CN105282112A - Terminal and method for detecting security of data interaction in terminal - Google Patents
Terminal and method for detecting security of data interaction in terminal Download PDFInfo
- Publication number
- CN105282112A CN105282112A CN201410336749.3A CN201410336749A CN105282112A CN 105282112 A CN105282112 A CN 105282112A CN 201410336749 A CN201410336749 A CN 201410336749A CN 105282112 A CN105282112 A CN 105282112A
- Authority
- CN
- China
- Prior art keywords
- terminal
- interaction object
- terminal interaction
- network identifier
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 230000003993 interaction Effects 0.000 title claims abstract description 503
- 238000000034 method Methods 0.000 title claims abstract description 57
- 230000002159 abnormal effect Effects 0.000 claims description 15
- 230000002452 interceptive effect Effects 0.000 claims description 8
- 230000005540 biological transmission Effects 0.000 claims description 7
- 230000000977 initiatory effect Effects 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 9
- 238000004590 computer program Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 4
- 238000004891 communication Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 229920001690 polydopamine Polymers 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
本发明实施例公开了一种终端及检测终端数据交互的安全性的方法;所述方法包括:当终端进行数据交互时,所述终端将所述终端交互对象的网络标识与自身保存的预设信息进行匹配;当所述终端交互对象的网络标识不在所述预设信息中时,所述终端按照预设的识别策略识别所述终端交互对象的网络标识;所述终端根据识别结果将所述终端交互对象的网络标识更新至所述预设信息。
The embodiment of the present invention discloses a terminal and a method for detecting the security of terminal data interaction; the method includes: when the terminal performs data interaction, the terminal combines the network identifier of the terminal interaction object with the preset Information matching; when the network identifier of the terminal interaction object is not in the preset information, the terminal identifies the network identifier of the terminal interaction object according to the preset identification strategy; the terminal identifies the The network identifier of the terminal interaction object is updated to the preset information.
Description
技术领域technical field
本发明涉及移动终端安全技术,尤其涉及一种终端及检测终端数据交互的安全性的方法。The invention relates to mobile terminal security technology, in particular to a terminal and a method for detecting the security of terminal data interaction.
背景技术Background technique
随着智能终端的迅猛发展,终端越来越多地需要和网络进行数据交互,与网络之间传输大量的数据;但是,终端在与网络进行数据交互的过程中,特别是与未知的网页或网站进行数据交互的过程中,很难保证与终端进行交互的未知的网页或网站的数据的安全性,从而容易危害到终端内所保存的用户信息的安全。With the rapid development of smart terminals, more and more terminals need to interact with the network and transmit a large amount of data; however, in the process of data interaction between the terminal and the network, especially with unknown During the data interaction process of the website, it is difficult to guarantee the data security of unknown webpages or websites interacting with the terminal, thus easily endangering the security of user information stored in the terminal.
发明内容Contents of the invention
为解决上述技术问题,本发明实施例期望提供一种终端及检测终端数据交互的安全性的方法,能够提高终端进行数据交互时的安全性。In order to solve the above technical problems, the embodiments of the present invention expect to provide a terminal and a method for detecting the security of terminal data interaction, which can improve the security of terminal data interaction.
本发明实施例的技术方案是这样实现的:The technical scheme of the embodiment of the present invention is realized like this:
第一方面,本发明实施例提供了检测终端数据交互的安全性的方法,所述方法包括:In the first aspect, the embodiment of the present invention provides a method for detecting the security of terminal data interaction, the method including:
当终端进行数据交互时,所述终端将所述终端交互对象的网络标识与自身保存的预设信息进行匹配;When the terminal performs data interaction, the terminal matches the network identifier of the terminal interaction object with the preset information saved by itself;
当所述终端交互对象的网络标识不在所述预设信息中时,所述终端按照预设的识别策略识别所述终端交互对象的网络标识;When the network identifier of the terminal interaction object is not in the preset information, the terminal identifies the network identifier of the terminal interaction object according to a preset identification policy;
所述终端根据识别结果将所述终端交互对象的网络标识更新至所述预设信息。The terminal updates the network identifier of the terminal interaction object to the preset information according to the identification result.
根据第一种可能的实现方式,结合第一方面,所述预设信息包括白名单和黑名单,其中,所述白名单包括受信任的、安全的网络标识;所述黑名单包括不受信任的、危险的网络标识;According to a first possible implementation manner, in combination with the first aspect, the preset information includes a whitelist and a blacklist, wherein the whitelist includes trusted and secure network identifiers; the blacklist includes untrusted , Dangerous network logo;
所述终端交互对象的网络标识包括所述终端交互对象的统一资源定位符URL或IP地址。The network identifier of the terminal interaction object includes the Uniform Resource Locator URL or IP address of the terminal interaction object.
根据第二种可能的实现方式,结合第一种可能的实现方式,当所述终端交互对象的网络标识不在所述预设信息中时,所述终端按照预设的识别策略识别所述终端交互对象的网络标识,包括:According to the second possible implementation manner, in combination with the first possible implementation manner, when the network identifier of the terminal interaction object is not in the preset information, the terminal identifies the terminal interaction according to the preset identification strategy The object's network identity, including:
当所述终端交互对象的网络标识既不在所述白名单中,又不在所述黑名单中时,所述终端按照预设的识别策略识别所述终端交互对象的网络标识;When the network identifier of the terminal interaction object is neither in the whitelist nor in the blacklist, the terminal identifies the network identifier of the terminal interaction object according to a preset identification strategy;
相应地,所述终端根据识别结果将所述终端交互对象的网络标识更新至所述预设信息,包括:Correspondingly, the terminal updates the network identifier of the terminal interaction object to the preset information according to the identification result, including:
当所述终端交互对象的网络标识被识别为不受信任的、危险的网络标识时,所述终端将所述终端交互对象的网络标识添加到所述黑名单中;When the network identifier of the terminal interaction object is identified as an untrusted and dangerous network identifier, the terminal adds the network identifier of the terminal interaction object to the blacklist;
当所述终端交互对象的网络标识被识别为受信任的、安全的网络标识时,所述终端将所述终端交互对象的网络标识添加到所述白名单中。When the network identifier of the terminal interaction object is identified as a trusted and secure network identifier, the terminal adds the network identifier of the terminal interaction object to the white list.
根据第三种可能的实现方式,结合第二种可能的实现方式,所述终端按照预设的识别策略识别所述终端交互对象的网络标识,可以包括以下至少一项:According to the third possible implementation manner, in combination with the second possible implementation manner, the terminal identifies the network identifier of the terminal interaction object according to a preset identification strategy, which may include at least one of the following:
所述终端识别所述终端交互对象的连接稳定性、所述终端识别所述终端交互对象的交互数据量异常、所述终端识别所述终端交互对象恶意扫描所述终端端口、所述终端识别所述终端交互对象向所述终端发起地址解析协议ARP攻击和所述终端识别所述终端交互对象向所述终端发送大尺寸ping包。The terminal identifies the connection stability of the terminal interaction object, the terminal identifies that the amount of interactive data of the terminal interaction object is abnormal, the terminal identifies that the terminal interaction object maliciously scans the terminal port, and the terminal identifies the The terminal interaction object initiates an address resolution protocol ARP attack to the terminal and the terminal identifies the terminal interaction object and sends a large-sized ping packet to the terminal.
根据第四种可能的实现方式,结合第三种可能的实现方式,所述终端识别所述终端交互对象的连接稳定性,包括:According to the fourth possible implementation manner, in combination with the third possible implementation manner, the terminal identifying the connection stability of the terminal interaction object includes:
所述终端通过分析所述终端交互对象发送的数据包的应用层数据得到所述终端交互对象发送的完整数据长度;The terminal obtains the complete data length sent by the terminal interaction object by analyzing the application layer data of the data packet sent by the terminal interaction object;
所述终端根据自身已接收到的数据包的大小,得到所述终端已经接受的数据长度,并与所述完整数据长度进行比较;The terminal obtains the data length accepted by the terminal according to the size of the data packet it has received, and compares it with the complete data length;
当所述终端已接受的数据长度小于所述完整数据长度时,所述终端统计在预设的第一时间阈值内,接收所述终端交互对象发送的终止连接数据包的个数;When the length of the data accepted by the terminal is less than the length of the complete data, the terminal counts the number of connection termination data packets received by the terminal interaction object within the preset first time threshold;
当所述终止连接数据包的个数超过预设的第一数量阈值时,所述终端确认所述终端交互对象是不稳定的,并识别所述终端交互对象的网络标识为不受信任的、危险的网络标识;When the number of the connection termination data packets exceeds the preset first number threshold, the terminal confirms that the terminal interaction object is unstable, and identifies the network identifier of the terminal interaction object as untrusted, Dangerous network logos;
当所述终止连接数据包的个数没有超过预设的第一数量阈值时,所述终端确认所述终端交互对象是稳定的,并识别所述终端交互对象的网络标识为受信任的、安全的网络标识。When the number of the connection termination data packets does not exceed the preset first number threshold, the terminal confirms that the terminal interaction object is stable, and identifies the network identifier of the terminal interaction object as trusted and safe network ID.
