WO2011150692A1 - 一种进行网络访问控制的方法及服务网关 - Google Patents

一种进行网络访问控制的方法及服务网关 Download PDF

Info

Publication number
WO2011150692A1
WO2011150692A1 PCT/CN2011/070613 CN2011070613W WO2011150692A1 WO 2011150692 A1 WO2011150692 A1 WO 2011150692A1 CN 2011070613 W CN2011070613 W CN 2011070613W WO 2011150692 A1 WO2011150692 A1 WO 2011150692A1
Authority
WO
WIPO (PCT)
Prior art keywords
network resource
filter
resource address
free operation
user
Prior art date
Application number
PCT/CN2011/070613
Other languages
English (en)
French (fr)
Inventor
江婷婷
吴丽梅
欧阳新志
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2011150692A1 publication Critical patent/WO2011150692A1/zh

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection

Definitions

  • the present invention relates to the field of network communication technologies, and in particular, to a method for performing network access control and a service gateway.
  • the Wireless Application Protocol (WAP) service is a service provided by operators to mobile users to access the Internet through mobile phones. Some users who are not convenient to use the computer can browse the WAP site service through the mobile phone WAP browser, and can enjoy various application services such as news browsing, stock inquiry, mail sending and receiving, online game, chat and so on. And with the advent of the 3G era, the information transmission bandwidth has increased, and the information transmitted by mobile phones has become more diverse, and users can enjoy richer network services such as video, voice, and images.
  • WAP technology provides users with the convenience of enjoying the network, and also provides a new way to spread bad information and technology. Filtering the content of the network, eliminating bad information, and providing users with a "green" Internet environment to the greatest extent has important application value and practical significance.
  • the commonly used content filtering method is to obtain the content to be filtered, filter the network content according to a predetermined rule, and output the filtered content to the user.
  • the service gateway When the user accesses the same network content with bad information multiple times, the service gateway performs the same filtering operation on the same content, resulting in waste of service multi-processing capability;
  • the technical problem to be solved by the present invention is to provide a method for performing network access control and a service gateway, adaptively changing control rules, and improving the processing capability of the service gateway for network access control.
  • the present invention provides a method for performing network access control, including: determining, after the service gateway receives a request for a network resource address requested by a user, the network When the resource address does not satisfy the filter-free operation condition, the network resource content corresponding to the network resource address is filtered by the bad information, and then provided to the user, and the bad value of the network resource content is calculated, and the value is updated according to the calculated badness value.
  • the filter operating conditions can also have the following characteristics:
  • the step of calculating the badness value of the network resource content includes: the service gateway maintaining a sensitive word vocabulary, wherein the sensitive word vocabulary includes a sensitive word and a corresponding sensitive weight; the service gateway is in the network resource content After detecting the sensitive words recorded in the sensitive word vocabulary, the detected sensitive weights of the sensitive words in the network resource content are summed, and the sensitive weights and values are obtained as the bad contents of the network resource content. Degree value.
  • the above method may further include:
  • the service gateway After detecting the sensitive words recorded in the sensitive word vocabulary in the content of the network resource, the service gateway determines whether the sensitive word belongs to a misjudgment by analyzing the textual association relationship in the sentence where the sensitive word is located, and if it is a mistake When the sentence is judged, the noun containing the sensitive word in the statement is added as a new sensitive word to the sensitive vocabulary, and the weight of the new sensitive word is set to a negative value corresponding to the weight of the original sensitive word.
  • the network resource address does not satisfy the filter-free operation condition, that is, the network resource address is not the network resource address included in the filter-free operation condition;
  • the filter-free operation condition includes one or more of the following rules: a replacement rule, a pass rule; wherein, the prohibition rule includes a network resource address that prohibits user access; the replacement rule includes a network resource address that allows the user to access the filtered network resource content; and the pass rule includes a network resource address that allows the user to directly access the network resource address.
  • the method further includes: after receiving the request for the user to access the network resource address, the service gateway determines that the network resource address is in the prohibition rule of the filter-free operation condition, and rejects the access request of the user;
  • the step of updating the filter-free operation condition according to the calculated badness value includes: the network resource content is less than the preset value When the threshold is reached, add this network resource address to the forbidden In the rules.
  • the method further includes: after receiving the request for the user to access the network resource address, the service gateway determines that the network resource address is in the replacement rule of the filter-free operation condition, and directly records the recorded network resource corresponding to the network resource address.
  • the content of the content filtering information is provided to the user; when the service gateway determines that the network resource address requested by the user does not satisfy the filter-free operation condition, the step of updating the filter-free operation condition according to the calculated badness value includes: After the badness value of the network resource content is less than or equal to a preset threshold and greater than 0, after performing bad information filtering on the network resource content, the network resource address is added to the replacement rule, and the record corresponds to the network resource address. Filtered content.
  • the method further includes: after the service gateway receives the request for the user to access the network resource address, and determines that the network resource address is in the pass rule of the filter-free operation condition, the network corresponding to the network resource address learned from the service provider The resource content is provided to the user; when the service gateway determines that the network resource address requested by the user does not meet the filter-free operation condition, the step of updating the filter-free operation condition according to the calculated badness value includes: the network resource content When the badness value is equal to 0, this network resource address is added to the pass rule.
  • the present invention provides a service gateway for performing network access control
  • the service gateway includes: a filter-free operation judging module, which is configured to: after receiving a request for a user to request access to a network resource address, determine When the network resource address does not meet the filter-free operation condition, the network resource address is sent to the filtering analysis module, and the filtering analysis module is configured to: learn, from the service provider, the network resource corresponding to the network resource address. Content, performing bad information filtering and calculating a badness value of the network resource content, and updating the filter-free operating condition according to the calculated badness value.
  • the filtering analysis module comprises: a sensitive word lexical unit, which is configured to: maintain a sensitive word vocabulary, the sensitive word vocabulary contains sensitive words and corresponding sensitive weights; Setting: calculating a value of the network resource content, and detecting the sensitive words recorded in the sensitive word vocabulary in the network resource content, detecting the sensitive words in the network resource content After the sensitive weights are summed, the sensitive weights and values will be obtained as the bad value of the content of the network resources.
  • the filtering analysis module further includes a sensitive word association analysis module connected to the bad degree analysis unit and the sensitive word dictionary unit; the bad degree analysis unit is further configured to: set the network association analysis module to: Analyze the relationship between the words in the sentence where each sensitive word is located, and judge whether each sensitive word belongs to a misjudgment. If it is a misjudgment, add the noun containing the sensitive word in the statement as a new sensitive word, and add it to the sensitive vocabulary. And set the weight of this new sensitive word to a negative value corresponding to the weight of the original sensitive word.
  • the network resource address does not satisfy the filter-free operation condition, that is, the network resource address is not the network resource address included in the filter-free operation condition;
