WO2010121542A1 - Home gateway-based anti-virus method and device thereof - Google Patents

Home gateway-based anti-virus method and device thereof Download PDF

Info

Publication number
WO2010121542A1
WO2010121542A1 PCT/CN2010/071931 CN2010071931W WO2010121542A1 WO 2010121542 A1 WO2010121542 A1 WO 2010121542A1 CN 2010071931 W CN2010071931 W CN 2010071931W WO 2010121542 A1 WO2010121542 A1 WO 2010121542A1
Authority
WO
WIPO (PCT)
Prior art keywords
key information
security
home gateway
network access
server
Prior art date
Application number
PCT/CN2010/071931
Other languages
French (fr)
Chinese (zh)
Inventor
缪伟
王伟
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2010121542A1 publication Critical patent/WO2010121542A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms

Definitions

  • the home gateway determines whether there is a historical security check record for the key information locally, if yes, step A12 is performed; otherwise, step A2 is performed;
  • the network access request with the same key information is processed according to the historical security check record.
  • FIG. 3 is a flowchart of implementing an anti-virus based on a home gateway according to the present invention. detailed description
  • the server interaction module is used for information interaction between the message analysis module and a secure server located in the Internet.
  • FIG. 3 is a flowchart of an anti-virus implementation based on a home gateway according to the present invention.
  • a user is used.
  • the process of accessing the Internet server through the Http protocol is taken as an example to describe the implementation process of the home gateway of the present invention.
  • the specific process is as follows:
  • Step 307 The server interaction module feeds back the key information check result to the message analysis module.
  • Step 308 The message analysis module determines, according to the feedback security check result, whether the user can access the web server or network address corresponding to the key information, and if so, Forwarding the protocol packet of the user's Http, if not, notifying the client interaction module to perform alarm processing, or prompting the user to select whether to continue, or performing a blocking operation;

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present invention provides a home gateway-based anti-virus method and device thereof, which are used for solving the technical problems, such as high requirements for users, complex installation and configuration and the like, of anti-virus and attack software for personal. In the present invention, the key information in a network access message from a user is intercepted by employing the resources of a home gateway; and a security server located in the Internet performs security verification for the key information to avoid that the user accesses a website with security risks, such as viruses and malicious attacks and the like, thereby improving the security of the home network, and meanwhile avoiding the trouble caused by directly installing firewall software on the user's personal computer (PC).

