KR102617515B1 - Method and device for blocking illegal and harmful information sites using favicon - Google Patents

Abstract

A method and device for blocking illegal and harmful information sites using favicons are disclosed. A method of blocking illegal and harmful information sites using a favicon according to one aspect of the present invention includes the steps of acquiring a favicon of a target website to which access has been requested; A step of determining whether the target website is a harmful site using a favicon by referring to a harmful site DB that contains information on illegal and harmful information sites; and a step of allowing access to the target website if it is not a harmful website.

Description

{Method and device for blocking illegal and harmful information sites using favicon}

The present invention relates to a method and device for blocking illegal and harmful information sites using a favicon.

Contents provided through the website may include harmful content that may cause discomfort or have harmful effects. Illegal and harmful information sites that handle such harmful content are obscene, defamatory, fear or anxiety-inducing, hacking, speculative, illegal transaction, anti-government, terrorist, and criminal sites, and most of them have servers located overseas, so they cannot be forcibly shut down. Since there is no such thing, Korea usually regulates it by blocking access to such harmful sites.

Typically, methods to block access to harmful sites use URL, DNS, etc. However, operators of harmful sites periodically change URL information or DNS information to avoid this blocking method, making it difficult to provide a function to block users from accessing harmful sites.

As a method for this, a content-based blocking method that analyzes the content of a website is being attempted. However, the accuracy of analysis of website content is low and the processing speed makes it difficult to provide smooth service.

Republic of Korea Public Patent No. 10-2023-0059015 Harmful site blocking system and method

Accordingly, the present invention was developed to solve the above-mentioned problems, and is intended to provide a method and device for blocking illegal and harmful information sites using a favicon that allows easy blocking of harmful sites even if the URL address is changed.

In addition, the present invention is intended to provide a method and device for blocking illegal and harmful information sites using favicons that can provide smooth and accurate services by increasing processing speed through relatively simple data comparison.

Other objects of the present invention will become clearer through the preferred embodiments described below.

According to one aspect of the present invention, a method of blocking illegal and harmful information sites includes the steps of acquiring a favicon of a target website to which access has been requested; Determining whether the target website is a harmful site using the favicon by referring to a harmful site DB containing information on illegal and harmful information sites; A method of blocking illegal and harmful information sites using a favicon, including the step of allowing access to the target website if it is not a harmful site, and a computer program stored in a computer-readable medium for performing the method are provided.

Here, the favicon is downloaded using the download address found in the HTML source of the target website. If the download address is not found, the favicon can be downloaded by calling the file in the root directory.

In addition, when determining whether the site is a harmful site, the original hash value of the favicon can be used, or the hash value after converting the favicon to at least one of a preset size or color can be used.

In addition, if acquisition of the favicon fails, basic structure information is acquired by analyzing the HTML source of the target website, and the structure-based information is searched for by referring to the harmful site DB to see if a harmful site identical to the basic structure information exists. You can determine whether a site is harmful or not.

Additionally, as the basic structure information, any structure from 2 to 4 depths under the <body> tag of the HTML can be used.

In addition, the harmful site DB further stores each metadata and the floating structure information that can extract the floating structure information excluding the floating area for each harmful site, and the target target when determining whether or not the structure is a harmful site. If the website is determined to be a harmful site, the metadata can be used to extract the floating structure information of the target website to further determine whether the website is a harmful site based on the second structure.

In addition, the second structure-based harmful site determination can be made only when a harmless site identical to the basic structure information exists by referring to a pre-built harmless site DB.

According to another aspect of the present invention, a communication unit for communicating with a user terminal; A storage unit that stores information about illegal and harmful information sites; an information extraction unit that acquires a favicon of a target website access requested from the user terminal; a harmfulness determination unit that determines whether the target website is a harmful site using the favicon based on information about illegal and harmful information sites in the storage unit; A device for blocking illegal and harmful information sites using a favicon is provided, including an access control unit that allows access to the target website only if it is not a harmful site.

Here, if the acquisition of the favicon fails, the information extraction unit analyzes the HTML source of the target website to obtain basic structure information, and the harmfulness determination unit extracts information about illegal and harmful information sites stored in the storage unit. It is possible to determine whether a structure-based harmful site exists by referring to and searching whether a harmful site identical to the basic structure information exists.

