CN114978637A - Message processing method and device - Google Patents

Message processing method and device Download PDF

Info

Publication number
CN114978637A
CN114978637A CN202210517766.1A CN202210517766A CN114978637A CN 114978637 A CN114978637 A CN 114978637A CN 202210517766 A CN202210517766 A CN 202210517766A CN 114978637 A CN114978637 A CN 114978637A
Authority
CN
China
Prior art keywords
information
message
target
preset
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210517766.1A
Other languages
Chinese (zh)
Inventor
章晓祥
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Hubei Topsec Network Security Technology Co Ltd
Original Assignee
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Hubei Topsec Network Security Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Topsec Technology Co Ltd, Beijing Topsec Network Security Technology Co Ltd, Beijing Topsec Software Co Ltd, Hubei Topsec Network Security Technology Co Ltd filed Critical Beijing Topsec Technology Co Ltd
Priority to CN202210517766.1A priority Critical patent/CN114978637A/en
Publication of CN114978637A publication Critical patent/CN114978637A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0631Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/04Processing captured monitoring data, e.g. for logfile generation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The embodiment of the application discloses a message processing method and a message processing device, which can solve the problem of information leakage or loss caused by accessing an unsafe server and using an unsafe application program when a user carries out online activities. The method comprises the following steps: acquiring a message of communication between a client and a server, wherein the client is communicated with the server through a WIFI network provided by network equipment; acquiring target information of the message, wherein the target information is used for indicating whether the message is abnormal or not; when the target information is matched with the target preset information in the information base, executing target processing corresponding to the target preset information, wherein the target processing comprises any one of discarding messages, modifying the messages and sending alarm messages to the client; when the target information is not matched with any information in the information base, the message is forwarded; the information base comprises a plurality of preset information, the message corresponding to the target information matched with any preset information is abnormal, and the target information of the modified message is not matched with any preset information in the information base.

