WO2022105590A1 - Procédé et appareil de détection de certificat de nom de domaine, dispositif électronique et support lisible par ordinateur - Google Patents

Procédé et appareil de détection de certificat de nom de domaine, dispositif électronique et support lisible par ordinateur Download PDF

Info

Publication number
WO2022105590A1
WO2022105590A1 PCT/CN2021/128052 CN2021128052W WO2022105590A1 WO 2022105590 A1 WO2022105590 A1 WO 2022105590A1 CN 2021128052 W CN2021128052 W CN 2021128052W WO 2022105590 A1 WO2022105590 A1 WO 2022105590A1
Authority
WO
WIPO (PCT)
Prior art keywords
domain name
name certificate
information
certificate
certificate information
Prior art date
Application number
PCT/CN2021/128052
Other languages
English (en)
Chinese (zh)
Inventor
陆圣超
钱广杰
林飞
Original Assignee
上海连尚网络科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 上海连尚网络科技有限公司 filed Critical 上海连尚网络科技有限公司
Publication of WO2022105590A1 publication Critical patent/WO2022105590A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]

Definitions

  • Embodiments of the present disclosure relate to the field of computer technologies, and in particular, to a method, apparatus, electronic device, and computer-readable medium for detecting a domain name certificate.
  • Domain name certificate SSL certificate
  • SSL certificate can realize encrypted transmission of data information between client and server.
  • a third-party certificate monitoring server is usually used to detect the domain name certificate, so as to improve the security of the domain name certificate.
  • the third-party certificate monitoring server is used to detect the domain name certificate, which usually misses the detection of the certificate, resulting in a low detection rate of the domain name certificate, resulting in a high frequency of domain name anomalies, and reducing the stability of network communication. This reduces the security of network communication;
  • the abnormal domain name certificate information was not aggregated into readability alarm information, which made it difficult for the content distribution network user to parse the received abnormal domain name certificate information, resulting in the content distribution network user not updating the abnormal domain name certificate in time, which in turn caused The service request from the content delivery network consumer failed.
  • Some embodiments of the present disclosure propose a domain name certificate detection method, apparatus, electronic device, and computer-readable medium to solve one or more of the technical problems mentioned in the above background art section.
  • some embodiments of the present disclosure provide a domain name certificate detection method, the method includes: acquiring each domain name certificate stored in a certificate monitoring client; parsing each of the above domain name certificates to generate Analyzing the domain name certificate information to obtain a parsed domain name certificate information set; and determining whether there is abnormal domain name certificate information based on the target domain name certificate information set and the above-mentioned parsed domain name certificate information set.
  • some embodiments of the present disclosure provide a domain name certificate detection device, the device includes: an obtaining unit configured to obtain each domain name certificate stored in the certificate monitoring client; a parsing unit configured to Each domain name certificate in the domain name certificate is parsed to generate parsed domain name certificate information, and a set of parsed domain name certificate information is obtained; the determining unit is configured to determine whether there is an abnormal domain name certificate based on the target domain name certificate information set and the above-mentioned parsed domain name certificate information set information.
  • some embodiments of the present disclosure provide an electronic device, comprising: one or more processors; a storage device on which one or more programs are stored, when one or more programs are stored by one or more The processor executes, causing one or more processors to implement the method described in any implementation manner of the above first aspect.
  • some embodiments of the present disclosure provide a computer-readable medium on which a computer program is stored, wherein, when the program is executed by a processor, the method described in any implementation manner of the above-mentioned first aspect is implemented.
  • the detection rate of domain name certificates in network communication is improved, the frequency of domain name exceptions is reduced, and the detection rate of network communication is improved through the domain name certificate detection methods of some embodiments of the present disclosure.
  • stability thereby improving the security of network communication.
  • the reason for the low detection rate of domain name anomalies in network communication is that the third-party certificate monitoring server is used to detect domain name certificates, which usually misses the detection of certificates, resulting in the detection of domain name certificates.
  • the detection rate is not high, resulting in a high frequency of domain name anomalies.
  • the domain name certificate detection method of some embodiments of the present disclosure can obtain a preliminary understanding of the status of each domain name certificate of each content distribution network user by acquiring each domain name certificate stored in the certificate monitoring client. Then, each of the above domain name certificates is parsed to generate parsed domain name certificate information, and a set of parsed domain name certificate information is obtained. In this way, the domain name certificate information of each domain name certificate can be parsed out, which facilitates subsequent detection of the resolved domain name certificate information. Finally, the parsed domain name certificate information of each domain name certificate is compared with each target domain name certificate information stored in the server and updated in real time. Therefore, it can be determined whether there is abnormal domain name certificate information in the above target domain name certificate information set according to the comparison result.
  • the detection of the domain name certificate can be realized from the two aspects of the server and the client, so as to prevent omission of detection of the certificate. This further improves the detection rate of domain name certificates, reduces the frequency of domain name anomalies, and improves the stability of network communication. Further, the security of network communication is improved.
  • FIG. 1 is a schematic diagram of an application scenario of a domain name certificate detection method according to some embodiments of the present disclosure
  • FIG. 2 is a flowchart of some embodiments of a domain name certificate detection method according to the present disclosure