Description

一种基于家庭网关的防病毒方法及相关装置 技术领域  Anti-virus method based on home gateway and related device
本发明涉及网络安全技术领域, 尤其涉及一种基于家庭网关的防病毒 方法及相关装置。 背景技术  The present invention relates to the field of network security technologies, and in particular, to an anti-virus method and related device based on a home gateway. Background technique
随着互联网的发展, 互联网提供的内容爆炸级的增长, 能为人们提供 各方面的信息, 成为人们生活、 工作、 娱乐中不可缺少的因素, 给人们带 来帮助。 但凡事有利就有弊, 互联网的知识包罗万象, 其健康的知识、 及 时的信息确实给人们带来帮助、 让人们获益匪浅, 但互联网也同时存在大 量攻击性网站, 带病毒的服务, 用户一旦访问这些站点, 攻击程序、 病毒 程序将自动感染用户终端, 从而给用户带来无法估量的损失。  With the development of the Internet, the explosive growth of content provided by the Internet can provide people with all kinds of information and become an indispensable factor in people's life, work and entertainment, and bring people help. However, all things have advantages and disadvantages. Internet knowledge is all-encompassing. Its healthy knowledge and timely information really help people and benefit people. But the Internet also has a large number of offensive websites, services with viruses, users. Once these sites are accessed, the attacker and virus programs will automatically infect the user terminal, causing an incalculable loss to the user.
业界为了解决这类问题, 推出了各种类型防病毒软件, 安装在用户的 In order to solve such problems, the industry has introduced various types of anti-virus software, installed in the user's
PC上, 作为防病毒的安全屏障。 由于这类软件需要安装、 配置, 用户需要 具有一定的安全防护知识以及对 PC进行一定的配置,这套软件才能正常工 作, 而防病毒软件工作中, 对用户正常业务的开展也会有一些干扰。 发明内容 On the PC, as a security barrier for anti-virus. Because such software needs to be installed and configured, the user needs to have certain security protection knowledge and certain configuration of the PC, the software can work normally, and the anti-virus software works, there will be some interference to the normal business development of the user. . Summary of the invention
有鉴于此, 本发明的主要目的在于提供一种基于家庭网关的防病毒方 法及相关装置, 用于解决单机版病毒及防攻击软件对用户要求高、 安装配 置复杂等技术问题, 为达到上述目的, 本发明的技术方案是这样实现的: 一种基于家庭网关的防病毒方法, 包括:  In view of the above, the main purpose of the present invention is to provide an anti-virus method and related device based on a home gateway, which is used to solve technical problems such as high requirements for users and complicated installation and installation of a stand-alone virus and anti-attack software, in order to achieve the above objectives. The technical solution of the present invention is implemented as follows: A home gateway-based antivirus method, including:
家庭网关捕获用户终端发送的网络访问请求报文, 从中提取关键信息; 所述家庭网关与位于互联网中的安全服务器进行交互, 依据所述关键 信息验证本次网络访问请求是否存在安全隐患, 若存在安全隐患, 则拒绝 本次网络访问请求; 否则放行本次网络访问。 The home gateway captures a network access request message sent by the user terminal, and extracts key information therefrom; the home gateway interacts with a security server located in the Internet, according to the key The information is verified whether there is a security risk in this network access request. If there is a security risk, the network access request is rejected; otherwise, the network access is released.
进一步地, 所述关键信息为: 统一资源定位符 (URL ) 和 /或网际网协 议(IP )地址信息; 所述安全服务器存储有与所述关键信息相关的, 用于判 断用户终端访问的网络站点是否安全的安全性验证信息。  Further, the key information is: a Uniform Resource Locator (URL) and/or Internet Protocol (IP) address information; the security server stores a network related to the key information for determining user terminal access. Whether the site is secure or not.
进一步地, 验证本次网络访问请求是否存在安全隐患的步骤具体为: Further, the steps for verifying whether the network access request has a security risk are specifically:
Al、 家庭网关首先对所述关键信息进行分析, 判断是否需要进行安全 检查, 若需要则执行步骤 A2; 否则放行本次网络访问请求; Al, the home gateway first analyzes the key information, determines whether a security check is needed, and if necessary, performs step A2; otherwise, the current network access request is released;
A2、 家庭网关将所述关键信息发送至安全服务器, 安全服务器判断所 述关键信息对应的服务器站点是否存在安全隐患, 并将判断结果反馈给所 述家庭网关。  A2: The home gateway sends the key information to the security server, and the security server determines whether the server site corresponding to the key information has a security risk, and feeds the determination result to the home gateway.