根据第五种可能的实现方式,结合第三种可能的实现方式,所述终端识别所述终端交互对象的交互数据量异常,包括:According to the fifth possible implementation manner, in combination with the third possible implementation manner, the terminal identifying that the amount of interaction data of the terminal interaction object is abnormal includes:
所述终端记录向所述终端交互对象发起传输控制协议TCP连接请求,并记录所述终端与所述终端交互对象的第一连接时间段;The terminal records the transmission control protocol TCP connection request initiated to the terminal interaction object, and records the first connection time period between the terminal and the terminal interaction object;
所述终端统计所述第一时间段内从所述终端交互对象接收到的第一数据长度;The terminal counts the first data length received from the terminal interaction object within the first time period;
在预设的时间间隔之后,所述终端第二次向所述终端交互对象发起TCP连接请求,并在所述第一连接时间段内统计从所述终端交互对象接收到的第二数据长度;After the preset time interval, the terminal initiates a TCP connection request to the terminal interaction object for the second time, and counts the second data length received from the terminal interaction object within the first connection time period;
当所述第一数据长度与所述第二数据长度的总和超过预设的第一数据长度阈值时,所述终端确认所述终端交互对象的交互数据量异常,并识别所述终端交互对象的网络标识为不受信任的、危险的网络标识;When the sum of the first data length and the second data length exceeds the preset first data length threshold, the terminal confirms that the amount of interaction data of the terminal interaction object is abnormal, and identifies the The network logo is an untrusted, dangerous network logo;
当所述第一数据长度与所述第二数据长度的总和没有超过预设的第一数据长度阈值时,所述终端确认所述终端交互对象的交互数据量无异常,并识别所述终端交互对象的网络标识为受信任的、安全的网络标识。When the sum of the first data length and the second data length does not exceed the preset first data length threshold, the terminal confirms that the amount of interaction data of the terminal interaction object is normal, and identifies the terminal interaction The object's network identity is a trusted, secure network identity.
根据第六种可能的实现方式,结合第三种可能的实现方式,所述终端识别所述终端交互对象恶意扫描所述终端端口,包括:According to the sixth possible implementation manner, in combination with the third possible implementation manner, the terminal identifying that the terminal interaction object maliciously scans the terminal port includes:
所述终端接收所述终端交互对象发送的数据包后,对所述数据包的TCP头进行解析;After the terminal receives the data packet sent by the terminal interaction object, it parses the TCP header of the data packet;
当所述数据包的TCP头的标志位为SYN,且所述数据包的TCP头没有ACK信息,所述终端确认所述终端交互对象恶意扫描所述终端端口,并识别所述终端交互对象的网络标识为不受信任的、危险的网络标识;When the flag bit of the TCP header of the data packet is SYN, and the TCP header of the data packet has no ACK information, the terminal confirms that the terminal interaction object maliciously scans the terminal port, and identifies the terminal interaction object The network logo is an untrusted, dangerous network logo;
否则,所述终端确认所述终端交互对象未恶意扫描所述终端端口,并识别所述终端交互对象的网络标识为受信任的、安全的网络标识。Otherwise, the terminal confirms that the terminal interaction object does not maliciously scan the terminal port, and recognizes the network identifier of the terminal interaction object as a trusted and safe network identifier.
根据第七种可能的实现方式,结合第三种可能的实现方式,所述终端识别所述终端交互对象向所述终端发起ARP攻击,包括:According to the seventh possible implementation manner, combined with the third possible implementation manner, the terminal identifies the terminal interaction object and initiates an ARP attack to the terminal, including:
在预设的第二时间段内,当所述终端接收所述终端交互对象发送的ARP请求报文的个数超过预设的第二数量阈值时,所述终端确认所述终端交互对象向所述终端发起ARP攻击,并识别所述终端交互对象的网络标识为不受信任的、危险的网络标识;Within the preset second time period, when the number of ARP request packets sent by the terminal interaction object received by the terminal exceeds the preset second number threshold, the terminal confirms that the terminal interaction object sends The terminal initiates an ARP attack, and identifies the network identifier of the terminal interaction object as an untrusted and dangerous network identifier;
在预设的第二时间段内,当所述终端接收所述终端交互对象发送的ARP请求报文的个数没有超过预设的第二数量阈值时,所述终端确认所述终端交互对象未向所述终端发起ARP攻击,并识别所述终端交互对象的网络标识为受信任的、安全的网络标识。Within the preset second time period, when the number of ARP request packets sent by the terminal interaction object received by the terminal does not exceed the preset second number threshold, the terminal confirms that the terminal interaction object has not Initiating an ARP attack to the terminal, and identifying the network identifier of the terminal interaction object as a trusted and secure network identifier.
根据第八种可能的实现方式,结合第三种可能的实现方式,所述终端识别所述终端交互对象向所述终端发送大尺寸ping包,包括:According to the eighth possible implementation manner, combined with the third possible implementation manner, the terminal identifies the terminal interaction object and sends a large-size ping packet to the terminal, including:
所述终端在接收到所述终端交互对象发送的因特网控制报文协议ICMP数据包,且确认所述ICMP数据包为所述终端交互对象发送的ping请求数据包后,解析所述ICMP数据包,获取所述ICMP数据包的数据长度;After the terminal receives the Internet Control Message Protocol ICMP data packet sent by the terminal interaction object, and confirms that the ICMP data packet is the ping request data packet sent by the terminal interaction object, it parses the ICMP data packet, Obtain the data length of the ICMP packet;
当所述ICMP数据包的数据长度超过预设的第二数据长度阈值时,所述终端确定所述终端交互对象向所述终端发送大尺寸ping包,并识别所述终端交互对象的网络标识为不受信任的、危险的网络标识;When the data length of the ICMP data packet exceeds the preset second data length threshold, the terminal determines that the terminal interaction object sends a large-sized ping packet to the terminal, and identifies the network identifier of the terminal interaction object as Untrusted, dangerous network identities;
当所述ICMP数据包的数据长度没有超过预设的第二数据长度阈值时,所述终端确定所述终端交互对象未向所述终端发送大尺寸ping包,并识别所述终端交互对象的网络标识为受信任的、安全的网络标识。When the data length of the ICMP data packet does not exceed the preset second data length threshold, the terminal determines that the terminal interaction object does not send a large-sized ping packet to the terminal, and identifies the network of the terminal interaction object Identifies as a trusted, secure network identity.
根据第九种可能的实现方式,结合第一种可能的实现方式,所述方法还包括:According to the ninth possible implementation manner, in combination with the first possible implementation manner, the method further includes:
当所述终端交互对象的网络标识在所述黑名单中时,所述终端终止与所述终端交互对象的数据交互;When the network identifier of the terminal interaction object is in the blacklist, the terminal terminates data interaction with the terminal interaction object;
当所述终端交互对象的网络标识在所述白名单中时,所述终端允许与所述终端交互对象进行数据交互。When the network identifier of the terminal interaction object is in the white list, the terminal allows data interaction with the terminal interaction object.
根据第十种可能的实现方式,结合第九种可能的实现方式,当所述终端交互对象的网络标识在所述白名单中时,所述方法还包括:According to the tenth possible implementation manner, in combination with the ninth possible implementation manner, when the network identifier of the terminal interaction object is in the whitelist, the method further includes:
在所述终端与所述终端交互对象进行数据交互的过程中,所述终端根据所述预设的识别策略识别所述终端交互对象的网络标识;During the data interaction process between the terminal and the terminal interaction object, the terminal identifies the network identifier of the terminal interaction object according to the preset identification strategy;
当所述终端交互对象的网络标识被识别为不受信任的、危险的网络标识时,所述终端将所述终端交互对象的网络标识添加到所述黑名单中,并将所述终端交互对象的网络标识从所述白名单中进行删除。When the network identifier of the terminal interaction object is identified as an untrusted and dangerous network identifier, the terminal adds the network identifier of the terminal interaction object to the blacklist, and adds the terminal interaction object The network identifier of is deleted from the whitelist.
根据第十一种可能的实现方式,结合第一方面,所述方法还包括:According to an eleventh possible implementation manner, in combination with the first aspect, the method further includes:
当所述预设信息中包括预设数量的统一资源定位符URL属于同一个HOST时,所述终端将所述预设信息中属于同一个HOST的URL用所述HOST代替;或者,When the preset information includes a preset number of uniform resource locator URLs belonging to the same HOST, the terminal replaces the URLs belonging to the same HOST in the preset information with the HOST; or,
当所述预设信息中包括预设数量的网络协议IP地址属于同一网关时,所述终端将所述预设信息中属于同一个网关的IP地址用所述网关地址代替;When the preset information includes a preset number of network protocol IP addresses belonging to the same gateway, the terminal replaces the IP addresses belonging to the same gateway in the preset information with the gateway address;
相应地,所述终端将所述终端交互对象的网络标识与自身保存的预设信息进行匹配,包括:Correspondingly, the terminal matches the network identifier of the terminal interaction object with the preset information saved by itself, including:
所述终端将所述终端交互对象的URL与所述预设信息中的HOST进行匹配;The terminal matches the URL of the terminal interaction object with the HOST in the preset information;
或者,所述终端将所述终端交互对象的IP地址与所述预设信息中的网关地址进行匹配。Or, the terminal matches the IP address of the terminal interaction object with the gateway address in the preset information.
第二方面,本发明实施例提供了一种终端,所述终端包括:匹配单元、识别单元和更新单元,其中,In a second aspect, an embodiment of the present invention provides a terminal, the terminal includes: a matching unit, an identifying unit, and an updating unit, wherein,
所述匹配单元,用于当所述终端进行数据交互时,将所述终端交互对象的网络标识与所述终端保存的预设信息进行匹配;The matching unit is configured to match the network identifier of the terminal interaction object with the preset information saved by the terminal when the terminal performs data interaction;
所述识别单元,用于当所述终端交互对象的网络标识不在所述预设信息中时,按照预设的识别策略识别所述终端交互对象的网络标识;The identification unit is configured to identify the network identification of the terminal interaction object according to a preset identification strategy when the network identification of the terminal interaction object is not in the preset information;
所述更新单元,用于根据所述识别单元的识别结果将所述终端交互对象的网络标识更新至所述预设信息。The updating unit is configured to update the network identifier of the terminal interaction object to the preset information according to the identification result of the identification unit.