  • FIG. 3 is a flowchart of other embodiments of the domain name certificate detection method according to the present disclosure.
  • FIG. 4 is a flowchart of further embodiments of the domain name certificate detection method according to the present disclosure.
  • FIG. 5 is a schematic structural diagram of some embodiments of a domain name certificate detection apparatus according to the present disclosure.
  • FIG. 6 is a schematic structural diagram of an electronic device suitable for implementing some embodiments of the present disclosure.
  • FIG. 1 is a schematic diagram of an application scenario of a domain name certificate detection method according to some embodiments of the present disclosure.
  • the computing device 101 may acquire each domain name certificate 102 stored in the certificate monitoring client. Then, the computing device 102 may parse each domain name certificate in each domain name certificate 102 to generate parsed domain name certificate information, and obtain the parsed domain name certificate information set 103 . Finally, the computing device 101 may determine whether there is abnormal domain name certificate information 105 based on the target domain name certificate information set 104 and the resolved domain name certificate information set 103 .
  • the above computing device 101 may be hardware or software.
  • the computing device When the computing device is hardware, it can be implemented as a distributed cluster composed of multiple servers or terminal devices, or can be implemented as a single server or a single terminal device.
  • a computing device When a computing device is embodied as software, it may be installed in the hardware devices listed above. It can be implemented, for example, as multiple software or software modules for providing distributed services, or as a single software or software module. There is no specific limitation here.
  • FIG. 1 is merely illustrative. There may be any number of computing devices depending on implementation needs.
  • the domain name certificate detection method includes the following steps:
  • Step 201 Obtain each domain name certificate stored in the certificate monitoring client.
  • the executing subject of the domain name certificate detection method may obtain each domain name certificate stored in the certificate monitoring client through a wired connection or a wireless connection.
  • the domain name certificate may be a digital certificate.
  • SSL server certificates The domain name certificate includes but is not limited to: domain name, user information, content distribution network service provider information (eg, CDN service provider information), node information, domain name registration time, and domain name expiration time.
  • each domain name certificate could be:
  • the above-mentioned execution subject may also traverse the file system of the certificate monitoring client, and obtain each domain name certificate stored in the above-mentioned file system through a handshake protocol. Thereby, the detection of the certificate can be prevented from being missed.
  • Step 202 Perform analysis on each of the above domain name certificates to generate resolution domain name certificate information, and obtain a resolution domain name certificate information set.
  • the above-mentioned execution subject may parse each domain name certificate in the above-mentioned various domain name certificates to generate resolved domain name certificate information, and obtain a resolved domain name certificate information set.
  • parsing can be to extract key fields in the domain name certificate.
  • key fields such as domain name, user information, content distribution network server information, node information, and domain name expiration time in the domain name certificate can be extracted.
  • the extraction method may be text keyword extraction.
  • each domain name certificate in each domain name certificate exemplified in step 201 is parsed to generate parsed domain name certificate information, and a set of parsed domain name certificate information is obtained:
  • Step 203 Determine whether there is abnormal domain name certificate information based on the target domain name certificate information set and the above-mentioned resolved domain name certificate information set.
  • the above-mentioned execution subject may obtain the stored and real-time updated certificate information of each target domain name from the certificate monitoring server as the target domain name certificate information set. Then, each resolved domain name certificate information in the resolved domain name certificate information set may be compared with each target domain name certificate information in the above target domain name certificate information set to determine whether there is abnormal domain name certificate information.
  • the target domain name certificate information may include, but is not limited to, the domain name in the domain name certificate, user information, content distribution network service party information, node information, domain name expiration time and distance to expiration.
  • the target domain name certificate information set can be:
  • the above-mentioned resolution domain name certificate information set can be:
  • the target domain name certificate information ⁇ [domain name: www.53.com]; [user information: Shanghai Telecom]; [content distribution network service provider information: Yinshan]; [node information: 58.214.259.208]; [domain name expiration Time: 2020-12-01]; [distance to expiration: 10] ⁇ is determined to be abnormal certificate information.
  • the detection rate of domain name certificates in network communication is improved, the frequency of domain name exceptions is reduced, and the detection rate of network communication is improved through the domain name certificate detection methods of some embodiments of the present disclosure.
  • stability thereby improving the security of network communication.
  • the reason for the low detection rate of domain name anomalies in network communication is that the third-party certificate monitoring server is used to detect domain name certificates, which usually misses the detection of certificates, resulting in the detection of domain name certificates.
  • the detection rate is not high, resulting in a high frequency of domain name anomalies.
  • the domain name certificate detection method of some embodiments of the present disclosure can obtain a preliminary understanding of the status of each domain name certificate of each content distribution network user by acquiring each domain name certificate stored in the certificate monitoring client. Then, each of the above domain name certificates is parsed to generate parsed domain name certificate information, and a set of parsed domain name certificate information is obtained. Thus, the domain name certificate information of each domain name certificate can be parsed out, which facilitates subsequent detection of the domain name certificate information. Finally, the parsed domain name certificate information of each domain name certificate is compared with each target domain name certificate information stored in the server and updated in real time. Therefore, it can be determined whether there is abnormal domain name certificate information in the above-mentioned resolved domain name certificate information set according to the comparison result.
