CN106209918A - The method of a kind of internet security management and terminal - Google Patents
The method of a kind of internet security management and terminal Download PDFInfo
- Publication number
- CN106209918A CN106209918A CN201610822777.5A CN201610822777A CN106209918A CN 106209918 A CN106209918 A CN 106209918A CN 201610822777 A CN201610822777 A CN 201610822777A CN 106209918 A CN106209918 A CN 106209918A
- Authority
- CN
- China
- Prior art keywords
- network
- tested
- terminal
- server
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000000034 method Methods 0.000 title claims abstract description 31
- 238000012360 testing method Methods 0.000 claims abstract description 11
- 230000002159 abnormal effect Effects 0.000 claims description 105
- 238000012795 verification Methods 0.000 claims description 20
- 238000012545 processing Methods 0.000 claims description 8
- 238000000926 separation method Methods 0.000 abstract 1
- 238000013515 script Methods 0.000 description 59
- 238000004458 analytical method Methods 0.000 description 31
- 238000007726 management method Methods 0.000 description 18
- 238000004891 communication Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 10
- 230000008569 process Effects 0.000 description 7
- 230000004044 response Effects 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 6
- 239000013307 optical fiber Substances 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000006855 networking Effects 0.000 description 2
- 206010028347 Muscle twitching Diseases 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000035899 viability Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The embodiment of the invention discloses method and the terminal of a kind of internet security management, wherein method includes: obtains terminal and carries out the network produced network access information of access operation according to the default network address under network under test;Judge whether described network access information exists and accessed the operation exception data caused by operation, and/or the network attack data obtained from server by described network;The most then according to described network attack data and/or described operation exception data, determine the safety of described network under test.Use the embodiment of the present invention, secure network, the Internet Security of protection user can be connected to according to the demand of user from main separation.
Description
Technical Field
The present invention relates to the field of security technologies, and in particular, to a method and a terminal for network security management.
Background
WIFI is an industry standard for wireless network communications (IEEE 802.11) defined by the Institute of Electrical and electronics Engineers IEEE (IEEE), and may also be considered as a complement to 3G technology. The WIFI technology is the same as the bluetooth technology, and belongs to the wireless local area network communication technology used in offices and homes. WIFI is a short-range wireless transmission technology, can support internet access radio signals within a range of hundreds of feet, and has the greatest advantages of high transmission speed, adjustable bandwidth under the condition of weak signals or interference, and effectively guaranteed stability and reliability of the network. However, with the continuous expansion of the application field of the wireless lan, the security problem is also more and more emphasized.
In some superstores and public facilities, citizens can smoothly use the wireless network, namely, the WIFI. Generally, because the places adopt open networks and do not have passwords, the places can be easily connected by searching wireless networks through a smart phone, a tablet computer and the like. In the era of WiFi, the twitching of WiFi has become a basic "viability skill". However, while the convenience brought by WiFi is enjoyed, due to the general lack of security awareness of WiFi internet surfing, WiFi security has become a serious disaster area for various network traps and fishing fraud.
In order to solve the above problems, at present, data security after accessing to public WiFi is generally ensured by performing encryption processing on application data to be transmitted or establishing a secure connection channel (such as a VPN channel). However, in practice, it is found that the terminal cannot provide the security information of the public WIFI network for the user in real time, and the common user cannot secure data transmission in the public WIFI network through a complicated encryption means, so a simple and reliable network security management scheme is needed.
Disclosure of Invention
The embodiment of the invention provides a network security management method, which can improve the security and the practicability of network security management.
In a first aspect, an embodiment of the present invention provides a method for network security management, where the method includes:
acquiring network access information generated by a terminal performing network access operation according to a preset network address under a network to be tested;
judging whether the network access information contains abnormal operation data caused by the network access operation and/or network attack data acquired from a server;
and if so, determining the security of the network to be tested according to the network attack data and/or the abnormal operation data.
In another aspect, an embodiment of the present invention provides a terminal, where the terminal includes:
the terminal comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring network access information generated by network access operation of the terminal under a network to be tested according to a preset network address;
the judging unit is used for judging whether the network access information contains running abnormal data caused by the network access operation and/or network attack data acquired from a server;
and the determining unit is used for determining the safety of the network to be tested according to the network attack data and/or the abnormal operation data if the judgment result of the judging unit is positive.