根据第一种可能的实现方式,结合第二方面,所述预设信息包括白名单和黑名单,其中,所述白名单包括受信任的、安全的网络标识;所述黑名单包括不受信任的、危险的网络标识;According to the first possible implementation, in combination with the second aspect, the preset information includes a whitelist and a blacklist, where the whitelist includes trusted and secure network identifiers; the blacklist includes untrusted , Dangerous network logo;
所述终端交互对象的网络标识包括所述终端交互对象的统一资源定位符URL或IP地址。The network identifier of the terminal interaction object includes the Uniform Resource Locator URL or IP address of the terminal interaction object.
根据第二种可能的实现方式,结合第一种可能的实现方式,所述更新单元,用于:According to the second possible implementation, combined with the first possible implementation, the updating unit is configured to:
当所述终端交互对象的网络标识被识别为不受信任的、危险的网络标识时,将所述终端交互对象的网络标识添加到所述黑名单中;以及When the network identifier of the terminal interaction object is identified as an untrusted and dangerous network identifier, adding the network identifier of the terminal interaction object to the blacklist; and
当所述终端交互对象的网络标识被识别为受信任的、安全的网络标识时,将所述终端交互对象的网络标识添加到所述白名单中。When the network identifier of the terminal interaction object is identified as a trusted and secure network identifier, the network identifier of the terminal interaction object is added to the white list.
根据第三种可能的实现方式,结合第二种可能的实现方式,所述识别单元,用于识别所述终端交互对象的连接稳定性、识别所述终端交互对象的交互数据量异常、识别所述终端交互对象恶意扫描所述终端端口、识别所述终端交互对象向所述终端发起地址解析协议ARP攻击和识别所述终端交互对象向所述终端发送大尺寸ping包。According to the third possible implementation manner, in combination with the second possible implementation manner, the identification unit is configured to identify the connection stability of the terminal interaction object, identify the abnormal amount of interaction data of the terminal interaction object, and identify the The terminal interaction object maliciously scans the terminal port, identifies the terminal interaction object to initiate an address resolution protocol (ARP) attack to the terminal, and identifies the terminal interaction object to send a large-sized ping packet to the terminal.
根据第四种可能的实现方式,结合第三种可能的实现方式,所述识别单元,用于:According to the fourth possible implementation, combined with the third possible implementation, the identification unit is configured to:
通过分析所述终端交互对象发送的数据包的应用层数据得到所述终端交互对象发送的完整数据长度;以及,Obtaining the complete data length sent by the terminal interaction object by analyzing the application layer data of the data packet sent by the terminal interaction object; and,
根据所述终端已接收到的数据包的大小,得到所述终端已接受的数据长度,并与所述完整数据长度进行比较;以及,Obtaining the data length accepted by the terminal according to the size of the data packet received by the terminal, and comparing it with the complete data length; and,
当所述终端已接受的数据长度小于所述完整数据长度时,统计在预设的第一时间阈值内,接收所述终端交互对象发送的终止连接数据包的个数;以及When the length of the data accepted by the terminal is less than the length of the complete data, count the number of connection termination data packets sent by the terminal interaction object received within the preset first time threshold; and
当所述终止连接数据包的个数超过预设的第一数量阈值时,确认所述终端交互对象是不稳定的,并识别所述终端交互对象的网络标识为不受信任的、危险的网络标识;以及,When the number of the terminated connection data packets exceeds the preset first number threshold, confirm that the terminal interaction object is unstable, and identify the network of the terminal interaction object as an untrusted and dangerous network identification; and,
当所述终止连接数据包的个数没有超过预设的第一数量阈值时,确认所述终端交互对象是稳定的,并识别所述终端交互对象的网络标识为受信任的、安全的网络标识。When the number of the connection termination data packets does not exceed the preset first number threshold, confirm that the terminal interaction object is stable, and identify the network identity of the terminal interaction object as a trusted and secure network identity .
根据第五种可能的实现方式,结合第三种可能的实现方式,所述识别单元,用于:According to the fifth possible implementation, combined with the third possible implementation, the identification unit is configured to:
记录向所述终端交互对象发起传输控制协议TCP连接请求,并记录所述终端与所述终端交互对象的第一连接时间段;以及,Recording the transmission control protocol TCP connection request initiated to the terminal interaction object, and recording the first connection time period between the terminal and the terminal interaction object; and,
统计所述第一时间段内从所述终端交互对象接收到的第一数据长度;以及,Counting the length of first data received from the terminal interaction object within the first time period; and,
在预设的时间间隔之后,第二次向所述终端交互对象发起TCP连接请求,并在所述第一连接时间段内统计从所述终端交互对象接收到的第二数据长度;以及,After the preset time interval, initiate a TCP connection request to the terminal interaction object for the second time, and count the second data length received from the terminal interaction object within the first connection time period; and,
当所述第一数据长度与所述第二数据长度的总和超过预设的第一数据长度阈值时,确认所述终端交互对象的交互数据量异常,并识别所述终端交互对象的网络标识为不受信任的、危险的网络标识;以及,When the sum of the first data length and the second data length exceeds a preset first data length threshold, confirm that the amount of interactive data of the terminal interaction object is abnormal, and identify the network identifier of the terminal interaction object as untrusted, dangerous network identifiers; and,
当所述第一数据长度与所述第二数据长度的总和没有超过预设的第一数据长度阈值时,确认所述终端交互对象的交互数据量无异常,并识别所述终端交互对象的网络标识为受信任的、安全的网络标识。When the sum of the first data length and the second data length does not exceed the preset first data length threshold, confirm that the amount of interaction data of the terminal interaction object is normal, and identify the network of the terminal interaction object Identifies as a trusted, secure network identity.
根据第六种可能的实现方式,结合第三种可能的实现方式,所述识别单元,用于:According to the sixth possible implementation, combined with the third possible implementation, the identification unit is configured to:
接收所述终端交互对象发送的数据包后,对所述数据包的TCP头进行解析;以及,After receiving the data packet sent by the terminal interaction object, parsing the TCP header of the data packet; and,
当所述数据包的TCP头的标志位为SYN,且所述数据包的TCP头没有ACK信息,确认所述终端交互对象恶意扫描所述终端端口,并识别所述终端交互对象的网络标识为不受信任的、危险的网络标识;以及,When the flag bit of the TCP header of the data packet is SYN, and there is no ACK information in the TCP header of the data packet, confirm that the terminal interaction object maliciously scans the terminal port, and identify the network identifier of the terminal interaction object as untrusted, dangerous network identifiers; and,
否则,确认所述终端交互对象未恶意扫描所述终端端口,并识别所述终端交互对象的网络标识为受信任的、安全的网络标识。Otherwise, confirm that the terminal interaction object does not maliciously scan the terminal port, and identify the network identifier of the terminal interaction object as a trusted and safe network identifier.
根据第七种可能的实现方式,结合第三种可能的实现方式,所述识别单元,用于:According to the seventh possible implementation manner, combined with the third possible implementation manner, the identification unit is configured to:
在预设的第二时间段内,当接收所述终端交互对象发送的ARP请求报文的个数超过预设的第二数量阈值时,确认所述终端交互对象向所述终端发起ARP攻击,并识别所述终端交互对象的网络标识为不受信任的、危险的网络标识;以及,In the preset second time period, when the number of received ARP request messages sent by the terminal interaction object exceeds the preset second number threshold, confirming that the terminal interaction object initiates an ARP attack to the terminal, and identifying the network identifier of the terminal interaction object as an untrusted and dangerous network identifier; and,
在预设的第二时间段内,当接收所述终端交互对象发送的ARP请求报文的个数没有超过预设的第二数量阈值时,确认所述终端交互对象未向所述终端发起ARP攻击,并识别所述终端交互对象的网络标识为受信任的、安全的网络标识。Within the preset second time period, when the number of ARP request messages sent by the terminal interaction object does not exceed the preset second number threshold, confirm that the terminal interaction object does not initiate ARP to the terminal attack, and identify the network identity of the terminal interaction object as a trusted and secure network identity.
根据第八种可能的实现方式,结合第三种可能的实现方式,所述识别单元,用于:According to the eighth possible implementation manner, combined with the third possible implementation manner, the identification unit is configured to:
在接收到所述终端交互对象发送的ICMP数据包,且确认所述ICMP数据包为所述终端交互对象发送的ping请求数据包后,解析所述ICMP数据包,获取所述ICMP数据包的数据长度;以及,After receiving the ICMP data packet sent by the terminal interaction object and confirming that the ICMP data packet is the ping request data packet sent by the terminal interaction object, parsing the ICMP data packet to obtain the data of the ICMP data packet length; and,
当所述ICMP数据包的数据长度超过预设的第二数据长度阈值时,确定所述终端交互对象向所述终端发送大尺寸ping包,并识别所述终端交互对象的网络标识为不受信任的、危险的网络标识;以及,When the data length of the ICMP data packet exceeds the preset second data length threshold, determine that the terminal interaction object sends a large-size ping packet to the terminal, and identify the network identifier of the terminal interaction object as untrusted dangerous online logos; and,
当所述ICMP数据包的数据长度没有超过预设的第二数据长度阈值时,确定所述终端交互对象未向所述终端发送大尺寸ping包,并识别所述终端交互对象的网络标识为受信任的、安全的网络标识。When the data length of the ICMP data packet does not exceed the preset second data length threshold, it is determined that the terminal interaction object does not send a large-sized ping packet to the terminal, and the network identification of the terminal interaction object is identified as trusted Responsible, secure network identity.
根据第九种可能的实现方式,结合第一种可能的实现方式,所述终端还包括:交互控制单元,用于当所述终端交互对象的网络标识在所述黑名单中时,终止与所述终端交互对象的数据交互;以及According to a ninth possible implementation manner, in combination with the first possible implementation manner, the terminal further includes: an interaction control unit configured to, when the network identifier of the terminal interaction object is in the blacklist, terminate the communication with the data interaction of the terminal interaction object; and
当所述终端交互对象的网络标识在所述白名单中时,允许与所述终端交互对象进行数据交互。When the network identifier of the terminal interaction object is in the white list, data interaction with the terminal interaction object is allowed.