  • the filter-free operation condition includes one or more of the following rules: a replacement rule, a pass rule; wherein, the prohibition rule includes a network resource address that prohibits user access;
  • the replacement rule includes a network resource address that allows the user to access the filtered network resource content;
  • the pass rule includes a network resource that allows the user to directly access the network resource. address.
  • the filter-free operation judging module is further configured to: when receiving the request for accessing the network resource address by the user, determining that the network resource address is in the prohibition rule of the filter-free operation condition, rejecting the access request of the user;
  • the module is configured to update the filter-free operation condition according to the calculated badness value in the following manner: When it is determined that the network resource content badness value is greater than a preset threshold, the network resource address is added to the prohibition rule.
  • the filter-free operation judging module is further configured to: after receiving the request for the user to access the network resource address, determining that the network resource address is in the replacement rule of the filter-free operation condition, directly Providing the user; the filtering analysis module is configured to update the filter-free operating condition according to the calculated badness value in the following manner: determining that the network resource content badness value is less than or equal to a preset threshold and greater than 0, Performing bad information filtering on the network resource content, adding the network resource address to the replacement rule, and recording the filtered content corresponding to the network resource address.
  • the filter-free operation judging module is further configured to: after receiving the request for the user to access the network resource address, determining that the network resource address is located in the pass-through rule of the filter-free operation condition, the network resource address learned from the service provider Corresponding network resource content is provided to the user; the filtering analysis module is configured to update the filter-free operation condition according to the calculated badness value in the following manner: when determining that the network resource content badness value is equal to 0, This network resource address is added to the pass rule.
  • the badness value of the network resource content is calculated and the filter-free operation condition is automatically updated according to the badness value, so that the entire filtering system is adaptively operated, and the processing efficiency of accessing the network address is improved.
  • the service gateway does not need to obtain the network content from the service provider, and directly denies the user access, and does not need to perform multiple filtering operations on the network content. Improve the processing efficiency of network address access.
  • the service gateway does not need to obtain the networked content from the service provider to directly provide the recorded filtering result to the user, thereby improving the processing efficiency.
  • the service gateway can also automatically update the sensitive vocabulary, and analyze whether the sensitive words are misjudged by the contextual relationship of the sensitive words in the text.
  • the nouns containing the sensitive words in the statement are regarded as new sensitive.
  • the word, and the weight of the new sensitive word is set to a negative value corresponding to the weight of the original sensitive word, the sensitive vocabulary is updated, and the accuracy of the sensitive word judgment is continuously improved, thereby improving the accuracy of the filtering.
  • BRIEF abstract 1 is a composition diagram of a service gateway performing network access control in an embodiment
  • FIG. 2 is a flow chart of a method for performing network access control in an embodiment
  • FIG. 3 is a detailed flow chart of a method of performing network access control in a specific embodiment.
  • the service gateway that performs network access control maintains a connection path with the service provider.
  • the service provider is used to provide specific network resource content.
  • the service gateway may be a gateway in a wireless communication system such as a WAP gateway or a non-wireless gateway.
  • the service gateway includes a filter-free operation judgment module and a filter analysis module.
  • the filtering analysis module includes an interconnected bad degree analysis unit, a sensitive word lexical unit, and a sensitive word association analysis module.
  • the filter-free operation judging module is configured to send the network resource address to the filtering analysis module when the network resource address does not satisfy the filter-free operation condition after receiving the request for accessing the network resource address by the user.
  • the filtering analysis module is configured to learn the content of the network resource corresponding to the network resource address from the service provider, filter the bad information, provide the user with the badness value of the network resource content, and update according to the calculated badness value.
  • the filter-free operating conditions is configured to send the network resource address to the filtering analysis module when the network resource address does not satisfy the filter-free operation condition after receiving the request for accessing the network resource address by the user.
  • the filtering analysis module is configured to learn the content of the network resource corresponding to the network resource address from the service provider, filter the bad information, provide the user with the badness value of the network resource content, and update according to the calculated badness value.
  • the filter-free operation judgment module maintains the filter-free operation condition, and the network resource address does not satisfy the filter-free operation condition, that is, the network resource address is not the network resource address included in the filter-free operation condition.
  • the filter-free operation condition includes one or more of the following rules: a forbidden rule, a replacement rule, a pass rule; wherein, the prohibition rule includes a network resource address that prohibits user access; and the replacement rule includes allowing the user to access the filtered network resource.
  • the network resource address of the content; the access rule includes the network resource address that the user is allowed to directly access.
  • the filter-free operation conditions include the prohibition rule, the replacement rule, and the pass rule
  • the network resource address requested by the user does not belong to the prohibition rule, the replacement rule, and the address in the pass rule
  • the network resource is considered as the network resource.
  • the address does not satisfy the filtering operation.
  • the filter-free operation condition in the filter-free operation judgment module may be adaptively updated according to the bad degree value.
  • the way to update the prohibition rule is as follows:
  • the filtering analysis module is configured to add the network resource address to the prohibition rule when the value of the network resource content is determined to be greater than a preset threshold after calculating the badness value of the network resource content.
  • the filter-free operation judging module is configured to reject the access request of the user when the network resource address is determined to be in the prohibition rule of the filter-free operation condition after receiving the request for accessing the network resource address by the user.
  • the filtering analysis module is configured to calculate the badness value of the content of the network resource, if it is determined that the value of the network resource content is less than or equal to a preset threshold and greater than 0, filtering the bad information of the network resource content,
  • the network resource address is added to the replacement rule, and the filtered content corresponding to the network resource address is recorded.
  • the filter-free operation judging module is configured to, after receiving the request for the user to access the network resource address, determine that the content of the replacement good information filtered by the network resource address in the filter-free operation condition is provided to the user.
  • the filter-free operation judging module is configured to: after receiving the request for the user to access the network resource address, determine that the network resource address is located in the pass-through rule of the filter-free operation condition, and the network resource corresponding to the network resource address learned from the service provider Content is provided to the user.
  • filtering bad information on network resource content includes filtering of bad image filtering and sensitive words.
  • filtering bad images maintain and dynamically update the bad image database in combination with face recognition and other techniques for filtering.
  • filtering sensitive words maintain and dynamically update sensitive word vocabularies to continuously improve the accuracy of sensitive word detection.
  • the sensitive word lexical unit is used to maintain a sensitive word vocabulary, which contains sensitive words and corresponding sensitive weights.
  • the attributes of sensitive words also include the effective time, expiration time, and index.