The embodiment of the invention can determine the security of the network to be tested according to the network attack data and/or the operation abnormal data if the network access information contains the operation abnormal data caused by the network access operation and/or the network attack data obtained from the server by acquiring the network access information generated by the network access operation of the terminal under the network to be tested according to the preset network address; therefore, whether corresponding abnormal operation data and/or network attack data are generated or not in the network access operation under the network to be detected can be detected to simply and reliably obtain/determine the safety of the network to be detected, and then a user/terminal can automatically and intelligently select a network with safety or higher safety to connect and communicate; the safety of the user for surfing the internet is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a network framework according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating a network security management method according to an embodiment of the present invention;
fig. 3 is a flowchart illustrating a network security management method according to another embodiment of the present invention;
fig. 4 is a flowchart illustrating a network security management method according to another embodiment of the present invention;
fig. 5 is a schematic structural diagram of a terminal according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a terminal according to another embodiment of the present invention;
fig. 7 is a schematic structural diagram of a terminal according to another embodiment of the present invention;
fig. 8 is a schematic structural diagram of a network security management system according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the specification of the present invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
As used in this specification and the appended claims, the term "if" may be interpreted contextually as "when", "upon" or "in response to a determination" or "in response to a detection". Similarly, the phrase "if it is determined" or "if a [ described condition or event ] is detected" may be interpreted contextually to mean "upon determining" or "in response to determining" or "upon detecting [ described condition or event ]" or "in response to detecting [ described condition or event ]".
In particular implementations, the terminals described in embodiments of the invention include, but are not limited to, other portable devices such as mobile phones, laptop computers, or tablet computers having touch sensitive surfaces (e.g., touch screen displays and/or touch pads). It should also be understood that in some embodiments, the device is not a portable communication device, but is a desktop computer having a touch-sensitive surface (e.g., a touch screen display and/or touchpad).
In the discussion that follows, a terminal that includes a display and a touch-sensitive surface is described. However, it should be understood that the terminal may include one or more other physical user interface devices such as a physical keyboard, mouse, and/or joystick.
The terminal supports various applications, such as one or more of the following: a drawing application, a presentation application, a word processing application, a website creation application, a disc burning application, a spreadsheet application, a gaming application, a telephone application, a video conferencing application, an email application, an instant messaging application, an exercise support application, a photo management application, a digital camera application, a web browsing application, a digital music player application, and/or a digital video player application.
Various applications that may be executed on the terminal may use at least one common physical user interface device, such as a touch-sensitive surface. One or more functions of the touch-sensitive surface and corresponding information displayed on the terminal can be adjusted and/or changed between applications and/or within respective applications. In this way, a common physical architecture (e.g., touch-sensitive surface) of the terminal can support various applications with user interfaces that are intuitive and transparent to the user.
The embodiment of the invention discloses a method and a terminal for managing network security, which are beneficial to a user to select a network with higher security or higher security for data communication. The following are detailed below.
In order to better understand the method and terminal for network security management provided by the embodiment of the present invention, a network architecture applicable to the embodiment of the present invention is described below. Referring to fig. 1, fig. 1 is a schematic structural diagram of a network architecture according to an embodiment of the present invention. As shown in fig. 1, the network architecture diagram may include a service device and a terminal, where the service device may include a server, a service host, a service system, a service platform, and the like, and the terminal may include an Internet device such as a smart phone (e.g., an Android phone, an IOS phone, and the like), a personal computer, a tablet computer, a palmtop computer, a Mobile Internet device (MID, Mobile Internet Devices), or a wearable smart device. In the network architecture shown in fig. 1, the service device may be communicatively connected to the terminal via the internet, for the convenience of the user to understand the following description of the communication with the terminal using the server as a representative of the service device.
Referring to fig. 2, which is a flowchart illustrating a network security management method according to an embodiment of the present invention, the network security manager may include the following steps:
s101, network access information generated by a terminal performing network access operation according to a preset network address under a network to be tested is obtained.
In the embodiment of the invention, when a user can start the networking function of the terminal to connect to a network to be tested (such as an unfamiliar WiFi network) and perform network access operation according to one or more preset network addresses set/input by the user/system in a self-defined manner, the terminal or a corresponding server can record all or part of network access information generated in the network access operation process. The terminal may obtain, from the terminal, the network access information generated/recorded by the terminal performing the network access operation under the network to be tested, and/or the terminal may obtain, from a corresponding server, the network access information generated by performing the network access operation according to a preset network address under the condition that the terminal is connected to the network to be tested in a wired/wireless communication manner (e.g., WiFi, bluetooth, data line, etc.).