根据第十种可能的实现方式,结合第九种可能的实现方式,所述识别单元,还用于当所述终端交互对象的网络标识在所述白名单中,且在所述终端与所述终端交互对象进行数据交互的过程中,根据所述预设的识别策略识别所述终端交互对象的网络标识;According to the tenth possible implementation manner, in conjunction with the ninth possible implementation manner, the identification unit is further configured to: when the network identifier of the terminal interaction object is in the white list, and the terminal and the During the data interaction process of the terminal interaction object, identify the network identifier of the terminal interaction object according to the preset identification strategy;
所述更新单元,还用于当所述终端交互对象的网络标识被识别为不受信任的、危险的网络标识时,将所述终端交互对象的网络标识添加到所述黑名单中,并将所述终端交互对象的网络标识从所述白名单中进行删除。The update unit is further configured to add the network identifier of the terminal interaction object to the blacklist when the network identifier of the terminal interaction object is identified as an untrusted and dangerous network identifier, and The network identifier of the terminal interaction object is deleted from the white list.
根据第十一种可能的实现方式,结合第二方面,所述终端还包括替换单元,用于当所述预设信息中包括预设数量的统一资源定位符URL属于同一个HOST时,将所述预设信息中属于同一个HOST的URL用所述HOST代替;或者,According to an eleventh possible implementation manner, in combination with the second aspect, the terminal further includes a replacement unit, configured to replace the URLs of the preset number of uniform resource locator URLs included in the preset information with the same HOST. The URL belonging to the same HOST in the preset information is replaced by the HOST; or,
当所述预设信息中包括预设数量的网络协议IP地址属于同一网关时,将所述预设信息中属于同一个网关的IP地址用所述网关地址代替;When the preset information includes a preset number of network protocol IP addresses belonging to the same gateway, replacing the IP addresses belonging to the same gateway in the preset information with the gateway address;
相应地,所述匹配单元,还用于:Correspondingly, the matching unit is also used for:
将所述终端交互对象的URL与所述预设信息中的HOST进行匹配;或者,matching the URL of the terminal interaction object with the HOST in the preset information; or,
将所述终端交互对象的IP地址与所述预设信息中的网关地址进行匹配。Matching the IP address of the terminal interaction object with the gateway address in the preset information.
本发明实施例提供了一种终端及检测终端数据交互的安全性的方法;通过对安全名单和非安全名单进行配置,使得终端在数据交互的过程中,避免与非安全名单中的网页或网站进行数据交互,从而提高了终端进行数据交互时的安全性。The embodiment of the present invention provides a terminal and a method for detecting the security of terminal data interaction; by configuring the safe list and the non-safe list, the terminal avoids interacting with webpages or websites in the non-safe list during the process of data interaction Perform data interaction, thereby improving the security of the terminal when performing data interaction.
附图说明Description of drawings
图1为本发明实施例提供的一种检测终端数据交互的安全性的方法流程示意图;FIG. 1 is a schematic flowchart of a method for detecting the security of terminal data interaction provided by an embodiment of the present invention;
图2为本发明实施例提供的一种终端的结构示意图;FIG. 2 is a schematic structural diagram of a terminal provided by an embodiment of the present invention;
图3为本发明实施例提供的另一种终端的结构示意图。FIG. 3 is a schematic structural diagram of another terminal provided by an embodiment of the present invention.
具体实施方式detailed description
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述。The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the drawings in the embodiments of the present invention.
参见图1,其示出了本发明实施例提供的一种检测终端数据交互的安全性的方法流程,该方法可以应用于终端中,列举而非限定地,终端可以是具备通信功能的智能移动设备,比如,智能手机、平板电脑、掌上电脑、膝上型便携计算机、可穿戴的电子设备等等;该方法可以包括:Referring to FIG. 1 , it shows a flow of a method for detecting the security of terminal data interaction provided by an embodiment of the present invention. This method can be applied to a terminal. To list but not limit, the terminal can be an intelligent mobile device with a communication function devices, such as smartphones, tablets, PDAs, laptops, wearable electronic devices, etc.; the method may include:
S101:当终端进行数据交互时,所述终端将所述终端交互对象的网络标识与所述终端自身保存的预设信息进行匹配;S101: When the terminal performs data interaction, the terminal matches the network identifier of the terminal interaction object with the preset information saved by the terminal itself;
示例性地,所述预设信息可以包括白名单和黑名单,其中,所述白名单中可以包括受信任的、安全的网络标识;所述黑名单中可以包括不受信任的、危险的网络标识;而网络标识具体又可以包括网页或网站的统一资源定位符(URL,UniformResourceLocator)、IP地址等。Exemplarily, the preset information may include a whitelist and a blacklist, wherein the whitelist may include trusted and safe network identifiers; the blacklist may include untrusted and dangerous network identifiers An identifier; and the network identifier may specifically include a uniform resource locator (URL, UniformResourceLocator) of a webpage or a website, an IP address, and the like.
可以理解地,所述终端交互对象可以是与所述终端进行交互的网元设备,例如服务器、网关、另一个终端等,而且,所述终端将所述终端交互对象的网络标识与所述终端自身保存的预设信息进行匹配,也就是所述终端将所述终端交互对象的网络标识分别与终端中保存的白名单和黑名单进行匹配。Understandably, the terminal interaction object may be a network element device that interacts with the terminal, such as a server, a gateway, another terminal, etc., and the terminal associates the network identifier of the terminal interaction object with the terminal The preset information stored by itself is matched, that is, the terminal matches the network identifier of the terminal interaction object with the white list and black list stored in the terminal respectively.
需要说明的是,所述终端将所述终端交互对象的网络标识与所述终端自身保存的预设信息进行匹配之后,获取的匹配结果可以分为:所述终端交互对象的网络标识在所述预设信息中、所述终端交互对象的网络标识不在所述预设信息中这两种;It should be noted that after the terminal matches the network identifier of the terminal interaction object with the preset information stored in the terminal itself, the obtained matching results can be divided into: the network identifier of the terminal interaction object is in the In the preset information, the network identifier of the terminal interaction object is not included in the preset information;
而所述终端将所述终端交互对象的网络标识分别与终端中保存的白名单和黑名单进行匹配之后,可以获取以下三个匹配结果:After the terminal matches the network identifier of the terminal interaction object with the whitelist and blacklist stored in the terminal, the following three matching results can be obtained:
A、所述终端交互对象的网络标识在所述白名单中;A. The network identifier of the terminal interaction object is in the white list;
B、所述终端交互对象的网络标识在所述黑名单中;B. The network identifier of the terminal interaction object is in the blacklist;
C、所述终端交互对象的网络标识既不在所述白名单中,又不在所述黑名单中。C. The network identifier of the terminal interaction object is neither in the whitelist nor in the blacklist.
可以理解地,匹配结果A和B可以认为是所述终端交互对象的网络标识在所述预设信息中,而匹配结果C则可以认为是所述终端交互对象的网络标识不在所述预设信息中。Understandably, the matching results A and B may be considered as the network identifier of the terminal interaction object in the preset information, while the matching result C may be considered as the network identifier of the terminal interaction object not in the preset information middle.
优选地,以上A、B、C三个匹配结果的具体获取过程可以是:Preferably, the specific acquisition process of the above three matching results of A, B, and C may be:
首先,所述终端将所述终端交互对象的网络标识与所述白名单进行匹配;可以获取的匹配结果为:所述终端交互对象的网络标识在所述白名单中,或所述终端交互对象的网络标识不在所述白名单中;First, the terminal matches the network identifier of the terminal interaction object with the white list; the matching result that can be obtained is: the network identifier of the terminal interaction object is in the white list, or the terminal interaction object The network ID of is not in the white list;
然后,当所述终端交互对象的网络标识不在所述白名单中时,所述终端将所述终端交互对象的网络标识与所述黑名单进行匹配;可以获取的匹配结果为:所述终端交互对象的网络标识在所述黑名单中,或所述终端交互对象的网络标识既不在所述白名单中,也不在所述黑名单中;Then, when the network identifier of the terminal interaction object is not in the white list, the terminal matches the network identifier of the terminal interaction object with the blacklist; the matching result that can be obtained is: the terminal interaction The network identifier of the object is in the blacklist, or the network identifier of the terminal interaction object is neither in the whitelist nor in the blacklist;
值得注意的是,当所述终端交互对象的网络标识不在所述预设信息中,也就是所述终端获取到匹配结果C时,终端还必须对所述终端交互对象的网络标识进行识别,如步骤S102所述;It is worth noting that when the network identifier of the terminal interaction object is not in the preset information, that is, when the terminal obtains the matching result C, the terminal must also identify the network identifier of the terminal interaction object, such as Described in step S102;
S102:当所述终端交互对象的网络标识不在所述预设信息中时,所述终端按照预设的识别策略识别所述终端交互对象的网络标识;S102: When the network identifier of the terminal interaction object is not in the preset information, the terminal identifies the network identifier of the terminal interaction object according to a preset identification strategy;
示例性地,所述终端按照预设的识别策略识别所述终端交互对象的网络标识,可以包括以下至少一项:Exemplarily, the terminal identifies the network identifier of the terminal interaction object according to a preset identification strategy, which may include at least one of the following:
所述终端识别所述终端交互对象的连接稳定性、所述终端识别所述终端交互对象的交互数据量异常、所述终端识别所述终端交互对象恶意扫描所述终端端口、所述终端识别所述终端交互对象向所述终端发起地址解析协议(ARP,AddressResolutionProtocol)攻击和所述终端识别所述终端交互对象向所述终端发送大尺寸ping包。The terminal identifies the connection stability of the terminal interaction object, the terminal identifies that the amount of interactive data of the terminal interaction object is abnormal, the terminal identifies that the terminal interaction object maliciously scans the terminal port, and the terminal identifies the The terminal interaction object initiates an address resolution protocol (ARP, Address Resolution Protocol) attack to the terminal and the terminal identifies the terminal interaction object and sends a large-size ping packet to the terminal.