  • the detection of the domain name certificate can be realized from the two aspects of the server and the client, so as to prevent omission of detection of the certificate. This further improves the detection rate of domain name certificates, reduces the frequency of domain name anomalies, and improves the stability of network communication. Further, the security of network communication is improved.
  • the domain name certificate detection method includes the following steps:
  • each imported domain name certificate is obtained and stored in the certificate monitoring client.
  • each imported domain name certificate may be a domain name certificate manually supplemented by a user or a staff member. Thereby, the detection of the certificate can be further prevented from being missed.
  • an imported domain name certificate could be:
  • Step 302 Obtain each domain name certificate stored in the certificate monitoring client.
  • step 302 for the specific implementation of step 302 and the technical effect brought about, reference may be made to step 201 in those embodiments corresponding to FIG. 2 , which will not be repeated here.
  • Step 303 Perform analysis on each of the above domain name certificates to generate resolution domain name certificate information, and obtain a resolution domain name certificate information set.
  • step 303 for the specific implementation of step 303 and the technical effect brought about, reference may be made to step 202 in those embodiments corresponding to FIG. 2 , and details are not repeated here.
  • Step 304 Obtain each domain name of each content distribution network user stored in the cloud service information platform.
  • the above-mentioned execution body may be each domain name of each content distribution network user stored in the cloud service information platform.
  • the cloud service information platform may be a certificate detection server.
  • the acquired domain names of each content distribution network user stored in the cloud service information platform may be: [domain name: www.52.com]; [domain name: www.54.com]; [domain name: www. 51.com]; [domain name: www.53.com].
  • Step 305 Perform domain name resolution on each of the above domain names to generate a list of resolved domain names.
  • the above-mentioned execution body may perform domain name resolution on each of the above-mentioned domain names to generate a list of resolved domain names.
  • the domain name resolution can be that the domain name points to the web space IP.
  • an empty table may be established, and each domain name after domain name resolution is input into the empty table to generate a list of resolved domain names.
  • Step 306 Based on each resolved domain name in the above-mentioned resolved domain name list, obtain the configuration information of the content distribution network user corresponding to the above-mentioned resolved domain name, and obtain a configuration information set as a target domain name certificate information set.
  • the above-mentioned execution body may obtain the content distribution network user's website corresponding to the resolved domain name by accessing the website of the content distribution network user pointed to by each web space IP of each resolved domain name in the resolved domain name list.
  • the configuration information is obtained, and the configuration information set is obtained as the target domain name certificate information set.
  • the configuration information of the content distribution network user corresponding to the resolved domain name can be obtained by visiting the website of the content distribution network user pointed to by the web space IP "58.214.159.208" " ⁇ [domain name: www.52.com] ;[User information: Tian Telecom];[Content distribution network service provider information: Yinshan];[Node information: 58.214.159.208];[Domain name expiration time: 2020-12-01];[Distance to expiration time: 10] ⁇ ".
  • the obtained set of configuration information can be:
  • the above configuration information set is determined as the target domain name certificate information set.
  • Step 307 Determine whether there is abnormal domain name certificate information based on the target domain name certificate information set and the above-mentioned resolved domain name certificate information set.
  • step 307 for the specific implementation of step 307 and the technical effect brought about, reference may be made to step 203 in those embodiments corresponding to FIG. 2 , and details are not repeated here.
  • the flow 300 of the domain name certificate detection method in some embodiments corresponding to FIG. Missing detection of certificates can be further prevented.
  • the configuration information set can be obtained to provide a reference basis for determining whether there is abnormal domain name certificate information.
  • the domain name certificate detection method includes the following steps:
  • Step 401 Obtain each domain name certificate stored in the certificate monitoring client.
  • Step 402 Perform analysis on each of the above domain name certificates to generate resolution domain name certificate information, and obtain a resolution domain name certificate information set.
  • steps 401-402 for the specific implementation of steps 401-402 and the technical effects brought about, reference may be made to steps 201-202 in those embodiments corresponding to FIG. 2, and details are not repeated here.
  • Step 403 Compare each resolved domain name certificate information in the above-mentioned resolved domain name certificate information set with each target domain name certificate information in the above-mentioned target domain name certificate information set, and generate a comparison result information set.
  • the execution subject may compare each resolved domain name certificate information in the above resolved domain name certificate information set with each target domain name certificate information in the above target domain name certificate information set to generate a comparison result information set.
  • the comparison refers to the difference comparison between the certificate information of the resolved domain name and the certificate information of the target domain name.
  • the respective resolution domain name certificate information in the above-mentioned resolution domain name certificate information set may be:
  • Each target domain name certificate information in the above target domain name certificate information set may be:
  • a comparison result information set is obtained: [distance to expiration: 10]; [distance to expiration: 15]; [distance to expiration: 17]; [distance to expiration: 10].