进一步地, 步骤 A1中, 所述家庭网关判断是否需要进行安全检查的步 骤具体为:  Further, in step A1, the step of the home gateway determining whether the security check needs to be performed is specifically:
Al 1、所述家庭网关判断本地是否存在针对所述关键信息的历史安全检 查记录, 若存在则执行步骤 A12; 否则执行步骤 A2;  Al1, the home gateway determines whether there is a historical security check record for the key information locally, if yes, step A12 is performed; otherwise, step A2 is performed;
A12、对于具有相同关键信息的网络访问请求依据历史安全检查记录进 行处理。  A12. The network access request with the same key information is processed according to the historical security check record.
本发明的另一目的在于提供一种基于家庭网关的防病毒系统, 为达到 上述目的, 本发明的技术方案是这样实现的:  Another object of the present invention is to provide an anti-virus system based on a home gateway. To achieve the above object, the technical solution of the present invention is implemented as follows:
一种基于家庭网关的防病毒系统, 包括:  An anti-virus system based on a home gateway, including:
用户终端, 用于通过家庭网关发起网絡访问请求;  a user terminal, configured to initiate a network access request by using a home gateway;
家庭网关, 用于捕获所述网络访问请求的报文, 从中提取关键信息并 将所述关键信息发送至位于互联网中的安全服务器; 根据安全服务器的安 全检查结果对所述用户终端进行网络访问控制;  a home gateway, configured to capture a message of the network access request, extract key information therefrom, and send the key information to a security server located in the Internet; perform network access control on the user terminal according to a security check result of the security server ;
安全服务器, 用于对所述关键信息进行安全检查, 将安全检查结果反 馈给家庭网关。 a security server, configured to perform security check on the key information, and reverse the security check result Feed to the home gateway.
进一步地, 所述关键信息为: 统一资源定位符和 /或 IP地址信息; 所述 安全服务器存储有与所述关键信息相关的用于判断用户终端访问的网络站 点是否安全的安全性验证信息。  Further, the key information is: a uniform resource locator and/or IP address information; and the security server stores security verification information related to the key information for determining whether the network site accessed by the user terminal is secure.
进一步地, 所述家庭网关在提取所述关键信息后, 首先判断本地是否 存在针对所述关键信息的历史安全检查记录, 若存在, 则依据历史安全检 查记录进行处理; 否则将所述关键信息发送至位于互联网中的安全服务器 进行安全检查。  Further, after extracting the key information, the home gateway first determines whether there is a historical security check record for the key information locally, and if yes, processes according to the historical security check record; otherwise, the key information is sent. Perform security checks on secure servers located on the Internet.
本发明的另一目的在于提供一种家庭网关, 为达到上述目的, 本发明 的技术方案是这样实现的:  Another object of the present invention is to provide a home gateway. To achieve the above object, the technical solution of the present invention is implemented as follows:
一种家庭网关, 包括:  A home gateway, including:
报文捕获模块, 用于捕获网络访问报文, 从中提取关键信息, 并将关 键信息发送给报文分析模块;  a message capture module, configured to capture a network access message, extract key information therefrom, and send the key information to the message analysis module;
报文分析模块, 用于对关键信息进行分析并根据安全服务器的安全检 查结果控制用户终端的网络访问;  a message analysis module, configured to analyze key information and control network access of the user terminal according to the security check result of the security server;
客户端交互模块, 用于与用户终端之间的信息交互, 在报文分析模块 反馈存在安全隐患时通知用户终端并执行阻止操作;  The client interaction module is configured to exchange information with the user terminal, notify the user terminal and perform a blocking operation when the packet analysis module feedback has a security risk;
服务器交互模块: 用于报文分析模块与位于互联网中的安全服务器之 间的信息交互。  Server interaction module: Used for information interaction between the message analysis module and a secure server located in the Internet.
进一步地, 所述关键信息为: 统一资源定位符和 /或 IP地址信息; 所述 安全服务器存储有与所述关键信息相关的用于判断用户终端访问的网絡站 点是否安全的安全性验证信息。  Further, the key information is: a uniform resource locator and/or IP address information; and the security server stores security verification information related to the key information for determining whether the network site accessed by the user terminal is secure.