Description

Message processing method and device
Technical Field
The present application relates to the field of network security technologies, and in particular, to a method and an apparatus for processing a packet, an electronic device, and a storage medium.
Background
The development of the network brings convenience to network users, and simultaneously threatens the information security of the network users, for example, when the users perform online activities such as online chatting, online shopping, information accessing and the like, if a server accessed by the users is not secure, or the users are maliciously attacked in the online process, or sensitive data (such as identity numbers, passwords, telephones and the like) of the users are sent out under the condition that the users are not aware of the information, and the like, the personal information of the users can be leaked or lost.
Disclosure of Invention
The embodiment of the application provides a message processing method, a message processing device, electronic equipment and a storage medium, and aims to solve the problem that when a user carries out online activities, personal information is leaked or lost due to the fact that the user accesses an unsafe server or uses an unsafe application program.
In a first aspect of the embodiments of the present application, a method for processing a packet is provided, where the method is applied to a network device having an SIM card, and the method includes: acquiring a message, wherein the message is a communication message between a client and a server, and the client communicates with the server through a WIFI network provided by network equipment; acquiring target information of the message, wherein the target information is used for indicating whether the message is abnormal or not; executing target processing corresponding to the target preset information under the condition that the target information is matched with the target preset information in the information base, wherein the target processing comprises any one of the following items: discarding the message, modifying the message, and sending an alarm message to the client; under the condition that the target information is not matched with any information in the information base, the message is forwarded; the information base comprises a plurality of preset information, the message corresponding to the target information matched with any preset information is abnormal, and the target information of the modified message is not matched with any preset information in the information base.
Optionally, the message is a ciphertext, and the information base includes at least one piece of preset address information; acquiring target information of a message, comprising: acquiring address information of a server carried by a message; under the condition that the target information is matched with the target preset information in the information base, executing target processing corresponding to the target preset information, wherein the target processing comprises the following steps: comparing the address information of the server with each preset address information; and executing target processing corresponding to the target preset address under the condition that the address information of the server is the target preset address, wherein the target preset address is one of at least one piece of preset address information.
Optionally, in a case that the target information matches target preset information in the information base, executing target processing corresponding to the target preset information, further comprising: determining whether the message is accessed by web service or not under the condition that the address information of the server is not any preset address information in at least one preset address information; decrypting the message in the form of the ciphertext based on the http forward proxy technology under the condition that the message accesses the web service to obtain the message in the form of the plaintext; the method further comprises the following steps: and in the case that the message is not accessed by the web service, forwarding the message.
Optionally, the message is a plaintext, and the information base includes at least one preset hash value; acquiring target information of a message, comprising: carrying out plaintext analysis processing on the message to obtain a data file corresponding to a data packet carried by the message; obtaining a hash value of a data file; under the condition that the target information is matched with the target preset information in the information base, executing target processing corresponding to the target preset information, wherein the target processing comprises the following steps: comparing the hash value of the data file with each preset hash value; and executing target processing corresponding to the target preset hash value under the condition that the hash value of the data file is the target preset hash value, wherein the target preset hash value is one of at least one preset hash value.
Optionally, the message is a plaintext, and the information base comprises at least one regular expression; acquiring target information of a message, comprising: carrying out plaintext analysis processing on the message to obtain a data packet carried by the message; under the condition that the target information is matched with the target preset information in the information base, executing target processing corresponding to the target preset information, wherein the target processing comprises the following steps: matching the data packet with each regular expression; and under the condition that the data packet is matched with the target regular expression, executing target processing corresponding to the target regular expression, wherein the target regular expression is one of the at least one regular expression.
Optionally, each regular expression is used to indicate any of: address information, application program identification, uniform resource locator, type identification of the application program, type identification of the uniform resource locator and malicious attack event.
Optionally, the message is a plaintext, the information base includes at least one piece of preset identification information, and each piece of preset identification information is any one of the following items: address information, an application program identifier, a uniform resource locator, an application program type identifier and a uniform resource locator type identifier; acquiring target information of a message, comprising: acquiring identification information of a message; under the condition that the target information is matched with the target preset information in the information base, executing target processing corresponding to the target preset information, wherein the target processing comprises the following steps: comparing the identification information of the message with each preset identification information; and executing target processing corresponding to the target preset identification information under the condition that the identification information of the message is the target preset identification information, wherein the target preset identification information is one of at least one preset identification information.
Optionally, the message processing method according to the embodiment of the present application further includes: receiving an update message sent by a client, wherein the update message carries setting information of a user; acquiring preset information to be updated, wherein the preset information to be updated is generated according to user setting information sent by a client, or the preset information to be updated is acquired from a network; and updating the information base according to the preset information to be updated.
Optionally, the message processing method according to the embodiment of the present application further includes: uploading the log file to a back-end server of the network equipment so that the client can access the back-end server to check the log file; or sending the log file to the client so that the client can save and view the log file.
In a second aspect of the embodiments of the present application, a message processing apparatus is provided, which is applied to a network device having an SIM card, and the apparatus includes: the system comprises an acquisition module, an execution module and a forwarding module; the acquisition module is used for acquiring a message, wherein the message is a communication message between a client and a server, and the client is communicated with the server through a WIFI network provided by network equipment; the acquisition module is also used for acquiring target information of the message, and the target information is used for indicating whether the message is abnormal or not; the execution module is used for executing target processing corresponding to the target preset information under the condition that the target information is matched with the target preset information in the information base, wherein the target processing comprises any one of the following items: discarding the message, modifying the message, and sending an alarm message to the client; the forwarding module is used for forwarding the message under the condition that the target information is not matched with any information in the information base; the information base comprises a plurality of preset information, the message corresponding to the target information matched with any preset information is abnormal, and the target information of the modified message is not matched with any preset information in the information base.
Optionally, the message is a ciphertext, and the information base includes at least one piece of preset address information; the message processing apparatus according to the embodiment of the present application further includes: a comparison module; the obtaining module is specifically configured to obtain address information of a server carried by the packet; the comparison module is used for comparing the address information of the server with each preset address information; the execution module is specifically configured to execute target processing corresponding to a target preset address when the address information of the server is the target preset address, where the target preset address is one of the at least one piece of preset address information.
Optionally, the message processing apparatus according to this embodiment of the present application further includes: a determining module and a decrypting module; the determining module is used for determining whether the message is accessed to the web service or not under the condition that the address information of the server is not any preset address information in at least one preset address information; the decryption module is used for decrypting the message in the form of the ciphertext based on the http forward proxy technology under the condition that the message accesses the web service to obtain the message in the form of the plaintext; the forwarding module is further configured to forward the packet when the packet access is not a web service.
Optionally, the message is a plaintext, and the information base includes at least one preset hash value; the message processing apparatus of the embodiment of the present application further includes: an analysis module; the analysis module is used for carrying out plaintext analysis processing on the message to obtain a data file corresponding to a data packet carried by the message; the obtaining module is specifically used for obtaining a hash value of the data file; the comparison module is also used for comparing the hash value of the data file with each preset hash value; the execution module is specifically configured to execute target processing corresponding to a target preset hash value when the hash value of the data file is the target preset hash value, where the target preset hash value is one of at least one preset hash value.
Optionally, the message is a plaintext, and the information base includes at least one regular expression; the analysis module is used for carrying out plaintext analysis processing on the message to obtain a data packet carried by the message; the comparison module is used for matching the data packet with each regular expression; the execution module is specifically configured to execute target processing corresponding to a target regular expression under the condition that the data packet is matched with the target regular expression, where the target regular expression is one of at least one regular expression.
Optionally, each regular expression is used to indicate any of: address information, application program identification, uniform resource locator, type identification of the application program, type identification of the uniform resource locator and malicious attack event.