可以理解地,除了上述的五项以外,所述终端还可以根据自身的实际应用情景添加或删减用于识别所述终端交互对象的网络标识的识别项,本发明实施例对此不作具体限定。It can be understood that, in addition to the above five items, the terminal can also add or delete identification items used to identify the network identifier of the terminal interaction object according to its actual application scenario, which is not specifically limited in the embodiment of the present invention .
具体地,所述终端识别所述终端交互对象的连接稳定性,可以包括:Specifically, the terminal identifying the connection stability of the terminal interaction object may include:
所述终端通过分析所述终端交互对象发送的数据包的应用层数据得到所述终端交互对象发送的完整数据长度;The terminal obtains the complete data length sent by the terminal interaction object by analyzing the application layer data of the data packet sent by the terminal interaction object;
所述终端根据自身已经接收到的数据包的大小,得到所述终端已经接受的数据长度,并与所述完整数据长度进行比较;The terminal obtains the data length accepted by the terminal according to the size of the data packet it has received, and compares it with the complete data length;
当所述终端已经接受的数据长度小于所述完整数据长度时,所述终端统计在预设的第一时间阈值内,接收所述终端交互对象发送的终止连接数据包的个数;When the data length that the terminal has accepted is less than the complete data length, the terminal counts the number of connection termination data packets received by the terminal interaction object within the preset first time threshold;
当所述终止连接数据包的个数超过预设的第一数量阈值时,所述终端确认所述终端交互对象是不稳定的,并识别所述终端交互对象的网络标识为不受信任的、危险的网络标识;When the number of the connection termination data packets exceeds the preset first number threshold, the terminal confirms that the terminal interaction object is unstable, and identifies the network identifier of the terminal interaction object as untrusted, Dangerous network logos;
当所述终止连接数据包的个数没有超过预设的第一数量阈值时,所述终端确认所述终端交互对象是稳定的,并识别所述终端交互对象的网络标识为受信任的、安全的网络标识。When the number of the connection termination data packets does not exceed the preset first number threshold, the terminal confirms that the terminal interaction object is stable, and identifies the network identifier of the terminal interaction object as trusted and safe network ID.
具体地,所述终端识别所述终端交互对象的交互数据量异常,可以包括:Specifically, the terminal identifying that the amount of interaction data of the terminal interaction object is abnormal may include:
所述终端记录向所述终端交互对象发起传输控制协议(TCP,TransmissionControlProtocol)连接请求,并记录所述终端与所述终端交互对象的第一连接时间段;The terminal records that it initiates a Transmission Control Protocol (TCP, Transmission Control Protocol) connection request to the terminal interaction object, and records a first connection time period between the terminal and the terminal interaction object;
所述终端统计所述第一时间段内从所述终端交互对象接收到的第一数据长度;The terminal counts the first data length received from the terminal interaction object within the first time period;
在预设的时间间隔之后,所述终端第二次向所述终端交互对象发起TCP连接请求,并在所述第一连接时间段内统计从所述终端交互对象接收到的第二数据长度;After the preset time interval, the terminal initiates a TCP connection request to the terminal interaction object for the second time, and counts the second data length received from the terminal interaction object within the first connection time period;
当所述第一数据长度与所述第二数据长度的总和超过预设的第一数据长度阈值时,所述终端确认所述终端交互对象的交互数据量异常,并识别所述终端交互对象的网络标识为不受信任的、危险的网络标识;When the sum of the first data length and the second data length exceeds the preset first data length threshold, the terminal confirms that the amount of interaction data of the terminal interaction object is abnormal, and identifies the The network logo is an untrusted, dangerous network logo;
当所述第一数据长度与所述第二数据长度的总和没有超过预设的第一数据长度阈值时,所述终端确认所述终端交互对象的交互数据量无异常,并识别所述终端交互对象的网络标识为受信任的、安全的网络标识。When the sum of the first data length and the second data length does not exceed the preset first data length threshold, the terminal confirms that the amount of interaction data of the terminal interaction object is normal, and identifies the terminal interaction The object's network identity is a trusted, secure network identity.
具体地,所述终端识别所述终端交互对象恶意扫描所述终端端口,可以包括:Specifically, the terminal identifying that the terminal interaction object maliciously scans the terminal port may include:
所述终端接收所述终端交互对象发送的数据包后,对所述数据包的TCP头进行解析;After the terminal receives the data packet sent by the terminal interaction object, it parses the TCP header of the data packet;
当所述数据包的TCP头的标志位为SYN,且所述数据包的TCP头没有ACK信息,所述终端确认所述终端交互对象恶意扫描所述终端端口,并识别所述终端交互对象的网络标识为不受信任的、危险的网络标识;When the flag bit of the TCP header of the data packet is SYN, and the TCP header of the data packet has no ACK information, the terminal confirms that the terminal interaction object maliciously scans the terminal port, and identifies the terminal interaction object The network logo is an untrusted, dangerous network logo;
否则,所述终端确认所述终端交互对象未恶意扫描所述终端端口,并识别所述终端交互对象的网络标识为受信任的、安全的网络标识。Otherwise, the terminal confirms that the terminal interaction object does not maliciously scan the terminal port, and recognizes the network identifier of the terminal interaction object as a trusted and safe network identifier.
具体地,所述终端识别所述终端交互对象向所述终端发起ARP攻击,可以包括:Specifically, the terminal identifies the terminal interaction object and initiates an ARP attack to the terminal, which may include:
在预设的第二时间段内,当所述终端接收所述终端交互对象发送的ARP请求报文的个数超过预设的第二数量阈值时,所述终端确认所述终端交互对象向所述终端发起ARP攻击,并识别所述终端交互对象的网络标识为不受信任的、危险的网络标识;Within the preset second time period, when the number of ARP request packets sent by the terminal interaction object received by the terminal exceeds the preset second number threshold, the terminal confirms that the terminal interaction object sends The terminal initiates an ARP attack, and identifies the network identifier of the terminal interaction object as an untrusted and dangerous network identifier;
在预设的第二时间段内,当所述终端接收所述终端交互对象发送的ARP请求报文的个数没有超过预设的第二数量阈值时,所述终端确认所述终端交互对象未向所述终端发起ARP攻击,并识别所述终端交互对象的网络标识为受信任的、安全的网络标识。Within the preset second time period, when the number of ARP request packets sent by the terminal interaction object received by the terminal does not exceed the preset second number threshold, the terminal confirms that the terminal interaction object has not Initiating an ARP attack to the terminal, and identifying the network identifier of the terminal interaction object as a trusted and secure network identifier.
具体地,所述终端识别所述终端交互对象向所述终端发送大尺寸ping包,可以包括:Specifically, the terminal identifying the terminal interaction object and sending a large-size ping packet to the terminal may include:
所述终端在接收到所述终端交互对象发送的因特网控制报文协议(ICMP,InternetControlMessageProtocol)数据包,且确认所述ICMP数据包为所述终端交互对象发送的ping请求数据包后,解析所述ICMP数据包,获取所述ICMP数据包的数据长度;After the terminal receives the Internet Control Message Protocol (ICMP, Internet Control Message Protocol) data packet sent by the terminal interaction object and confirms that the ICMP data packet is the ping request data packet sent by the terminal interaction object, it parses the ICMP data packet, obtains the data length of described ICMP data packet;
当所述ICMP数据包的数据长度超过预设的第二数据长度阈值时,所述终端确定所述终端交互对象向所述终端发送大尺寸ping包,并识别所述终端交互对象的网络标识为不受信任的、危险的网络标识;When the data length of the ICMP data packet exceeds the preset second data length threshold, the terminal determines that the terminal interaction object sends a large-sized ping packet to the terminal, and identifies the network identifier of the terminal interaction object as Untrusted, dangerous network identities;
当所述ICMP数据包的数据长度没有超过预设的第二数据长度阈值时,所述终端确定所述终端交互对象未向所述终端发送大尺寸ping包,并识别所述终端交互对象的网络标识为受信任的、安全的网络标识。When the data length of the ICMP data packet does not exceed the preset second data length threshold, the terminal determines that the terminal interaction object does not send a large-sized ping packet to the terminal, and identifies the network of the terminal interaction object Identifies as a trusted, secure network identity.
由上述可知,识别结果可以包括:As can be seen from the above, the recognition results may include:
所述终端交互对象的网络标识被识别为不受信任的、危险的网络标识和所述终端交互对象的网络标识被识别为受信任的、安全的网络标识这两个结果。The network identification of the terminal interaction object is identified as an untrusted and dangerous network identification and the network identification of the terminal interaction object is identified as a trusted and safe network identification.
S103:所述终端根据识别结果将所述终端交互对象的网络标识更新至所述预设信息;S103: The terminal updates the network identifier of the terminal interaction object to the preset information according to the identification result;
具体地,所述终端根据识别结果将所述终端交互对象的网络标识更新至所述预设信息可以包括:Specifically, the terminal updating the network identifier of the terminal interaction object to the preset information according to the identification result may include:
当所述终端交互对象的网络标识被识别为不受信任的、危险的网络标识时,所述终端将所述终端交互对象的网络标识添加到所述黑名单中;以及,When the network identifier of the terminal interaction object is identified as an untrusted and dangerous network identifier, the terminal adds the network identifier of the terminal interaction object to the blacklist; and,
当所述终端交互对象的网络标识被识别为受信任的、安全的网络标识时,所述终端将所述终端交互对象的网络标识添加到所述白名单中。When the network identifier of the terminal interaction object is identified as a trusted and secure network identifier, the terminal adds the network identifier of the terminal interaction object to the white list.