In addition, the information on the illegal and harmful information sites further includes each metadata and the floating structure information that can extract the floating structure information excluding the floating area for each harmful site, and the harmfulness determination unit When determining whether the target website is a harmful site based on the structure, if the target website is determined to be a harmful site, the metadata can be used to extract the floating structure information of the target website to further determine whether the target website is a harmful site based on the second structure. .

Other aspects, features and advantages in addition to those described above will become apparent from the following drawings, claims and detailed description of the invention.

According to the present invention, it is possible to block illegal and harmful information sites even if the URL or DNS is changed by identifying them using the favicon that exists on most sites these days.

In addition, the present invention can smoothly provide a blocking service for illegal and harmful information sites with accurate and faster processing speed by using simple information such as a favicon.

Figure 1 is a functional block diagram showing the configuration of a device for blocking harmful sites using a favicon according to an embodiment of the present invention.
Figure 2 is a flowchart showing the process of blocking harmful sites using a favicon according to an embodiment of the present invention.
Figure 3 is a flowchart showing a process for blocking harmful sites using structural information according to an embodiment of the present invention.
Figure 4 is an example diagram showing HTML for extracting structural information of a website according to an embodiment of the present invention.
Figure 5 is a table illustrating harmful site DB information according to an embodiment of the present invention.
Figures 6 and 7 are exemplary diagrams showing the basic structure and floating structure of a website according to an embodiment of the present invention.
Figure 8 is a flow chart illustrating a process for determining a harmful site by further utilizing immobility structure information according to an embodiment of the present invention.

Since the present invention can make various changes and have various embodiments, specific embodiments will be illustrated in the drawings and described in detail in the detailed description. However, this is not intended to limit the present invention to specific embodiments, and should be understood to include all changes, equivalents, and substitutes included in the spirit and technical scope of the present invention.

When a component is said to be "connected" or "connected" to another component, it is understood that it may be directly connected to or connected to the other component, but that other components may exist in between. It should be. On the other hand, when it is mentioned that a component is “directly connected” or “directly connected” to another component, it should be understood that there are no other components in between.

Terms such as first, second, etc. may be used to describe various components, but the components should not be limited by the terms. The above terms are used only for the purpose of distinguishing one component from another. For example, terms such as first threshold and second threshold, which will be described later, may be pre-designated as thresholds that are substantially different or partially the same, but may cause confusion when expressed with the same word, threshold. Since there is room, for convenience of classification, terms such as first and second will be used together.

The terms used herein are only used to describe specific embodiments and are not intended to limit the invention. Singular expressions include plural expressions unless the context clearly dictates otherwise. In this specification, terms such as “comprise” or “have” are intended to designate the presence of features, numbers, steps, operations, components, parts, or combinations thereof described in the specification, but are not intended to indicate the presence of one or more other features. It should be understood that this does not exclude in advance the possibility of the existence or addition of elements, numbers, steps, operations, components, parts, or combinations thereof.

In addition, the components of the embodiments described with reference to each drawing are not limited to the corresponding embodiments, and may be implemented to be included in other embodiments within the scope of maintaining the technical spirit of the present invention, and may also be included in separate embodiments. Even if the description is omitted, it is natural that a plurality of embodiments may be re-implemented as a single integrated embodiment.

In addition, when describing with reference to the accompanying drawings, identical or related reference numbers will be assigned to identical or related elements regardless of the drawing symbols, and overlapping descriptions thereof will be omitted. In describing the present invention, if it is determined that a detailed description of related known technologies may unnecessarily obscure the gist of the present invention, the detailed description will be omitted.

Figure 1 is a functional block diagram showing the configuration of a device for blocking harmful sites using Favicon according to an embodiment of the present invention, and Figure 2 is a functional block diagram showing the process of blocking harmful sites using Pycon according to an embodiment of the present invention. This is a flow chart.

Referring to FIG. 1, the device for blocking harmful sites according to this embodiment includes a communication unit 10, a storage unit 20, and a control unit 30, and the control unit 30 includes an information extraction unit 31 and a harmful judgment unit. (32) and a connection control unit (33). It will become more apparent to those skilled in the art through the following description that each component of the control unit 30 does not necessarily need to be implemented in hardware, and may also be implemented in software, such as a program.

