WO2018201745A1 - 无线接入点的风险提示方法及设备 - Google Patents

无线接入点的风险提示方法及设备 Download PDF

Info

Publication number
WO2018201745A1
WO2018201745A1 PCT/CN2017/119834 CN2017119834W WO2018201745A1 WO 2018201745 A1 WO2018201745 A1 WO 2018201745A1 CN 2017119834 W CN2017119834 W CN 2017119834W WO 2018201745 A1 WO2018201745 A1 WO 2018201745A1
Authority
WO
WIPO (PCT)
Prior art keywords
wireless access
access point
risk
security
information
Prior art date
Application number
PCT/CN2017/119834
Other languages
English (en)
French (fr)
Inventor
许昌华
Original Assignee
上海掌门科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 上海掌门科技有限公司 filed Critical 上海掌门科技有限公司
Publication of WO2018201745A1 publication Critical patent/WO2018201745A1/zh

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/082Access security using revocation of authorisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/08Access restriction or access information delivery, e.g. discovery data delivery
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/16Discovering, processing access restriction or access information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/20Selecting an access point

Definitions

  • the present application relates to the field of information technology, and in particular, to a method and a device for prompting a risk of a wireless access point.
  • a web server that stores access information such as a wireless access point and its corresponding password.
  • the user will be able to upload the wireless access point to be shared and its corresponding password to the network server, so that other users can access the information through the wireless access point and its corresponding password stored on the network server, which is more convenient and fast.
  • Connect to the wireless network to the wireless network.
  • An object of the present application is to provide a method and device for prompting a risk of a wireless access point.
  • the present application provides a risk prompting method for a wireless access point, and the method includes:
  • the method further includes:
  • sending the identification information about the wireless access point to the security service device includes:
  • the risk information includes a security score
  • a wireless access point that has a security risk in the wireless access point list including:
  • a wireless access point with a security risk is marked in the list of wireless access points.
  • the method further includes:
  • the warning information matching the risk type is displayed according to the risk type corresponding to the risk information of the wireless access point.
  • the method further includes:
  • the connection with the wireless access point is automatically disconnected or the warning information is displayed.
  • the present application further provides a risk prompting method for a wireless access point, the method comprising:
  • the alert information includes one or more of a warning mark, a risk type prompt, and a processing prompt.
  • warning information is displayed, including:
  • the warning message is displayed by pop-up window.
  • a risk alerting device for a wireless access point comprising:
  • a processing device configured to acquire a wireless access point list including at least one wireless access point, and mark, in the wireless access point list, a wireless access point that has a security risk according to the risk information;
  • a transmitting device configured to send identification information about the wireless access point to the security service device, and obtain risk information about the wireless access point returned by the security service device.
  • the device further includes:
  • a display device for displaying a list of marked wireless access points.
  • the transmitting device is configured to send the wireless access point list to the security server, so that the security service device extracts the identifier information of the wireless access point from the wireless access point list; or And transmitting, to the security server, the identification information of the wireless access point, wherein the identification information is extracted by the processing device from the wireless access point list.
  • the risk information includes a security score
  • the processing device is configured to determine, according to a comparison result of the security score and a preset value, a wireless access point that has a security risk; and perform, in the wireless access point list, a wireless access point that has a security risk mark.
  • the device further includes:
  • a connecting device configured to connect to a wireless access point in the wireless access point list
  • the display device is further configured to: when the currently connected wireless access point is a wireless access point with a security risk, display a match with the risk type according to a risk type corresponding to the risk information of the wireless access point. Warning message.
  • the device further includes:
  • a connecting device configured to connect to a wireless access point in the wireless access point list
  • the processing device is further configured to: when entering the risk interaction scenario, detecting whether the currently connected wireless access point is a wireless access point with a security risk;
  • the display device is further configured to automatically disconnect the wireless access point or display the warning information when the detection result is YES.
  • the present application further provides a risk prompting device for a wireless access point, the device comprising:
  • Transmitting device when any wireless access point is connected, transmitting identification information about the wireless access point to the security service device, and acquiring risk information about the wireless access point returned by the security service device;
  • a processing device configured to determine, according to the risk information, whether the wireless access point has a security risk
  • the display device is configured to display, according to the risk information, that the wireless access point has a security risk, displaying, according to the risk type corresponding to the risk information of the wireless access point, the warning information that matches the risk type.
  • the alert information includes one or more of a warning mark, a risk type prompt, and a processing prompt.
  • the display device is configured to display the warning information by popping up a window.
  • the present application also provides a risk alerting device for a wireless access point, the device comprising a memory for storing computer program instructions and a processor for executing program instructions, wherein the computer program instructions are used by the processor When executed, the device is triggered to perform the method of any one of claims 1 to 7.
  • the user equipment can obtain a list of wireless access points including at least one wireless access point, and send identification information about the wireless access point to the security service device by security.
  • the service device determines the security of the wireless access point based on the information about the big data or the wireless access point, and sends the determined risk information back to the user equipment, so that the user equipment can determine the wireless access point list according to the risk information.
  • a wireless access point with security risks is marked and clearly indicated to the user which wireless access points may have security risks, so that users try to avoid connecting these wireless access points to reduce the occurrence of security problems.
  • FIG. 1 is a schematic diagram of interaction between a user equipment and a security service device when the solution of the wireless access point is implemented in the solution of the present application;
  • FIG. 2 is a process flow of interaction between a user equipment and a security service device in the embodiment of the present application
  • FIG. 3 is a schematic diagram of a list of marked wireless access points in an embodiment of the present application.
  • FIG. 4 is a schematic diagram of a warning information in an embodiment of the present application.
  • FIG. 5 is a schematic diagram of another type of warning information in the embodiment of the present application.
  • FIG. 6 is a schematic structural diagram of a user equipment according to an embodiment of the present disclosure.
  • FIG. 7 is a schematic structural diagram of another user equipment according to an embodiment of the present disclosure.
  • the devices of the terminal and the service network each include one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
  • processors CPUs
  • input/output interfaces network interfaces
  • memory volatile and non-volatile memory
  • the memory may include non-persistent memory, random access memory (RAM), and/or non-volatile memory in a computer readable medium, such as read only memory (ROM) or flash memory.
  • RAM random access memory
  • ROM read only memory
  • Memory is an example of a computer readable medium.
  • Computer readable media includes both permanent and non-persistent, removable and non-removable media, and information storage can be implemented by any method or technology.
  • the information can be computer readable instructions, data structures, modules of programs, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read only memory. (ROM), EEPROM, flash memory or other memory technology, compact disc (CD-ROM), digital versatile disc (DVD) or other optical storage, magnetic cassette A tape, tape storage or other magnetic storage device or any other non-transportable medium can be used to store information that can be accessed by a computing device.
  • PRAM phase change memory
  • SRAM static random access memory
  • DRAM dynamic random access memory
  • RAM random access memory
  • ROM read only memory
  • EEPROM electrically erasable programmable read only memory
  • CD-ROM compact disc
  • DVD digital versatile disc
  • FIG. 1 shows a schematic diagram of interaction between a user equipment and a security service device when implementing a risk alert for a wireless access point.
  • the user equipment 100 refers to a terminal device used by a user to connect to a wireless access point.
  • the specific implementation may be a device such as a mobile phone, a notebook computer, a tablet computer, a PDA, a personal computer, or the like that can implement a wireless access point connection function.
  • the security service device 200 may be a network side device that determines the security of the wireless access point based on big data or big data or related information of the wireless access point, and the specific implementation may be a single network server or multiple network servers.
  • the cloud is composed of a large number of host or network servers based on Cloud Computing, which is a kind of distributed computing, a virtual computer composed of a group of loosely coupled computers.
  • the function that the user equipment can implement includes: when the user views the wireless access point that can be connected, the wireless access point that has the security risk can be marked, and the security label is marked to prompt the user to exist. Security risks.
  • the specific interaction processing process between the user equipment and the security service device is as shown in FIG. 2, and includes the following processing steps:
  • Step S201 the user equipment 100 acquires a list of wireless access points including at least one wireless access point.
  • the user equipment is capable of detecting signals of nearby wireless access points to obtain relevant information about the wireless access points to form a list of wireless access points.
  • Step S202 the user equipment 100 sends identification information about the wireless access point to the security service device 200.
  • the identification information of the wireless access point refers to information that can be used to identify a specific wireless access point, and may be, for example, a list of wireless access points scanned by the user equipment (the information included in the list can be determined to be included).
  • the wireless access point may also be identification information of the wireless access point extracted from the wireless access point list, such as the SSID (Service Set Identifier) of the wireless access point + BSSID (Basic Service Set) ID, ie MAC address) and other information.
  • SSID Service Set Identifier
  • BSSID Basic Service Set
  • the user equipment sends the identification information to include at least two situations: directly sending the wireless access point list to the security server, so that the security service device extracts the wireless connection from the wireless access point list. Identification information of the ingress point; or extracting the identification information of the wireless access point from the wireless access point list, and then transmitting the identification information of the wireless access point to the security server.
  • Step S203 After receiving the identification information, the security service device 200 analyzes the wireless access point list after receiving the wireless access point list, and extracts information necessary for performing security determination.
  • An implementation manner of the method is: the security service device extracts the identifier information of the wireless access point from the wireless access point list. If the identifier information of the SSID+BSSID is received, the security judgment can be directly performed based on this.
  • the security judgment performed by the security service device on the wireless access point may be based on a big data manner, and the manner determines the security based on the historical data of the wireless access point, for example, for the wireless access point AP1, If a large number of user equipments are attacked by the ARP (Address Resolution Protocol), the security service device combines the historical data to determine the security of the AP1. After the security service device determines the risk information of the wireless access point, it returns it to the corresponding user equipment.
  • ARP Address Resolution Protocol
  • Step S204 The user equipment 100 acquires risk information about the wireless access point returned by the security service device.
  • the risk information is used to indicate whether the wireless access point has a security risk.
  • the risk information may include a security score, and the security service device may preset according to the historical data of the wireless access point.
  • the algorithm calculates a security score of the wireless access point, so that the user equipment can determine the security of the wireless access point according to the specific value of the security score.