以上S101至S103的过程可以使得当所述终端交互对象的网络标识不在预设信息中时,如何将所述终端交互对象的网络标识更新到预设信息中,从而能够在交互过程中实现对预设信息的更新。The above process from S101 to S103 can make how to update the network identifier of the terminal interaction object to the preset information when the network identifier of the terminal interaction object is not in the preset information, so that the preset information can be realized during the interaction process. Updating information.
此外,当通过步骤S101得到所述终端交互对象的网络标识在所述预设信息中,也就是所述终端获取到匹配结果A或匹配结果B之后,所述终端可以根据匹配结果A或匹配结果B分别对数据交互进行相应的控制操作,具体的控制操作可以包括:In addition, when the network identifier of the terminal interaction object is obtained in the preset information through step S101, that is, after the terminal obtains the matching result A or the matching result B, the terminal can use the matching result A or the matching result B respectively performs corresponding control operations on data interaction, and specific control operations may include:
当所述终端交互对象的网络标识在所述黑名单中时,所述终端终止与所述终端交互对象的数据交互;When the network identifier of the terminal interaction object is in the blacklist, the terminal terminates data interaction with the terminal interaction object;
当所述终端交互对象的网络标识在所述白名单中时,所述终端允许与所述终端交互对象进行数据交互。When the network identifier of the terminal interaction object is in the white list, the terminal allows data interaction with the terminal interaction object.
优选地,当所述终端交互对象的网络标识在所述白名单中时,所述方法还可以包括:Preferably, when the network identifier of the terminal interaction object is in the white list, the method may further include:
在所述终端与所述终端交互对象进行数据交互的过程中,所述终端还可以根据所述预设的识别策略识别所述终端交互对象的网络标识;During the data interaction process between the terminal and the terminal interaction object, the terminal may also identify the network identifier of the terminal interaction object according to the preset identification policy;
当所述终端交互对象的网络标识被识别为不受信任的、危险的网络标识时,所述终端将所述终端交互对象的网络标识添加到所述黑名单中,并将所述终端交互对象的网络标识从所述白名单中进行删除;When the network identifier of the terminal interaction object is identified as an untrusted and dangerous network identifier, the terminal adds the network identifier of the terminal interaction object to the blacklist, and adds the terminal interaction object The network identifier of is deleted from the white list;
可以理解地,当所述终端交互对象的网络标识被识别为受信任的、安全的网络标识时,所述终端继续保持所述终端交互对象的网络标识在所述白名单中的状态。Understandably, when the network identifier of the terminal interaction object is identified as a trusted and secure network identifier, the terminal continues to maintain the state that the network identifier of the terminal interaction object is in the white list.
需要说明的是,由于网络标识具体可以包括网页或网站的统一资源定位符(URL,UniformResourceLocator)和IP地址,所述方法还可以包括:It should be noted that, since the network identifier may specifically include a uniform resource locator (URL, UniformResourceLocator) and an IP address of a web page or website, the method may further include:
当所述预设信息中包括预设数量的URL属于同一个HOST时,所述终端将所述预设信息中属于同一个HOST的URL用所述HOST代替;When the preset information includes a preset number of URLs belonging to the same HOST, the terminal replaces the URLs belonging to the same HOST in the preset information with the HOST;
当所述预设信息中包括预设数量的IP地址属于同一网关时,所述终端将所述预设信息中属于同一个网关的IP地址用所述网关地址代替。When the preset information includes a preset number of IP addresses belonging to the same gateway, the terminal replaces the IP addresses belonging to the same gateway in the preset information with the gateway address.
相应地,所述终端将所述终端交互对象的网络标识与自身保存的预设信息进行匹配,可以包括:Correspondingly, the terminal matching the network identifier of the terminal interaction object with the preset information saved by itself may include:
所述终端将所述终端交互对象的URL与所述预设信息中的HOST进行匹配;The terminal matches the URL of the terminal interaction object with the HOST in the preset information;
或者,所述终端将所述终端交互对象的IP地址与所述预设信息中的网关地址进行匹配。Or, the terminal matches the IP address of the terminal interaction object with the gateway address in the preset information.
本发明实施例提供了一种检测终端数据交互的安全性的方法;通过对安全名单和非安全名单进行配置,使得终端在数据交互的过程中,避免与非安全名单中的网页或网站进行数据交互,从而提高了终端进行数据交互时的安全性。The embodiment of the present invention provides a method for detecting the security of terminal data interaction; by configuring the safe list and the non-safe list, the terminal avoids data exchange with webpages or websites in the non-safe list during the process of data interaction. interaction, thereby improving the security of the terminal for data interaction.
参见图2,其示出了本发明实施例提供的一种终端20的结构,该终端20可以包括:匹配单元201、识别单元202和更新单元203,其中,Referring to FIG. 2 , it shows a structure of a terminal 20 provided by an embodiment of the present invention. The terminal 20 may include: a matching unit 201, an identification unit 202, and an updating unit 203, wherein,
所述匹配单元201,用于当所述终端20进行数据交互时,将所述终端交互对象的网络标识与所述终端20保存的预设信息进行匹配;The matching unit 201 is configured to match the network identifier of the terminal interaction object with the preset information saved by the terminal 20 when the terminal 20 performs data interaction;
所述识别单元202,用于当所述终端交互对象的网络标识不在所述预设信息中时,按照预设的识别策略识别所述终端交互对象的网络标识;The identification unit 202 is configured to identify the network identification of the terminal interaction object according to a preset identification strategy when the network identification of the terminal interaction object is not in the preset information;
所述更新单元203,用于根据所述识别单元202的识别结果将所述终端交互对象的网络标识更新至所述预设信息。The updating unit 203 is configured to update the network identifier of the terminal interaction object to the preset information according to the recognition result of the recognition unit 202 .
示例性地,所述预设信息包括白名单和黑名单,其中,所述白名单中可以包括受信任的、安全的网络标识;所述黑名单中可以包括不受信任的、危险的网络标识;而网络标识具体又可以包括网页或网站的URL、IP地址等。Exemplarily, the preset information includes a whitelist and a blacklist, wherein the whitelist may include trusted and safe network identifiers; the blacklist may include untrusted and dangerous network identifiers and the network identifier may specifically include URL, IP address, etc. of a web page or website.
示例性地,所述白名单中可以包括受信任的、安全的网络标识;所述黑名单中可以包括不受信任的、危险的网络标识;而网络标识具体又可以包括网页或网站的URL、IP地址等。Exemplarily, the whitelist may include trusted and safe network identifiers; the blacklist may include untrusted and dangerous network identifiers; and the network identifiers may specifically include URLs of webpages or websites, IP address etc.
可以理解地,所述终端交互对象可以是与所述终端20进行交互的网元设备,例如服务器、网关、另一个终端等,而且匹配单元201将所述终端交互对象的网络标识与所述终端20自身保存的预设信息进行匹配,也就是将所述终端交互对象的网络标识分别与终端20中保存的白名单和黑名单进行匹配。It can be understood that the terminal interaction object may be a network element device interacting with the terminal 20, such as a server, a gateway, another terminal, etc., and the matching unit 201 matches the network identifier of the terminal interaction object with the terminal The preset information saved by the terminal 20 is matched, that is, the network identifier of the terminal interaction object is matched with the white list and black list stored in the terminal 20 respectively.
需要说明的是,匹配单元201将所述终端交互对象的网络标识与终端20自身保存的预设信息进行匹配之后,获取的匹配结果可以分为:所述终端交互对象的网络标识在所述预设信息中、所述终端交互对象的网络标识不在所述预设信息中这两种;It should be noted that after the matching unit 201 matches the network identifier of the terminal interaction object with the preset information stored in the terminal 20 itself, the obtained matching results can be divided into: the network identifier of the terminal interaction object is in the preset information In the preset information, the network identifier of the terminal interaction object is not included in the preset information;
而匹配单元201将所述终端交互对象的网络标识分别与终端20中保存的白名单和黑名单进行匹配之后,可以获取以下三个匹配结果:After the matching unit 201 matches the network identifier of the terminal interaction object with the whitelist and blacklist stored in the terminal 20, the following three matching results can be obtained:
A、所述终端交互对象的网络标识在所述白名单中;A. The network identifier of the terminal interaction object is in the white list;
B、所述终端交互对象的网络标识在所述黑名单中;B. The network identifier of the terminal interaction object is in the blacklist;
C、所述终端交互对象的网络标识既不在所述白名单中,又不在所述黑名单中。C. The network identifier of the terminal interaction object is neither in the whitelist nor in the blacklist.
可以理解地,匹配结果A和B可以认为是所述终端交互对象的网络标识在所述预设信息中,而匹配结果C则可以认为是所述终端交互对象的网络标识不在所述预设信息中。Understandably, the matching results A and B can be considered as the network identifier of the terminal interaction object in the preset information, while the matching result C can be considered as the network identifier of the terminal interaction object not in the preset information middle.