  • the badness analysis unit is configured to calculate a badness value of the network resource content, and after detecting the sensitive words recorded in the sensitive word vocabulary in the network resource content, each of the detected network resource contents After the sensitive weights of sensitive words are summed, sensitive weights and values will be obtained as the network. To the sensitive word association analysis module.
  • the sensitive word association analysis module is used to analyze the text association relationship in the sentence where each sensitive word is located, and determine whether each sensitive word belongs to a misjudgment. If it is a misjudgment, the noun containing the sensitive word in the statement is used as a new sensitive word. As for the sensitive lexicon, the weight of the new sensitive word is set to a negative value corresponding to the weight of the original sensitive word.
  • the filter-free operating conditions have been updated, and the sensitive term database has also been updated. As the system application time is extended, the system automatically improves the control of network resource address access.
  • the method for performing network access control includes: after receiving the request for accessing the network resource address by the user, the service gateway determines that the network resource address does not satisfy the filter-free operation condition, and calculates the content of the network resource.
  • the degree value, the filter-free operation condition is updated according to the calculated degree of badness.
  • the network resource address does not satisfy the filter-free operation condition, that is, the network resource address is not the network resource address included in the filter-free operation condition.
  • the filter-free operating conditions include one or more of the following rules: Prohibited rules, replacement rules, and pass rules.
  • the prohibition rule includes a network resource address that prohibits user access. After receiving the request from the user to access the network resource address, the service gateway rejects the user's access request when determining that the network resource address is in the forbidden rule of the filter-free operation condition. When the service gateway determines that the network resource address requested by the user does not meet the filter-free operation condition and the value of the network resource content is greater than a preset threshold, the network resource address is added to the prohibition rule.
  • the replacement rule includes a network resource address that allows the user to access the filtered network resource content.
  • the service gateway determines that the network resource address is in the replacement rule of the filter-free operation condition, and directly records the content of the recorded network resource content corresponding to the network resource address. Provided to the user.
  • the service gateway determines that the user requests to visit If the network resource address of the network resource address does not satisfy the filter-free operation condition and the value of the network resource content is less than or equal to a preset threshold and is greater than 0, after the bad information is filtered by the network resource content, the network resource is used.
  • the address is added to the replacement rule, and the filtered content corresponding to the network resource address is recorded.
  • the pass rules include network resource addresses that allow users to directly access them.
  • the service gateway After receiving the request for the user to access the network resource address, the service gateway determines that the network resource address is in the pass-through rule of the filter-free operation condition, and provides the network resource content corresponding to the network resource address learned by the service provider to the user.
  • the service gateway determines that the network resource address requested by the user does not satisfy the filter-free operation condition and the network resource content defect value is equal to 0, the network resource address is added to the traffic rule.
  • the filter-free operation conditions include the prohibition rule, the replacement rule, and the pass rule
  • the network resource address requested by the user does not belong to the prohibition rule, the replacement rule, and the address in the pass rule
  • the network resource is determined. The address satisfies the filter-free operating conditions.
  • Step 301 A user terminal initiates a request for accessing a network resource address to a serving gateway, where the request indicates a network resource address that is required to be accessed, for example, to be unified.
  • Step 302 The serving gateway determines whether the network resource address satisfies the prohibition rule in the filter-free operation condition. If yes, notifies the user of the denied access information, otherwise, performs the next step.
  • the service gateway determines whether the network resource address is a network resource address in the forbidden rule. If yes, the network resource address satisfies the prohibition rule in the filter-free operation condition, otherwise it is not satisfied.
  • the judgment of the URL forbidden to access uses the principle of left matching, that is, if http://www.abcd.com/ is the network resource address in the prohibition rule, the lower address of this address is for example htt ://www. abed.com /music is also forbidden to access.
  • Step 303 The service gateway determines whether the network resource address meets the content of the bad information filtering in the filter-free operation condition and provides the content to the user. Otherwise, the next step is performed.
  • Step 304 The serving gateway determines whether the network resource address meets the filter-free operation condition. The pass rule, if yes, obtain the network resource content corresponding to the network resource address from the service provider and provide the content to the user; otherwise, perform the next step.
  • Step 305 Obtain a network resource content corresponding to the network resource address from the service provider, and calculate a bad value of the content of the network resource.
  • the method for calculating the bad value of the network resource content may be: the service gateway maintains a sensitive word vocabulary, the sensitive word vocabulary contains sensitive words and corresponding sensitive weights; the service gateway detects the sensitive words in the network resource content After the sensitive words recorded in the thesaurus, the sensitive weights of the sensitive words in the detected network resource content are summed, and the sensitive weights and values are obtained as the bad degree values of the network resource contents.
  • sensitive words are given different weights according to their sensitivity. The higher the sensitivity, the higher the weight. For example, according to the severity of the use of words in violation of social morality, the keywords are divided into five levels, and the sensitivity ranges from high to low corresponding to levels 5 to 1. Find the number of sensitive words and the number of occurrences in the content of the network resource, multiply the weight of a sensitive word by the number of occurrences, and obtain the weight of the sensitive word in the network content, the sum of the weights of all the sensitive words, It is the value of the badness of the entire network content.
  • the sensitive words A and B appear in the network resource content
  • Step 306 Determine whether the value of the network resource content is 0. If yes, the network resource content obtained from the service provider is directly provided to the user, and the network resource address is updated to the access rule. Otherwise, the next step is performed. .
  • Step 307 Determine whether the value of the network resource content is greater than a preset threshold. If yes, notify the user of the denied access information, and update the network resource address to the prohibition rule. Otherwise, perform the next step.
  • Step 308 Filter the content of the network resource, provide the filtered content to the user, update the network resource address to the replacement rule, and record the filtered content corresponding to the network resource address.
  • Step 309 analyzing the relationship between the characters in the sentence where each sensitive word is located, and judging the misjudgment of the sensitive word, adding the noun containing the sensitive word in the statement as a new sensitive word to In the sensitive lexicon, the weight of the new sensitive word is set to a negative value corresponding to the weight of the original sensitive word.
  • This step also includes updating an attribute such as an image feature library that affects the determination image as a bad image.
  • the service gateway synchronously transmits the information such as the filter-free condition to the operator, and the operator has the right to add or delete the network resource address in each rule of the filter-free condition, and may also modify the filtered corresponding address in the replacement rule. Content.
  • the filter-free operating conditions are automatically updated according to the degree of badness, so that the entire filtering system is adaptively operated, and the processing efficiency of accessing the network address is improved.
  • the service gateway does not need to obtain the network content from the service provider, and directly denies the user access, and does not need to perform multiple filtering operations on the network content. Improve the processing efficiency of network address access.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