The device for blocking harmful sites can be implemented in the form of a server and communicates with a client, that is, a user terminal (not shown), through a communication network. For example, information about the target website to be accessed is transmitted to the harmful site blocking device by the agent installed on the user terminal.

The communication unit 10 is a communication means for communicating with a user terminal, and since it will be obvious to those skilled in the art, further detailed description will be omitted.

In the storage unit 20, information about illegal and harmful information sites (hereinafter referred to as harmful sites) is stored in the form of a database (DB). URLs, etc. can be stored as information about harmful sites, and in particular, according to this embodiment, favicon information about each harmful site is stored.

A favicon is an icon for a website that appears in the favorites or address bar of a web browser. The name is a compound word of Favorite and Icon. The mainly used size is 16Х16px and the extension is ico. Since favicons are also used in the case of harmful sites, information about these favicons is stored as information about harmful sites as a harmful site DB. How to use the favicon will be explained in more detail later. And, according to another example, structural information as information about harmful sites may be further stored in the storage unit. This will be explained in detail later.

The control unit 30 determines whether the target website requested to access from the user terminal is a harmful site (referred to as a harmful site), blocks it if it is a harmful site, and allows access only if it is not.

The function of each component of the control unit 30 will be described with reference to FIG. 2.

The information extraction unit 31 of the control unit 30 acquires the favicon of the target website to which access has been requested (S210). The information extraction unit can download the favicon using the download address found in the HTML source of the target website. If there is no download address in the HTML source, it attempts to load the favicon.ico file in the root directory. For example, if the favicon download address is not specified on the xkeeper.com site, you can download it by calling [xkeeper.com/favicon.ico].

The harmfulness determination unit 32 determines whether a harmful site exists by searching for the presence of a harmful site having the same favicon as the favicon of the target website based on the harmful site DB of the storage unit 20 (S220).

Here, according to one example, comparison using the hash value of the favicon can be performed to increase processing speed and accuracy. The comparison method using hash values will be obvious to those skilled in the art, so a more detailed description will be omitted.

In addition, when determining whether a site is harmful, the original hash value of the favicon may be used as is, but according to another example, the hash value after converting the favicon to at least one of a preset size or color may be used. In order to be able to block even if a harmful site changes the size or color of the favicon differently, the favicon is converted to a specific size or color and then compared.

The access control unit 33 allows access to the target website only if it is not a harmful site, according to the judgment result of the harmfulness determination unit 32 (S230).

In other words, according to this embodiment, by using the favicon of the target website as a harmfulness determination method, it is possible to block the harmful site if it does not change the favicon even if the access information (URL, etc.) is changed.

Here, if acquisition of the favicon fails in S210 (for example, if the favicon does not exist in the target website itself, if loading the favicon fails due to communication reasons, etc.), the target website as described above Harmfulness determination is performed using the structure information of the site (hereinafter referred to as structure-based harmful site determination).

Figure 3 is a flowchart showing a process for blocking harmful sites using structural information according to an embodiment of the present invention.

Referring to Figure 3, an attempt is made to acquire the favicon of the target website (S310), confirmation is made of whether or not the favicon has been successfully acquired (S320), and when the favicon is acquired, a determination of whether or not the favicon is harmful is performed as shown in Figure 2 and the target website is identified. Decide whether to allow access to the website (S330).

On the other hand, if acquisition of the favicon fails, the basic structure information is acquired by analyzing the HTML source of the target website (S340), and the harmful site DB is referred to to search whether a harmful site identical to the basic structure information of the target website exists. By doing so, a structure-based determination of whether a site is harmful is performed and whether or not to block is determined.

Below, we will explain in more detail the structural information of the target website and the method of determining whether it is a harmful site based on the structure using this.

Figure 4 is an example diagram showing HTML for extracting structural information of a website according to an embodiment of the present invention, Figure 5 is a table illustrating harmful site DB information according to an embodiment of the present invention, Figure 6 and 7 are exemplary diagrams showing the basic structure and floating structure of a website according to an embodiment of the present invention.

Referring to Figure 4, HTML information can be confirmed as the source information of the target website. HTML information is rendered, unnecessary information such as text and attributes is removed, and, for example, 2 depths under the <body> tag. Any structure of up to 4 depths (4 depths are used in this drawing) can be used as basic structural information. As shown in the drawing, the depth can be distinguished using the <div> tag, and the <a> tag and <span> tag can also be used as structural information.