优选地,以上A、B、C三个匹配结果的具体获取过程可以是:Preferably, the specific acquisition process of the above three matching results of A, B, and C may be:
首先,匹配单元201将所述终端交互对象的网络标识与所述白名单进行匹配;匹配单元201可以获取的匹配结果为:所述终端交互对象的网络标识在所述白名单中,或所述终端交互对象的网络标识不在所述白名单中;First, the matching unit 201 matches the network identifier of the terminal interaction object with the white list; the matching result that the matching unit 201 can obtain is: the network identifier of the terminal interaction object is in the white list, or the The network identifier of the terminal interaction object is not in the white list;
然后,当所述终端交互对象的网络标识不在所述白名单中时,匹配单元201将所述终端交互对象的网络标识与所述黑名单进行匹配;匹配单元201可以获取的匹配结果为:所述终端交互对象的网络标识在所述黑名单中,或所述终端交互对象的网络标识既不在所述白名单中,也不在所述黑名单中;Then, when the network identifier of the terminal interaction object is not in the white list, the matching unit 201 matches the network identifier of the terminal interaction object with the blacklist; the matching result that the matching unit 201 can obtain is: The network identifier of the terminal interaction object is in the blacklist, or the network identifier of the terminal interaction object is neither in the whitelist nor in the blacklist;
值得注意的是,当所述终端交互对象的网络标识不在所述预设信息中,也就是匹配单元201获取到匹配结果C时,所述识别单元202,可以具体用于识别以下至少一项:识别所述终端交互对象的连接稳定性、识别所述终端交互对象的交互数据量异常、识别所述终端交互对象恶意扫描所述终端端口、识别所述终端交互对象向所述终端发起ARP攻击和识别所述终端交互对象向所述终端发送大尺寸ping包。It is worth noting that when the network identifier of the terminal interaction object is not in the preset information, that is, when the matching unit 201 obtains the matching result C, the identifying unit 202 may be specifically configured to identify at least one of the following: Identifying the connection stability of the terminal interaction object, identifying the abnormal amount of interaction data of the terminal interaction object, identifying the terminal interaction object maliciously scanning the terminal port, identifying the terminal interaction object launching an ARP attack on the terminal, and Identifying the terminal interaction object and sending a large-size ping packet to the terminal.
可以理解地,除了上述的五项以外,识别单元202还可以根据终端20的实际应用情景添加或删减用于识别所述终端交互对象的网络标识的识别项,本发明实施例对此不作具体限定。It can be understood that, in addition to the above five items, the identification unit 202 can also add or delete identification items used to identify the network identifier of the terminal interaction object according to the actual application scenario of the terminal 20, which is not specifically described in this embodiment of the present invention. limited.
可选地,识别单元202,可以用于:Optionally, the identification unit 202 may be used to:
通过分析所述终端交互对象发送的数据包的应用层数据得到所述终端交互对象发送的完整数据长度;以及,Obtaining the complete data length sent by the terminal interaction object by analyzing the application layer data of the data packet sent by the terminal interaction object; and,
根据所述终端已接收到的数据包的大小,得到所述终端已接受的数据长度,并与所述完整数据长度进行比较;以及,Obtaining the data length accepted by the terminal according to the size of the data packet received by the terminal, and comparing it with the complete data length; and,
当所述终端已接受的数据长度小于所述完整数据长度时,统计在预设的第一时间阈值内,接收所述终端交互对象发送的终止连接数据包的个数;以及When the length of the data accepted by the terminal is less than the length of the complete data, count the number of connection termination data packets sent by the terminal interaction object received within the preset first time threshold; and
当所述终止连接数据包的个数超过预设的第一数量阈值时,确认所述终端交互对象是不稳定的,并识别所述终端交互对象的网络标识为不受信任的、危险的网络标识;以及,When the number of the terminated connection data packets exceeds the preset first number threshold, confirm that the terminal interaction object is unstable, and identify the network of the terminal interaction object as an untrusted and dangerous network identification; and,
当所述终止连接数据包的个数没有超过预设的第一数量阈值时,确认所述终端交互对象是稳定的,并识别所述终端交互对象的网络标识为受信任的、安全的网络标识。When the number of the connection termination data packets does not exceed the preset first number threshold, confirm that the terminal interaction object is stable, and identify the network identity of the terminal interaction object as a trusted and secure network identity .
可选地,识别单元202,可以用于:Optionally, the identification unit 202 may be used to:
记录向所述终端交互对象发起传输控制协议TCP连接请求,并记录所述终端与所述终端交互对象的第一连接时间段;以及,Recording the transmission control protocol TCP connection request initiated to the terminal interaction object, and recording the first connection time period between the terminal and the terminal interaction object; and,
统计所述第一时间段内从所述终端交互对象接收到的第一数据长度;以及,Counting the length of first data received from the terminal interaction object within the first time period; and,
在预设的时间间隔之后,第二次向所述终端交互对象发起TCP连接请求,并在所述第一连接时间段内统计从所述终端交互对象接收到的第二数据长度;以及,After the preset time interval, initiate a TCP connection request to the terminal interaction object for the second time, and count the second data length received from the terminal interaction object within the first connection time period; and,
当所述第一数据长度与所述第二数据长度的总和超过预设的第一数据长度阈值时,确认所述终端交互对象的交互数据量异常,并识别所述终端交互对象的网络标识为不受信任的、危险的网络标识;以及,When the sum of the first data length and the second data length exceeds a preset first data length threshold, confirm that the amount of interactive data of the terminal interaction object is abnormal, and identify the network identifier of the terminal interaction object as untrusted, dangerous network identifiers; and,
当所述第一数据长度与所述第二数据长度的总和没有超过预设的第一数据长度阈值时,确认所述终端交互对象的交互数据量无异常,并识别所述终端交互对象的网络标识为受信任的、安全的网络标识。When the sum of the first data length and the second data length does not exceed the preset first data length threshold, confirm that the amount of interaction data of the terminal interaction object is normal, and identify the network of the terminal interaction object Identifies as a trusted, secure network identity.
可选地,识别单元202,可以用于:Optionally, the identification unit 202 may be used to:
接收所述终端交互对象发送的数据包后,对所述数据包的TCP头进行解析;以及,After receiving the data packet sent by the terminal interaction object, parsing the TCP header of the data packet; and,
当所述数据包的TCP头的标志位为SYN,且所述数据包的TCP头没有ACK信息,确认所述终端交互对象恶意扫描所述终端端口,并识别所述终端交互对象的网络标识为不受信任的、危险的网络标识;以及,When the flag bit of the TCP header of the data packet is SYN, and there is no ACK information in the TCP header of the data packet, confirm that the terminal interaction object maliciously scans the terminal port, and identify the network identifier of the terminal interaction object as untrusted, dangerous network identifiers; and,
否则,确认所述终端交互对象未恶意扫描所述终端端口,并识别所述终端交互对象的网络标识为受信任的、安全的网络标识。Otherwise, confirm that the terminal interaction object does not maliciously scan the terminal port, and identify the network identifier of the terminal interaction object as a trusted and safe network identifier.
可选地,识别单元202,可以用于:Optionally, the identification unit 202 may be used to:
在预设的第二时间段内,当接收所述终端交互对象发送的ARP请求报文的个数超过预设的第二数量阈值时,确认所述终端交互对象向所述终端发起ARP攻击,并识别所述终端交互对象的网络标识为不受信任的、危险的网络标识;以及,In the preset second time period, when the number of received ARP request messages sent by the terminal interaction object exceeds the preset second number threshold, confirming that the terminal interaction object initiates an ARP attack to the terminal, and identifying the network identifier of the terminal interaction object as an untrusted and dangerous network identifier; and,
在预设的第二时间段内,当接收所述终端交互对象发送的ARP请求报文的个数没有超过预设的第二数量阈值时,确认所述终端交互对象未向所述终端发起ARP攻击,并识别所述终端交互对象的网络标识为受信任的、安全的网络标识。Within the preset second time period, when the number of ARP request messages sent by the terminal interaction object does not exceed the preset second number threshold, confirm that the terminal interaction object does not initiate ARP to the terminal attack, and identify the network identity of the terminal interaction object as a trusted and secure network identity.
可选地,识别单元202,可以用于:Optionally, the identification unit 202 may be used to:
在接收到所述终端交互对象发送的ICMP数据包,且确认所述ICMP数据包为所述终端交互对象发送的ping请求数据包后,解析所述ICMP数据包,获取所述ICMP数据包的数据长度;以及,After receiving the ICMP data packet sent by the terminal interaction object and confirming that the ICMP data packet is the ping request data packet sent by the terminal interaction object, parsing the ICMP data packet to obtain the data of the ICMP data packet length; and,
当所述ICMP数据包的数据长度超过预设的第二数据长度阈值时,确定所述终端交互对象向所述终端发送大尺寸ping包,并识别所述终端交互对象的网络标识为不受信任的、危险的网络标识;以及,When the data length of the ICMP data packet exceeds the preset second data length threshold, determine that the terminal interaction object sends a large-size ping packet to the terminal, and identify the network identifier of the terminal interaction object as untrusted dangerous online logos; and,
当所述ICMP数据包的数据长度没有超过预设的第二数据长度阈值时,确定所述终端交互对象未向所述终端发送大尺寸ping包,并识别所述终端交互对象的网络标识为受信任的、安全的网络标识。When the data length of the ICMP data packet does not exceed the preset second data length threshold, it is determined that the terminal interaction object does not send a large-sized ping packet to the terminal, and the network identification of the terminal interaction object is identified as trusted Responsible, secure network identity.
由上述可知,识别单元202进行识别的结果可以包括:所述终端交互对象的网络标识被识别为不受信任的、危险的网络标识和所述终端交互对象的网络标识被识别为受信任的、安全的网络标识这两个结果。It can be seen from the above that the identification result of the identification unit 202 may include: the network identification of the terminal interaction object is identified as an untrusted, dangerous network identification and the network identification of the terminal interaction object is identified as trusted, A secure network identifies both results.
示例性地,更新单元203,用于当所述终端交互对象的网络标识被识别单元202识别为不受信任的、危险的网络标识时,将所述终端交互对象的网络标识添加到所述黑名单中;以及Exemplarily, the update unit 203 is configured to add the network identifier of the terminal interaction object to the blacklist when the network identifier of the terminal interaction object is identified by the identification unit 202 as an untrusted and dangerous network identifier. on the list; and
当当所述终端交互对象的网络标识被识别单元202识别为受信任的、安全的网络标识时,将所述终端交互对象的网络标识添加到所述白名单中。When the network identifier of the terminal interaction object is recognized by the identifying unit 202 as a trusted and secure network identifier, the network identifier of the terminal interaction object is added to the white list.