本发明提供了一种进行网络访问控制的方法及服务网关,包括服务网关收到用户要求访问网络资源地址的请求后,判断网络资源地址不满足免过滤操作条件时,对此网络资源地址对应的网络资源内容进行不良信息过滤后提供给用户,并计算网络资源内容的不良程度值,根据计算出的不良程度值更新所述免过滤操作条件。本发明中根据不良程度值自动更新免过滤操作条件,使整个过滤系统自适应的运行,提高对网络地址访问的处理效率。另外在用户重复请求访问其不良信息值大于预设门限的网络内容时,服务网关无需从服务提供商处获取此网络内容,便直接拒绝用户访问,无需对此网络内容进行多次重复过滤操作,提高对网络地址访问的处理效率。

Description

一种进行网络访问控制的方法及服务网关
技术领域
本发明涉及网络通信技术领域, 尤其涉及一种进行网络访问控制的方法 及服务网关。
背景技术
无线应用通讯协议 ( Wireless Application Protocol, 简称 WAP)业务是运 营商向移动用户提供的一种通过手机访问互联网的业务。 一些不方便使用电 脑的用户,可以通过手机 WAP浏览器浏览 WAP站点的服务, 即可享受新闻 浏览、 股票查询、 邮件收发、 在线游戏、 聊天等多种应用服务。 并且随着 3G 时代的到来, 信息传输带宽的增加, 手机传播的信息更加多样化, 用户可以 享受到视频, 语音, 图像等更丰富的网络服务。
WAP技术给用户带来享用网络的便利, 同时也提供了一种新的不良信息 的传播途径和技术实现方式。 过滤网络内容, 剔除不良信息, 最大程度的为 用户提供一个 "绿色" 的上网环境具有重要的应用价值和现实意义。
目前, 常用的内容过滤方法是获得待过滤内容, 根据预定的规则对网络 内容进行过滤, 将过滤后的内容输出给用户。
上述方法存在以下问题:
用户多次访问同一含有不良信息的网络内容时, 服务网关对此同一内容 进行同样的过滤操作, 造成服务多关处理能力的浪费;
预定的规则不能够自动更新和自动调整。 发明内容
本发明所要解决的技术问题是提供一种进行网络访问控制的方法及服务 网关, 自适应的改变控制规则, 提高服务网关对网络访问控制的处理能力。
为了解决上述技术问题, 本发明提供了一种进行网络访问控制的方法, 包括: 服务网关收到用户要求访问的网络资源地址的请求后, 判断所述网络 资源地址不满足免过滤操作条件时, 对此网络资源地址对应的网络资源内容 进行不良信息过滤后提供给用户, 并计算所述网络资源内容的不良程度值, 根据计算出的不良程度值更新所述免过滤操作条件。 上述方法还可以具有以下特点:
计算所述网络资源内容的不良程度值的步骤包括: 所述服务网关维护一 敏感词词库, 此敏感词词库中包含敏感词以及对应的敏感权重; 所述服务网 关在所述网络资源内容中检测到所述敏感词词库中记载的敏感词后, 将检测 到的所述网络资源内容中各敏感词的敏感权重求和后, 将得到敏感权重和值 作为所述网络资源内容的不良程度值。
上述方法还可以包括:
所述服务网关在所述网络资源内容中检测到所述敏感词词库中记载的敏 感词后, 通过分析此敏感词所在语句中文字关联关系, 判断此敏感词是否属 于误判, 如果属于误判时, 将此语句中包含此敏感词的名词作为新的敏感词, 添加至所述敏感词库中, 并将此新的敏感词的权重设置与原敏感词的权重对 应的负值。
上述方法还可以具有以下特点:
所述网络资源地址不满足免过滤操作条件是指所述网络资源地址不是所 述免过滤操作条件中包含的网络资源地址; 免过滤操作条件中包括以下规则 中一种或多种: 禁止规则, 替换规则, 通行规则; 其中, 禁止规则中包括禁 止用户访问的网络资源地址; 替换规则中包括允许用户访问过滤后的网络资 源内容的网络资源地址;通行规则中包括允许用户直接访问的网络资源地址。
上述方法还可以具有以下特点:
上述方法还包括: 所述服务网关收到用户要求访问网络资源地址的请求 后, 判断此网络资源地址位于免过滤操作条件的禁止规则中时, 拒绝用户的 访问请求;
所述服务网关判断用户请求访问的网络资源地址不满足免过滤操作条件 时, 根据计算出的不良程度值更新所述免过滤操作条件的步骤包括: 所述网 络资源内容的不良程度值大于预设的门限时, 将此网络资源地址添加入禁止 规则中。
上述方法还可以具有以下特点:
上述方法还包括: 所述服务网关收到用户访问网络资源地址的请求后, 判断此网络资源地址位于免过滤操作条件的替换规则中时, 直接将所记录的 对此网络资源地址对应的网络资源内容进行不良信息过滤的内容提供给用 户; 所述服务网关判断用户请求访问的网络资源地址不满足免过滤操作条件 时, 根据计算出的不良程度值更新所述免过滤操作条件的步骤包括: 所述网 络资源内容的不良程度值小于等于预设的门限且大于 0时, 对所述网络资源 内容进行不良信息过滤后, 将所述网络资源地址添加入替换规则, 并记录与 此网络资源地址对应的过滤后的内容。
上述方法还可以具有以下特点:
上述方法还包括: 所述服务网关收到用户访问网络资源地址的请求后, 判断此网络资源地址位于免过滤操作条件的通行规则中时, 将从服务提供商 获知的此网络资源地址对应的网络资源内容提供给用户; 所述服务网关判断 用户请求访问的网络资源地址不满足免过滤操作条件时, 根据计算出的不良 程度值更新所述免过滤操作条件的步骤包括: 所述网络资源内容的不良程度 值等于 0时, 将此网络资源地址添加入通行规则中。
为了解决上述技术问题, 本发明提供了一种进行网络访问控制的服务网 关, 所述服务网关包括: 免过滤操作判断模块, 其设置为: 在收到用户要求 访问网络资源地址的请求后, 判断所述网络资源地址不满足免过滤操作条件 时, 将所述网络资源地址发送至所述过滤分析模块; 过滤分析模块, 其设置 为: 从所述服务提供商获知此网络资源地址对应的网络资源内容, 进行不良 信息过滤并计算所述网络资源内容的不良程度值, 根据计算出的不良程度值 更新所述免过滤操作条件。
上述服务网关还可以具有以下特点:
所述过滤分析模块包括: 敏感词词库单元, 其设置为: 维护敏感词词库, 此敏感词词库中包含敏感词以及对应的敏感权重; 不良程度分析单元, 其设 置为: 计算所述网络资源内容的不良程度值, 在所述网络资源内容中检测到 所述敏感词词库中记载的敏感词后, 将检测到的所述网络资源内容中各敏感 词的敏感权重求和后, 将得到敏感权重和值作为所述网络资源内容的不良程 度值。
上述服务网关还可以具有以下特点:
所述过滤分析模块还包括与所述不良程度分析单元和敏感词词库单元均 相连的敏感词关联分析模块; 所述不良程度分析单元还设置为: 将所述网络 关联分析模块其设置为: 分析各敏感词所在语句中文字关联关系, 判断各敏 感词是否属于误判, 如果属于误判时, 将此语句中包含此敏感词的名词作为 新的敏感词, 添加至于所述敏感词库中, 并将此新的敏感词的权重设置与原 敏感词的权重对应的负值。
上述服务网关还可以具有以下特点:
所述网络资源地址不满足免过滤操作条件是指所述网络资源地址不是所 述免过滤操作条件中包含的网络资源地址; 免过滤操作条件中包括以下规则 中的一种或多种: 禁止规则, 替换规则, 通行规则; 其中, 禁止规则中包括 禁止用户访问的网络资源地址; 替换规则中包括允许用户访问过滤后的网络 资源内容的网络资源地址; 通行规则中包括允许用户直接访问的网络资源地 址。
上述服务网关还可以具有以下特点:
所述免过滤操作判断模块还设置为: 在收到用户要求访问网络资源地址 的请求后, 判断此网络资源地址位于免过滤操作条件的禁止规则中时, 拒绝 用户的访问请求; 所述过滤分析模块是设置为以如下方式根据计算出的不良 程度值更新所述免过滤操作条件: 判断所述网络资源内容的不良程度值大于 预设的门限时, 将此网络资源地址添加入禁止规则中。
上述服务网关还可以具有以下特点:
所述免过滤操作判断模块还设置为: 在收到用户访问网络资源地址的请 求后, 判断此网络资源地址位于免过滤操作条件的替换规则中时, 直接将所 供给用户; 所述过滤分析模块是设置为以如下方式根据计算出的不良程度值 更新所述免过滤操作条件: 判断所述网络资源内容的不良程度值小于等于预 设的门限且大于 0时, 对所述网络资源内容进行不良信息过滤, 将所述网络 资源地址添加入替换规则, 并记录与此网络资源地址对应的过滤后的内容。
上述服务网关还可以具有以下特点:
所述免过滤操作判断模块还设置为: 在收到用户访问网络资源地址的请 求后, 判断此网络资源地址位于免过滤操作条件的通行规则中时, 将从服务 提供商获知的此网络资源地址对应的网络资源内容提供给用户; 所述过滤分 析模块是设置为以如下方式根据计算出的不良程度值更新所述免过滤操作条 件: 判断所述网络资源内容的不良程度值等于 0时, 将此网络资源地址添加 入通行规则中。
本发明中, 计算网络资源内容的不良程度值并根据不良程度值自动更新 所述免过滤操作条件, 使整个过滤系统自适应的运行, 提高对网络地址访问 的处理效率。 另外在用户重复请求访问其不良信息值大于预设门限的网络内 容时, 服务网关无需从服务提供商处获取此网络内容, 便直接拒绝用户访问, 无需对此网络内容进行多次重复过滤操作,提高对网络地址访问的处理效率。 在用户请求访问含有服务网关已进行过过滤操作并记录了过滤结果的网络资 源内容时, 服务网关无需从服务提供商处获取此网络内容直接向用户提供此 已记录的过滤结果, 提高处理效率。
本发明中服务网关还可以自动更新敏感词库, 并对敏感词在文中的上下 文关系分析各敏感词是否误判, 在误判情况下, 将此语句中包含此敏感词的 名词作为新的敏感词, 并将此新的敏感词的权重设置与原敏感词的权重对应 的负值, 更新敏感词库, 不断提高敏感词判断的准确率, 从而提高过滤的准 确度。 附图概述 图 1是实施例中进行网络访问控制的服务网关组成图;
图 2是实施例中进行网络访问控制的方法流程图;
图 3是具体实施例中进行网络访问控制的方法的详细流程图。
本发明的较佳实施方式
如图 1所示, 进行网络访问控制的服务网关与服务提供商保持有连接通 路。 服务提供商用于提供具体的网络资源内容。 服务网关可以是无线通信系 统中网关如 WAP网关,也可以是非无线网关。服务网关包括免过滤操作判断 模块和过滤分析模块。 过滤分析模块包括互相连接的不良程度分析单元、 敏 感词词库单元、 敏感词关联分析模块。
免过滤操作判断模块用于在收到用户要求访问网络资源地址的请求后, 判断所述网络资源地址不满足免过滤操作条件时, 将所述网络资源地址发送 至所述过滤分析模块。 过滤分析模块用于从所述服务提供商获知此网络资源 地址对应的网络资源内容, 进行不良信息过滤后提供给用户并计算所述网络 资源内容的不良程度值,根据计算出的不良程度值更新所述免过滤操作条件。
免过滤操作判断模块中维护免过滤操作条件, 网络资源地址不满足免过 滤操作条件是指网络资源地址不是免过滤操作条件中包含的网络资源地址。 免过滤操作条件中包括以下规则中一种或多种: 禁止规则, 替换规则, 通行 规则; 其中, 禁止规则中包括禁止用户访问的网络资源地址; 替换规则中包 括允许用户访问过滤后的网络资源内容的网络资源地址; 通行规则中包括允 许用户直接访问的网络资源地址。 例如, 免过滤操作条件中包括禁止规则, 替换规则, 通行规则此三种规则时, 用户要求访问的网络资源地址均不属于 禁止规则、 替换规则和通行规则中的地址时, 则认为此网络资源地址不满足 过滤操作。
在本服务网关中, 对网络资源内容进行过滤并计算不良程度值后, 根据 此不良程度值可以自适应的更新免过滤操作判断模块中的免过滤操作条件。 具体的, 更新禁止规则时的方式如下: 过滤分析模块用于在计算所述网络资源内容的不良程度值后, 判断所述 网络资源内容的不良程度值大于预设的门限时, 将此网络资源地址添加入禁 止规则中。 免过滤操作判断模块用于在收到用户要求访问网络资源地址的请 求后, 判断此网络资源地址位于免过滤操作条件的禁止规则中时, 拒绝用户 的访问请求。
更新替换规则时的方式如下:
过滤分析模块用于计算所述网络资源内容的不良程度值后, 判断所述网 络资源内容的不良程度值小于等于预设的门限且大于 0时, 对所述网络资源 内容进行不良信息过滤, 将所述网络资源地址添加入替换规则, 并记录与此 网络资源地址对应的过滤后的内容。 免过滤操作判断模块用于在收到用户访 问网络资源地址的请求后, 判断此网络资源地址位于免过滤操作条件的替换 良信息过滤的内容提供给用户。
更新通行规则时的方式如下:
过滤分析模块用于计算所述网络资源内容的不良程度值后, 判断所述网 络资源内容的不良程度值为 0时, 将此网络资源地址添加入通行规则中。 免 过滤操作判断模块用于在收到用户访问网络资源地址的请求后, 判断此网络 资源地址位于免过滤操作条件的通行规则中时, 将从服务提供商获知的此网 络资源地址对应的网络资源内容提供给用户。
对网络资源内容进行不良信息过滤时, 包括对不良图像过滤和敏感词的 过滤。 对不良图像进行过滤时维护并动态更新不良图像数据库结合人脸识别 等技术进行过滤。 对敏感词进行过滤时, 维护并动态更新敏感词词库, 不断 提高敏感词检测的准确率。
敏感词词库单元用于维护敏感词词库, 此敏感词词库中包含敏感词以及 对应的敏感权重。 敏感词的属性还包括生效时间, 失效时间, 以及索引等。
不良程度分析单元用于计算所述网络资源内容的不良程度值, 在所述网 络资源内容中检测到所述敏感词词库中记载的敏感词后, 将检测到的所述网 络资源内容中各敏感词的敏感权重求和后, 将得到敏感权重和值作为所述网 至所述敏感词关联分析模块。
敏感词关联分析模块用于分析各敏感词所在语句中文字关联关系, 判断 各敏感词是否属于误判, 如果属于误判时, 将此语句中包含此敏感词的名词 作为新的敏感词, 添加至于所述敏感词库中, 并将此新的敏感词的权重设置 与原敏感词的权重对应的负值。 对免过滤操作条件进行了更新, 对敏感词词库也进行了更新, 随着系统应用 时间的延长, 系统自动对网络资源地址访问的控制能力逐渐提高。