  • the risk information may further include information about the type of the risk, so that when the user equipment receives the risk information, the user may simultaneously display the type of risk that the wireless access point exists.
  • the types of risks include but are not limited to the following: arp attack, network monitoring attack, webpage tampering risk, counterfeit public WiFi, phishing WiFi, and the like.
  • ARP attack is to spoof ARP spoofing by forging IP addresses and MAC addresses. It can generate a large amount of ARP traffic in the network to block the network. The attacker can change the IP address of the target host ARP cache as long as the spoofed ARP response packet is continuously sent. - MAC entry, causing a network outage or man-in-the-middle attack.
  • the network monitoring attack is a kind of man-in-the-middle attack. If you need to implement certificate fraud, there are two ways. Because the network listening exchange process is plaintext, the attacker can control this step and let the user download the fake certificate. Another is to control the DNS, direct the DNS to the wrong website, download the incorrect certificate, and then easily eavesdrop on the data because the attacker knows the key on his server.
  • Webpage tampering risk refers to intercepting the webpage that the user originally entered to other website pages, such as various phishing websites.
  • the user's browser is falsified by a browser plug-in, etc., so that the user's browser configuration is abnormal and forced.
  • Guide to the commercial website The common phenomenon is that the homepage and the Internet search page become unknown websites, and often the pop-up advertisement page enters the normal website address but connects to other websites.
  • Counterfeit public WiFi means that an insecure wireless access point is disguised as a public WiFi (for example, a public wireless access point provided by an operator such as telecommunications or mobile).
  • Public WiFi in regular places generally does not harm personal information, and if it is a counterfeit WiFi signal, it will give mobile phones, notes, and Trojans, virus programs, and long-term harm to personal information or privacy.
  • Phishing WiFi is a fake wireless access point. When your wireless device is connected, it will be back scanned. If your mobile phone is connected to the website for data communication, and it involves data such as account password, The other party will get your information.
  • Step S205 The user equipment 100 marks the wireless access point that has a security risk in the wireless access point list according to the risk information.
  • the wireless access point with the security risk may be determined according to the comparison result of the security score and the preset value, and then the wireless access with security risk exists in the wireless access point list. Click to mark.
  • the preset value may be set to 73 points, that is, the user equipment determines that the wireless access point with the security score lower than 73 points has a security risk.
  • a wireless access point with a security risk is marked by adding a corresponding label to a preset location in the wireless access point list, so that the wireless access point list finally presented to the user includes the label, thereby directly prompting the user that the user may exist.
  • Security risks For example, add a prominent "risk" tag at the SSID display location of a wireless access point in the wireless access point list, such as the wireless access point "TP-link_F2A123" in FIG.
  • the user equipment 100 may continue to perform step S206 to display the marked wireless access point list.
  • the user equipment 100 displays the marked wireless access point list to the user, if the wireless access point in the wireless access point list is connected according to the user's operation, the currently connected wireless access is performed.
  • the point is a wireless access point with a security risk
  • the warning information matching the risk type is displayed according to the type of risk corresponding to the risk information of the wireless access point.
  • the user equipment may be based on the previously received wireless access point after connecting to the wireless access point.
  • the risk information determines whether the currently connected wireless access point is a wireless access point with a security risk. If yes, a warning message is displayed.
  • the alert information may include, but is not limited to, one or more of a warning mark, a risk type prompt, and a processing prompt.
  • the warning mark can be various types of eye-catching logos or display effects, such as changing the color of the connection interface, making it appear red, adding other dynamic effects, and the like.
  • the risk type prompt refers to information indicating the types of the foregoing security risks.
  • the current risk type of the user is arp attack, network monitoring attack, webpage tampering risk, counterfeit public WiFi, and phishing WiFi.
  • the processing prompt refers to suggesting or prompting the user how to perform subsequent operations at this time, for example, prompting the user to "suggest to disconnect", "click to disconnect", and the like.
  • Figure 4 shows a specific form of displaying alert information.
  • warning information can be displayed to intuitively inform users of the degree of risk of wireless access points with security risks.
  • different colors are used as warning information to distinguish different degrees of risk, if the degree of danger is high, red is used as the warning information, and if the degree of danger is relatively low, yellow is used as the warning information.
  • the currently connected wireless access point when determining whether the currently connected wireless access point is a wireless access point with a security risk, it may also be based on a manner of secure cloud identification.
  • This method is different from the foregoing method for determining risk information based on big data.
  • big data is based on historical data of wireless access points
  • the way of secure cloud identification is based on information about wireless access points and Real-time data that interacts between user equipment and wireless access points.
  • the user can send information about the connected wireless access point to the security service device, such as DNS (Domain Name System) information, IP address, subnet mask, etc., if the security service device can determine the current DNS. If the information is an insecure DNS server, the wireless access point may be considered to be hijacked by the DNS, posing a security risk.
  • the user equipment may send a log of the interaction with the wireless access point to the security service device, and the security service device may determine, according to the log, whether the data exchanged between the user equipment and the wireless access point is normal, and if not, may It is considered that there is a security risk, and the result is returned to the user equipment, so that the user equipment completes the judgment.
  • DNS Domain Name System
  • the user equipment After the user equipment enters the risk interaction scenario after connecting the wireless access point in the wireless access point list, it detects whether the currently connected wireless access point is a wireless access point with security risks, if the detection As a result, the connection with the wireless access point or the display of the alert information is automatically disconnected.
  • the risk interaction scenario refers to a scenario in which information interaction needs to be performed in a relatively secure environment, such as a scenario involving payment and account login. If the information leakage may cause a large loss to the user.
  • the user equipment automatically detects the currently connected wireless access point.
  • the specific detection method may be based on the risk information obtained by the security service device according to the big data or based on the secure cloud identification. Because these risk interaction scenarios may cause property damage to the user and cause serious consequences, the user equipment may automatically disconnect the wireless access point when determining that the currently connected wireless access point has a security risk. Avoid further data interaction with the wireless access point to prevent account and password leakage.
  • the user equipment is connected to the current wireless access point for the first time, and the security service device determines the wireless access point as Unfamiliar WiFi is also considered to be a security risk; for example, some wireless access points that do not require a login password, the security service device will be determined to be open WiFi, and it is considered to be a security risk.
  • the security service device sends the detection result to the user equipment, so that the user equipment automatically disconnects from the wireless access point or displays the warning information according to the detection result.
  • the specific content of the warning information may also include, but is not limited to, one or more of a warning mark, a risk type prompt, and a processing prompt, and details are not described herein again.
  • the display manner of the warning information can be realized by pop-up window, as shown in FIG. 5.
  • the embodiment of the present application further provides another risk alerting method for a wireless access point, where the method is used to detect a risk of the currently connected wireless access point when a wireless access point has been connected, and exists in the presence Prompt the user when risk occurs.
  • the processing steps of the method are as follows: first, when any wireless access point is connected, the identification information about the wireless access point is sent to the security service device, and the wireless access returned by the security service device is obtained. Point risk information.
  • the identification information of the AP1 (such as SSID+BSSID) is uploaded to the security service device, and the security service device performs risk analysis on the AP1 to determine its corresponding The risk information is returned to the user equipment, so that the user equipment can determine whether the currently connected wireless access point has a security risk according to the obtained risk information.
  • warning information that the wireless access point has a security risk
  • the risk presenting device of the wireless access point is also provided in the embodiment of the present application, and the corresponding method of the device is the risk prompting method of the wireless access point in the foregoing embodiment, and the principle and the method for solving the problem similar.
  • FIG. 6 shows a risk prompting device for a wireless access point provided by an embodiment of the present application, including a processing device 610, a transmitting device 620, and a display device 630.
  • the risk prompting device is a user equipment used by the user to connect to the wireless access point, and the functions that can be implemented include: when the user views the wireless access point that can be connected, the wireless access point with the security risk can be marked and the security label is marked. To alert the user to possible security risks.
  • the specific interaction processing process between the user equipment and the security service device is as shown in FIG. 2, and includes the following processing steps:
  • Step S201 the processing device 610 of the user equipment acquires a list of wireless access points including at least one wireless access point.
  • the user equipment is capable of detecting signals of nearby wireless access points to obtain relevant information about the wireless access points to form a list of wireless access points.
  • Step S202 the transmission device 620 of the user equipment sends the identification information about the wireless access point to the security service device.
  • the identification information of the wireless access point refers to information that can be used to identify a specific wireless access point, and may be, for example, a list of wireless access points scanned by the user equipment (the information included in the list can be determined to be included).
  • the wireless access point may also be identification information of the wireless access point extracted from the wireless access point list, such as the SSID (Service Set Identifier) of the wireless access point + BSSID (Basic Service Set) ID, ie MAC address) and other information.
  • SSID Service Set Identifier
  • BSSID Basic Service Set
  • the transmitting device 620 of the user equipment sends the identification information to include at least two situations: the transmitting device 620 directly sends the wireless access point list to the security server, so that the security service device is configured by the wireless access point list. Extracting the identification information of the wireless access point; or the transmitting device 620 transmitting the identification information of the wireless access point to the security server, where the identification information is used by the processing device from the wireless access point list extract from.
  • Step S203 After receiving the identification information, the security service device analyzes the wireless access point list after receiving the wireless access point list, and extracts information required for performing security determination.
  • An implementation manner of the method is: the security service device extracts the identifier information of the wireless access point from the wireless access point list. If the identifier information of the SSID+BSSID is received, the security judgment can be directly performed based on this.
  • the security judgment performed by the security service device on the wireless access point may be based on a big data manner, and the manner determines the security based on the historical data of the wireless access point, for example, for the wireless access point AP1, If a large number of user equipments are attacked by the ARP (Address Resolution Protocol), the security service device combines the historical data to determine the security of the AP1. After the security service device determines the risk information of the wireless access point, it returns it to the corresponding user equipment.
  • ARP Address Resolution Protocol
  • Step S204 the transmission device 620 of the user equipment acquires the risk information about the wireless access point returned by the security service device.
  • the risk information is used to indicate whether the wireless access point has a security risk.