Optionally, the message is a plaintext, the information base includes at least one piece of preset identification information, and each piece of preset identification information is any one of the following items: address information, an application program identifier, a uniform resource locator, an application program type identifier and a uniform resource locator type identifier; the obtaining module is further used for obtaining the identification information of the message; the comparison module is also used for comparing the identification information of the message with each preset identification information; the execution module is specifically configured to execute, when the identification information of the packet is target preset identification information, target processing corresponding to the target preset identification information, where the target preset identification information is one of at least one preset identification information.
Optionally, the message processing apparatus according to this embodiment of the present application further includes: a receiving module, an updating module; the receiving module is used for receiving an update message sent by a client, wherein the update message carries the setting information of a user; the acquisition module is further configured to acquire preset information to be updated, where the preset information to be updated is generated according to the setting information of the user sent by the client, or the preset information to be updated is acquired from a network; the updating module is used for updating the information base according to the preset information to be updated.
Optionally, the message processing apparatus according to this embodiment of the present application further includes: an uploading module; the uploading module is used for uploading the log file to a back-end server of the network equipment so that the client can access the back-end server to check the log file; or sending the log file to the client so that the client can save and view the log file.
In a third aspect of the embodiments of the present application, an electronic device is provided, where the electronic device includes a processor, a memory, and a program or an instruction stored in the memory and executable on the processor, and the program or the instruction, when executed by the processor, implements the steps of the message processing method according to the first aspect.
A fourth aspect of the embodiments of the present application provides a readable storage medium, on which a program or instructions are stored, and the program or instructions, when executed by a processor, implement the steps of the message processing method according to the first aspect.
A fifth aspect of the embodiments of the present application provides a computer program product, where the computer program product includes a computer program or instructions, and when the computer program product is run on a processor, the processor is caused to execute the computer program or instructions to implement the steps of the message processing method according to the first aspect.
A sixth aspect of the embodiments of the present application provides a chip, where the chip includes a processor and a communication interface, where the communication interface is coupled to the processor, and the processor is configured to execute a program or instructions to implement the steps of the message processing method according to the first aspect.
Compared with the prior art, the technical scheme provided by the embodiment of the application has the following advantages:
in the embodiment of the application, a message is obtained, wherein the message is a communication message between a client and a server, and the client is communicated with the server through a WIFI network provided by network equipment; acquiring target information of the message, wherein the target information is used for indicating whether the message is abnormal or not; executing target processing corresponding to target preset information under the condition that the target information is matched with the target preset information in the information base, wherein the target processing comprises any one of the following items: discarding the message, modifying the message, and sending an alarm message to the client; and under the condition that the target information is not matched with any information in the information base, the message is forwarded, the information base comprises a plurality of preset information, the message corresponding to the target information matched with any preset information is abnormal, and the target information of the modified message is not matched with any preset information in the information base. Because the target information is matched with any preset information in the information base, which indicates that the message corresponding to the target information is abnormal (for example, the message contains sensitive information of a user, the message contains malicious attack information, the source address or the destination address of the message is an untrusted terminal, the message information indicates that the message is an advertisement, etc.), by comparing the target information with the preset information in the information base, if the matching is successful, the message corresponding to the target information is abnormal, the message is subjected to target processing corresponding to the target preset information (each preset information in the information base has corresponding processing), the target processing comprises discarding the message, modifying the message or sending an alarm message to the client, thereby ensuring the communication safety between the client and the server, and reducing the unsafe server accessed by the user or the malicious attack of the user in the internet surfing process, or the risk of leakage or loss of user data caused by the outgoing of sensitive data of the user without the user's knowledge.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the following briefly introduces the embodiments and the drawings used in the description of the prior art, and obviously, the drawings in the following description are only some embodiments of the present application, and other drawings can be obtained according to the drawings.
Fig. 1 is a schematic flow chart of a message processing method according to an embodiment of the present application;
fig. 2 is a second schematic flowchart of a message processing method according to an embodiment of the present application;
fig. 3 is a third schematic flowchart of a message processing method according to an embodiment of the present application;
fig. 4 is a fourth schematic flowchart of a message processing method according to an embodiment of the present application;
fig. 5 is a fifth schematic flow chart of a message processing method according to an embodiment of the present application;
fig. 6 is a sixth schematic flowchart of a message processing method according to an embodiment of the present application;
fig. 7 is a seventh schematic flowchart of a message processing method according to an embodiment of the present application;
fig. 8 is an eighth schematic flowchart of a message processing method according to an embodiment of the present application;
fig. 9 is a ninth schematic flowchart of a message processing method according to an embodiment of the present application;
fig. 10 is a block diagram of a structure of a message processing method device according to an embodiment of the present application;
fig. 11 is a schematic diagram of a hardware structure of an electronic device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described clearly below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, embodiments of the present application. All other embodiments, which can be derived from the embodiments in the present application by a person skilled in the art, are within the scope of protection of the present application.
The terms first, second and the like in the description and in the claims of the present application are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that embodiments of the application may be practiced in sequences other than those illustrated or described herein, and that the terms "first," "second," and the like are generally used herein in a generic sense and do not limit the number of terms, e.g., the first term can be one or more than one. In addition, "and/or" in the specification and claims means at least one of connected objects, a character "/", and generally means that the former and latter related objects are in an "or" relationship.
The following first explains some of the nouns or terms referred to in the claims and the specification of the present invention.
The HyperText Transfer Protocol (http) is the most widely used network Protocol on the internet.
The World Wide Web (Web), is a hypertext and http-based, global, dynamic interactive, cross-platform distributed graphical information system.
Wireless-Fidelity (WiFi), a technology that allows electronic devices to connect to a Wireless Local Area Network (WLAN).
The electronic device in the embodiment of the present application may be a mobile electronic device, and may also be a non-mobile electronic device. The mobile electronic device may be a mobile phone, a tablet computer, a notebook computer, a palm computer, a vehicle-mounted electronic device, a wearable device, an ultra-mobile personal computer (UMPC), a netbook or a Personal Digital Assistant (PDA), etc.; the non-mobile electronic device may be a Personal Computer (PC), a Television (TV), or the like; the embodiments of the present application are not particularly limited.
The execution main body of the message processing method provided in the embodiment of the present application may be the electronic device (including a mobile electronic device and a non-mobile electronic device), or may also be a functional module and/or a functional entity capable of implementing the message processing method in the electronic device, which may be specifically determined according to actual use requirements, and the embodiment of the present application is not limited.
The following describes the message processing method provided in the embodiment of the present application in detail through a specific embodiment and an application scenario thereof with reference to the accompanying drawings.
As shown in fig. 1, an embodiment of the present application provides a message processing method, which is applied to a network device with an SIM card, and the following exemplarily describes the message processing method provided in the embodiment of the present application. The method may include steps 101 to 104 described below.
101. And acquiring the message.
The messages are communication messages of the client and the server, and the client communicates with the server through a WIFI network provided by the network equipment.
It can be understood that the message may be captured by a network card, or the message may be directly sent to the network device by the client.
It can be understood that, for the case that the client directly sends the packet to the network device, a forward proxy technology (for web services) of http needs to be used, and the principle is that the client first installs a device certificate of the network device leaving factory, so that the network device has a proxy forwarding function, that is, when the client needs to send the packet, the packet is first sent to the network device, and then the packet is proxied and forwarded to the server by the network device, and when the server returns a response packet, the packet also passes through the network device first, and then the packet is proxied and forwarded to the client by the network device.
102. And acquiring the target information of the message.
The target information is used for indicating whether the message is abnormal or not.
103. And executing target processing corresponding to the target preset information under the condition that the target information is matched with the target preset information in the information base.
Wherein the target treatment comprises any one of: and discarding the message, modifying the message and sending an alarm message to the client.
It is understood that the information stored in the information base can be classified into: address information blacklist, regular expression, sensitive information blacklist, and identification information blacklist.
The address information blacklist mainly determines whether the address information of the server corresponding to the message is in the blacklist when the obtained message is a ciphertext; the regular expression, the sensitive information blacklist and the identification information blacklist are mainly used for determining whether the obtained message contains malicious attack (such as dead wood crawling, malicious scanning and the like) information, advertisements and the like when the message is a plaintext; the sensitive information blacklist (which may be a hash value of a file or specific user information) is used for determining whether the message contains personal important information (such as an identity card number, a password, a mobile phone number and the like) of a user or an important file and the like; an identification information blacklist (an identification of a certain program, a certain type of program, an address of a network resource, a certain type of network resource, an IP address, a domain name, etc.), which is used for determining whether a message contains a resource which is not allowed to be accessed or a program which is not allowed to be used, etc.; it should be noted that the address information blacklist and the identification information blacklist may also be represented by regular expressions, and the user information in the sensitive information blacklist may also be represented by regular expressions, which is specifically determined according to actual needs, and the embodiments of the present application are not limited.