如图 2所示, 进行网络访问控制的方法包括: 服务网关收到用户要求访 问网络资源地址的请求后,判断所述网络资源地址不满足免过滤操作条件时, 计算所述网络资源内容的不良程度值, 根据计算出的不良程度值更新所述免 过滤操作条件。
网络资源地址不满足免过滤操作条件是指所述网络资源地址不是所述免 过滤操作条件中包含的网络资源地址。
免过滤操作条件中包括以下规则中的一种或多种: 禁止规则、替换规则、 通行规则。
禁止规则中包括禁止用户访问的网络资源地址。 服务网关收到用户要求 访问网络资源地址的请求后, 判断此网络资源地址位于免过滤操作条件的禁 止规则中时, 拒绝用户的访问请求。 服务网关判断用户请求访问的网络资源 地址不满足免过滤操作条件并且所述网络资源内容的不良程度值大于预设的 门限时, 将此网络资源地址添加入禁止规则中。
替换规则中包括允许用户访问过滤后的网络资源内容的网络资源地址。 服务网关收到用户访问网络资源地址的请求后, 判断此网络资源地址位于免 过滤操作条件的替换规则中时, 直接将所记录的对此网络资源地址对应的网 络资源内容进行不良信息过滤的内容提供给用户。 服务网关判断用户请求访 问的网络资源地址不满足免过滤操作条件的并且所述网络资源内容的不良程 度值小于等于预设的门限且大于 0时, 对所述网络资源内容进行不良信息过 滤后, 将所述网络资源地址添加入替换规则, 并记录与此网络资源地址对应 的过滤后的内容。
通行规则中包括允许用户直接访问的网络资源地址。 服务网关收到用户 访问网络资源地址的请求后, 判断此网络资源地址位于免过滤操作条件的通 行规则中时, 将从服务提供商获知的此网络资源地址对应的网络资源内容提 供给用户。 服务网关判断用户请求访问的网络资源地址不满足免过滤操作条 件的并且所述网络资源内容的不良程度值等于 0时, 将此网络资源地址添加 入通行规则中。
例如, 免过滤操作条件中包括禁止规则, 替换规则, 通行规则此三种规 则时, 判断用户要求访问的网络资源地址均不属于禁止规则、 替换规则和通 行规则中的地址时, 判定此网络资源地址满足免过滤操作条件。
如图 3所示, 实施例中进行网络访问控制的方法包括以下步骤: 步骤 301 , 用户终端向服务网关发起访问网络资源地址的请求, 在此请 求中指示要求访问的网络资源地址, 例如以统一资源定位符 (Uniform Resource Location, 简称 URL ) 的方式表示。
步骤 302 , 服务网关判断此网络资源地址是否满足免过滤操作条件中的 禁止规则, 如果是, 将拒绝访问的信息通知至用户, 否则, 执行下一步。
服务网关判断此网络资源地址是否是禁止规则中的网络资源地址, 如果 是则此网络资源地址满足免过滤操作条件中的禁止规则, 否则不满足。
禁止访问的 URL的判断釆用左匹配的原则, 即如果 http://www.abcd.com/ 是禁止规则 中的网络资源地址, 那么此地址的下级地址例如 htt ://www. abed. com/music也是禁止访问的。
步骤 303 , 服务网关判断此网络资源地址是否满足免过滤操作条件中的 不良信息过滤的内容提供给用户, 否则, 执行下一步。
步骤 304 , 服务网关判断此网络资源地址是否满足免过滤操作条件中的 通行规则, 如果是, 从服务提供商获取此网络资源地址对应的网络资源内容 并提供给用户, 否则, 执行下一步。
步骤 305 , 从服务提供商获取此网络资源地址对应的网络资源内容, 并 计算此网络资源内容的不良程度值。
计算网络资源内容的不良程度值的方法可以是: 服务网关维护一敏感词 词库, 此敏感词词库中包含敏感词以及对应的敏感权重; 服务网关在网络资 源内容中检测到所述敏感词词库中记载的敏感词后, 将检测到的网络资源内 容中各敏感词的敏感权重求和后, 将得到敏感权重和值作为网络资源内容的 不良程度值。
在敏感词库中将敏感词按照敏感程度赋予不同的权重, 敏感度越高, 权 重越高。 例如根据用词违反社会公德的严重程度, 将关键词分为 5个等级, 敏感度从高到低分别对应等级 5至 1。 在此网络资源内容中查找各敏感词及 出现的次数, 将某个敏感词的权重与出现的次数相乘, 就得到此敏感词在这 个网络内容中的权重, 所有敏感词的权重之和, 就是整个网络内容的不良程 度值。
例如示例一中网络资源内容中出现敏感词 A和 B,权重分别为 5和 1 , A 出现了 2次, B出现了 3次,那么整段网络内容的不良程度值为 5*2+1*3=13。 再例如示例二中, 网络资源内容中敏感词 A, B, C和 D, 权重分别为 5 , 3 , 2, 3 , 分别出现了 2, 4, 2, 3次, 那么不良程度值为 5*2+3*4+2*2+3*3=35。
计算网络资源内容的不良程度值时还可以同时考虑不良图像的因素, 对 不良图像进行过滤时维护并动态更新不良图像数据库结合人脸识别等技术进 行过滤。
步骤 306, 判断此网络资源内容的不良程度值是否为 0, 如果是, 将从服 务提供商获取网络资源内容直接提供给用户, 并将此网络资源地址更新至通 行规则中, 否则, 执行下一步。
步骤 307 , 判断此网络资源内容的不良程度值是否大于预设的门限, 如 果是, 将拒绝访问的信息通知至用户, 并将此网络资源地址更新至禁止规则 中, 否则, 执行下一步。
其中, 预设的门限可以由技术人员根据系统需求进行更改。 步骤 308 , 对此网络资源内容进行过滤, 将过滤后的内容提供给用户, 将此网络资源地址更新至替换规则中, 并记录与此网络资源地址对应的过滤 后的内容。 像过滤。 ' 、 "、 。 、 、 ' ' " ; 步骤 309 , 分析各敏感词所在语句中文字关联关系, 判断对敏感词误判 时, 将此语句中包含此敏感词的名词作为新的敏感词添加至敏感词库中, 并 将此新的敏感词的权重设置与原敏感词的权重对应的负值。
例如 "色情" 为敏感词, 权重为 4 , 通过分析此词所在语句 "蓝色情绪" 中文字关联关系判断对 "蓝色情绪" 中的 "色情" 为误判, 将此词的权重置 为 _4 , 添加到敏感词库中。 在下一次网络内容过滤时, 但可以减少此类误判 词所造成的不良程度值。
此步骤中还包括更新图像特征库等影响判断图像为不良图像的属性。 上述方法中, 服务网关将免过滤条件等信息同步传输到运营商处, 运营 商处有权增加或删除免过滤条件的各规则中的网络资源地址, 也可以修改替 换规则中地址对应的已过滤过的内容。
以上仅为本发明的优选实施案例而已, 并不用于限制本发明, 对于本领 域的技术人员来说, 本发明可以有各种更改和变化。 凡在本发明的精神和原 则之内, 所作的任何修改、 等同替换、 改进等, 均应包含在本发明的保护范 围之内。
工业实用性
本发明中根据不良程度值自动更新免过滤操作条件, 使整个过滤系统自 适应的运行, 提高对网络地址访问的处理效率。 另外在用户重复请求访问其 不良信息值大于预设门限的网络内容时, 服务网关无需从服务提供商处获取 此网络内容, 便直接拒绝用户访问, 无需对此网络内容进行多次重复过滤操 作, 提高对网络地址访问的处理效率。