  • the risk information may include a security score, and the security service device may preset according to the historical data of the wireless access point.
  • the algorithm calculates a security score of the wireless access point, so that the user equipment can determine the security of the wireless access point according to the specific value of the security score.
  • the risk information may further include information about the type of the risk, so that when the user equipment receives the risk information, the user may simultaneously display the type of risk that the wireless access point exists.
  • the types of risks include but are not limited to the following: arp attack, network monitoring attack, webpage tampering risk, counterfeit public WiFi, phishing WiFi, and the like.
  • ARP attack is to spoof ARP spoofing by forging IP addresses and MAC addresses. It can generate a large amount of ARP traffic in the network to block the network. The attacker can change the IP address of the target host ARP cache as long as the spoofed ARP response packet is continuously sent. - MAC entry, causing a network outage or man-in-the-middle attack.
  • the network monitoring attack is a kind of man-in-the-middle attack. If you need to implement certificate fraud, there are two ways. Because the network listening exchange process is plaintext, the attacker can control this step and let the user download the fake certificate. Another is to control the DNS, direct the DNS to the incorrect website, download the incorrect certificate, and then easily eavesdrop on the data because the attacker knows the key on his server.
  • Webpage tampering risk refers to intercepting the webpage that the user originally entered to other website pages, such as various phishing websites.
  • the user's browser is falsified by a browser plug-in, etc., so that the user's browser configuration is abnormal and forced.
  • Guide to the commercial website The common phenomenon is that the homepage and the Internet search page become unknown websites, and often the pop-up advertisement page enters the normal website address but connects to other websites.
  • Counterfeit public WiFi means that an insecure wireless access point is disguised as a public WiFi (for example, a public wireless access point provided by an operator such as telecommunications or mobile).
  • Public WiFi in regular places generally does not harm personal information, and if it is a counterfeit WiFi signal, it will give mobile phones, notes, and Trojans, virus programs, and long-term harm to personal information or privacy.
  • Phishing WiFi is a fake wireless access point. When your wireless device is connected, it will be back scanned. If your mobile phone is connected to the website for data communication, and it involves data such as account password, The other party will get your information.
  • Step S205 The processing device 610 of the user equipment marks the wireless access point with the security risk in the wireless access point list according to the risk information.
  • the processing device 610 may determine, according to the comparison result of the security score and the preset value, a wireless access point that has a security risk, and then, in the wireless access point list, the security risk exists.
  • the wireless access point is tagged.
  • the preset value may be set to 73 points, that is, the user equipment determines that the wireless access point with the security score lower than 73 points has a security risk.
  • a wireless access point with a security risk is marked by adding a corresponding label to a preset location in the wireless access point list, so that the wireless access point list finally presented to the user includes the label, thereby directly prompting the user that the user may exist.
  • Security risks For example, add a prominent "risk" tag at the SSID display location of a wireless access point in the wireless access point list, such as the wireless access point "TP-link_F2A123" in FIG.
  • the user equipment 100 may proceed to step S206 to display the marked wireless access point list by the display device 630.
  • the user equipment further includes connection means for establishing a connection with the wireless access point.
  • connection means for establishing a connection with the wireless access point.
  • the display device of the user equipment displays the marked wireless access point list to the user, if the connection device connects the wireless access point in the wireless access point list according to the user's operation, the display device is currently connected.
  • the wireless access point is a wireless access point with a security risk
  • the warning information matching the risk type is displayed according to the type of risk corresponding to the risk information of the wireless access point.
  • the user equipment may connect to the wireless access point, and the processing device may be based on the previously received wireless connection.
  • the risk information of the entry point determines whether the currently connected wireless access point is a wireless access point with a security risk. If yes, the display device displays the warning information.
  • the alert information may include, but is not limited to, one or more of a warning mark, a risk type prompt, and a processing prompt.
  • the warning mark can be various types of eye-catching logos or display effects, such as changing the color of the connection interface, making it appear red, adding other dynamic effects, and the like.
  • the risk type prompt refers to information indicating the types of the foregoing security risks.
  • the current risk type of the user is arp attack, network monitoring attack, webpage tampering risk, counterfeit public WiFi, and phishing WiFi.
  • the processing prompt refers to suggesting or prompting the user how to perform subsequent operations at this time, for example, prompting the user to "suggest to disconnect", "click to disconnect", and the like.
  • Figure 4 shows a specific form of displaying alert information.
  • warning information can be displayed to intuitively inform users of the degree of risk of wireless access points with security risks.
  • different colors are used as warning information to distinguish different degrees of risk, if the degree of danger is high, red is used as the warning information, and if the degree of danger is relatively low, yellow is used as the warning information.
  • the user equipment when determining whether the currently connected wireless access point is a wireless access point with a security risk, the user equipment may also be based on a manner of secure cloud identification.
  • This method is different from the foregoing method for determining risk information based on big data.
  • big data is based on historical data of wireless access points
  • the way of secure cloud identification is based on information about wireless access points and Real-time data that interacts between user equipment and wireless access points.
  • the user can send related information of the connected wireless access point to the security service device, such as DNS (Domain Name System) information, IP address, subnet mask, etc. through the transmission device, if the security service device can determine If the current DNS information is an insecure DNS server, the wireless access point may be considered to be hijacked by the DNS, posing a security risk.
  • the user equipment may send a log of the interaction between the user and the wireless access point to the security service device through the transmission device, and the security service device may determine, according to the log, whether the data exchanged between the user equipment and the wireless access point is normal, if not Then, it can be considered that there is a security risk, and the result is returned to the user equipment, so that the user equipment completes the judgment.
  • DNS Domain Name System
  • connection device of the user equipment connects to the wireless access point in the wireless access point list
  • the processing device determines that the risk interaction scenario is currently entered, it detects whether the currently connected wireless access point is a security risk.
  • the wireless access point if the detection result is yes, automatically disconnects from the wireless access point or displays an alert message through the display device.
  • the risk interaction scenario refers to a scenario in which information interaction needs to be performed in a relatively secure environment, such as a scenario involving payment and account login. If the information leakage may cause a large loss to the user.
  • the user equipment automatically detects the currently connected wireless access point.
  • the specific detection method may be based on the risk information obtained by the security service device according to the big data or based on the secure cloud identification. Because these risk interaction scenarios may cause property damage to the user and cause serious consequences, the user equipment may automatically disconnect the wireless access point when determining that the currently connected wireless access point has a security risk. Avoid further data interaction with the wireless access point to prevent account and password leakage.
  • the user equipment is connected to the current wireless access point for the first time, and the security service device determines the wireless access point as Unfamiliar WiFi is also considered to be a security risk; for example, some wireless access points that do not require a login password, the security service device will be determined to be open WiFi, and it is considered to be a security risk.
  • the security service device sends the detection result to the user equipment, so that the user equipment automatically disconnects from the wireless access point or displays the warning information according to the detection result.
  • the specific content of the warning information may also include, but is not limited to, one or more of a warning mark, a risk type prompt, and a processing prompt, and details are not described herein again.
  • the display manner of the warning information can be realized by pop-up window, as shown in FIG. 5.
  • the embodiment of the present application further provides another risk alerting device for a wireless access point, where the device can perform risk detection on the currently connected wireless access point when a wireless access point has been connected, and is at risk. Prompt the user.
  • the transmission device of the device may send the identification information about the wireless access point to the security service device when the wireless access point is connected, and obtain the relevant information returned by the security service device. The risk information of the wireless access point.
  • the identification information of the AP1 (such as SSID+BSSID) is uploaded to the security service device, and the security service device performs risk analysis on the AP1 to determine its corresponding The risk information is returned to the user equipment, so that the user equipment can determine whether the currently connected wireless access point has a security risk according to the obtained risk information.
  • the processing device of the device is capable of determining whether the wireless access point has a security risk based on the risk information.
  • the display device may display a warning that matches the risk type according to the risk type corresponding to the risk information of the wireless access point when the processing device determines that the wireless access point has a security risk based on the risk information. information. Similar to the manner in which the warning information is displayed in the foregoing scenario, different levels of warning information may be displayed according to the hazards that may be caused by different types of risks, so as to intuitively inform the user of the degree of risk of the wireless access point with security risks.
  • a portion of the present application can be applied as a computer program product, such as computer program instructions, which, when executed by a computer, can invoke or provide a method and/or technical solution in accordance with the present application.
  • the program instructions for invoking the method of the present application may be stored in a fixed or removable recording medium, and/or transmitted by a data stream in a broadcast or other signal bearing medium, and/or stored in a program according to the program.
  • the instruction runs in the working memory of the computer device.
  • an embodiment of the present application includes a risk alerting device for a wireless access point as shown in FIG. 7, the device including a memory 710 for storing computer program instructions and a processor 720 for executing program instructions. Wherein, when the computer program instructions are executed by the processor, the device is triggered to perform a method and/or a technical solution based on the foregoing plurality of embodiments.
  • the user equipment can obtain a wireless access point list including at least one wireless access point, and send identification information about the wireless access point to the security service device by the security service device.
  • the security of the wireless access point is determined based on the information of the big data or the wireless access point, and the determined risk information is sent back to the user equipment, so that the user equipment can determine the security in the wireless access point list according to the risk information.
  • the risk of the wireless access point and mark it, and then display the list of marked wireless access points, clearly indicating to the user which wireless access points may have security risks, so that users try to avoid connecting these wireless access points to reduce A situation in which a security problem has occurred.
  • the present application can be implemented in software and/or a combination of software and hardware, for example, using an application specific integrated circuit (ASIC), a general purpose computer, or any other similar hardware device.
  • the software program of the present application can be executed by a processor to implement the above steps or functions.
  • the software programs (including related data structures) of the present application can be stored in a computer readable recording medium such as a RAM memory, a magnetic or optical drive or a floppy disk and the like.
  • some of the steps or functions of the present application may be implemented in hardware, for example, as a circuit that cooperates with a processor to perform various steps or functions.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephone Function (AREA)