It can be understood that after discarding the message, the request of the client will not be responded, and accordingly, the server will not receive the message sent to the client; modifying the message, which may be modifying some information in the message, or replacing (i.e. redirecting) the whole message; and sending an alarm message to the client, wherein the message can be forwarded after the alarm is sent to the client, or the message can be forwarded or discarded based on the selection made by the client after the alarm is sent to the client.
Illustratively, the information base stores a mobile phone number of a user, when a client sends the mobile phone number to the outside, the target processing corresponding to the mobile phone number is modification, sensitive information in the message can be modified (for example, x is used for replacing the sensitive information), and the target processing corresponding to the mobile phone number is alarm, and the alarm is sent to the client and forwarded; the information base stores information indicating the advertisement popup, when the client receives the advertisement popup, when the corresponding processing of the advertisement popup is discarded, the captured message of the advertisement popup is discarded, and when the corresponding processing of the advertisement popup is modified, the captured message of the advertisement popup is directly replaced by a self-defined message (namely, redirection), so that the user can not see the advertisement or see a preset picture (the user can be prevented from mistakenly clicking the advertisement, downloading the junk application or being attacked by the network).
It can be understood that each preset message has corresponding processing, and the priority of different processing is different, wherein the priority of processing is ordered from high to low as: and discarding the message, modifying the message and sending an alarm message to the client.
It can be understood that when the target information is matched with a piece of preset information, the piece of preset information is the target preset information, and the processing corresponding to the piece of preset information is determined as target processing; when the target information is matched with a plurality of pieces of preset information, if the priority levels of the processing corresponding to the preset information are the same, determining any processing in the processing corresponding to the preset information as target processing; when the target information is matched with a plurality of pieces of preset information, determining any one piece of preset information in the plurality of pieces of preset information as the target preset information, or determining the preset information corresponding to the processing with the highest priority corresponding to the plurality of pieces of preset information as the target preset information, and determining the processing corresponding to the target preset information as the target processing.
It can be understood that at least one piece of preset information in the information base can be set to have the same processing, that is, the processing corresponding to all pieces of preset information in the information base is the same; each piece of preset information in the information base has corresponding preset processing, namely, one processing is assigned to each piece of preset information in the information base; the preset information in the information base can be classified according to categories and then certain type of preset information is determined to have the same processing, for example, the processing corresponding to the address information blacklist in the information base is discarding messages, and the processing of the sensitive information blacklist in the information base is modifying messages; specifically, it is determined according to actual needs, and the embodiments of the present application are not limited.
104. And under the condition that the target information is not matched with any information in the information base, forwarding the message.
The information base comprises a plurality of preset information, the message corresponding to the target information matched with any preset information is abnormal, and the target information of the modified message is not matched with any preset information in the information base.
In the embodiment of the application, a message is obtained, wherein the message is a communication message between a client and a server, and the client is communicated with the server through a WIFI network provided by network equipment; acquiring target information of the message, wherein the target information is used for indicating whether the message is abnormal or not; executing target processing corresponding to target preset information under the condition that the target information is matched with the target preset information in the information base, wherein the target processing comprises any one of the following items: discarding the message, modifying the message, and sending an alarm message to the client; and under the condition that the target information is not matched with any information in the information base, the message is forwarded, the information base comprises a plurality of preset information, the message corresponding to the target information matched with any preset information is abnormal, and the target information of the modified message is not matched with any preset information in the information base. Because the target information is matched with any preset information in the information base, which indicates that the message corresponding to the target information is abnormal (for example, the message contains sensitive information of a user, the message contains malicious attack information, the source address or the destination address of the message is an untrusted terminal, the message information indicates that the message is an advertisement, etc.), by comparing the target information with the preset information in the information base, if the matching is successful, the message corresponding to the target information is abnormal, the message is subjected to target processing corresponding to the target preset information (each preset information in the information base has corresponding processing), the target processing comprises discarding the message, modifying the message or sending an alarm message to the client, thereby ensuring the communication safety between the client and the server, and reducing the unsafe server accessed by the user or the malicious attack of the user in the internet surfing process, or the risk of leakage or loss of user data caused by the outgoing of sensitive data of the user without the user's knowledge.
It is to be understood that the information base includes at least one of: the system comprises at least one piece of preset address information, at least one piece of preset hash value, at least one regular expression and at least one piece of preset identification information.
Optionally, when the information base only includes at least one piece of preset address information, as shown in fig. 2, the obtained message is a ciphertext, the step 102 may be specifically implemented by a step 102a, and the step 103 may be specifically implemented by the following step 103a and step 103 b.
102a, obtaining address information of the server carried by the message.
It is to be understood that the address information includes at least one of: internet Protocol Address (IP Address), domain name, uniform resource locator.
103a, comparing the address information of the server with each preset address information.
103b, executing target processing corresponding to the target preset address under the condition that the address information of the server is the target preset address.
The target preset address is one of at least one preset address information included in the information base.
It can be understood that, by using the address information of the server, it can be determined whether the server is trusted, if the server is a remote command and control server, the server is not trusted, and the client may receive a control instruction sent by the server, so that the server can control the client to propagate a network virus, and the like, and therefore, the address information of the server is added to the information base.
In the present embodiment, step 102a and step 103a are collectively referred to as a first step.
In the embodiment of the application, address information of a server carried by a message is acquired, the address information of the server is compared with each preset address information, and target processing corresponding to a target preset address is executed under the condition that the address information of the server is the target preset address. When the acquired message is a ciphertext, the data packet (specific content of the message) in the message cannot be acquired, but the source address, the destination address or the domain name contained in the message can be acquired, so that whether the address of the server accessed by the client is credible or not can be checked, whether the message needs to be forwarded or not can be determined, and the network security event caused by the attack of an untrusted server on the client is reduced by limiting the access of the client to the untrusted server (namely, the address information of the server is in the information base).
Optionally, as shown in fig. 3, the obtained message is a ciphertext, and after the step 103a, the following steps 103c, 103d, and 105 are further included.
103c, determining whether the message accesses the web service or not under the condition that the address information of the server is not any preset address information in at least one preset address information included in the information base.
103d, under the condition that the message access is web service, decrypting the message in the ciphertext form based on the http forward proxy technology to obtain the message in the plaintext form.
It can be understood that most of the network behaviors of the client are related to the web service, but most of the messages of the web service are ciphertext, so that the http forward proxy technology is needed to decrypt the accessed message of the web service, and then the processing that the corresponding message in the following steps is plaintext is performed, and specific subsequent processing may refer to the following description of the second step, the third step, and the fourth step, which is not described herein again.
105. In the case that the message is not accessed by the web service, the message is forwarded.
In the embodiment of the application, whether the message is accessed by the web service is determined under the condition that the address information of the server is not any preset address information in at least one preset address information included in the information base, and the message in the form of the ciphertext is decrypted based on the http forward proxy technology under the condition that the message is accessed by the web service to obtain the message in the form of the plaintext. Most of network behaviors of the client are related to the web service, but most of messages of the web service are ciphertext, so that the ciphertext messages related to accessing the web service are converted into plaintext messages by using an http forward proxy technology, and therefore whether target information contained in the plaintext messages is in an information base or not can be further compared, and network security events related to the web service in the network behaviors of the user are reduced by discarding the messages, modifying the messages or sending an alarm to the client.
It should be noted that the plaintext message involved in the following steps may be the plaintext message directly obtained in step 101, or may be the plaintext message obtained after the ciphertext message is decrypted in step 103 d.
Optionally, when the information base only includes at least one preset hash value, as shown in fig. 4, the obtained message is a plaintext, the step 102 may be specifically implemented by a step 102b and a step 102c, and the step 103 may be specifically implemented by a step 103e and a step 103f described below.
102b, carrying out plaintext analysis processing on the message to obtain a data file corresponding to the data packet carried by the message.
It can be understood that the data packet is the substantial content in the message sent by the client to the server, and the data file to be sent by the client is obtained after the data packet is subjected to packet reassembly and other processing.
102c, obtaining the hash value of the data file.