  • Step 404 In response to the comparison result information that meets the preset condition in the comparison result information set, the comparison result information that meets the preset condition in the comparison result information set is determined as abnormal comparison result information, and an abnormal comparison result information group is obtained.
  • the execution entity in response to the comparison result information that meets the preset condition in the comparison result information set, may determine the comparison result information that meets the preset condition in the comparison result information set as abnormal comparison result information, and obtain Anomaly comparison result information group.
  • the preset condition may be a condition set by the content distribution network provider, for example, the preset condition may be "expiration time is less than or equal to 10 days".
  • the above comparison result information set may be: [distance to expiration: 10]; [distance to expiration: 15]; [distance to expiration: 17]; [distance to expiration: 10].
  • Determine the comparison result information that meets the preset condition "expiration time is less than or equal to 10 days" in the above comparison result information set as abnormal comparison result information and obtain the abnormal comparison result information group: [distance to expiration time: 10]; [distance to expiration Time: 10].
  • Step 405 Determine the target domain name certificate information corresponding to each abnormal comparison result information in the above abnormal comparison result information group as abnormal domain name certificate information, and obtain an abnormal domain name certificate information set.
  • the above-mentioned execution body may determine the target domain name certificate information corresponding to each abnormal comparison result information in the above-mentioned abnormal comparison result information group as abnormal domain name certificate information, and obtain the abnormal domain name certificate information set.
  • the above abnormal comparison result information group may be: [distance to expiration: 10]; [distance to expiration: 10].
  • Step 406 Aggregate each abnormal domain name certificate information in the abnormal domain name certificate information set to generate the aggregated abnormal domain name certificate information as readability alarm information, and obtain a readability alarm information group.
  • the execution body may perform aggregation processing on each abnormal domain name certificate information in the abnormal domain name certificate information set to generate aggregated abnormal domain name certificate information as readability alarm information, and obtain a readability alarm information group.
  • the aggregation process may refer to inputting each field in the abnormal domain name certificate information into a preset template.
  • the template is the corpus template for filling in the abnormal domain name certificate information.
  • the abnormal domain name certificate information ⁇ [domain name: www.52.com]; [user information: Sky Telecom]; [content distribution network service party information: Yinshan]; [node information: 58.214.159.208]; [Domain name expiry time: 2020-12-01]; [Distance expiry time: 10] ⁇ Perform aggregation processing to generate aggregated abnormal domain name certificate information "The user of the domain name [www.52.com] [Tian Telecom] is in the content The domain name certificate in the distribution network service party [Silver Mountain] is 10 days away from the expiration time" as the readability warning message.
  • Abnormal domain name certificate information ⁇ [domain name: www.53.com]; [user information: Shanghai Telecom]; [content distribution network service provider information: Yinshan]; [node information: 58.214.259.208]; [domain name to Expiry time: 2020-12-01]; [Distance to expiry time: 10] ⁇ Aggregation processing is performed to generate aggregated abnormal domain name certificate information "The user of the domain name [www.53.com] [Shanghai Telecom] is serving in the content distribution network The expiry time of the domain name certificate in Fang [Silver Mountain] is 10 days" as the readability warning message.
  • Step 406 as an inventive point of the present disclosure, solves the second technical problem mentioned in the background art: “The abnormal domain name certificate information is not aggregated into readability alarm information, which makes it difficult for the content distribution network user to parse the received abnormal domain name certificate information. As a result, the content distribution network user fails to update the abnormal domain name certificate in time, which in turn causes the content distribution network user's business request to fail.”
  • the influencing factors that cause the service request failure of the content distribution network user are often as follows: The abnormal domain name certificate information is not aggregated into readability alarm information, which makes it difficult for the content distribution network user to parse the received abnormal domain name certificate information, causing the content distribution network to use the information. The party failed to update the abnormal domain name certificate in time.
  • the present disclosure performs aggregation processing on each abnormal domain name certificate information in the above abnormal domain name certificate information set to generate aggregated abnormal domain name certificate information as readability alarm information.
  • the abnormal domain name certificate information can be aggregated into readability alarm information, so as to improve the understanding of the received readability alarm information by the content distribution network user.
  • the content distribution network user can update the abnormal domain name certificate in time.
  • Step 407 Send each readability alarm information in the readability alarm information group to the corresponding service platform of each content distribution network user for the user to browse.
  • the execution body may send each readability alarm information in the readability alarm information group to the corresponding service platform of each content distribution network user for the user to browse.
  • the readability warning message "The domain name certificate of the user [Tian Telecom] of the domain name [www.52.com] in the content distribution network service party [Yinshan] is 10 days away from expiration" may be sent.
  • the readability warning message "The domain name certificate of the user [Shanghai Telecom] of the domain name [www.53.com] in the content distribution network service provider [Yinshan] is 10 days away from expiration” can be sent to the content distribution
  • the flow 400 of the domain name certificate detection method in some embodiments corresponding to FIG. 4 can enable the content distribution network user to timely detect abnormal domain name certificates to update.