Abstract

本申请提供了一种无线接入点的风险提示方案,该方案中,用户设备能够获取包含至少一个无线接入点的无线接入点列表,向安全服务设备发送关于所述无线接入点的识别信息,由安全服务设备基于大数据或者无线接入点的相关信息对无线接入点的安全性进行判断,并将判断得到的风险信息发送回用户设备,使得用户设备能够根据风险信息确定无线接入点列表中存在安全风险的无线接入点,并对其进行标记,明确提示用户哪些无线接入点可能存在安全风险,使得用户尽量避免连接这些无线接入点,以减少发生安全问题的情况。

Description

无线接入点的风险提示方法及设备 技术领域
本申请涉及信息技术领域,尤其涉及一种无线接入点的风险提示方法及设备。
背景技术
随着WiFi(Wireless-Fidelity,无线保真)技术的不断发展及智能终端的普及,以及越来越多的用户通过终端设备接入无线局域网中的无线接入点的方式接入网络,便出现了存储有无线接入点及其对应的密码等接入信息的网络服务器。用户将可以将需要分享的无线接入点及其对应的密码上传至网络服务器中,使得其它用户可以通过网络服务器上存储的无线接入点及其对应的密码等接入信息,更加便捷、快速地接入无线网络。
随着分享的无线接入点数量的增加,也会有人针对一些分享的无线接入点进行安全攻击,或者直接分享不安全的无线接入点,使得正常用户在使用用户设备连接这些无线接入点之后,会存在安全隐患,导致账号密码、个人资料等信息的泄漏。由于目前业界没有解决上述问题的方案,使得用户在接入分享的无线接入点时,可能会因为连接到不安全的无线接入点而产生安全隐患。
申请内容
本申请的一个目的是提供一种无线接入点的风险提示方法及设备。
为实现上述目的,本申请提供了一种无线接入点的风险提示方法,该方法包括:
获取包含至少一个无线接入点的无线接入点列表;
向安全服务设备发送关于所述无线接入点的识别信息,并获取所述安全服务设备返回的关于所述无线接入点的风险信息;
根据所述风险信息,在所述无线接入点列表中对存在安全风险的无线接入点进行标记;
进一步地,该方法还包括:
显示标记后的无线接入点列表。
进一步地,向安全服务设备发送关于所述无线接入点的识别信息,包括:
向安全服务器发送所述无线接入点列表,以使所述安全服务设备由所述无线接入点列表中提取出所述无线接入点的标识信息;或者
由所述无线接入点列表中提取出所述无线接入点的标识信息,向安全服务器发送所述无线接入点的标识信息。
进一步地,所述风险信息包括安全评分;
根据所述风险信息,在所述无线接入点列表中对存在安全风险的无线接入点进行标记,包括:
根据所述安全评分与预设值的比较结果,确定存在安全风险的无线接入点;
在所述无线接入点列表中对存在安全风险的无线接入点进行标记。
进一步地,该方法还包括:
连接所述无线接入点列表中的无线接入点;
若当前连接的无线接入点为存在安全风险的无线接入点,根据所述无线接入点的风险信息所对应的风险类型,显示与所述风险类型匹配的警示信息。
进一步地,该方法还包括:
连接所述无线接入点列表中的无线接入点;
在进入风险交互场景时,检测当前连接的无线接入点是否为存在安全风险的无线接入点;
若检测结果为是,自动断开与所述无线接入点的连接或显示警示信息。
此外,本申请还提供了一种无线接入点的风险提示方法,该方法包括:
在已连接任一无线接入点时,向安全服务设备发送关于所述无线接入点的识别信息,并获取所述安全服务设备返回的关于所述无线接入点的风险信息;
在基于所述风险信息确定所述无线接入点存在安全风险时,根据所述 无线接入点的风险信息所对应的风险类型,显示与所述风险类型匹配的警示信息。
进一步地,所述警示信息包括警示标记、风险类型提示和处理提示中的一种或多种。
进一步地,显示警示信息,包括:
通过弹出窗口的方式显示警示信息。
基于本申请的另一方面,还提供了一种无线接入点的风险提示设备,该设备包括:
处理装置,用于获取包含至少一个无线接入点的无线接入点列表,以及根据风险信息,在所述无线接入点列表中对存在安全风险的无线接入点进行标记;
传输装置,用于向安全服务设备发送关于所述无线接入点的识别信息,并获取所述安全服务设备返回的关于所述无线接入点的风险信息。
进一步地,该设备还包括:
显示装置,用于显示标记后的无线接入点列表。
进一步地,所述传输装置用于向安全服务器发送所述无线接入点列表,以使所述安全服务设备由所述无线接入点列表中提取出所述无线接入点的标识信息;或者向安全服务器发送所述无线接入点的标识信息,其中,所述标识信息由所述处理装置从所述无线接入点列表中提取。
进一步地,所述风险信息包括安全评分;
所述处理装置,用于根据所述安全评分与预设值的比较结果,确定存在安全风险的无线接入点;以及在所述无线接入点列表中对存在安全风险的无线接入点进行标记。
进一步地,该设备还包括:
连接装置,用于连接所述无线接入点列表中的无线接入点;
所述显示装置,还用于在当前连接的无线接入点为存在安全风险的无线接入点时,根据所述无线接入点的风险信息所对应的风险类型,显示与所述风险类型匹配的警示信息。
进一步地,该设备还包括:
连接装置,用于连接所述无线接入点列表中的无线接入点;
所述处理装置,还用于在进入风险交互场景时,检测当前连接的无线接入点是否为存在安全风险的无线接入点;
所述显示装置,还用于在检测结果为是时,自动断开与所述无线接入点的连接或显示警示信息。
此外,本申请还提供了一种无线接入点的风险提示设备,该设备包括:
传输装置,在已连接任一无线接入点时,向安全服务设备发送关于所述无线接入点的识别信息,并获取所述安全服务设备返回的关于所述无线接入点的风险信息;
处理装置,用于基于所述风险信息判断所述无线接入点是否存在安全风险;
显示装置,用于在基于所述风险信息确定所述无线接入点存在安全风险时,根据所述无线接入点的风险信息所对应的风险类型,显示与所述风险类型匹配的警示信息。
进一步地,所述警示信息包括警示标记、风险类型提示和处理提示中的一种或多种。
进一步地,所述显示装置,用于通过弹出窗口的方式显示警示信息。
此外,本申请还提供了一种无线接入点的风险提示设备,该设备包括用于存储计算机程序指令的存储器和用于执行程序指令的处理器,其中,当该计算机程序指令被该处理器执行时,触发该设备执行权利要求1至7中任一项所述的方法。
与现有技术相比,本申请提供的方案中,用户设备能够获取包含至少一个无线接入点的无线接入点列表,向安全服务设备发送关于所述无线接入点的识别信息,由安全服务设备基于大数据或者无线接入点的相关信息对无线接入点的安全性进行判断,并将判断得到的风险信息发送回用户设备,使得用户设备能够根据风险信息确定无线接入点列表中存在安全风险的无线接入点,并对其进行标记,明确提示用户哪些无线接入点可能存在安全风险,使得用户尽量避免连接这些无线接入点,以减少发生安全问题的情况。
附图说明
通过阅读参照以下附图所作的对非限制性实施例所作的详细描述,本申请的其它特征、目的和优点将会变得更明显:
图1为本申请的方案在实现无线接入点的风险提示时,用户设备和安全服务设备之间的交互示意图;
图2为本申请实施例中用户设备和安全服务设备之间的交互处理流程;
图3为本申请实施例中标记后的无线接入点列表的示意图;
图4为本申请实施例中一种警示信息的示意图;
图5为本申请实施例中另一种警示信息的示意图;
图6为本申请实施例提供的一种用户设备的结构示意图;
图7为本申请实施例提供的另一种用户设备的结构示意图;
附图中相同或相似的附图标记代表相同或相似的部件。
具体实施方式
下面结合附图对本申请作进一步详细描述。
在本申请一个典型的配置中,终端、服务网络的设备均包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。
内存可能包括计算机可读介质中的非永久性存储器,随机存取存储器(RAM)和/或非易失性内存等形式,如只读存储器(ROM)或闪存(flash RAM)。内存是计算机可读介质的示例。
计算机可读介质包括永久性和非永久性、可移动和非可移动媒体,可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带,磁带磁盘存储或其他磁性存储设备或任何其他非传输介质,可用于存储可 以被计算设备访问的信息。