进一步地, 所述报文分析模块包括:  Further, the packet analysis module includes:
历史分析判断模块, 用于判断本地是否存在针对所述关键信息的历史 安全检查记录, 若存在, 则依据历史安全检查记录进行处理; 否则通知当 前分析判断模块处理; The historical analysis judging module is configured to determine whether there is a historical security check record for the key information locally, and if yes, process according to the historical security check record; Pre-analysis and judgment module processing;
当前分析判断模块, 用于将所述关键信息传送给安全服务器, 并根据 安全服务器的安全检查结果进行处理。  The current analysis and judgment module is configured to transmit the key information to the security server, and process according to the security check result of the security server.
本发明利用家庭网关的资源, 通过截获用户访问的内容关键信息, 并 向安全服务器查询的方法, 避免用户访问存在病毒、 恶意攻击的网站, 从 而提高家庭网络的安全性, 同时避免了在用户 PC上直接安装防火墙软件所 带来的麻烦。  The invention utilizes the resources of the home gateway, and intercepts the key information of the content accessed by the user and queries the security server to prevent the user from accessing the website with viruses and malicious attacks, thereby improving the security of the home network and avoiding the user PC. The trouble of installing the firewall software directly.
本发明充分利用家庭网关的资源, 实现家庭网络的防火墙屏障, 只要 接在家庭网关内的终端设备, 都自动得到保护, 而不像通常的防病毒软件, 需要全部用户终端安装, 从而减轻了用户的负担。 附图说明  The invention fully utilizes the resources of the home gateway to realize the firewall barrier of the home network, and the terminal devices connected to the home gateway are automatically protected, unlike the usual anti-virus software, all user terminals are required to be installed, thereby reducing the user. The burden. DRAWINGS
图 1为本发明基于家庭网关的防病毒系统结构图;  1 is a structural diagram of an anti-virus system based on a home gateway according to the present invention;
图 2为本发明家庭网关的内部模块关系图;  2 is a diagram showing an internal module relationship of a home gateway according to the present invention;
图 3为本发明基于家庭网关的防病毒实现流程图。 具体实施方式  FIG. 3 is a flowchart of implementing an anti-virus based on a home gateway according to the present invention. detailed description
为使本发明的目的、 技术方案和优点更加清楚明白, 以下举实施例并 参照附图, 对本发明进一步详细说明。  The present invention will be further described in detail below with reference to the accompanying drawings.
图 1 为本发明基于家庭网关的防病毒系统结构图, 该系统包括安全服 务器、 家庭网关及用户终端; 本发明的主要改进在于家庭网关及安全服务 器,家庭网关下连接的用户终端,例如个人计算机( Personal Computer, PC ), 通过家庭网关访问互连网, 家庭网关通过检查 PC发送的网络请求报文, 捕 获艮文中的关键信息, 例如统一资源定位符 ( Uniform Resource Locator, URL ) 和 /网际网协议(Internet Protocol, IP ) 地址等, 与安全服务器进行 交互, 由安全服务器判断用户的访问是安全访问还是存在风险, 通过限制 用户访问有危险的网络站点 ( WEB服务器), 达到防病毒和防攻击的目的。 安全服务器存储有与关键信息相关的用于判断用户终端想要访问的网 络站点是否安全的安全性验证信息。 安全服务器可大量布置在互联网的各 个关键地点, 以让任何地点上网的用户都能通过家庭网关进行快速通讯, 同时, 还需要及时的更新该服务器内的安全性验证信息, 以和日新月异的 互联网相匹配。 1 is a structural diagram of a home gateway-based antivirus system according to the present invention, which includes a security server, a home gateway, and a user terminal; the main improvement of the present invention is a home gateway and a security server, and a user terminal connected under the home gateway, such as a personal computer. (Personal Computer, PC), accessing the Internet through the home gateway, the home gateway checks the key information in the text by checking the network request message sent by the PC, such as Uniform Resource Locator (URL) and / Internet Protocol ( Internet Protocol, IP address, etc., interact with the security server, and the security server determines whether the user's access is secure or risky. Users access dangerous network sites (WEB servers) for anti-virus and anti-attack purposes. The security server stores security verification information related to the key information for determining whether the network site that the user terminal wants to access is secure. Security servers can be deployed in a variety of key locations on the Internet to allow users anywhere on the Internet to communicate quickly through the home gateway. At the same time, they need to update the security verification information in the server in time to keep up with the ever-changing Internet. match.