Claims

权 利 要 求 书
1、 一种进行网络访问控制的方法, 该方法包括:
服务网关收到用户要求访问的网络资源地址的请求后, 判断所述网络资 源地址不满足免过滤操作条件时, 对此网络资源地址对应的网络资源内容进 行不良信息过滤后提供给用户, 并计算所述网络资源内容的不良程度值, 根 据计算出的不良程度值更新所述免过滤操作条件。
2、 如权利要求 1所述的方法, 其中,
计算所述网络资源内容的不良程度值的的步骤包括: 所述服务网关维护 一敏感词词库, 此敏感词词库中包含敏感词以及对应的敏感权重; 所述服务 网关在所述网络资源内容中检测到所述敏感词词库中记载的敏感词后, 将检 测到的所述网络资源内容中各敏感词的敏感权重求和后, 将得到敏感权重和 值作为所述网络资源内容的不良程度值。
3、 如权利要求 2所述的方法, 该方法还包括:
所述服务网关在所述网络资源内容中检测到所述敏感词词库中记载的敏 感词后, 通过分析此敏感词所在语句中文字关联关系, 判断此敏感词是否属 于误判, 如果属于误判时, 将此语句中包含此敏感词的名词作为新的敏感词, 添加至所述敏感词库中, 并将此新的敏感词的权重设置与原敏感词的权重对 应的负值。
4、 如权利要求 1、 2或 3所述的方法, 其中,
所述网络资源地址不满足免过滤操作条件是指所述网络资源地址不是所 述免过滤操作条件中包含的网络资源地址;
免过滤操作条件包括以下规则中一种或多种: 禁止规则, 替换规则, 通 行规则; 其中, 禁止规则中包括禁止用户访问的网络资源地址; 替换规则中 包括允许用户访问过滤后的网络资源内容的网络资源地址; 通行规则中包括 允许用户直接访问的网络资源地址。
5、 如权利要求 4所述的方法, 所述方法还包括:
所述服务网关收到用户要求访问网络资源地址的请求后, 判断此网络资 源地址位于免过滤操作条件的禁止规则中时, 拒绝用户的访问请求; 所述服务网关判断用户请求访问的网络资源地址不满足免过滤操作条件 时, 根据计算出的不良程度值更新所述免过滤操作条件的步骤包括: 所述网 络资源内容的不良程度值大于预设的门限时, 将此网络资源地址添加入禁止 规则中。
6、 如权利要求 4所述的方法, 所述方法还包括:
所述服务网关收到用户访问网络资源地址的请求后, 判断此网络资源地 址位于免过滤操作条件的替换规则中时, 直接将所记录的对此网络资源地址 对应的网络资源内容进行不良信息过滤的内容提供给用户;
所述服务网关判断用户请求访问的网络资源地址不满足免过滤操作条件 时, 根据计算出的不良程度值更新所述免过滤操作条件的步骤包括: 所述网 络资源内容的不良程度值小于等于预设的门限且大于 0时, 对所述网络资源 内容进行不良信息过滤后, 将所述网络资源地址添加入替换规则, 并记录与 此网络资源地址对应的过滤后的内容。
7、 如权利要求 4所述的方法, 所述方法还包括:
所述服务网关收到用户访问网络资源地址的请求后, 判断此网络资源地 址位于免过滤操作条件的通行规则中时, 将从服务提供商获知的此网络资源 地址对应的网络资源内容提供给用户;
所述服务网关判断用户请求访问的网络资源地址不满足免过滤操作条件 时, 根据计算出的不良程度值更新所述免过滤操作条件的步骤包括: 所述网 络资源内容的不良程度值等于 0时, 将此网络资源地址添加入通行规则中。
8、 一种进行网络访问控制的服务网关, 所述服务网关包括:
免过滤操作判断模块, 其设置为: 在收到用户要求访问网络资源地址的 请求后, 判断所述网络资源地址不满足免过滤操作条件时, 将所述网络资源 地址发送至所述过滤分析模块; 以及
过滤分析模块, 其设置为: 从所述服务提供商获知此网络资源地址对应 的网络资源内容,进行不良信息过滤并计算所述网络资源内容的不良程度值, 根据计算出的不良程度值更新所述免过滤操作条件。
9、 如权利要求 8所述的服务网关, 其中, 所述过滤分析模块包括:
敏感词词库单元, 其设置为: 维护敏感词词库, 此敏感词词库中包含敏 感词以及对应的敏感权重; 以及
不良程度分析单元, 其设置为: 计算所述网络资源内容的不良程度值, 在所述网络资源内容中检测到所述敏感词词库中记载的敏感词后, 将检测到 的所述网络资源内容中各敏感词的敏感权重求和后, 将得到敏感权重和值作 为所述网络资源内容的不良程度值。
10、 如权利要求 9所述的服务网关, 其中,
所述过滤分析模块还包括与所述不良程度分析单元和敏感词词库单元均 相连的敏感词关联分析模块;
所述不良程度分析单元还设置为: 将所述网络资源内容以及检测出的敏 感词发送至所述敏感词关联分析模块;
所述敏感词关联分析模块设置为: 分析各敏感词所在语句中文字关联关 系, 判断各敏感词是否属于误判, 如果属于误判时, 将此语句中包含此敏感 词的名词作为新的敏感词, 添加至于所述敏感词库中, 并将此新的敏感词的 权重设置与原敏感词的权重对应的负值。
11、 如权利要求 8、 9或 10所述的服务网关, 其中,
所述网络资源地址不满足免过滤操作条件是指所述网络资源地址不是所 述免过滤操作条件中包含的网络资源地址; 免过滤操作条件包括以下规则中 的一种或多种: 禁止规则, 替换规则, 通行规则; 其中, 禁止规则中包括禁 止用户访问的网络资源地址; 替换规则中包括允许用户访问过滤后的网络资 源内容的网络资源地址;通行规则中包括允许用户直接访问的网络资源地址。
12、 如权利要求 11所述的服务网关, 其中,
所述免过滤操作判断模块还设置为: 用于在收到用户要求访问网络资源 地址的请求后, 判断此网络资源地址位于免过滤操作条件的禁止规则中时, 拒绝用户的访问请求;
所述过滤分析模块是设置为以如下方式根据计算出的不良程度值更新所 述免过滤操作条件:判断所述网络资源内容的不良程度值大于预设的门限时, 将此网络资源地址添加入禁止规则中。
13、 如权利要求 11所述的服务网关, 其中,
所述免过滤操作判断模块, 还设置为: 在收到用户访问网络资源地址的 请求后, 判断此网络资源地址位于免过滤操作条件的替换规则中时, 直接将 提供给用户;
所述过滤分析模块是设置为以如下方式根据计算出的不良程度值更新所 述免过滤操作条件: 判断所述网络资源内容的不良程度值小于等于预设的门 限且大于 0时, 对所述网络资源内容进行不良信息过滤后, 将所述网络资源 地址添加入替换规则, 并记录与此网络资源地址对应的过滤后的内容。
14、 如权利要求 11所述的服务网关, 其中,
所述免过滤操作判断模块还设置为: 在收到用户访问网络资源地址的请 求后, 判断此网络资源地址位于免过滤操作条件的通行规则中时, 将从服务 所述过滤分析模块是设置为以如下方式根据计算出的不良程度值更新所 述免过滤操作条件: 判断所述网络资源内容的不良程度值等于 0时, 将此网 络资源地址添加入通行规则中。
PCT/CN2011/070613 2010-06-02 2011-01-25 一种进行网络访问控制的方法及服务网关 WO2011150692A1 (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201010190989.9 2010-06-02
CN201010190989.9A CN101877704B (zh) 2010-06-02 2010-06-02 一种进行网络访问控制的方法及服务网关