图1示出了在实现无线接入点的风险提示时,用户设备和安全服务设备之间的交互示意图。用户设备100是指用户使用的用于连接无线接入点的终端设备,其具体实现可以是手机、笔记本电脑、平板电脑、PDA、个人计算机等能够实现无线接入点连接功能的设备。安全服务设备200可以是基于大数据或者大数据或者无线接入点的相关信息对无线接入点的安全性进行判断的网络侧设备,其具体实现可以是单个网络服务器、多个网络服务器组成的集群或基于云计算的计算机集合等。在此,云由基于云计算(Cloud Computing)的大量主机或网络服务器构成,其中,云计算是分布式计算的一种,由一群松散耦合的计算机集组成的一个虚拟计算机。
在本申请的一个实施例中,用户设备可以实现的功能包括在用户查看可以连接的无线接入点时,能够对存在安全风险的无线接入点进行标记,打上安全标签,来提示用户可能存在的安全隐患。在实现上述功能时,用户设备和安全服务设备之间具体的交互处理流程如图2所示,包括如下处理步骤:
步骤S201,用户设备100获取包含至少一个无线接入点的无线接入点列表。用户设备能够检测附近的无线接入点的信号,从而获取到关于这些无线接入点的相关信息,形成一无线接入点列表。
步骤S202,用户设备100向安全服务设备200发送关于所述无线接入点的识别信息。其中,所述无线接入点的识别信息是指能够用于识别出特定无线接入点的信息,例如可以是用户设备扫描到的无线接入点列表(通过列表中包含的信息能够确定包含的无线接入点),也可以是从该无线接入点列表中提取出的无线接入点的标识信息,例如无线接入点的SSID(Service Set Identifier,服务集标识)+BSSID(Basic Service Set ID,即MAC地址)等信息。
由此,用户设备发送识别信息至少包括以下两种情况:直接向安全服务器发送所述无线接入点列表,以使所述安全服务设备由所述无线接入点列表中提取出所述无线接入点的标识信息;或者由所述无线接入点列表中提取出所述无线接入点的标识信息,然后向安全服务器发送所述无线接入 点的标识信息。
步骤S203,安全服务设备200接收到识别信息之后,若接收到的是无线接入点列表,则对该无线接入点列表进行解析,提取出进行安全性判断所需要的信息。其中一种的实施方式为:安全服务设备从所述无线接入点列表中提取出所述无线接入点的标识信息。若接收到的是SSID+BSSID的标识信息,则可以直接据此进行安全性的判断。
此时,安全服务设备对无线接入点进行的安全性判断可以基于大数据的方式,此种方式基于该无线接入点的历史数据对其安全性进行判断,例如对于无线接入点AP1,有数量较多的用户设备在连接之后受到过arp(Address Resolution Protocol,地址解析协议)攻击,则该安全服务设备会结合该历史数据进行安全性的判断,确定AP1的风险信息。安全服务设备确定无线接入点的风险信息之后,会将其返回给对应的用户设备,
步骤S204,用户设备100获取所述安全服务设备返回的关于所述无线接入点的风险信息。风险信息是用于表示无线接入点是否存在安全隐患的信息,在本申请的一个实施例中,风险信息可以包括安全评分,安全服务设备会根据无线接入点的历史数据,根据预设的算法计算生成无线接入点的安全评分,使得用户设备可以根据安全评分的具体数值确定无线接入点的安全性。
此外,风险信息中还可以包括关于风险类型的信息,使得用户设备在收到风险信息时,可以同时向用户显示无线接入点存在的风险类型。例如风险类型包括但不限于如下几种:arp攻击、网络监听攻击、网页篡改风险、仿冒公共WiFi、钓鱼WiFi等。
ARP攻击就是通过伪造IP地址和MAC地址实现ARP欺骗,能够在网络中产生大量的ARP通信量使网络阻塞,攻击者只要持续不断的发出伪造的ARP响应包就能更改目标主机ARP缓存中的IP-MAC条目,造成网络中断或中间人攻击。
网络监听攻击是中间人攻击的一种,如果需要实现证书欺诈的话无非就两种方式,因为网络监听交换过程是明文的,攻击者控制这一个步骤就好了,让用户下载到假的证书。还有一种就是控制DNS,让DNS导向不 正确的网站,从而下载不正确的证书,然后因为攻击者知道自己服务器上的密钥,所以可以很轻松的窃听这些数据。
网页篡改风险是指把用户原来进入的网页中途拦截到其他网站页面,例如各类钓鱼网站,一般通过浏览器插件等形式对用户的浏览器进行篡改,使用户的浏览器配置不正常,被强行引导到商业网站。常见现象为主页及互联网搜索页变为不知名的网站、经常莫名弹出广告网页输入正常网站地址却连接到其他网站。
仿冒公共WiFi是指不安全的无线接入点伪装成公共WiFi(例如电信、移动等运行商提供的公共无线接入点)。正规场所的公共WiFi一般不会对个人信息造成危害,而如果是仿冒的WiFi信号,会给手机、笔记比植入木马、病毒程序,长期危害个人日常信息或者隐私等信息安全。
钓鱼WiFi是一个假的无线接入点,当你的无线设备连接上去时,会被反扫描,如果这时你的手机正好连在什么网站上进行了数据通信,且涉及到了帐号密码等数据,对方就会获得你的这些信息。
步骤S205,用户设备100根据所述风险信息,在所述无线接入点列表中对存在安全风险的无线接入点进行标记。当分享信息包含安全评分时,可以根据所述安全评分与预设值的比较结果,确定存在安全风险的无线接入点,然后在所述无线接入点列表中对存在安全风险的无线接入点进行标记。例如,所述预设值可以设定为73分,即用户设备会将安全评分低于73分的无线接入点判定为存在安全风险。
存在安全风险的无线接入点进行标记是指在无线接入点列表中的预设位置增加相应的标签,使得最终呈现给用户的无线接入点列表中包含该标签,从而直接提示用户可能存在的安全风险。例如,在无线接入点列表中某一无线接入点的SSID显示位置处添加醒目的“风险”标签,如图3中的无线接入点“TP-link_F2A123”。
在进行标记之后,用户设备100可以继续执行步骤S206,显示标记后的无线接入点列表。
进一步地,用户设备100在向用户显示标记后的无线接入点列表之后,若根据用户的操作连接了所述无线接入点列表中的无线接入点,则会在当 前连接的无线接入点为存在安全风险的无线接入点时,根据所述无线接入点的风险信息所对应的风险类型,显示与所述风险类型匹配的警示信息。
例如,用户在某些特定的情况下,必须要连接列表中存在安全风险的无线接入点时,用户设备可以在连接上无线接入点之后,可以基于之前接收到的关于该无线接入点的风险信息,判断当前连接的无线接入点是否是存在安全风险的无线接入点,若为是,则显示警示信息。
在此,警示信息可以包括但不限于警示标记、风险类型提示和处理提示中的一种或多种。例如警示标记可以是各类醒目的标识或者显示效果,例如改变连接界面的颜色,使其显示为红色、增加其它动态效果等。风险类型提示是指对前述几种安全风险的类型进行提示的信息,例如提示用户当前的风险类型为arp攻击、网络监听攻击、网页篡改风险、仿冒公共WiFi、钓鱼WiFi等。处理提示是指建议或者提示用户此时如何进行后续操作,例如提示用户“建议断开”、“点击断开连接”等。图4示出了一种显示警示信息的具体形式。
在实际场景中,不同类型的风险对用户造成的危害程度也各不相同,对于不同的风险类型,可以显示不同程度的警示信息,以直观地告知用户存在安全风险的无线接入点的风险程度。例如,采用不同的颜色作为警示信息时,以区分不同程度的风险,若危险程度较高,则使用红色作为警示信息,若危险程度相对较低,则使用黄色作为警示信息。
在本申请的一个实施例中,在判断当前连接的无线接入点是否为存在安全风险的无线接入点时,也可以基于安全云识别的方式。此种方式不同于前述基于大数据确定风险信息的方式,与大数据的区别在于:大数据是基于无线接入点的历史数据,而安全云识别的方式是基于无线接入点的相关信息以及用户设备与无线接入点之间交互的实时数据。
例如用户可以将连接的无线接入点的相关信息发送给安全服务设备,如DNS(Domain Name System)信息、IP地址、子网掩码(subnet mask)等,若安全服务设备可以确定当前的DNS信息为不安全的DNS服务器,则可以认为无线接入点遭到DNS劫持,存在安全风险。此外,用户设备可以将与无线接入点之间交互的日志发送给安全服务设备,安全服务设备 可以根据日志判断用户设备与无线接入点之间交互的数据是否正常,若不正常,则可以认为存在安全风险,将结果返回用户设备,使得用户设备完成判断。