It will be appreciated that the hash value for each file is unique, such as: the hash value of a document is not changed after the document name is modified.
103e, comparing the hash value of the data file with each preset hash value.
103f, under the condition that the hash value of the data file is the target preset hash value, executing target processing corresponding to the target preset hash value.
The target preset hash value is one of at least one preset hash value included in the information base.
In the present embodiment, step 102b, step 102c, and step 103e are collectively referred to as a second step.
In the embodiment of the application, the message is subjected to plaintext parsing processing to obtain a data file corresponding to a data packet carried by the message, hash values of the data file are obtained, the hash values of the data file are compared with each preset hash value, and under the condition that the hash value of the data file is the target preset hash value, target processing corresponding to the target preset hash value is executed. The hash value of the data file is compared with each preset hash value to determine whether the message corresponding to the data file is abnormal, if the hash value indicates that the corresponding message contains sensitive information, corresponding target processing is executed, and the risk that user information is stolen or lost is reduced.
Optionally, when the information base only includes at least one regular expression, as shown in fig. 5, the obtained message is a plaintext, the step 102 may be specifically implemented by a step 102d, and the step 103 may be specifically implemented by the following step 103g and step 103 h.
102d, carrying out plaintext analysis processing on the message to obtain a data packet carried by the message.
And 103g, matching the data packet with each regular expression.
103h, under the condition that the data packet is matched with the target regular expression, executing target processing corresponding to the target regular expression.
The target regular expression is one of at least one regular expression included in the information base.
It can be understood that the information base includes at least one piece of preset information, and the data packet of the acquired packet is matched in parallel with each piece of preset information. If the data packet is only matched with one regular expression, the target processing is the processing corresponding to the regular expression; if the data packet is matched with a plurality of regular expressions and the corresponding processing of the regular expressions is the same, the target processing is the processing corresponding to any regular expression of the regular expressions; if the data packet is matched with a plurality of regular expressions, and the processing corresponding to the regular expressions is different, the target processing is the processing corresponding to any regular expression in the regular expressions, or the target processing is the processing with the highest priority in the processing of the regular expressions.
Wherein each regular expression is to indicate any one of: address information, application program identification, uniform resource locator, type identification of the application program, type identification of the uniform resource locator and malicious attack event.
It is understood that one of the address information is used to indicate an IP address or a domain name; one of the application identifiers is used for indicating one application; one of the uniform resource locators is used for indicating an address of a resource on the internet; the type identifier of one application program in the type identifiers of the application programs is used for indicating a type of application programs (such as information, video, entertainment and the like); one of the malicious attack events is used to indicate a computer virus.
In the embodiment of the application, the message is subjected to plaintext analysis processing to obtain the data packet carried by the message, the data packet is matched with each regular expression, and under the condition that the data packet is matched with the target regular expression, target processing corresponding to the target regular expression is executed. The data packet carried in the message is obtained by analyzing the message, and the data packet is matched with any regular expression in the information base, namely that the message is possible to be abnormal and needs to be subjected to target processing, so that the target processing is performed on the data packet containing common computer viruses on a network, address information of an untrusted client, untrusted resources and the like, and the risks caused by network security events such as computer virus infection of the client, personal information stealing and the like are reduced.
In the present embodiment, step 102d and step 103g are collectively referred to as a third step.
Optionally, when the information base only includes at least one piece of preset identification information, as shown in fig. 6, the obtained message is a plaintext, the step 102 may be specifically implemented by a step 102e, and the step 103 may be specifically implemented by the following step 103i and step 103 j.
102e, obtaining the identification information of the message.
And 103i, comparing the identification information of the message with each preset identification information.
103j, under the condition that the identification information of the message is the target preset identification information, executing target processing corresponding to the target preset identification information.
The target preset identification information is one of at least one preset identification information included in the information base.
Wherein each preset identification information is any one of the following items: address information, application program identification, uniform resource locator, type identification of the application program and type identification of the uniform resource locator.
It can be understood that the preset identification information is an identification information blacklist, and when the identification information carried in the message is the same as one preset identification information, the processing corresponding to the preset identification information is determined as target processing; when the identification information carried in the message is the same as a plurality of preset identification information (such as the same as an application program identification and the same as a type identification of an application program), if the corresponding processing of the plurality of preset identification information is the same, determining the processing corresponding to any preset identification information in the plurality of preset identification information as target processing; if the corresponding processing of the plurality of pieces of preset identification information is different, determining the processing corresponding to any one piece of preset identification information in the plurality of pieces of preset identification information as target processing, or determining the processing with the highest priority in the processing corresponding to the plurality of pieces of preset identification information as target processing.
It can be understood that a user may log in a backend server of the network device at a client, and customize a website that is not allowed to be accessed, a certain type of website that is not allowed to be accessed, an application that is not allowed to be used, a certain type of application that is not allowed to be used, and the like, and the network device generates at least one piece of preset identification information based on the setting of the user.
It will be appreciated that the network device maintains fingerprint information for a plurality of applications (uniquely indicating an application), uniform resource locator fingerprint information (uniquely indicating an address of a network resource), and tags each application or uniform resource locator (e.g., entertainment, video, advisory, etc.).
Exemplarily, if a user sets that a client does not allow to access an application program, the network device generates preset identification information corresponding to the application program based on the maintained fingerprint information of multiple application programs, stores the preset identification information into an information base, and when the client accesses the application program, a message acquired by the network device carries the fingerprint information of the application program and is identified, so as to perform corresponding target processing; when a user sets that a client does not allow visiting entertainment websites, the network equipment generates preset identification information corresponding to a plurality of entertainment websites based on the maintained fingerprint information and corresponding labels of a plurality of uniform resource locators, stores the preset identification information into an information base, and when the client visits the entertainment websites, messages acquired by the network equipment carry indication that the messages contain entertainment information, the messages are identified, and then corresponding target processing is carried out. As such, the network device may be used to restrict client access to certain applications or network resources, such as: when the student uses the client to learn, the parent can set that the client is not allowed to access network resources or application programs such as entertainment, video, consultation and the like.
In the embodiment of the application, the identification information of the message is acquired, the identification information of the message is compared with each preset identification information, and the target processing corresponding to the target preset identification information is executed under the condition that the identification information of the message is preset for the target, so that a user can define network resources, application programs and the like needing to be accessed in a self-defined mode, the use of the user can be facilitated, and the user experience is improved.
In the present embodiment, step 102e and step 103i are collectively referred to as a fourth step.
The information base includes: when the number of the at least one preset address information, the at least one preset hash value, the at least one regular expression and the at least one preset identification information is multiple, the first step, the second step, the third step and the fourth step are used for processing the acquired message in parallel; if the target information of one message is matched with one piece of preset information, determining the processing corresponding to the piece of preset information as target processing; if the target information of one message is matched with a plurality of pieces of preset information, and the corresponding processing of the preset information is the same, determining the processing corresponding to any preset information in the preset information as target processing; if the target information of one message is matched with a plurality of pieces of preset information, and the processing corresponding to the plurality of pieces of preset information is different, determining the processing corresponding to any one of the plurality of pieces of preset information as target processing, or determining the processing with the highest priority in the processing corresponding to the plurality of pieces of preset information as target processing.
Optionally, as shown in fig. 7, an embodiment of the present application provides a message processing method, which may further include the following steps 106 to 108.
106. And receiving an update message sent by the client.
Wherein, the update message carries the setting information of the user.
It can be understood that the user can log in the backend server of the network device through the client to customize some information, such as: personal information, important documents, and the like that are not permitted to be sent out, websites that are not permitted to be accessed, applications that are restricted in use, and the like are defined.
107. And acquiring preset information to be updated, wherein the preset information to be updated is generated according to the setting information of the user sent by the client, or the preset information to be updated is acquired from a network.
108. And updating the information base according to the preset information to be updated.
It can be understood that when a user sends update information or a latest virus information is issued in a network, the network device may update periodically or in real time, and specifically, it is determined according to actual needs, and the embodiment of the present application is not limited.
In the embodiment of the application, an update message sent by a client is received, preset information to be updated is obtained, the preset information to be updated is generated according to setting information of a user sent by the client, or the preset information to be updated is obtained from a network, and an information base is updated according to the preset information to be updated. Therefore, the preset information in the information base is richer, the abnormal message is more accurately detected, the probability of missing the abnormal message is reduced, and the network behavior of the client is safer.