  • the effect of reducing service request failures of the content distribution network user is achieved.
  • the present disclosure provides some embodiments of an apparatus for detecting a domain name certificate. These apparatus embodiments correspond to those method embodiments shown in FIG. 2 .
  • the apparatus Specifically, it can be applied to various electronic devices.
  • an apparatus 500 for detecting a domain name certificate in some embodiments includes: an acquiring unit 501 , a parsing unit 502 and a determining unit 503 .
  • the obtaining unit 501 is configured to obtain each domain name certificate stored in the certificate monitoring client;
  • the parsing unit 502 is configured to parse each domain name certificate in the above-mentioned various domain name certificates to generate the resolved domain name certificate information, and obtain the resolved domain name Certificate information set;
  • the determining unit 503 is configured to determine whether there is abnormal domain name certificate information based on the target domain name certificate information set and the above-mentioned resolved domain name certificate information set.
  • the obtaining unit 501 of the domain name certificate detection apparatus 500 is further configured to: traverse the file system of the certificate monitoring client, and obtain each domain name certificate stored in the file system through a handshake protocol.
  • the domain name certificate detection apparatus 500 further includes: acquiring each imported domain name certificate.
  • the domain name certificate detection apparatus 500 further includes: a domain name acquisition unit, configured to acquire each domain name of each content distribution network user stored in the cloud service information platform; a domain name resolution unit, is configured to perform domain name resolution on each of the above-mentioned domain names to generate a list of resolved domain names; the configuration information acquisition unit is configured to obtain the configuration of the content distribution network user corresponding to the above-mentioned resolved domain name based on each resolved domain name in the above-mentioned resolved domain name list information, and obtain the configuration information set as the target domain name certificate information set.
  • a domain name acquisition unit configured to acquire each domain name of each content distribution network user stored in the cloud service information platform
  • a domain name resolution unit is configured to perform domain name resolution on each of the above-mentioned domain names to generate a list of resolved domain names
  • the configuration information acquisition unit is configured to obtain the configuration of the content distribution network user corresponding to the above-mentioned resolved domain name based on each resolved domain name in the above-mentioned resolved domain name list information
  • the determining unit 503 of the domain name certificate detection apparatus 500 is further configured to: compare each resolved domain name certificate information in the above-mentioned resolved domain name certificate information set with each target in the above-mentioned target domain name certificate information set The domain name certificate information is compared, and a comparison result information set is generated; in response to the comparison result information that meets the preset conditions in the comparison result information set, the comparison result information that meets the preset conditions in the comparison result information set is determined as abnormal comparison result information , get the abnormal comparison result information group.
  • the determining unit 503 of the domain name certificate detection apparatus 500 is further configured to: determine the target domain name certificate information corresponding to each abnormal comparison result information in the above abnormal comparison result information group For the abnormal domain name certificate information, the abnormal domain name certificate information set is obtained.
  • the determination unit 503 of the domain name certificate detection apparatus 500 further includes: an aggregation unit, configured to perform aggregation processing on each abnormal domain name certificate information in the above abnormal domain name certificate information set to generate Aggregate the abnormal domain name certificate information as readability alarm information to obtain a readability alarm information group; the sending unit is configured to send each readability alarm information in the readability alarm information group to the corresponding content distribution respectively.
  • the service platform of the network user for users to browse.
  • the units recorded in the apparatus 500 correspond to the respective steps in the method described with reference to FIG. 2 . Therefore, the operations, features and beneficial effects described above with respect to the method are also applicable to the apparatus 500 and the units included therein, and details are not described herein again.
  • FIG. 6 a schematic structural diagram of an electronic device (eg, computing device 101 in FIG. 1 ) 600 suitable for implementing some embodiments of the present disclosure is shown.
  • Electronic devices in some embodiments of the present disclosure may include, but are not limited to, such as mobile phones, notebook computers, digital broadcast receivers, PDAs (personal digital assistants), PADs (tablets), PMPs (portable multimedia players), vehicle-mounted terminals Mobile terminals such as in-vehicle navigation terminals, etc., and stationary terminals such as digital TVs, desktop computers, and the like.
  • the electronic device shown in FIG. 6 is only an example, and should not impose any limitation on the function and scope of use of the embodiments of the present disclosure.
  • an electronic device 600 may include a processing device (eg, a central processing unit, a graphics processor, etc.) 601 that may be loaded into random access according to a program stored in a read only memory (ROM) 602 or from a storage device 608 Various appropriate actions and processes are executed by the programs in the memory (RAM) 603 . In the RAM 603, various programs and data required for the operation of the electronic device 600 are also stored.
  • the processing device 601, the ROM 602, and the RAM 603 are connected to each other through a bus 604.
  • An input/output (I/O) interface 605 is also connected to bus 604.
  • I/O interface 605 input devices 606 including, for example, a touch screen, touchpad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc.; including, for example, a liquid crystal display (LCD), speakers, vibration An output device 607 of a computer, etc.; a storage device 608 including, for example, a magnetic tape, a hard disk, etc.; and a communication device 609.