It can be understood that, when the terminal is connected to one or more uncertain networks to be tested (e.g., to unfamiliar WiFi), and the terminal may perform corresponding network access operations through the network to be tested, the terminal may perform corresponding internet access, that is, network access operations, according to access information such as a preset network address, an access link, and an access script set by a user/system in a self-defined manner, and the terminal may record all or part of access record information, that is, network access information, performed by the terminal under the network to be tested. Because the network to be tested may be an unsafe network, if the terminal is connected to the unfamiliar unsafe WiFi, the unsafe WiFi device may tamper with access information such as a set network address and an access script sent by the terminal to a related server, so as to achieve the purpose of stealing user privacy data or destroying user equipment (i.e., the terminal) or user data (i.e., terminal data). Optionally, the terminal may receive or acquire first network access information (i.e., the network access information in step S101) generated by the terminal performing a network access operation according to the above-mentioned access information, such as the preset network address, the access link, and the access script, on the network to be tested.
Optionally, if the terminal disconnects the network connection with the network to be tested (e.g., unfamiliar WiFi) within a period of time, and the terminal is connected to a preset secure network set by one or more user/system definitions, the terminal may read, from a memory in the terminal, access information (e.g., a preset network address, an access link, an access script, and the like) corresponding to the network access operation performed by the terminal in the network to be tested, and further the terminal may perform the network access operation again according to the access information, and further the terminal may receive or acquire second network access information returned by the server according to the network access operation.
The preset secure network may refer to a network that is manually marked/set by a user, such as a WiFi network, a data network, etc. created by the user's own home, and further may upload the marked network to a corresponding server so as to share the security of the network, or a network that is registered and authenticated in a server/system by an official authority, etc., which is not limited in the embodiment of the present invention.
For example, assuming that the terminal is currently connected to a network to be tested (e.g. unfamiliar WiFi), the user now inputs the website "http: and www.baidu.com 'when wanting to access a hundredth website, the terminal can access the' http: the/www.baidu.com "hundredth degree website, since the unfamiliar WiFi may be an insecure network, that is, the WiFi device may be a pseudo base station device, and at this time, the terminal accesses "http: the/www.baidu.com "hundredth degree website, the unsecure pseudo base station device may tamper with the above-mentioned hundredth website, such as becoming "http: php, tn, site888_3_ pg ", etc. so that the target access address received by the server is different from the access address sent by the terminal, however, when the terminal performs Baidu website access through a preset secure network (such as secure WiFi), the target access address received by the server is consistent with the access address sent by the terminal.
Optionally, when the terminal performs network access operation through the network to be tested according to access information such as a preset network address, an access link, an access script and the like which is set by a user/system in a user-defined manner, since the network to be tested may be an insecure network, the network may be attacked in the network access operation process, and at this time, the server or the terminal may record network attack data such as a network vulnerability, a security defect and the like received by the terminal when the terminal is connected to the network to be tested (unfamiliar WIFI) and used for indicating that the terminal is attacked by the network; and/or, when the terminal is connected to the network to be tested and if the user/system is abnormal when the terminal is connected to the network to be tested in advance, the terminal can also record abnormal operation data (such as abnormal application data, abnormal system operation data and the like) of the terminal when the terminal is connected to the network to be tested and the terminal is abnormal in operation.
It should be noted that the first network access information and the second network access information respectively refer to network access information generated by the terminal performing the same network access operation under the network to be tested and the preset secure network, and the network access information may include, for example, an access script, an access link, network attack data, abnormal operation data, or other data information generated or recorded in the network access operation process, which is not limited in the embodiment of the present invention.
Optionally, the terminal may upload/send the recorded/obtained network access information (i.e., the first network access information and the second network access information described above) generated by performing the same network access operation under the network to be tested and under the preset secure network, and the recorded access information such as network attack data, abnormal operation data, and SSID (Service Set Identifier) of the network to be tested, MAC address, network name, and the like, to the server, so that the server records/stores the access information about the network to be tested.
The terminal may include an Internet device such as a smart phone (e.g., an Android phone, an IOS phone, etc.), a personal computer, a tablet computer, a palmtop computer, a Mobile Internet device (MID, Mobile Internet Devices), or a wearable smart device, and the embodiments of the present invention are not limited thereto.
S102, judging whether the network access information contains abnormal operation data caused by the network access operation and/or network attack data acquired from a server.
In this embodiment of the present invention, the terminal may determine whether the network access information (i.e., the first network access information) acquired in step S101 includes operation abnormal data (such as slow system operation, no-end crash of an application, and the like) caused/generated by the network access operation, and/or network attack data acquired from the server, and if so, the terminal continues to execute step S103; otherwise, the flow ends.
S103, determining the safety of the network to be tested according to the network attack data and/or the abnormal operation data.