Optionally, as shown in fig. 8, an embodiment of the present application provides a message processing method, which may further include the following steps 109 to 110.
109. And uploading the log file to a back-end server of the network equipment so that the client can access the back-end server to check the log file.
It is understood that all the behaviors of the network device are recorded in the log file, such as: which messages are discarded, discarding reasons (such as worm virus, Trojan horse virus and the like), the number of discarded messages, which messages are modified, the reasons (such as identity card numbers), modified contents, the number of modified messages, alarm information sent to a client, how many advertisements are intercepted and the like; the log file can also record which websites the user visits, the visiting time of each website, the consumed flow, which application programs the user uses, the using time of each application program, the consumed flow and the like; specifically, the content included in the log file is not limited in the embodiment of the present application.
Optionally, the user may also log in a back-end server of the network device through the client, set a threshold of the number of clients allowed to access the network device, and also set a threshold of an uplink bandwidth and a threshold of a downlink bandwidth of the network; therefore, the untrusted client can be limited from accessing the network equipment, or a certain application program can be limited from spending a large amount of traffic upstream or downstream.
110. And sending the log file to the client so that the client can save and view the log file.
It can be understood that the user may check the log file by logging in a back-end server of the network device, may also directly store the log file to the client, and may also download an application program corresponding to the network device to check the log file, and the specific location where the log file is stored, which is not limited in the embodiment of the present application.
In the embodiment of the application, the log file is uploaded to the back-end server of the network device, so that the client accesses the back-end server and checks the log file, or the log file is sent to the client so that the client saves and checks the log file, therefore, the client can check the network behavior of the network device and check the flow rate spent by various network behaviors, and the user experience is further improved.
Exemplarily, as shown in fig. 9, an optional message processing flow provided for the embodiment of the present application includes steps 801 to 809.
801. And acquiring the message.
802. And acquiring target information.
803. Whether the message is a ciphertext.
If yes, go to step 804, otherwise go to step 809.
804. Whether the address information is matched with the preset address information.
If yes, go to step 805, otherwise go to step 806.
805. The target process is executed.
806. Whether a web service is accessed.
If yes, go to step 808, otherwise go to step 807.
807. And decrypting the ciphertext into the plaintext.
808. And forwarding the message.
809. And whether the hash value is matched with the preset hash value, the preset regular expression and the preset identification information in the information base or not.
If yes, go to step 805, otherwise go to step 808.
Fig. 10 is a block diagram of a structure of a message processing apparatus according to an embodiment of the present application, and as shown in fig. 10, the apparatus 900 includes: an acquisition module 901, an execution module 902 and a forwarding module 903; the obtaining module 901 is configured to obtain a message, where the message is a communication message between a client and a server, and the client communicates with the server through a WIFI network provided by a network device; the obtaining module 901 is further configured to obtain target information of the packet, where the target information is used to indicate whether the packet is abnormal; the executing module 902 is configured to, in a case that the target information matches target preset information in the information base, execute target processing corresponding to the target preset information, where the target processing includes any one of: discarding the message, modifying the message, and sending an alarm message to the client; the forwarding module 903 is configured to forward the packet when the target information does not match any information in the information base; the information base comprises a plurality of preset information, the message corresponding to the target information matched with any preset information is abnormal, and the target information of the modified message is not matched with any preset information in the information base.
Optionally, the message is a ciphertext, and the information base includes at least one piece of preset address information; the message processing apparatus according to the embodiment of the present application further includes: a comparison module; the obtaining module 901 is specifically configured to obtain address information of a server carried by a message; the comparison module is used for comparing the address information of the server with each preset address information; the executing module 902 is specifically configured to execute, when the address information of the server is a target preset address, target processing corresponding to the target preset address, where the target preset address is one of at least one piece of preset address information.
Optionally, the message processing apparatus according to this embodiment of the present application further includes: a determining module and a decrypting module; the determining module is used for determining whether the message is accessed to the web service or not under the condition that the address information of the server is not any preset address information in at least one preset address information; the decryption module is used for decrypting the message in the form of the ciphertext based on the http forward proxy technology under the condition that the message accesses the web service to obtain the message in the form of the plaintext; the forwarding module 903 is further configured to forward the message when the message accesses a service other than a web service.
Optionally, the message is a plaintext, and the information base includes at least one preset hash value; the message processing apparatus according to the embodiment of the present application further includes: an analysis module; the analysis module is used for carrying out plaintext analysis processing on the message to obtain a data file corresponding to a data packet carried by the message; the obtaining module 901 is specifically configured to obtain a hash value of a data file; the comparison module is also used for comparing the hash value of the data file with each preset hash value; the executing module 902 is specifically configured to, when the hash value of the data file is a target preset hash value, execute target processing corresponding to the target preset hash value, where the target preset hash value is one of at least one preset hash value.
Optionally, the message is a plaintext, and the information base comprises at least one regular expression; the analysis module is used for carrying out plaintext analysis processing on the message to obtain a data packet carried by the message; the comparison module is used for matching the data packet with each regular expression; the executing module 902 is specifically configured to, in a case that the data packet is matched with a target regular expression, execute target processing corresponding to the target regular expression, where the target regular expression is one of at least one regular expression.
Optionally, each regular expression is used to indicate any of: address information, application program identification, uniform resource locator, type identification of the application program, type identification of the uniform resource locator and malicious attack event.
Optionally, the message is a plaintext, the information base includes at least one piece of preset identification information, and each piece of preset identification information is any one of the following items: address information, an application program identifier, a uniform resource locator, an application program type identifier and a uniform resource locator type identifier; the obtaining module 901 is further configured to obtain identification information of the packet; the comparison module is also used for comparing the identification information of the message with each preset identification information; the executing module 902 is specifically configured to execute, when the identifier information of the packet is preset target identifier information, target processing corresponding to the preset target identifier information, where the preset target identifier information is one of at least one preset identifier information.
Optionally, the message processing apparatus according to this embodiment of the present application further includes: a receiving module, an updating module; the receiving module is used for receiving an update message sent by a client, wherein the update message carries the setting information of a user; the obtaining module 901 is further configured to obtain preset information to be updated, where the preset information to be updated is generated according to setting information of a user sent by a client, or the preset information to be updated is obtained from a network; the updating module is used for updating the information base according to the preset information to be updated.
Optionally, the message processing apparatus according to this embodiment of the present application further includes: an uploading module; the uploading module is used for uploading the log file to a back-end server of the network equipment so that the client can access the back-end server to check the log file; or sending the log file to the client so that the client can save and view the log file.
It should be noted that the message processing apparatus may be an electronic device in the foregoing method embodiment of the present application, or may also be a functional module and/or a functional entity capable of implementing a function of the apparatus embodiment in the electronic device, and the embodiment of the present application is not limited.
In the embodiment of the present application, each module may implement the message processing method provided in the foregoing method embodiment, and may achieve the same technical effect, and for avoiding repetition, details are not described here again.
An embodiment of the present application further provides an electronic device, as shown in fig. 11, the electronic device may include: the processor 1101, the memory 1102, and a program or an instruction stored in the memory 1102 and capable of being executed on the processor 1101, where the program or the instruction, when executed by the processor 1101, may implement each process of the message processing method provided in the foregoing method embodiment, and may achieve the same technical effect, and are not described herein again to avoid repetition.
Embodiments of the present application provide a readable storage medium, where a program or an instruction is stored on the readable storage medium, and when the program or the instruction is executed by a processor, the program or the instruction implements each process of the message processing method provided in the foregoing method embodiments, and can achieve the same technical effect, and in order to avoid repetition, details are not repeated here.
The embodiment of the present application further provides a computer program product, where the computer program product includes a computer program or an instruction, and when the computer program product runs on a processor, the processor is enabled to execute the computer program or the instruction, so as to implement each process of the message processing method provided in the foregoing method embodiment, and achieve the same technical effect, and in order to avoid repetition, details are not repeated here.
The embodiment of the present application further provides a chip, where the chip includes a processor and a communication interface, the communication interface is coupled to the processor, and the processor is configured to run a program or an instruction to implement each process of the foregoing message processing method embodiment, and can achieve the same technical effect, and the details are not repeated here to avoid repetition.
It should be understood that the chips mentioned in the embodiments of the present application may also be referred to as system-on-chip, system-on-chip or system-on-chip, etc.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus, server and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.