此外,用户设备在连接所述无线接入点列表中的无线接入点之后,若进入风险交互场景,则会检测当前连接的无线接入点是否为存在安全风险的无线接入点,如果检测结果为是,自动断开与所述无线接入点的连接或显示警示信息。
所述风险交互场景是指需要在较为安全的环境中进行信息交互的场景,例如涉及支付、帐号登录的场景,若信息泄漏可能会对用户造成较大损失。在这些风险交互场景下,用户设备会自动对当前连接的无线接入点进行检测,具体检测方式可以基于安全服务设备根据大数据得到的风险信息或者基于安全云识别的方式。由于这些风险交互场景中,可能会对用户造成财产损失,造成严重后果,因此用户设备在确定当前连接的无线接入点存在安全风险时,可以自动断开与所述无线接入点的连接,避免与该无线接入点进行进一步的数据交互,防止帐号、密码的泄漏。此外,也可以仅显示警示信息,以提示用户当前存在的风险、是否需要断开连接等。
在此场景中,可以将其它的情况也列入到存在安全风险的判断标准中,例如,用户设备是第一次连接当前的无线接入点,安全服务设备会将该无线接入点确定为陌生WiFi,也认为是一种存在安全风险的情况;还如,一些不需要登录密码的无线接入点,安全服务设备会确定为开放WiFi,也认为是一种存在安全风险的情况等等。安全服务设备将检测结果发送给用户设备,使得用户设备根据检测结果,自动断开与所述无线接入点的连接或显示警示信息。
警示信息的具体内容同样可以包括但不限于警示标记、风险类型提示和处理提示中的一种或多种,此处不再赘述。此外,警示信息的显示方式可以通过弹出窗口的方式实现,如图5所示。
本申请实施例还提供了另一种无线接入点的风险提示方法,该方法用以在已经连接上一个无线接入点时,对当前连接的该无线接入点进行风险检测,并在存在风险时提示用户。该方法的处理步骤如下,首先在已连接 任一无线接入点时,向安全服务设备发送关于所述无线接入点的识别信息,并获取所述安全服务设备返回的关于所述无线接入点的风险信息。例如,若用户设备判断当前已经连接了一无线接入点AP1,则会将AP1的识别信息(如SSID+BSSID)上传至安全服务设备,由安全服务设备对AP1进行风险分析,确定其对应的风险信息并返回给用户设备,使得用户设备可以根据获取到的风险信息对当前连接的无线接入点是否存在安全风险进行判断。
在基于所述风险信息确定所述无线接入点存在安全风险时,根据所述无线接入点的风险信息所对应的风险类型,显示与所述风险类型匹配的警示信息。与前述场景中,显示警示信息的方式类似,可以根据不同的风险类型可能造成的危害,可以显示不同程度的警示信息,以直观地告知用户存在安全风险的无线接入点的风险程度。
基于同一发明构思,本申请实施例中还提供了无线接入点的风险提示设备,该设备对应的方法是前述实施例中无线接入点的风险提示方法,并且其解决问题的原理与该方法相似。
图6示出了本申请实施例提供的一种无线接入点的风险提示设备,包括处理装置610、传输装置620和显示装置630。该风险提示设备为用户用于连接无线接入点的用户设备,可以实现的功能包括在用户查看可以连接的无线接入点时,能够对存在安全风险的无线接入点进行标记,打上安全标签,来提示用户可能存在的安全隐患。在实现上述功能时,用户设备和安全服务设备之间具体的交互处理流程如图2所示,包括如下处理步骤:
步骤S201,用户设备的处理装置610获取包含至少一个无线接入点的无线接入点列表。用户设备能够检测附近的无线接入点的信号,从而获取到关于这些无线接入点的相关信息,形成一无线接入点列表。
步骤S202,用户设备的传输装置620向安全服务设备发送关于所述无线接入点的识别信息。其中,所述无线接入点的识别信息是指能够用于识别出特定无线接入点的信息,例如可以是用户设备扫描到的无线接入点列表(通过列表中包含的信息能够确定包含的无线接入点),也可以是从该无线接入点列表中提取出的无线接入点的标识信息,例如无线接入点的 SSID(Service Set Identifier,服务集标识)+BSSID(Basic Service Set ID,即MAC地址)等信息。
由此,用户设备的传输装置620发送识别信息至少包括以下两种情况:传输装置620直接向安全服务器发送所述无线接入点列表,以使所述安全服务设备由所述无线接入点列表中提取出所述无线接入点的标识信息;或者传输装置620向安全服务器发送所述无线接入点的标识信息,其中,所述标识信息由所述处理装置从所述无线接入点列表中提取。
步骤S203,安全服务设备接收到识别信息之后,若接收到的是无线接入点列表,则对该无线接入点列表进行解析,提取出进行安全性判断所需要的信息。其中一种的实施方式为:安全服务设备从所述无线接入点列表中提取出所述无线接入点的标识信息。若接收到的是SSID+BSSID的标识信息,则可以直接据此进行安全性的判断。
此时,安全服务设备对无线接入点进行的安全性判断可以基于大数据的方式,此种方式基于该无线接入点的历史数据对其安全性进行判断,例如对于无线接入点AP1,有数量较多的用户设备在连接之后受到过arp(Address Resolution Protocol,地址解析协议)攻击,则该安全服务设备会结合该历史数据进行安全性的判断,确定AP1的风险信息。安全服务设备确定无线接入点的风险信息之后,会将其返回给对应的用户设备,
步骤S204,用户设备的传输装置620获取所述安全服务设备返回的关于所述无线接入点的风险信息。风险信息是用于表示无线接入点是否存在安全隐患的信息,在本申请的一个实施例中,风险信息可以包括安全评分,安全服务设备会根据无线接入点的历史数据,根据预设的算法计算生成无线接入点的安全评分,使得用户设备可以根据安全评分的具体数值确定无线接入点的安全性。
此外,风险信息中还可以包括关于风险类型的信息,使得用户设备在收到风险信息时,可以同时向用户显示无线接入点存在的风险类型。例如风险类型包括但不限于如下几种:arp攻击、网络监听攻击、网页篡改风险、仿冒公共WiFi、钓鱼WiFi等。
ARP攻击就是通过伪造IP地址和MAC地址实现ARP欺骗,能够在 网络中产生大量的ARP通信量使网络阻塞,攻击者只要持续不断的发出伪造的ARP响应包就能更改目标主机ARP缓存中的IP-MAC条目,造成网络中断或中间人攻击。
网络监听攻击是中间人攻击的一种,如果需要实现证书欺诈的话无非就两种方式,因为网络监听交换过程是明文的,攻击者控制这一个步骤就好了,让用户下载到假的证书。还有一种就是控制DNS,让DNS导向不正确的网站,从而下载不正确的证书,然后因为攻击者知道自己服务器上的密钥,所以可以很轻松的窃听这些数据。
网页篡改风险是指把用户原来进入的网页中途拦截到其他网站页面,例如各类钓鱼网站,一般通过浏览器插件等形式对用户的浏览器进行篡改,使用户的浏览器配置不正常,被强行引导到商业网站。常见现象为主页及互联网搜索页变为不知名的网站、经常莫名弹出广告网页输入正常网站地址却连接到其他网站。
仿冒公共WiFi是指不安全的无线接入点伪装成公共WiFi(例如电信、移动等运行商提供的公共无线接入点)。正规场所的公共WiFi一般不会对个人信息造成危害,而如果是仿冒的WiFi信号,会给手机、笔记比植入木马、病毒程序,长期危害个人日常信息或者隐私等信息安全。
钓鱼WiFi是一个假的无线接入点,当你的无线设备连接上去时,会被反扫描,如果这时你的手机正好连在什么网站上进行了数据通信,且涉及到了帐号密码等数据,对方就会获得你的这些信息。
步骤S205,用户设备的处理装置610根据所述风险信息,在所述无线接入点列表中对存在安全风险的无线接入点进行标记。当分享信息包含安全评分时,处理装置610可以根据所述安全评分与预设值的比较结果,确定存在安全风险的无线接入点,然后在所述无线接入点列表中对存在安全风险的无线接入点进行标记。例如,所述预设值可以设定为73分,即用户设备会将安全评分低于73分的无线接入点判定为存在安全风险。