Referring to Figure 6, which shows an example for convenience of understanding, for example, structural information up to 3 depths is used as basic structural information. At this time, the information removed from changeable values such as tag values and attributes is used as basic structure information. In other words, only the structure of the framework that makes up the website is used, and the contents within it are removed. As shown in Figure 6, 2 to 4 depth structural information is used as basic structural information for each area that constitutes the website main page screen.

And, among each area that constitutes this basic structure, there are mostly fluid areas in which the content and internal structure change from time to time. For example, the structure and contents of areas that provide real-time stock information, auction information, gambling information, etc. change frequently, and are usually used in the form of a rolling banner, in which case the structure and contents are flexible.

Therefore, areas with a fluid structure are identified in the entire rendered website structure, and metadata that can extract structural information that is not fluid is generated. By comparing the initial overall structural information with the subsequent structural information, the part that does not change is considered as structural information without liquidity (hereinafter referred to as floating structural information). For example, when building a database of harmful sites, you can access websites registered as harmful sites more than twice at preset time intervals (for example, 10 seconds, etc.) and compare them to explore fluid areas where the content changes. You can. Metadata that can extract the fluidity area explored in this way is stored in the harmful site DB as relevant harmful site information.

In the basic structure of FIG. 6, the immobility structure in which the fluid area is removed using metadata is shown in FIG. 7.

And, referring to Figure 5, which schematically illustrates the information stored in the harmful site DB, each hash value and its metadata are stored as information about basic structure information and floating structure information. It will be obvious to those skilled in the art that the speed and accuracy of information comparison can be significantly increased when using hash values.

If only the basic structure of the target website is used, a blocking error may occur that may block access to a harmless website with the same basic structure. To this end, by further performing a second harmfulness judgment using the above-described immobility structure information, blocking errors that block access to harmless websites can be reduced.

Figure 8 is a flowchart showing the process of determining a harmful site by further utilizing the immobility structure information according to an embodiment of the present invention.

Referring to FIG. 8, the harmfulness judgment is performed using the basic structure information of the target website (S810), and it is confirmed whether the site is harmful as a result of the judgment (S820).

If it is determined that it is not a harmful site (i.e., if a harmful site with the same basic structure is not registered in the DB), the user terminal is allowed to access the target website (S830).

On the other hand, if it is determined to be a harmful site, immobility structure information is acquired using metadata stored as information about the harmful site, and a determination as to whether the second harmful site is made is performed by referring to the harmful site DB (S840, S850).

According to this embodiment, the first harmful site is determined using the basic structure, and if it is determined to be a harmful site, the second harmful site is additionally judged using the floating structure information to prevent blocking errors for harmless sites as much as possible. can do. Additionally, by comparing structural information stored as a hash value, faster and more accurate hazard determination can be made.

Here, according to one example, the number of flexible areas is used to determine the re-search cycle of the flexible area for updating metadata for each harmful site. By utilizing the fact that the larger the liquidity area or the greater the number, the higher the probability that a structural change to the website itself will occur, it is possible to respond more quickly to structural changes to harmful sites. Of course, if the metadata is recognized as changed at this time, there is a high probability that the basic structure itself will also change, so at this time, further check whether the basic structure has changed.

And, according to one example, website information about harmless sites is created into a database (referred to as harmless site DB (not shown)), and only when a harmless site identical to the basic structure information exists by referring to this, the second harmful site described above is created. A judgment can be made. In other words, if information about a harmful site with the same basic structure as the target website exists in the DB, but a harmless site does not exist in the DB, the target website is immediately judged to be a harmful site without performing a second harmful site determination. It is done.

A computer program stored in a computer-readable medium may be provided that performs the method of blocking illegal and harmful information sites using a favicon according to the present invention described above.

Additionally, the method of blocking illegal and harmful information sites using the favicon described above can be implemented as computer-readable code on a computer-readable recording medium. Computer-readable recording media include all types of recording media storing data that can be deciphered by a computer system. For example, there may be Read Only Memory (ROM), Random Access Memory (RAM), magnetic tape, magnetic disk, flash memory, optical data storage device, etc. Additionally, the computer-readable recording medium can be distributed to computer systems connected through a computer communication network, and stored and executed as code that can be read in a distributed manner.