Claims (10)

1. A message processing method is applied to a network device with an SIM card, and the method comprises the following steps:
acquiring a message, wherein the message is a communication message between a client and a server, and the client communicates with the server through a WIFI network provided by the network equipment;
acquiring target information of the message, wherein the target information is used for indicating whether the message is abnormal or not;
executing target processing corresponding to target preset information under the condition that the target information is matched with the target preset information in an information base, wherein the target processing comprises any one of the following items: discarding the message, modifying the message, and sending an alarm message to the client;
under the condition that the target information is not matched with any information in the information base, the message is forwarded;
the information base comprises a plurality of preset information, the message corresponding to the target information matched with any preset information is abnormal, and the target information of the modified message is not matched with any preset information in the information base.
2. The method according to claim 1, wherein the message is a ciphertext, and the information base comprises at least one piece of preset address information;
the obtaining of the target information of the message includes:
acquiring address information of the server carried by the message;
and under the condition that the target information is matched with target preset information in an information base, executing target processing corresponding to the target preset information, wherein the target processing comprises the following steps:
comparing the address information of the server with each preset address information;
and executing target processing corresponding to the target preset address under the condition that the address information of the server is the target preset address, wherein the target preset address is one of the at least one preset address information.
3. The method according to claim 2, wherein in a case where the target information matches target preset information in an information base, performing target processing corresponding to the target preset information further comprises:
determining whether the message is accessed by a web service or not under the condition that the address information of the server is not any preset address information in the at least one preset address information;
decrypting the message in a ciphertext form based on an http forward proxy technology under the condition that the message accesses the web service to obtain the message in a plaintext form;
the method further comprises the following steps:
and forwarding the message in the case that the message is not accessed by the web service.
4. The method according to claim 1 or 3, wherein the message is plaintext, and the information base comprises at least one preset hash value;
the obtaining of the target information of the message includes:
performing plaintext analysis processing on the message to obtain a data file corresponding to a data packet carried by the message;
obtaining a hash value of the data file;
and under the condition that the target information is matched with target preset information in an information base, executing target processing corresponding to the target preset information, wherein the target processing comprises the following steps:
comparing the hash value of the data file with each preset hash value;
and executing target processing corresponding to the target preset hash value under the condition that the hash value of the data file is the target preset hash value, wherein the target preset hash value is one of the at least one preset hash value.
5. The method according to claim 1 or 3, wherein the message is plaintext, and the information base comprises at least one regular expression;
the obtaining of the target information of the message includes:
performing plaintext parsing processing on the message to obtain a data packet carried by the message;
and under the condition that the target information is matched with target preset information in an information base, executing target processing corresponding to the target preset information, wherein the target processing comprises the following steps:
matching the data packet with each regular expression;
and under the condition that the data packet is matched with a target regular expression, executing target processing corresponding to the target regular expression, wherein the target regular expression is one of the at least one regular expression.
6. The method of claim 5, wherein each regular expression is used to indicate any of:
address information, application program identification, uniform resource locator, type identification of the application program, type identification of the uniform resource locator and malicious attack event.
7. The method according to claim 1 or 3, wherein the message is plaintext, the information base comprises at least one piece of predetermined identification information, and each piece of predetermined identification information is any one of the following: address information, an application program identifier, a uniform resource locator, an application program type identifier and a uniform resource locator type identifier;
the obtaining of the target information of the message includes:
acquiring identification information of the message;
under the condition that the target information is matched with target preset information in an information base, executing target processing corresponding to the target preset information, wherein the target processing comprises the following steps:
comparing the identification information of the message with each preset identification information;
and executing target processing corresponding to the target preset identification information under the condition that the identification information of the message is the target preset identification information, wherein the target preset identification information is one of the at least one preset identification information.
8. The method of claim 1, further comprising:
receiving an update message sent by a client, wherein the update message carries setting information of a user;
acquiring preset information to be updated, wherein the preset information to be updated is generated according to the setting information of the user sent by the client, or the preset information to be updated is acquired from a network;
and updating the information base according to the preset information to be updated.
9. The method of claim 1, further comprising:
uploading the log file to a back-end server of the network equipment so that the client can access the back-end server to check the log file;
or sending the log file to the client so that the client can store and view the log file.
10. A message processing apparatus, applied to a network device having a SIM card, the apparatus comprising: the system comprises an acquisition module, an execution module and a forwarding module;
the acquisition module is used for acquiring a message, wherein the message is a communication message between a client and a server, and the client is communicated with the server through a WIFI network provided by the network equipment;
the acquisition module is further configured to acquire target information of the packet, where the target information is used to indicate whether the packet is abnormal;
the execution module is configured to execute target processing corresponding to target preset information in an information base when the target information matches the target preset information, where the target processing includes any one of: discarding the message, modifying the message, and sending an alarm message to the client;
the forwarding module is configured to forward the packet when the target information does not match any information in the information base;
the information base comprises a plurality of preset information, the message corresponding to the target information matched with any preset information is abnormal, and the target information of the modified message is not matched with any preset information in the information base.
CN202210517766.1A 2022-05-12 2022-05-12 Message processing method and device Pending CN114978637A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210517766.1A CN114978637A (en) 2022-05-12 2022-05-12 Message processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210517766.1A CN114978637A (en) 2022-05-12 2022-05-12 Message processing method and device