示例性地,参见图3,终端20还可以包括:交互控制单元204,用于当所述终端交互对象的网络标识在所述黑名单中时,终止与所述终端交互对象的数据交互;以及Exemplarily, referring to FIG. 3 , the terminal 20 may further include: an interaction control unit 204, configured to terminate data interaction with the terminal interaction object when the network identifier of the terminal interaction object is in the blacklist; and
当所述终端交互对象的网络标识在所述白名单中时,允许与所述终端交互对象进行数据交互。When the network identifier of the terminal interaction object is in the white list, data interaction with the terminal interaction object is allowed.
优选地,当所述终端交互对象的网络标识在所述白名单中时,识别单元还可以用于在所述终端20与所述终端交互对象进行数据交互的过程中,根据所述预设的识别策略识别所述终端交互对象的网络标识;Preferably, when the network identifier of the terminal interaction object is in the white list, the identification unit can also be used to, according to the preset The identification policy identifies the network identification of the terminal interaction object;
更新单元203,还可以用于当所述终端交互对象的网络标识被识别为不受信任的、危险的网络标识时,将所述终端交互对象的网络标识添加到所述黑名单中,并将所述终端交互对象的网络标识从所述白名单中进行删除。The update unit 203 may also be configured to add the network identifier of the terminal interaction object to the blacklist when the network identifier of the terminal interaction object is identified as an untrusted and dangerous network identifier, and The network identifier of the terminal interaction object is deleted from the white list.
需要说明的是,由于网络标识具体可以包括网页或网站的URL和IP地址,参见图3,所述终端20还包括替换单元205,用于:It should be noted that, since the network identifier may specifically include URL and IP address of a web page or website, referring to FIG. 3 , the terminal 20 further includes a replacement unit 205 for:
当所述预设信息中包括预设数量的统一资源定位符URL属于同一个HOST时,将所述预设信息中属于同一个HOST的URL用所述HOST代替;或者,When the preset information includes a preset number of uniform resource locator URLs belonging to the same HOST, replacing the URLs belonging to the same HOST in the preset information with the HOST; or,
当所述预设信息中包括预设数量的网络协议IP地址属于同一网关时,将所述预设信息中属于同一个网关的IP地址用所述网关地址代替;When the preset information includes a preset number of network protocol IP addresses belonging to the same gateway, replacing the IP addresses belonging to the same gateway in the preset information with the gateway address;
相应地,匹配单元201,还可以用于:Correspondingly, the matching unit 201 can also be used for:
将所述终端交互对象的URL与所述预设信息中的HOST进行匹配;matching the URL of the terminal interaction object with the HOST in the preset information;
或者,将所述终端交互对象的IP地址与所述预设信息中的网关地址进行匹配。Or, match the IP address of the terminal interaction object with the gateway address in the preset information.
本发明实施例提供了一种终端20;通过对安全名单和非安全名单进行配置,使得终端在数据交互的过程中,避免与非安全名单中的网页或网站进行数据交互,从而提高了终端进行数据交互时的安全性。The embodiment of the present invention provides a terminal 20; by configuring the safe list and the non-safe list, the terminal avoids data interaction with webpages or websites in the non-safe list during the process of data interaction, thereby improving the terminal's performance. Security during data exchange.
本领域内的技术人员应明白,本发明的实施例可提供为方法、系统、或计算机程序产品。因此,本发明可采用硬件实施例、软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器和光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the embodiments of the present invention may be provided as methods, systems, or computer program products. Accordingly, the present invention can take the form of a hardware embodiment, a software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage and optical storage, etc.) having computer-usable program code embodied therein.
本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It should be understood that each procedure and/or block in the flowchart and/or block diagram, and a combination of procedures and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions may be provided to a general purpose computer, special purpose computer, embedded processor, or processor of other programmable data processing equipment to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing equipment produce a An apparatus for realizing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions The device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device, causing a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process, thereby The instructions provide steps for implementing the functions specified in the flow diagram procedure or procedures and/or block diagram procedures or blocks.
以上所述,仅为本发明的较佳实施例而已,并非用于限定本发明的保护范围。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the protection scope of the present invention.
Claims (24)
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410336749.3A CN105282112A (en) | 2014-07-15 | 2014-07-15 | Terminal and method for detecting security of data interaction in terminal |
| PCT/CN2014/086858 WO2016008212A1 (en) | 2014-07-15 | 2014-09-18 | Terminal as well as method for detecting security of terminal data interaction, and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410336749.3A CN105282112A (en) | 2014-07-15 | 2014-07-15 | Terminal and method for detecting security of data interaction in terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105282112A true CN105282112A (en) | 2016-01-27 |
Family
ID=55077862
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410336749.3A Withdrawn CN105282112A (en) | 2014-07-15 | 2014-07-15 | Terminal and method for detecting security of data interaction in terminal |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN105282112A (en) |
| WO (1) | WO2016008212A1 (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108234486A (en) * | 2017-12-29 | 2018-06-29 | 北京神州绿盟信息安全科技股份有限公司 | A kind of network monitoring method and monitoring server |
| CN111125751A (en) * | 2019-12-03 | 2020-05-08 | 中盈优创资讯科技有限公司 | Database penetration preventing method and device |
| CN111859361A (en) * | 2020-09-23 | 2020-10-30 | 歌尔光学科技有限公司 | A communication method, device, electronic device and storage medium |
| CN116150221A (en) * | 2022-10-09 | 2023-05-23 | 浙江博观瑞思科技有限公司 | Information interaction method and system for service of enterprise E-business operation management |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111010362B (en) | 2019-03-20 | 2021-09-21 | 新华三技术有限公司 | Monitoring method and device for abnormal host |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102231745A (en) * | 2011-07-08 | 2011-11-02 | 盛大计算机(上海)有限公司 | Safety system and method for network application |
| US20120088503A1 (en) * | 2008-07-18 | 2012-04-12 | Research In Motion Limited | Apparatus and method for performing network scanning using black-list network information |
| CN103701804A (en) * | 2013-12-26 | 2014-04-02 | 北京奇虎科技有限公司 | Network shopping environment safety detecting method and device |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102118326B (en) * | 2011-01-27 | 2013-09-25 | 郭少方 | Method for processing E-mail |
| CN102708186A (en) * | 2012-05-11 | 2012-10-03 | 上海交通大学 | Identification method of phishing sites |
| CN103916389B (en) * | 2014-03-19 | 2017-08-08 | 汉柏科技有限公司 | Defend the method and fire wall of HttpFlood attacks |
-
2014
- 2014-07-15 CN CN201410336749.3A patent/CN105282112A/en not_active Withdrawn
- 2014-09-18 WO PCT/CN2014/086858 patent/WO2016008212A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120088503A1 (en) * | 2008-07-18 | 2012-04-12 | Research In Motion Limited | Apparatus and method for performing network scanning using black-list network information |
| CN102231745A (en) * | 2011-07-08 | 2011-11-02 | 盛大计算机(上海)有限公司 | Safety system and method for network application |
| CN103701804A (en) * | 2013-12-26 | 2014-04-02 | 北京奇虎科技有限公司 | Network shopping environment safety detecting method and device |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108234486A (en) * | 2017-12-29 | 2018-06-29 | 北京神州绿盟信息安全科技股份有限公司 | A kind of network monitoring method and monitoring server |
| CN111125751A (en) * | 2019-12-03 | 2020-05-08 | 中盈优创资讯科技有限公司 | Database penetration preventing method and device |
| CN111859361A (en) * | 2020-09-23 | 2020-10-30 | 歌尔光学科技有限公司 | A communication method, device, electronic device and storage medium |
| CN111859361B (en) * | 2020-09-23 | 2021-08-31 | 歌尔光学科技有限公司 | A communication method, device, electronic device and storage medium |
| CN116150221A (en) * | 2022-10-09 | 2023-05-23 | 浙江博观瑞思科技有限公司 | Information interaction method and system for service of enterprise E-business operation management |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2016008212A1 (en) | 2016-01-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10929538B2 (en) | Network security protection method and apparatus | |
| CN103051633B (en) | A kind of method and apparatus of defensive attack | |
| US10419431B2 (en) | Preventing cross-site request forgery using environment fingerprints of a client device | |
| CN112600852B (en) | Vulnerability attack processing method, device, equipment and storage medium | |
| CN108270722B (en) | Attack behavior detection method and device | |
| EP3068093B1 (en) | Security authentication method and bidirectional forwarding detection method | |
| EP4044546A1 (en) | Message processing method, device and apparatus as well as computer readable storage medium | |
| CN101834875B (en) | Method, device and system for defending DDoS (Distributed Denial of Service) attacks | |
| CN103179100B (en) | A kind of method and apparatus preventing domain name system Tunnel Attack | |
| CN112217771B (en) | Data forwarding method and data forwarding device based on tenant information | |
| CN107508822B (en) | Access control method and device | |
| CN101621525B (en) | Method and equipment for treating legal entries | |
| CN105578463B (en) | Method and device for dual connection secure communication | |
| CN104601541B (en) | Method, server and the user equipment of data transmission | |
| CN105282112A (en) | Terminal and method for detecting security of data interaction in terminal | |
| CN102438028A (en) | Method, device and system for preventing fraud of dynamic host configuration protocol (DHCP) server | |
| US8572366B1 (en) | Authenticating clients | |
| CN103428106B (en) | The method of the Message processing after virtual machine VM migration and equipment thereof | |
| CN103916489B (en) | The many IP of a kind of single domain name domain name analytic method and system | |
| CN105516200B (en) | Cloud system method and device of safe processing | |
| CN107707569A (en) | DNS request processing method and DNS systems | |
| CN114363083A (en) | Security precaution method, device and equipment of intelligent gateway | |
| EP3200433A1 (en) | Ipv6 address management method, device and terminal | |
| CN106067864B (en) | Message processing method and device | |
| CN105578498A (en) | Method and device for terminal network management |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20160127 |
|
| WW01 | Invention patent application withdrawn after publication |