家庭网关用于捕获用户终端发送的网络访问请求的报文, 从中提取关 键信息, 并将关键信息发送给安全服务器; 根据安全服务器的安全检查结 果对用户终端进行网絡访问控制; 安全服务器对关键信息进行安全检查 , 将安全检查结果反馈给家庭网关。  The home gateway is configured to capture a packet of a network access request sent by the user terminal, extract key information therefrom, and send the key information to the security server; perform network access control on the user terminal according to the security check result of the security server; Perform a security check and feed back the security check results to the home gateway.
图 2 为本发明家庭网关的内部模块关系图, 所述家庭网关包括: 报文 捕获模块、 报文分析模块、 客户端交互模块、 服务器交互模块。  2 is an internal module relationship diagram of a home gateway according to the present invention. The home gateway includes: a message capture module, a message analysis module, a client interaction module, and a server interaction module.
报文捕获模块用于捕获家庭网关转发的报文, 从中提取关键信息, 并 将关键信息发送给报文分析模块;  The packet capture module is configured to capture the packet forwarded by the home gateway, extract key information from the packet, and send the key information to the packet analysis module.
报文分析模块用于对关键信息进行分析并根据安全服务器的安全检查 结果控制用户终端的网络访问; 报文分析模块进一步包括历史分析判断模 块和当前分析判断模块, 历史分析判断模块用于判断本地是否存在针对所 述关键信息的历史安全检查记录, 若存在, 则依据历史安全检查记录进行 处理; 否则通知当前分析判断模块处理; 当前分析判断模块用于将所述关 键信息传送给安全服务器, 并根据安全服务器的安全检查结果进行处理。  The message analysis module is configured to analyze key information and control network access of the user terminal according to the security check result of the security server; the message analysis module further includes a historical analysis judgment module and a current analysis and judgment module, and the historical analysis judgment module is used to determine the local Whether there is a historical security check record for the key information, if yes, processing according to the historical security check record; otherwise, notifying the current analysis and judgment module processing; the current analysis and judgment module is configured to transmit the key information to the security server, and Processed according to the security check result of the security server.
客户端交互模块用于与用户终端之间的信息交互, 在报文分析模块反 馈存在安全隐患时通知用户终端并执行阻止操作;  The client interaction module is used for information interaction with the user terminal, and notifies the user terminal and performs a blocking operation when the packet analysis module reports a security risk;
服务器交互模块用于报文分析模块与位于互联网中的安全服务器之间 的信息交互。  The server interaction module is used for information interaction between the message analysis module and a secure server located in the Internet.
图 3 为本发明基于家庭网关的防病毒实现流程图, 本实施例中以用户 通过 Http协议访问互联网服务器的流程为例, 描述本发明家庭网关的实现 流程, 具体流程如下: FIG. 3 is a flowchart of an anti-virus implementation based on a home gateway according to the present invention. In this embodiment, a user is used. The process of accessing the Internet server through the Http protocol is taken as an example to describe the implementation process of the home gateway of the present invention. The specific process is as follows:
步骤 301: 用户终端开始 Http访问, 发送 Http的协议报文到报文捕获 模块;  Step 301: The user terminal starts Http access, and sends an Http protocol packet to the packet capture module.
步骤 302: 报文捕获模块捕获该报文, 并提取出关键信息, 并将关键信 息发送给报文分析模块;  Step 302: The packet capture module captures the packet, extracts key information, and sends the key information to the packet analysis module.
本实施例以 Http报文的 URL信息作为关键信息, 此外, 关键信息也可 以是 IP地址等;  In this embodiment, the URL information of the Http message is used as the key information, and the key information may also be an IP address or the like;
步骤 303:报文分析模块判断该关键信息是否需要安全服务器对其进行 安全检查;  Step 303: The message analysis module determines whether the key information needs a security server to perform security check on the key information.