存在安全风险的无线接入点进行标记是指在无线接入点列表中的预设位置增加相应的标签,使得最终呈现给用户的无线接入点列表中包含该标签,从而直接提示用户可能存在的安全风险。例如,在无线接入点列表 中某一无线接入点的SSID显示位置处添加醒目的“风险”标签,如图3中的无线接入点“TP-link_F2A123”。
在进行标记之后,用户设备100可以继续执行步骤S206,由显示装置630显示标记后的无线接入点列表。
进一步地,用户设备还包括连接装置,用于与无线接入点建立连接。用户设备的显示装置在向用户显示标记后的无线接入点列表之后,若连接装置根据用户的操作连接了所述无线接入点列表中的无线接入点,则显示装置会在当前连接的无线接入点为存在安全风险的无线接入点时,根据所述无线接入点的风险信息所对应的风险类型,显示与所述风险类型匹配的警示信息。
例如,用户在某些特定的情况下,必须要连接列表中存在安全风险的无线接入点时,用户设备可以在连接上无线接入点之后,处理装置可以基于之前接收到的关于该无线接入点的风险信息,判断当前连接的无线接入点是否是存在安全风险的无线接入点,若为是,则显示装置显示警示信息。
在此,警示信息可以包括但不限于警示标记、风险类型提示和处理提示中的一种或多种。例如警示标记可以是各类醒目的标识或者显示效果,例如改变连接界面的颜色,使其显示为红色、增加其它动态效果等。风险类型提示是指对前述几种安全风险的类型进行提示的信息,例如提示用户当前的风险类型为arp攻击、网络监听攻击、网页篡改风险、仿冒公共WiFi、钓鱼WiFi等。处理提示是指建议或者提示用户此时如何进行后续操作,例如提示用户“建议断开”、“点击断开连接”等。图4示出了一种显示警示信息的具体形式。
在实际场景中,不同类型的风险对用户造成的危害程度也各不相同,对于不同的风险类型,可以显示不同程度的警示信息,以直观地告知用户存在安全风险的无线接入点的风险程度。例如,采用不同的颜色作为警示信息时,以区分不同程度的风险,若危险程度较高,则使用红色作为警示信息,若危险程度相对较低,则使用黄色作为警示信息。
在本申请的一个实施例中,用户设备在判断当前连接的无线接入点是否为存在安全风险的无线接入点时,也可以基于安全云识别的方式。此种 方式不同于前述基于大数据确定风险信息的方式,与大数据的区别在于:大数据是基于无线接入点的历史数据,而安全云识别的方式是基于无线接入点的相关信息以及用户设备与无线接入点之间交互的实时数据。
例如用户可以通过传输装置将连接的无线接入点的相关信息发送给安全服务设备,如DNS(Domain Name System)信息、IP地址、子网掩码(subnet mask)等,若安全服务设备可以确定当前的DNS信息为不安全的DNS服务器,则可以认为无线接入点遭到DNS劫持,存在安全风险。此外,用户设备可以通过传输装置将与无线接入点之间交互的日志发送给安全服务设备,安全服务设备可以根据日志判断用户设备与无线接入点之间交互的数据是否正常,若不正常,则可以认为存在安全风险,将结果返回用户设备,使得用户设备完成判断。
此外,用户设备的连接装置在连接所述无线接入点列表中的无线接入点之后,若处理装置判断当前进入了风险交互场景,则会检测当前连接的无线接入点是否为存在安全风险的无线接入点,如果检测结果为是,自动断开与所述无线接入点的连接或通过显示装置显示警示信息。
所述风险交互场景是指需要在较为安全的环境中进行信息交互的场景,例如涉及支付、帐号登录的场景,若信息泄漏可能会对用户造成较大损失。在这些风险交互场景下,用户设备会自动对当前连接的无线接入点进行检测,具体检测方式可以基于安全服务设备根据大数据得到的风险信息或者基于安全云识别的方式。由于这些风险交互场景中,可能会对用户造成财产损失,造成严重后果,因此用户设备在确定当前连接的无线接入点存在安全风险时,可以自动断开与所述无线接入点的连接,避免与该无线接入点进行进一步的数据交互,防止帐号、密码的泄漏。此外,也可以仅显示警示信息,以提示用户当前存在的风险、是否需要断开连接等。
在此场景中,可以将其它的情况也列入到存在安全风险的判断标准中,例如,用户设备是第一次连接当前的无线接入点,安全服务设备会将该无线接入点确定为陌生WiFi,也认为是一种存在安全风险的情况;还如,一些不需要登录密码的无线接入点,安全服务设备会确定为开放WiFi,也认为是一种存在安全风险的情况等等。安全服务设备将检测结果发送给用户 设备,使得用户设备根据检测结果,自动断开与所述无线接入点的连接或显示警示信息。
警示信息的具体内容同样可以包括但不限于警示标记、风险类型提示和处理提示中的一种或多种,此处不再赘述。且警示信息的显示方式可以通过弹出窗口的方式实现,如图5所示。
本申请实施例还提供了另一种无线接入点的风险提示设备,该设备可以在已经连接上一个无线接入点时,对当前连接的该无线接入点进行风险检测,并在存在风险时提示用户。在实现上述处理时,该设备的传输装置可以在已连接任一无线接入点时,向安全服务设备发送关于所述无线接入点的识别信息,并获取所述安全服务设备返回的关于所述无线接入点的风险信息。例如,若用户设备判断当前已经连接了一无线接入点AP1,则会将AP1的识别信息(如SSID+BSSID)上传至安全服务设备,由安全服务设备对AP1进行风险分析,确定其对应的风险信息并返回给用户设备,使得用户设备可以根据获取到的风险信息对当前连接的无线接入点是否存在安全风险进行判断。
该设备的处理装置能够基于所述风险信息判断所述无线接入点是否存在安全风险。而显示装置则可以在处理装置基于所述风险信息确定所述无线接入点存在安全风险时,根据所述无线接入点的风险信息所对应的风险类型,显示与所述风险类型匹配的警示信息。与前述场景中,显示警示信息的方式类似,可以根据不同的风险类型可能造成的危害,可以显示不同程度的警示信息,以直观地告知用户存在安全风险的无线接入点的风险程度。
另外,本申请的一部分可被应用为计算机程序产品,例如计算机程序指令,当其被计算机执行时,通过该计算机的操作,可以调用或提供根据本申请的方法和/或技术方案。而调用本申请的方法的程序指令,可能被存储在固定的或可移动的记录介质中,和/或通过广播或其他信号承载媒体中的数据流而被传输,和/或被存储在根据程序指令运行的计算机设备的工作存储器中。在此,根据本申请的一个实施例包括一个如图7所示的无线接入点的风险提示设备,该设备包括用于存储计算机程序指令的存储器710 和用于执行程序指令的处理器720,其中,当该计算机程序指令被该处理器执行时,触发该设备执行基于前述多个实施例中的方法和/或技术方案。
综上所述,本申请提供的方案中,用户设备能够获取包含至少一个无线接入点的无线接入点列表,向安全服务设备发送关于所述无线接入点的识别信息,由安全服务设备基于大数据或者无线接入点的相关信息对无线接入点的安全性进行判断,并将判断得到的风险信息发送回用户设备,使得用户设备能够根据风险信息确定无线接入点列表中存在安全风险的无线接入点,并对其进行标记,然后显示标记后的无线接入点列表,明确提示用户哪些无线接入点可能存在安全风险,使得用户尽量避免连接这些无线接入点,以减少发生安全问题的情况。
需要注意的是,本申请可在软件和/或软件与硬件的组合体中被实施,例如,可采用专用集成电路(ASIC)、通用目的计算机或任何其他类似硬件设备来实现。在一个实施例中,本申请的软件程序可以通过处理器执行以实现上文步骤或功能。同样地,本申请的软件程序(包括相关的数据结构)可以被存储到计算机可读记录介质中,例如,RAM存储器,磁或光驱动器或软磁盘及类似设备。另外,本申请的一些步骤或功能可采用硬件来实现,例如,作为与处理器配合从而执行各个步骤或功能的电路。
对于本领域技术人员而言,显然本申请不限于上述示范性实施例的细节,而且在不背离本申请的精神或基本特征的情况下,能够以其他的具体形式实现本申请。因此,无论从哪一点来看,均应将实施例看作是示范性的,而且是非限制性的,本申请的范围由所附权利要求而不是上述说明限定,因此旨在将落在权利要求的等同要件的含义和范围内的所有变化涵括在本申请内。不应将权利要求中的任何附图标记视为限制所涉及的权利要求。此外,显然“包括”一词不排除其他单元或步骤,单数不排除复数。装置权利要求中陈述的多个单元或装置也可以由一个单元或装置通过软件或者硬件来实现。第一,第二等词语用来表示名称,而并不表示任何特定的顺序