Publications (1)

Publication Number Publication Date
WO2011150692A1 true WO2011150692A1 (zh) 2011-12-08

Family

ID=43020165

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/070613 WO2011150692A1 (zh) 2010-06-02 2011-01-25 一种进行网络访问控制的方法及服务网关

Country Status (2)

Country Link
CN (1) CN101877704B (zh)
WO (1) WO2011150692A1 (zh)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109831751A (zh) * 2019-01-04 2019-05-31 上海创蓝文化传播有限公司 一种基于自然语言处理的短信内容风控系统及方法
CN110209796A (zh) * 2019-04-29 2019-09-06 北京印刷学院 一种敏感词检测过滤方法、装置与电子设备

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101877704B (zh) * 2010-06-02 2016-02-10 中兴通讯股份有限公司 一种进行网络访问控制的方法及服务网关
CN102567304B (zh) * 2010-12-24 2014-02-26 北大方正集团有限公司 一种网络不良信息的过滤方法及装置
RU2460132C1 (ru) * 2011-06-28 2012-08-27 Закрытое акционерное общество "Лаборатория Касперского" Система и способ для контроля доступа к ресурсам корпоративной сети для персональных компьютеров
CN102902675B (zh) * 2011-07-26 2017-10-10 腾讯科技(深圳)有限公司 图片内容审核方法和装置
CN103297387A (zh) * 2012-02-24 2013-09-11 宇龙计算机通信科技(深圳)有限公司 网络资源的显示控制方法及终端
JP5727991B2 (ja) * 2012-11-12 2015-06-03 株式会社オプティム ユーザ端末、不正サイト情報管理サーバ、不正リクエスト遮断方法、及び不正リクエスト遮断プログラム
CN104159154B (zh) * 2014-07-22 2018-12-25 小米科技有限责任公司 多媒体播放方法、装置和系统
CN109672665B (zh) * 2018-11-14 2021-10-15 北京奇艺世纪科技有限公司 一种访问控制方法、装置、系统及计算机可读存储介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1588879A (zh) * 2004-08-12 2005-03-02 复旦大学 一种互联网内容过滤系统及过滤方法
CN1949780A (zh) * 2006-10-12 2007-04-18 百度在线网络技术(北京)有限公司 网络留言系统及留言过滤方法
CN101068229A (zh) * 2007-06-08 2007-11-07 北京工业大学 一种基于网络过滤器的内容过滤网关实现方法
CN101877704A (zh) * 2010-06-02 2010-11-03 中兴通讯股份有限公司 一种进行网络访问控制的方法及服务网关

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8015174B2 (en) * 2007-02-28 2011-09-06 Websense, Inc. System and method of controlling access to the internet

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1588879A (zh) * 2004-08-12 2005-03-02 复旦大学 一种互联网内容过滤系统及过滤方法
CN1949780A (zh) * 2006-10-12 2007-04-18 百度在线网络技术(北京)有限公司 网络留言系统及留言过滤方法
CN101068229A (zh) * 2007-06-08 2007-11-07 北京工业大学 一种基于网络过滤器的内容过滤网关实现方法
CN101877704A (zh) * 2010-06-02 2010-11-03 中兴通讯股份有限公司 一种进行网络访问控制的方法及服务网关

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109831751A (zh) * 2019-01-04 2019-05-31 上海创蓝文化传播有限公司 一种基于自然语言处理的短信内容风控系统及方法
CN110209796A (zh) * 2019-04-29 2019-09-06 北京印刷学院 一种敏感词检测过滤方法、装置与电子设备

Also Published As

Publication number Publication date
CN101877704A (zh) 2010-11-03
CN101877704B (zh) 2016-02-10

Similar Documents

Publication Publication Date Title
WO2011150692A1 (zh) 一种进行网络访问控制的方法及服务网关
JP5792198B2 (ja) ユーザの閲覧履歴に基づくurlフィルタリング
CN110198313B (zh) 一种策略生成的方法及装置
WO2008009224A1 (en) A content filtering system, device and method
JP2006012165A (ja) 増分アンチスパムのルックアップサービスおよびアップデートサービス
CN103209174A (zh) 一种数据防护方法、装置及系统
CN106028151A (zh) 一种直播网站用户权限控制方法及装置
CN106899549B (zh) 一种网络安全检测方法及装置
CN106254528A (zh) 一种资源下载方法和缓存设备
Wu et al. Detect repackaged android application based on http traffic similarity
CN115134099A (zh) 基于全流量的网络攻击行为分析方法及装置
CN116015721A (zh) 一种违规外联检测方法、系统、电子设备及介质
US7971054B1 (en) Method of and system for real-time form and content classification of data streams for filtering applications
US11075867B2 (en) Method and system for detection of potential spam activity during account registration
CN105824884A (zh) 一种用户上网信息处理方法及装置
JP5555584B2 (ja) Webサイトに対するアクセス履歴管理サーバ、プログラム及び方法
CN106528805A (zh) 基于用户的移动互联网恶意程序url智能分析挖掘方法
JP5030895B2 (ja) アクセス規制システム及びアクセス規制方法
KR101480714B1 (ko) 주제 및 이용 의도 기반 검색 시스템, 검색 장치, 검색 방법 및 저장 매체
WO2012145962A1 (zh) 彩铃web系统防止恶意订购铃音的方法及服务器
WO2020199029A1 (zh) 一种数据处理方法及其装置
JP2006067279A (ja) 侵入検知システム及び通信装置
CN113495999A (zh) 一种智能终端及隐私风险监测的方法
CN106411944B (zh) 一种网络访问的管理方法及装置
KR100462829B1 (ko) 명령어의 유효성 판단 방법 및 그 시스템

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11789071

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11789071

Country of ref document: EP

Kind code of ref document: A1