In addition, although the present invention has been described above with reference to preferred embodiments, those skilled in the art will understand the present invention without departing from the spirit and scope of the present invention as set forth in the claims below. You will understand that it can be modified and changed in various ways.

10: Department of Communications
20: storage unit
30: control unit

Claims (11)

In terms of blocking illegal and harmful information sites,
Obtaining a favicon of a target website to which access has been requested;
Determining whether the target website is a harmful site using the favicon by referring to a harmful site DB containing information on illegal and harmful information sites; and
Including the step of allowing access to the target website if it is not a harmful website,
If the acquisition of the favicon fails, the basic structure information is acquired by analyzing the HTML source of the target website, and the harmful site DB is referred to to search for the presence of a harmful site identical to the basic structure information to determine whether the structure-based harmful site exists. Perform a judgment on whether or not
The harmful site DB further stores each metadata and the floating structure information that can extract the floating structure information excluding the floating area for each harmful site, and when determining whether or not the structure is a harmful site, the target website is selected. If is determined to be a harmful site, a method of blocking illegal and harmful information sites using a favicon further performs a second structure-based determination of whether it is a harmful site by extracting the floating structure information of the target website using the metadata.
In claim 1,
A method of blocking illegal and harmful information sites using a favicon in which the favicon is downloaded using a download address found in the HTML source of the target website, and if the download address is not found, the file is downloaded by calling a file in the root directory.
In claim 1,
A method of blocking illegal and harmful information sites using a favicon, when determining whether the site is a harmful site, using the original hash value of the favicon or a hash value after converting the favicon to at least one of a preset size or color. .
delete In claim 1,
A method of blocking illegal and harmful information sites using a favicon, using a structure from 2 to 4 depths under the <body> tag of the HTML as the basic structure information.
delete In claim 1,
A method of blocking illegal and harmful information sites using a favicon, which refers to a pre-built harmless site DB and determines whether a harmful site is based on the second structure only when a harmless site identical to the basic structure information exists.
A computer program stored in a computer-readable medium that performs a method of blocking illegal and harmful information sites using a favicon, wherein the computer program causes a computer to perform the following steps, which steps include:
Obtaining a favicon of a target website to which access has been requested;
Determining whether the target website is a harmful site using the favicon by referring to a harmful site DB containing information on illegal and harmful information sites; and
Including the step of allowing access to the target website if it is not a harmful website,
If acquisition of the favicon fails, the basic structure information is acquired by analyzing the HTML source of the target website, and the harmful site DB is referred to to search for the existence of a harmful site identical to the basic structure information to determine whether the structure-based harmful site exists. Perform a judgment on whether or not
The harmful site DB further stores each metadata and the floating structure information that can extract the floating structure information excluding the floating area for each harmful site, and when determining whether or not the structure is a harmful site, the target website is selected. If it is determined that is a harmful site, a computer program stored in a computer-readable medium further performs a second structure-based determination of whether it is a harmful site by extracting the floating structure information of the target website using the metadata.
A communication unit for communicating with a user terminal;
A storage unit that stores information about illegal and harmful information sites;
an information extraction unit that acquires a favicon of a target website access requested from the user terminal;
a harmfulness determination unit that determines whether the target website is a harmful site using the favicon based on information about illegal and harmful information sites in the storage unit; and
Includes an access control unit that allows access to the target website only if it is not a harmful website,
If the acquisition of the favicon fails, the information extraction unit acquires basic structure information by analyzing the HTML source of the target website, and the harmfulness determination unit refers to information on illegal and harmful information sites stored in the storage unit. By searching for the existence of a harmful site identical to the above basic structure information, a decision is made on whether or not the site is a harmful site based on the structure.
The information about the illegal and harmful information sites further includes respective metadata and the floating structure information from which floating structure information excluding the floating area can be extracted for each harmful site, and the harmful judgment unit determines the structure. If the target website is determined to be a harmful site when determining whether it is a harmful site, the metadata is used to extract the floating structure information of the target website and further determine whether it is a harmful site based on the second structure. Illegal use of favicon · Harmful information site blocking device.
delete delete