家庭网关首先判断本地是否存在针对所述关键信息的历史安全检查记 录, 若存在, 则根据历史安全检查记录对 Http报文执行是否存在安全隐患 的判决; 若不存在, 则需要安全服务器对所述关键信息进行是否存在安全 隐患的验证。 例如, 在同一天对于同一个网络地址或服务器站点的访法, 可以根据当天历史安全检查记录处理后续的访问, 如果第一次到安全服务 器验证后反馈的结果为不存在安全隐患, 则报文分析模块将关键信息 (如 IP地址和 /或 URL地址等)及对应的安全检查记录结果存储在本地, 当第 二次对相同地址进行访问时, 则直接使用本地保存的对同一地址的历史判 断结果进行处理, 不需要再次将关键信息发送给位于互联网中的安全服务 器进行再次验证。  The home gateway first determines whether there is a historical security check record for the key information in the local area. If yes, the local security check records the judgment of whether the Http message has a security risk according to the historical security check; if not, the security server needs the The key information is verified whether there is a security risk. For example, on the same day, for the same network address or the server site, the subsequent access can be processed according to the historical security check record. If the result of the first feedback to the security server is no security risk, the packet is sent. The analysis module stores key information (such as IP address and/or URL address, etc.) and corresponding security check record results locally. When accessing the same address for the second time, the locally saved historical judgment of the same address is directly used. The results are processed and there is no need to send critical information to the secure server located in the Internet for re-authentication.
步骤 304: 如果需要安全检查处理则将关键信息传送给服务器交互模 块;  Step 304: If the security check process is required, the key information is transmitted to the server interaction module;
步骤 305: 服务器交互模块向安全服务器发送安全检查请求; 步驟 306: 安全服务器对关键信息进行分析或进行验证查询, 判断该关 键信息对应的网络访问站点或地址是否存在病毒或黑客攻击等安全隐患, 并将安全检查结果反馈给服务器交互模块; Step 305: The server interaction module sends a security check request to the security server. Step 306: The security server analyzes or performs a verification query on the key information, and determines whether the network access site or address corresponding to the key information has a security risk such as a virus or a hacker attack. And feedback the security check result to the server interaction module;
步骤 307: 服务器交互模块将关键信息检查结果反馈给报文分析模块; 步骤 308: 报文分析模块根据反馈的安全检查结果, 判断用户是否可以 访问关键信息对应的 Web服务器或网絡地址,如果可以,则转发用户的 Http 的协议报文, 如果不可以, 则通知客户端交互模块进行告警处理、 或提示 用户进行选择是否继续、 或执行阻止操作;  Step 307: The server interaction module feeds back the key information check result to the message analysis module. Step 308: The message analysis module determines, according to the feedback security check result, whether the user can access the web server or network address corresponding to the key information, and if so, Forwarding the protocol packet of the user's Http, if not, notifying the client interaction module to perform alarm processing, or prompting the user to select whether to continue, or performing a blocking operation;
步驟 309: 客户端交互模块收到报文分析模块的命令后, 推送 Http的 报文, 在用户的浏览器上显示, 本次访问的站点存在病毒或恶意攻击代码, 请不要继续;  Step 309: After receiving the command of the packet analysis module, the client interaction module pushes the Http message and displays it on the user's browser. The site visited this time has a virus or malicious attack code, please do not continue;
以上流程实例了本发明实现基于家庭网关防病毒的整个过程, 由于本 发明不需要用户终端安装防火墙或杀毒软件, 不需要对这些软件进行配置, 通过安全服务器对关键信息的集中认证, 能够实现在广域网范围内集中对 存在安全风险的网络站点进行屏蔽和封杀, 实时性更强, 因此, 在很大程 度上降低了家庭网关用户的网络维护成本, 提高了网络安全性。  The above process exemplifies the entire process of implementing the home gateway anti-virus according to the present invention. Since the present invention does not require the user terminal to install the firewall or the anti-virus software, the software does not need to be configured, and the centralized authentication of the key information by the security server can be realized. In the WAN, the network sites with security risks are shielded and blocked, which is more real-time. Therefore, the network maintenance cost of the home gateway users is greatly reduced, and the network security is improved.
以上所述, 仅为本发明的较佳实施例而已, 并非用于限定本发明的保 护范围。  The above is only the preferred embodiment of the present invention and is not intended to limit the scope of the present invention.