  • Communication means 609 may allow electronic device 600 to communicate wirelessly or by wire with other devices to exchange data. While FIG. 6 shows electronic device 600 having various means, it should be understood that not all of the illustrated means are required to be implemented or provided. More or fewer devices may alternatively be implemented or provided. Each block shown in FIG. 6 may represent one device, or may represent multiple devices as required.
  • the processes described above with reference to the flowcharts may be implemented as computer software programs.
  • some embodiments of the present disclosure include a computer program product comprising a computer program carried on a computer-readable medium, the computer program containing program code for performing the method illustrated in the flowchart.
  • the computer program may be downloaded and installed from the network via the communication device 609, or from the storage device 608, or from the ROM 602.
  • the processing device 601 When the computer program is executed by the processing device 601, the above-mentioned functions defined in the methods of some embodiments of the present disclosure are performed.
  • the computer-readable medium described in some embodiments of the present disclosure may be a computer-readable signal medium or a computer-readable storage medium, or any combination of the above two.
  • the computer-readable storage medium can be, for example, but not limited to, an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus or device, or a combination of any of the above. More specific examples of computer readable storage media may include, but are not limited to, electrical connections with one or more wires, portable computer disks, hard disks, random access memory (RAM), read only memory (ROM), erasable Programmable read only memory (EPROM or flash memory), fiber optics, portable compact disk read only memory (CD-ROM), optical storage devices, magnetic storage devices, or any suitable combination of the foregoing.
  • a computer-readable storage medium can be any tangible medium that contains or stores a program that can be used by or in conjunction with an instruction execution system, apparatus, or device.
  • a computer-readable signal medium may include a data signal in baseband or propagated as part of a carrier wave, carrying computer-readable program code therein. Such propagated data signals may take a variety of forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination of the foregoing.
  • a computer-readable signal medium can also be any computer-readable medium other than a computer-readable storage medium that can transmit, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device .
  • Program code embodied on a computer readable medium may be transmitted using any suitable medium including, but not limited to, electrical wire, optical fiber cable, RF (radio frequency), etc., or any suitable combination of the foregoing.
  • the client and server can use any currently known or future developed network protocol such as HTTP (HyperText Transfer Protocol) to communicate, and can communicate with digital data in any form or medium Communication (eg, a communication network) interconnects.
  • HTTP HyperText Transfer Protocol
  • Examples of communication networks include local area networks (“LAN”), wide area networks (“WAN”), the Internet (eg, the Internet), and peer-to-peer networks (eg, ad hoc peer-to-peer networks), as well as any currently known or future development network of.
  • the above-mentioned computer-readable medium may be included in the above-mentioned electronic device; or may exist alone without being assembled into the electronic device.
  • the above-mentioned computer-readable medium carries one or more programs, and when the above-mentioned one or more programs are executed by the electronic device, the electronic device: performs offline feature extraction processing on the published housing information, and generates the above-mentioned housing information. corpus; obtain each domain name certificate stored in the certificate monitoring client; parse each domain name certificate in the above domain name certificates to generate parsed domain name certificate information, and obtain a parsed domain name certificate information set; based on the target domain name certificate information set and the above Parse the domain name certificate information set to determine whether there is abnormal domain name certificate information.
  • Computer program code for carrying out operations of some embodiments of the present disclosure may be written in one or more programming languages, including object-oriented programming languages - such as Java, Smalltalk, C++, or a combination thereof, Also included are conventional procedural programming languages - such as the "C" language or similar programming languages.
  • the program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer, or entirely on the remote computer or server.
  • the remote computer may be connected to the user's computer through any kind of network, including a local area network (LAN) or a wide area network (WAN), or may be connected to an external computer (eg, using an Internet service provider) via Internet connection).
  • LAN local area network
  • WAN wide area network
  • Internet service provider an Internet service provider
  • each block in the flowchart or block diagrams may represent a module, segment, or portion of code that contains one or more logical functions for implementing the specified functions executable instructions.
  • the functions noted in the blocks may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved.
  • each block of the block diagrams and/or flowchart illustrations, and combinations of blocks in the block diagrams and/or flowchart illustrations can be implemented in dedicated hardware-based systems that perform the specified functions or operations , or can be implemented in a combination of dedicated hardware and computer instructions.
  • the units described in some embodiments of the present disclosure may be implemented by means of software, and may also be implemented by means of hardware.
  • the described unit may also be provided in the processor, for example, it may be described as: a processor includes an obtaining unit, a parsing unit and a determining unit. Wherein, the names of these units do not constitute a limitation on the unit itself under certain circumstances.
  • the obtaining unit may also be described as "a unit for obtaining each domain name certificate stored in the certificate monitoring client".
  • exemplary types of hardware logic components include: Field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), Systems on Chips (SOCs), complex programmable Logical Devices (CPLDs) and more.
  • FPGAs Field Programmable Gate Arrays
  • ASICs Application Specific Integrated Circuits
  • ASSPs Application Specific Standard Products
  • SOCs Systems on Chips
  • CPLDs complex programmable Logical Devices