Claims (19)

  1. 一种无线接入点的风险提示方法,其中,该方法包括:
    获取包含至少一个无线接入点的无线接入点列表;
    向安全服务设备发送关于所述无线接入点的识别信息,并获取所述安全服务设备返回的关于所述无线接入点的风险信息;
    根据所述风险信息,在所述无线接入点列表中对存在安全风险的无线接入点进行标记。
  2. 根据权利要求1所述的方法,其中,该方法还包括:
    显示标记后的无线接入点列表。
  3. 根据权利要求1所述的方法,其中,向安全服务设备发送关于所述无线接入点的识别信息,包括:
    向安全服务器发送所述无线接入点列表,以使所述安全服务设备由所述无线接入点列表中提取出所述无线接入点的标识信息;或者
    由所述无线接入点列表中提取出所述无线接入点的标识信息,向安全服务器发送所述无线接入点的标识信息。
  4. 根据权利要求1所述的方法,其中,所述风险信息包括安全评分;
    根据所述风险信息,在所述无线接入点列表中对存在安全风险的无线接入点进行标记,包括:
    根据所述安全评分与预设值的比较结果,确定存在安全风险的无线接入点;
    在所述无线接入点列表中对存在安全风险的无线接入点进行标记。
  5. 根据权利要求1至4中任一项所述的方法,其中,该方法还包括:
    连接所述无线接入点列表中的无线接入点;
    若当前连接的无线接入点为存在安全风险的无线接入点,根据所述无线接入点的风险信息所对应的风险类型,显示与所述风险类型匹配的警示信息。
  6. 根据权利要求1至4中任一项所述的方法,其中,该方法还包括:
    连接所述无线接入点列表中的无线接入点;
    在进入风险交互场景时,检测当前连接的无线接入点是否为存在安全风险的无线接入点;
    若检测结果为是,自动断开与所述无线接入点的连接或显示警示信息。
  7. 一种无线接入点的风险提示方法,其中,该方法包括:
    在已连接任一无线接入点时,向安全服务设备发送关于所述无线接入点的识别信息,并获取所述安全服务设备返回的关于所述无线接入点的风险信息;
    在基于所述风险信息确定所述无线接入点存在安全风险时,根据所述无线接入点的风险信息所对应的风险类型,显示与所述风险类型匹配的警示信息。
  8. 根据权利要求5至7中任一项所述的方法,其中,所述警示信息包括警示标记、风险类型提示和处理提示中的一种或多种。
  9. 根据权利要求5至7中任一项所述的方法,其中,显示警示信息,包括:
    通过弹出窗口的方式显示警示信息。
  10. 一种无线接入点的风险提示设备,其中,该设备包括:
    处理装置,用于获取包含至少一个无线接入点的无线接入点列表,以及根据风险信息,在所述无线接入点列表中对存在安全风险的无线接入点进行标记;
    传输装置,用于向安全服务设备发送关于所述无线接入点的识别信息,并获取所述安全服务设备返回的关于所述无线接入点的风险信息。
  11. 根据权利要求10所述的设备,其中,该设备还包括:
    显示装置,用于显示标记后的无线接入点列表。
  12. 根据权利要求10所述的设备,其中,所述传输装置用于向安全服务器发送所述无线接入点列表,以使所述安全服务设备由所述无线接入点列表中提取出所述无线接入点的标识信息;或者向安全服务器发送所述无线接入点的标识信息,其中,所述标识信息由所述处理装置从所述无线接入点列表中提取。
  13. 根据权利要求10所述的设备,其中,所述风险信息包括安全评分;
    所述处理装置,用于根据所述安全评分与预设值的比较结果,确定存在安全风险的无线接入点;以及在所述无线接入点列表中对存在安全风险 的无线接入点进行标记。
  14. 根据权利要求10至13中任一项所述的设备,其中,该设备还包括:
    连接装置,用于连接所述无线接入点列表中的无线接入点;
    所述显示装置,还用于在当前连接的无线接入点为存在安全风险的无线接入点时,根据所述无线接入点的风险信息所对应的风险类型,显示与所述风险类型匹配的警示信息。
  15. 根据权利要求10至13中任一项所述的设备,其中,该设备还包括:
    连接装置,用于连接所述无线接入点列表中的无线接入点;
    所述处理装置,还用于在进入风险交互场景时,检测当前连接的无线接入点是否为存在安全风险的无线接入点,以及在检测结果为是时自动断开与所述无线接入点的连接或或者指示所述显示装置,显示警示信息。
  16. 一种无线接入点的风险提示设备,其中,该设备包括:
    传输装置,在已连接任一无线接入点时,向安全服务设备发送关于所述无线接入点的识别信息,并获取所述安全服务设备返回的关于所述无线接入点的风险信息;
    处理装置,用于基于所述风险信息判断所述无线接入点是否存在安全风险;
    显示装置,用于在基于所述风险信息确定所述无线接入点存在安全风险时,根据所述无线接入点的风险信息所对应的风险类型,显示与所述风险类型匹配的警示信息。
  17. 根据权利要求14至16中任一项所述的设备,其中,所述警示信息包括警示标记、风险类型提示和处理提示中的一种或多种。
  18. 根据权利要求14至16中任一项所述的设备,其中,所述显示装置,用于通过弹出窗口的方式显示警示信息。
  19. 一种无线接入点的风险提示设备,该设备包括用于存储计算机程序指令的存储器和用于执行程序指令的处理器,其中,当该计算机程序指令被该处理器执行时,触发该设备执行权利要求1至9中任一项所述的方 法。
PCT/CN2017/119834 2017-05-03 2017-12-29 无线接入点的风险提示方法及设备 WO2018201745A1 (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710305771.5A CN107979845A (zh) 2017-05-03 2017-05-03 无线接入点的风险提示方法及设备
CN2017103057715 2017-05-03

Publications (1)

Publication Number Publication Date
WO2018201745A1 true WO2018201745A1 (zh) 2018-11-08

Family

ID=62012178

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/119834 WO2018201745A1 (zh) 2017-05-03 2017-12-29 无线接入点的风险提示方法及设备

Country Status (2)

Country Link
CN (1) CN107979845A (zh)
WO (1) WO2018201745A1 (zh)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108632823A (zh) * 2018-05-14 2018-10-09 Oppo广东移动通信有限公司 一种网络切换方法、终端及计算机存储介质
CN111148103A (zh) * 2018-11-06 2020-05-12 奇酷互联网络科技(深圳)有限公司 蓝牙设备安全连接性的检测方法、移动终端及存储介质
CN109714770B (zh) * 2019-01-08 2022-10-11 上海尚往网络科技有限公司 用于发送信息的方法和装置
CN109890027B (zh) * 2019-03-20 2022-04-15 上海连尚网络科技有限公司 用于确定目标无线接入点的安全风险信息的方法与设备

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103634270A (zh) * 2012-08-21 2014-03-12 中国电信股份有限公司 识别接入点合法性的方法、系统与接入点鉴别服务器
US20140254364A1 (en) * 2013-03-11 2014-09-11 Futurewei Technologies, Inc. System and Method for WiFi Authentication and Selection
CN104540135A (zh) * 2015-01-12 2015-04-22 深圳市中兴移动通信有限公司 一种无线网络安全接入方法、装置及终端
CN105682015A (zh) * 2016-04-05 2016-06-15 上海连尚网络科技有限公司 一种用于建立无线连接的方法与设备
CN106714172A (zh) * 2015-11-18 2017-05-24 中兴通讯股份有限公司 Wifi热点的处理方法、装置及系统
CN107493576A (zh) * 2016-06-12 2017-12-19 上海连尚网络科技有限公司 用于确定无线接入点的安全信息的方法与设备

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104463569A (zh) * 2014-11-11 2015-03-25 北京奇虎科技有限公司 安全连接支付方法及其装置
CN106209918A (zh) * 2016-09-13 2016-12-07 深圳市金立通信设备有限公司 一种网络安全性管理的方法及终端
CN106302519A (zh) * 2016-09-13 2017-01-04 深圳市金立通信设备有限公司 一种网络安全性管理的方法及终端

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103634270A (zh) * 2012-08-21 2014-03-12 中国电信股份有限公司 识别接入点合法性的方法、系统与接入点鉴别服务器
US20140254364A1 (en) * 2013-03-11 2014-09-11 Futurewei Technologies, Inc. System and Method for WiFi Authentication and Selection
CN104540135A (zh) * 2015-01-12 2015-04-22 深圳市中兴移动通信有限公司 一种无线网络安全接入方法、装置及终端
CN106714172A (zh) * 2015-11-18 2017-05-24 中兴通讯股份有限公司 Wifi热点的处理方法、装置及系统
CN105682015A (zh) * 2016-04-05 2016-06-15 上海连尚网络科技有限公司 一种用于建立无线连接的方法与设备
CN107493576A (zh) * 2016-06-12 2017-12-19 上海连尚网络科技有限公司 用于确定无线接入点的安全信息的方法与设备

Also Published As

Publication number Publication date
CN107979845A (zh) 2018-05-01

Similar Documents

Publication Publication Date Title
CN106936791B (zh) 拦截恶意网址访问的方法和装置
US8910280B2 (en) Detecting and blocking domain name system cache poisoning attacks
WO2018201745A1 (zh) 无线接入点的风险提示方法及设备
US9477534B2 (en) Inter-extension messaging
US9712532B2 (en) Optimizing security seals on web pages
US9730075B1 (en) Systems and methods for detecting illegitimate devices on wireless networks
US9660833B2 (en) Application identification in records of network flows
CN107493576B (zh) 用于确定无线接入点的安全信息的方法与设备
CN114145004A (zh) 用于使用dns消息以选择性地收集计算机取证数据的系统及方法
US11057821B2 (en) Method and device for connecting to hidden wireless access point
CN108063833B (zh) Http dns解析报文处理方法及装置
EP3376740B1 (en) Method and apparatus for acquiring ip address
CN106034302B (zh) 无线局域网热点的安全性监控方法和装置及通信系统
US8407802B2 (en) Method and system for providing security seals on web pages
US20200213856A1 (en) Method and a device for security monitoring of a wifi network
US10855704B1 (en) Neutralizing malicious locators
US9781601B1 (en) Systems and methods for detecting potentially illegitimate wireless access points
KR101494329B1 (ko) 악성 프로세스 검출을 위한 시스템 및 방법
Salim et al. Preventing ARP spoofing attacks through gratuitous decision packet
US11916887B2 (en) Detecting domain fronting through correlated connections
US10523706B1 (en) Phishing protection using cloning detection
US8769130B1 (en) Selection of computer network wireless access points
CN113709136B (zh) 一种访问请求验证方法和装置
CN113904843B (zh) 一种终端异常dns行为的分析方法和装置
US20230071309A1 (en) Privacy preserving vulnerability detection for devices

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17908711

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 13/02/2020)

122 Ep: pct application non-entry in european phase

Ref document number: 17908711

Country of ref document: EP

Kind code of ref document: A1