Claims

权利要求书 Claim
1、 一种基于家庭网关的防病毒方法, 其特征在于, 该方法包括: 家庭网关捕获用户终端发送的网络访问请求报文, 从中提取关键信息; 所述家庭网关与位于互联网中的安全服务器进行交互, 依据所述关键 信息验证本次网络访问请求是否存在安全隐患, 若存在安全隐患, 则拒绝 本次网络访问请求; 否则放行本次网络访问。 An anti-virus method based on a home gateway, the method comprising: the home gateway capturing a network access request message sent by the user terminal, and extracting key information therefrom; the home gateway is performed with a security server located in the Internet Interacting, verifying whether the network access request has a security risk according to the key information, and if there is a security risk, rejecting the network access request; otherwise, releasing the network access.
2、 根据权利要求 1所述的方法, 其特征在于, 所述关键信息为: 统一 资源定位符 (URL ) 和 /或网际网协议 (IP ) 地址信息; 所述安全服务器存 储有与所述关键信息相关的, 用于判断用户终端访问的网络站点是否安全 的安全性验证信息。  2. The method according to claim 1, wherein the key information is: a uniform resource locator (URL) and/or an internet protocol (IP) address information; the security server stores and the key Information-related security verification information for determining whether a network site accessed by a user terminal is secure.
3、 根据权利要求 2所述的方法, 其特征在于, 验证本次网络访问请求 是否存在安全隐患的步骤具体为:  The method according to claim 2, wherein the step of verifying whether the network access request has a security risk is specifically:
Al、 家庭网关首先对所述关键信息进行分析, 判断是否需要进行安全 检查, 若需要则执行步骤 A2; 否则放行本次网络访问请求;  Al, the home gateway first analyzes the key information, determines whether a security check is needed, and if necessary, performs step A2; otherwise, the current network access request is released;
A2、 家庭网关将所述关键信息发送至安全服务器, 安全服务器判断所 述关键信息对应的服务器站点是否存在安全隐患, 并将判断结果反馈给所 述家庭网关。  A2: The home gateway sends the key information to the security server, and the security server determines whether the server site corresponding to the key information has a security risk, and feeds the determination result to the home gateway.
4、 根据权利要求 3所述的方法, 其特征在于, 步骤 A1 中, 所述家庭 网关判断是否需要进行安全检查的步骤具体为:  The method according to claim 3, wherein in step A1, the step of determining, by the home gateway, whether a security check is required is:
Al 1、所述家庭网关判断本地是否存在针对所述关键信息的历史安全检 查记录, 若存在则执行步骤 A12; 否则执行步骤 A2;  Al1, the home gateway determines whether there is a historical security check record for the key information locally, if yes, step A12 is performed; otherwise, step A2 is performed;
A12、对于具有相同关键信息的网络访问请求依据历史安全检查记录进 行处理。  A12. The network access request with the same key information is processed according to the historical security check record.
5、 一种基于家庭网关的防病毒系统, 其特征在于, 该系统包括: 用户终端, 用于通过家庭网关发起网络访问请求; 5. A home gateway-based antivirus system, characterized in that the system comprises: a user terminal, configured to initiate a network access request by using a home gateway;
家庭网关, 用于捕获所述网络访问请求的报文, 从中提取关键信息并 将所述关键信息发送至位于互联网中的安全服务器; 根据安全服务器的安 全检查结果对所述用户终端进行网络访问控制;  a home gateway, configured to capture a message of the network access request, extract key information therefrom, and send the key information to a security server located in the Internet; perform network access control on the user terminal according to a security check result of the security server ;
安全服务器, 用于对所述关键信息进行安全检查, 将安全检查结果反 馈给家庭网关。  The security server is configured to perform security check on the key information, and feedback the security check result to the home gateway.
6、 根据权利要求 5所述的系统, 其特征在于, 所述关键信息为: 统一 资源定位符和 /或 IP地址信息; 所述安全服务器存储有与所述关键信息相关 的用于判断用户终端访问的网络站点是否安全的安全性验证信息。  The system according to claim 5, wherein the key information is: a uniform resource locator and/or IP address information; the security server stores a user terminal associated with the key information for determining Whether the visited network site is secure and secure.
7、 根据权利要求 6所述的系统, 其特征在于, 所述家庭网关在提取所 述关键信息后, 首先判断本地是否存在针对所述关键信息的历史安全检查 记录, 若存在, 则依据历史安全检查记录进行处理; 否则将所述关键信息 发送至位于互联网中的安全服务器进行安全检查。  The system according to claim 6, wherein after extracting the key information, the home gateway first determines whether there is a historical security check record for the key information locally, and if yes, according to historical security Check the records for processing; otherwise the critical information is sent to a secure server located on the Internet for security checks.
8、 一种家庭网关, 其特征在于, 包括:  8. A home gateway, comprising:
报文捕获模块, 用于捕获网络访问报文, 从中提取关键信息, 并将关 键信息发送给报文分析模块;  a message capture module, configured to capture a network access message, extract key information therefrom, and send the key information to the message analysis module;
报文分析模块, 用于对关键信息进行分析并根据安全服务器的安全检 查结果控制用户终端的网络访问;  a message analysis module, configured to analyze key information and control network access of the user terminal according to the security check result of the security server;
客户端交互模块, 用于与用户终端之间的信息交互, 在报文分析模块 反馈存在安全隐患时通知用户终端并执行阻止操作;  The client interaction module is configured to exchange information with the user terminal, notify the user terminal and perform a blocking operation when the packet analysis module feedback has a security risk;
服务器交互模块: 用于报文分析模块与位于互联网中的安全服务器之 间的信息交互。  Server interaction module: Used for information interaction between the message analysis module and a secure server located in the Internet.
9、 根据权利要求 8所述的家庭网关, 其特征在于, 所述关键信息为: 统一资源定位符和 /或 IP地址信息; 所述安全服务器存储有与所述关键信息 相关的用于判断用户终端访问的网络站点是否安全的安全性验证信息。 The home gateway according to claim 8, wherein the key information is: a uniform resource locator and/or IP address information; and the security server stores, for determining the user, related to the key information. Whether the network site accessed by the terminal is secure and secure.
10、 根据权利要求 9 所述的家庭网关, 其特征在于, 所述报文分析模 块包括: The home gateway according to claim 9, wherein the message analysis module comprises:
历史分析判断模块, 用于判断本地是否存在针对所述关键信息的历史 安全检查记录, 若存在, 则依据历史安全检查记录进行处理; 否则通知当 前分析判断模块处理;  The historical analysis judging module is configured to determine whether there is a historical security check record for the key information locally, and if yes, process according to the historical security check record; otherwise, notify the current analysis and judgment module to process;
当前分析判断模块, 用于将所述关键信息传送给安全服务器, 并根据 安全服务器的安全检查结果进行处理。  The current analysis and judgment module is configured to transmit the key information to the security server, and process according to the security check result of the security server.
PCT/CN2010/071931 2009-04-22 2010-04-20 Home gateway-based anti-virus method and device thereof WO2010121542A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910082819.6 2009-04-22
CN200910082819A CN101527721B (en) 2009-04-22 2009-04-22 Anti-virus method on the basis of household gateway and device thereof