Abstract

Les modes de réalisation de la présente divulgation concernent un procédé et un appareil de détection de certificat de nom de domaine, un dispositif électronique et un support lisible par ordinateur. Un mode de réalisation spécifique du procédé consiste à : acquérir des certificats de nom de domaine stockés dans un client de surveillance de certificat ; analyser chacun des certificats de nom de domaine pour générer des informations de certificats de nom de domaine analysés et obtenir un ensemble d'informations de certificats de nom de domaine analysés ; et déterminer, sur la base d'un ensemble d'informations de certificats de nom de domaine cible et de l'ensemble d'informations de certificats de nom de domaine analysés, s'il existe des informations de certificats de nom de domaine anormaux. Le mode de réalisation selon l'invention peut améliorer le taux de détection de certificats de nom de domaine et réduire la fréquence d'anomalies de nom de domaine. Ainsi, la sécurité de la communication réseau est améliorée.
PCT/CN2021/128052 2020-11-20 2021-11-02 Procédé et appareil de détection de certificat de nom de domaine, dispositif électronique et support lisible par ordinateur WO2022105590A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202011311667.5A CN112491859B (zh) 2020-11-20 2020-11-20 域名证书检测方法、装置、电子设备和计算机可读介质
CN202011311667.5 2020-11-20

Publications (1)

Publication Number Publication Date
WO2022105590A1 true WO2022105590A1 (fr) 2022-05-27

Family

ID=74932440

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/128052 WO2022105590A1 (fr) 2020-11-20 2021-11-02 Procédé et appareil de détection de certificat de nom de domaine, dispositif électronique et support lisible par ordinateur

Country Status (2)

Country Link
CN (1) CN112491859B (fr)
WO (1) WO2022105590A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115550880A (zh) * 2022-12-06 2022-12-30 中汽智联技术有限公司 V2x设备的证书的异常处理方法、设备和存储介质
CN116723051A (zh) * 2023-08-07 2023-09-08 北京安天网络安全技术有限公司 一种域名情报信息生成方法、装置及介质

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112491859B (zh) * 2020-11-20 2023-06-20 上海连尚网络科技有限公司 域名证书检测方法、装置、电子设备和计算机可读介质
CN115460084A (zh) * 2021-06-09 2022-12-09 贵州白山云科技股份有限公司 安全加速服务部署方法、装置、介质及设备

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106230602A (zh) * 2016-09-09 2016-12-14 上海携程商务有限公司 数字证书的证书链的完整性检测系统及方法
CN110225013A (zh) * 2019-05-30 2019-09-10 世纪龙信息网络有限责任公司 服务证书的监控和更新系统
US20200143479A1 (en) * 2018-11-03 2020-05-07 International Business Machines Corporation Detection of abnormal estimates
CN111786781A (zh) * 2020-06-29 2020-10-16 友谊时光科技股份有限公司 一种ssl证书监控方法、系统、装置、设备及存储介质
CN112491859A (zh) * 2020-11-20 2021-03-12 上海连尚网络科技有限公司 域名证书检测方法、装置、电子设备和计算机可读介质