Publications (1)

Publication Number Publication Date
CN114978637A true CN114978637A (en) 2022-08-30

Family

ID=82984205

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210517766.1A Pending CN114978637A (en) 2022-05-12 2022-05-12 Message processing method and device

Country Status (1)

Country Link
CN (1) CN114978637A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115567975A (en) * 2022-12-05 2023-01-03 北京思朗东芯科技有限责任公司 Data message processing method and device, electronic equipment and storage medium
CN117294576A (en) * 2023-11-27 2023-12-26 南京华芯科晟技术有限公司 Abnormal message processing method, device, equipment and medium

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115567975A (en) * 2022-12-05 2023-01-03 北京思朗东芯科技有限责任公司 Data message processing method and device, electronic equipment and storage medium
CN115567975B (en) * 2022-12-05 2023-03-31 北京思朗东芯科技有限责任公司 Data message processing method and device, electronic equipment and storage medium
CN117294576A (en) * 2023-11-27 2023-12-26 南京华芯科晟技术有限公司 Abnormal message processing method, device, equipment and medium

Similar Documents

Publication Publication Date Title
US10574698B1 (en) Configuration and deployment of decoy content over a network
US7702772B2 (en) Discovering and determining characteristics of network proxies
US10681081B2 (en) Secure content and encryption methods and techniques
US8763101B2 (en) Multi-factor authentication using a unique identification header (UIDH)
US8826432B2 (en) Systems and methods for controlling email access
US11741264B2 (en) Security systems and methods for social networking
US10164997B2 (en) Security verification by message interception and modification
US9930037B2 (en) Encrypting a unique identification header to create different transactional identifiers
CN107251528B (en) Method and apparatus for providing data originating within a service provider network
US9843565B2 (en) Web form protection
US20130246504A1 (en) Method for subscribing to notification, apparatus and system
CN107016074B (en) Webpage loading method and device
CN114978637A (en) Message processing method and device
US8892647B1 (en) System and method for associating a cookie with a device identifier
US10360379B2 (en) Method and apparatus for detecting exploits
US20220329567A1 (en) User interface for web server risk awareness
CN108737350B (en) Information processing method and client
CN115941279A (en) Encryption and decryption method, system and equipment for user identification in data
US10440022B2 (en) Identity management
CN110225010B (en) Processing method of push message and related equipment
CN112637316B (en) Communication method and device
CN115811393A (en) Data decryption method and device
CN116232727A (en) Identity authentication method and device
CN116781256A (en) Compatible interaction method, device, equipment and storage medium of mechanism data
JP2017049881A (en) Server device, control method of server device, and program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination