
sending a return status code and second communication content to the terminal software;
acquiring a third access request of the terminal software for the return status code and the second communication content;
sending the third access request to the server, acquiring second response information of the server aiming at the third access request, and decrypting and monitoring the second response information according to a server public key;
and encrypting and storing the second response information according to the terminal software communication password.
6. The malicious information processing method according to claim 1, wherein the encrypting and storing the first response information includes:
encrypting the first response information according to the terminal software communication password in the decryption information to obtain encrypted information, and storing the encrypted information;
and sending the encryption information to the terminal software.
7. The malicious information processing method according to any one of claims 1 to 6, wherein the acquiring malicious information intelligence and matching the decryption information with the malicious information intelligence include:
acquiring the malicious information from a remote server in real time and storing the malicious information into a local cache;
and reading the malicious information intelligence from the local cache, and matching the decryption information with the malicious information intelligence.
8. A malicious information processing system, comprising: a terminal device, a transmission device and a server device; the terminal equipment is connected with the server equipment through the transmission equipment;
the terminal equipment is used for executing the malicious information processing method of any one of claims 1 to 7;
the transmission device is used for transmitting a second access request and first response information aiming at the second access request;
the server device is used for sending first response information aiming at the second access request.
9. An electronic device comprising a memory and a processor, wherein the memory stores a computer program, and the processor is configured to execute the computer program to perform the malicious information processing method according to any one of claims 1 to 7.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the malicious information processing method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210519572.5A CN114938297A (en) | 2022-05-13 | 2022-05-13 | Malicious information processing method, system, electronic device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210519572.5A CN114938297A (en) | 2022-05-13 | 2022-05-13 | Malicious information processing method, system, electronic device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114938297A true CN114938297A (en) | 2022-08-23 |
Family
ID=82864668
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210519572.5A Withdrawn CN114938297A (en) | 2022-05-13 | 2022-05-13 | Malicious information processing method, system, electronic device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114938297A (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109617917A (en) * | 2019-01-21 | 2019-04-12 | 深圳市能信安科技股份有限公司 | Address virtual Web application security firewall methods, devices and systems |
| CN110311785A (en) * | 2019-06-10 | 2019-10-08 | 平安科技(深圳)有限公司 | A kind of Intranet access method and relevant apparatus |
-
2022
- 2022-05-13 CN CN202210519572.5A patent/CN114938297A/en not_active Withdrawn
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109617917A (en) * | 2019-01-21 | 2019-04-12 | 深圳市能信安科技股份有限公司 | Address virtual Web application security firewall methods, devices and systems |
| CN110311785A (en) * | 2019-06-10 | 2019-10-08 | 平安科技(深圳)有限公司 | A kind of Intranet access method and relevant apparatus |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110365670B (en) | Blacklist sharing method and device, computer equipment and storage medium | |
| CN109325342B (en) | Identity information management method, device, computer equipment and storage medium | |
| US9294448B2 (en) | Cryptographic security functions based on anticipated changes in dynamic minutiae | |
| CN108365958B (en) | Account login verification method and device, computer equipment and storage medium | |
| CN113067699B (en) | Data sharing method and device based on quantum key and computer equipment | |
| US11240008B2 (en) | Key management method, security chip, service server and information system | |
| CN105357191A (en) | User data encryption method and device | |
| CN110505055B (en) | External network access identity authentication method and system based on asymmetric key pool pair and key fob | |
| CN113691502A (en) | Communication method, communication device, gateway server, client and storage medium | |
| CN113473458B (en) | Device access method, data transmission method and computer readable storage medium | |
| US20200145389A1 (en) | Controlling Access to Data | |
| CN111294203A (en) | Information transmission method | |
| CN109871698B (en) | Data processing method, data processing device, computer equipment and storage medium | |
| CN106850592A (en) | A kind of information processing method, server and terminal | |
| Zhao et al. | Feasibility of deploying biometric encryption in mobile cloud computing | |
| US20220376919A1 (en) | Blockchain-enabled secure messaging system, device, and method using blockchain validation and biometric authentication | |
| EP4199390A1 (en) | Computer network hacking prevention system and method | |
| CN114938297A (en) | Malicious information processing method, system, electronic device and storage medium | |
| CN110071908B (en) | Terminal binding method and device, computer equipment and storage medium | |
| Han et al. | Biometric-Kerberos authentication scheme for secure mobile computing services | |
| CN114065170A (en) | Method and device for acquiring platform identity certificate and server | |
| CN113938878A (en) | Equipment identifier anti-counterfeiting method and device and electronic equipment | |
| CN114978783B (en) | Zero-knowledge identity authentication method, authentication client, user client and system | |
| CN111740980B (en) | Method and device for logging in application, mobile terminal and storage medium | |
| CN110401535B (en) | Digital certificate generation, secure communication and identity authentication method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20220823 |
|
| WW01 | Invention patent application withdrawn after publication |