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102571770B (zh) * 2011-12-27 2015-02-04 北京神州绿盟信息安全科技股份有限公司 中间人攻击检测方法、装置、服务器及系统
US20170093586A1 (en) * 2015-09-25 2017-03-30 Qualcomm Incorporated Techniques for managing certificates on a computing device
CN107766716B (zh) * 2016-08-16 2021-08-31 阿里巴巴集团控股有限公司 证书检测方法及装置、电子设备
CN107229877A (zh) * 2017-06-05 2017-10-03 北京凤凰理理它信息技术有限公司 证书管理、获取方法、装置、计算机程序及电子设备
CN107689018A (zh) * 2017-09-18 2018-02-13 四川五八直聘信息技术有限公司 建筑企业人员证书管理方法及系统
CN110557255A (zh) * 2018-05-31 2019-12-10 北京京东尚科信息技术有限公司 一种证书管理的方法和装置
CN110493234B (zh) * 2019-08-23 2021-08-03 中国工商银行股份有限公司 证书处理方法、证书处理装置和电子设备

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106230602A (zh) * 2016-09-09 2016-12-14 上海携程商务有限公司 数字证书的证书链的完整性检测系统及方法
US20200143479A1 (en) * 2018-11-03 2020-05-07 International Business Machines Corporation Detection of abnormal estimates
CN110225013A (zh) * 2019-05-30 2019-09-10 世纪龙信息网络有限责任公司 服务证书的监控和更新系统
CN111786781A (zh) * 2020-06-29 2020-10-16 友谊时光科技股份有限公司 一种ssl证书监控方法、系统、装置、设备及存储介质
CN112491859A (zh) * 2020-11-20 2021-03-12 上海连尚网络科技有限公司 域名证书检测方法、装置、电子设备和计算机可读介质

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115550880A (zh) * 2022-12-06 2022-12-30 中汽智联技术有限公司 V2x设备的证书的异常处理方法、设备和存储介质
CN116723051A (zh) * 2023-08-07 2023-09-08 北京安天网络安全技术有限公司 一种域名情报信息生成方法、装置及介质
CN116723051B (zh) * 2023-08-07 2023-10-27 北京安天网络安全技术有限公司 一种域名情报信息生成方法、装置及介质

Also Published As

Publication number Publication date
CN112491859A (zh) 2021-03-12
CN112491859B (zh) 2023-06-20

Similar Documents

Publication Publication Date Title
WO2022105590A1 (fr) Procédé et appareil de détection de certificat de nom de domaine, dispositif électronique et support lisible par ordinateur
CN110753089B (zh) 一种管理客户端的方法、装置、介质和电子设备
CN108494860B (zh) Web访问系统、用于客户端的web访问方法和装置
WO2022105591A1 (fr) Procédé et appareil d'essai de fonctionnement de serveur cache, dispositif et support
CN111930534A (zh) 数据调用方法、装置和电子设备
CN113268761B (zh) 信息加密方法、装置、电子设备和计算机可读介质
WO2021197161A1 (fr) Procédé et appareil de mise à jour d'icônes et dispositif électronique
CN115640285B (zh) 电力异常信息发送方法、装置、电子设备和介质
CN113760536A (zh) 数据缓存方法、装置、电子设备和计算机可读介质
CN112506968A (zh) 信息聚合方法、装置、电子设备和计算机可读介质
CN111596992B (zh) 导航栏展示方法、装置和电子设备
CN111355784B (zh) 一种处理请求信息的方法、装置、介质和电子设备
CN111858381A (zh) 应用程序容错能力测试方法、电子设备及介质
CN116361121A (zh) 异常接口告警方法、装置、电子设备和计算机可读介质
US20240069991A1 (en) Abnormal request processing method and apparatus, electronic device and storage medium
CN113609516B (zh) 基于异常用户的信息生成方法、装置、电子设备和介质
WO2022017458A1 (fr) Procédé et appareil de synchronisation de données, dispositif électronique et support
WO2021082599A1 (fr) Procédé et dispositif de surveillance d'image de page web, équipement électronique et support d'informations lisible par ordinateur
CN115374207A (zh) 业务处理方法及装置、电子设备和计算机可读存储介质
CN111460020B (zh) 用于解析消息的方法、装置、电子设备和介质
CN113486749A (zh) 图像数据收集方法、装置、电子设备和计算机可读介质
CN112817874A (zh) 一种用户界面的测试方法、装置、设备及介质
US10516767B2 (en) Unifying realtime and static data for presenting over a web service
CN111857879B (zh) 数据处理方法、装置、电子设备和计算机可读介质
CN116702168B (zh) 供应端信息检测方法、装置、电子设备和计算机可读介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21893738

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21893738

Country of ref document: EP

Kind code of ref document: A1

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 17/10/2023)