Publications (1)

Publication Number Publication Date
WO2010121542A1 true WO2010121542A1 (en) 2010-10-28

Family

ID=41095419

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/071931 WO2010121542A1 (en) 2009-04-22 2010-04-20 Home gateway-based anti-virus method and device thereof

Country Status (2)

Country Link
CN (1) CN101527721B (en)
WO (1) WO2010121542A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116488934A (en) * 2023-05-29 2023-07-25 无锡车联天下信息技术有限公司 Domain controller-based network security management method and system

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101527721B (en) * 2009-04-22 2012-09-05 中兴通讯股份有限公司 Anti-virus method on the basis of household gateway and device thereof
CN102075502B (en) * 2009-11-24 2013-12-11 北京网御星云信息技术有限公司 Virus protection system based on cloud computing
CN102664872B (en) * 2012-03-05 2016-05-25 星云融创(北京)科技有限公司 For detection of with the method preventing server attack in computer network
CN102937977A (en) * 2012-10-17 2013-02-20 北京奇虎科技有限公司 Search server and search method
CN102916983B (en) * 2012-11-22 2015-08-05 北京奇虎科技有限公司 The guard system of access to netwoks behavior
CN103905373B (en) * 2012-12-24 2018-02-16 珠海市君天电子科技有限公司 Method and device for intercepting network attack based on cloud
CN103281288B (en) * 2013-02-05 2016-01-13 武汉安天信息技术有限责任公司 A kind of SMSCallFilter system and method
CN104253701A (en) * 2013-06-28 2014-12-31 北京艾普优计算机系统有限公司 Running method of computer network, gateway device and server device
CN103457934B (en) * 2013-08-15 2016-09-21 中国联合网络通信集团有限公司 Virus defense method based on gateway device, gateway device and server
CN103491543A (en) * 2013-09-30 2014-01-01 北京奇虎科技有限公司 Method for detecting malicious websites through wireless terminal, and wireless terminal
CN103973704B (en) * 2014-05-23 2017-04-05 北京奇虎科技有限公司 Based on the domain name analytic method of WIFI equipment, apparatus and system
CN110535862A (en) * 2019-08-30 2019-12-03 深信服科技股份有限公司 A kind of flow rate testing methods, system, device and computer readable storage medium
CN114095283A (en) * 2022-01-24 2022-02-25 天津市职业大学 Security gateway protection system access control method and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1588879A (en) * 2004-08-12 2005-03-02 复旦大学 Internet content filtering system and method
WO2008008219A2 (en) * 2006-07-10 2008-01-17 Websense, Inc. System and method of analyzing web content
GB2441350A (en) * 2006-08-31 2008-03-05 Purepages Group Ltd Filtering access to internet content
CN101310502A (en) * 2005-09-30 2008-11-19 趋势科技股份有限公司 Security management device, communication system and access control method
CN101527721A (en) * 2009-04-22 2009-09-09 中兴通讯股份有限公司 Anti-virus method on the basis of household gateway and device thereof

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1588879A (en) * 2004-08-12 2005-03-02 复旦大学 Internet content filtering system and method
CN101310502A (en) * 2005-09-30 2008-11-19 趋势科技股份有限公司 Security management device, communication system and access control method
WO2008008219A2 (en) * 2006-07-10 2008-01-17 Websense, Inc. System and method of analyzing web content
GB2441350A (en) * 2006-08-31 2008-03-05 Purepages Group Ltd Filtering access to internet content
CN101527721A (en) * 2009-04-22 2009-09-09 中兴通讯股份有限公司 Anti-virus method on the basis of household gateway and device thereof

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116488934A (en) * 2023-05-29 2023-07-25 无锡车联天下信息技术有限公司 Domain controller-based network security management method and system

Also Published As

Publication number Publication date
CN101527721A (en) 2009-09-09
CN101527721B (en) 2012-09-05

Similar Documents

Publication Publication Date Title
WO2010121542A1 (en) Home gateway-based anti-virus method and device thereof
US9742799B2 (en) Client-side active validation for mitigating DDOS attacks
JP5250594B2 (en) Virtual server and method for zombie identification, and sinkhole server and method for integrated management of zombie information based on virtual server
US7725936B2 (en) Host-based network intrusion detection systems
AU784199B2 (en) Method and transaction interface for secure data exchange between distinguishable networks
US8869279B2 (en) Detecting web browser based attacks using browser response comparison tests launched from a remote source
CN102047262B (en) Authentication for distributed secure content management system
KR101095447B1 (en) Apparatus and method for preventing distributed denial of service attack
JP2009044664A (en) Program for controlling communication device, and communication device
KR102020178B1 (en) Fire wall system for dynamic control of security policy
CN102111406A (en) Authentication method, system and DHCP proxy server
US8543807B2 (en) Method and apparatus for protecting application layer in computer network system
JP5864598B2 (en) Method and system for providing service access to a user
WO2022105096A1 (en) Trusted terminal determination method and related device
Hossain et al. Survey of the Protection Mechanisms to the SSL-based Session Hijacking Attacks.
JP2011035535A (en) Communication cutoff device, server device, method, and program
JP2009003559A (en) Computer system for single sign-on server, and program
Nursetyo et al. Website and network security techniques against brute force attacks using honeypot
CN114598489A (en) Method for determining trust terminal and related device
CN106789882A (en) Defence method and system that a kind of domain name request is attacked
KR101463873B1 (en) Method and apparatus for preventing data loss
KR102449282B1 (en) Site replication devicefor enhancing website security
JP2003258795A (en) Computer aggregate operating method, implementation system therefor, and processing program therefor
Narula et al. Novel Defending and Prevention Technique for Man‐in‐the‐Middle Attacks in Cyber‐Physical Networks
US10079857B2 (en) Method of slowing down a communication in a network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10766632

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10766632

Country of ref document: EP

Kind code of ref document: A1