In the embodiment of the invention, the terminal can determine the security of the network to be tested according to the network attack data and/or the abnormal operation data.
Optionally, the determining the security of the network to be tested according to the network attack data and/or the abnormal operation data includes:
sending an acquisition request (here, a first acquisition request) to the server, where the (first) acquisition request includes the network attack data and/or the abnormal operation data, and the (first) acquisition request is used to acquire a frequency corresponding to the network attack data and/or the abnormal operation data stored in the server and existing in the network to be tested; or, the security of the network to be tested is determined by the server according to the stored frequency corresponding to the network attack data and/or the abnormal operation data existing in the network to be tested;
receiving the frequency corresponding to the stored network attack data and/or the abnormal operation data which are returned by the server according to the (first) acquisition request, and determining the security of the network to be detected according to the stored frequency corresponding to the network attack data and/or the abnormal operation data which are present in the network to be detected; or, receiving the security of the network to be tested returned by the server according to the (first) acquisition request.
In a specific implementation, the terminal may send an acquisition request or a first acquisition request to the server, and if the first acquisition request is used to acquire the frequency corresponding to the network attack data and/or the abnormal operation data stored in the server in the network to be tested, when the server receives the first acquisition request, the server may find out, from the server, the number/frequency corresponding to the network attack data and/or the abnormal operation data generated when each terminal recorded/stored in the server is connected to the network to be tested and performs the same or different network access operations, and further, the server may send/return the found frequency corresponding to the network attack data and/or the abnormal operation data stored in the server in the network to be tested to the terminal, the terminal may receive the frequency corresponding to the network attack data and/or the abnormal operation data stored in the server and returned by the server according to the acquisition request, where the network attack data and/or the abnormal operation data exist in the network to be tested. Optionally, after each terminal is connected to the network to be tested and performs different or same network access operations, each terminal sends network access information (such as access scripts, access links, abnormal operation data, network attack data and the like) generated by performing the network access operations on the network to be tested, which is recorded by the terminal, to the server; the server may count and store network access information corresponding to network access operations performed by each terminal in the network to be tested (for example, the number/frequency of times that the abnormal operation data or the network attack data exists in the network to be tested, the number/frequency of times that the network to be tested is marked as a safe/unsafe/possibly safe network, and the like).
Or, the terminal may send an acquisition request to the server, and if the acquisition request is used to acquire the security of the network to be tested, which is determined by the server according to the stored frequency corresponding to the network attack data and/or the abnormal operation data existing in the network to be tested, when the server receives the acquisition request, the server may find out, from the server, the number/frequency corresponding to the network attack data and/or the abnormal operation data generated when each terminal recorded/stored in the server is connected to the network to be tested to perform the same or different network access operations, and then the server may determine the security of the network to be tested according to the found frequency corresponding to the network attack data and/or the abnormal operation data existing in the network to be tested and stored in the server, further sending the determined security of the network to be tested to the terminal; the terminal may receive the security of the network to be tested, which is returned/sent by the server according to the acquisition request.
Optionally, the determining the security of the network to be tested according to the stored frequency corresponding to the existence of the network attack data and/or the abnormal operation data in the network to be tested includes:
if the frequency is within a preset first threshold range, determining that the network to be tested is a safe network;
if the frequency is within a preset second threshold range, determining that the network to be tested is a possible safe network;
and if the frequency is within a preset third threshold range, determining that the network to be tested is an unsafe network.
The specific implementation step of determining the security of the network to be tested according to the stored frequency corresponding to the existence of the network attack data and/or the abnormal operation data in the network to be tested may include: judging/determining the frequency corresponding to the network attack data and/or the abnormal operation data stored by the server under the network to be tested is within a threshold range which is self-defined and set by a user/system and pre-stored in the terminal/the server so as to determine the safety of the network to be tested, and exemplarily considering/determining that the network to be tested is a safe network when the frequency corresponding to the network attack data and/or the abnormal operation data stored by the server under the network to be tested is within a preset first threshold range which is self-defined and set by the user/system; when the frequency corresponding to the network attack data and/or the abnormal operation data stored in the server under the network to be tested is within a preset second threshold range set by a user/system in a user-defined manner in advance, the network to be tested can be considered/determined as a possible secure network; and when the frequency corresponding to the network attack data and/or the abnormal operation data stored in the server under the network to be tested is within a preset third threshold range preset by a user/system in a self-defined manner, the network to be tested can be regarded/determined as an unsafe network.
Optionally, the method further includes:
when detecting that the terminal supports connection with at least one available network, sending a corresponding network security verification request to the server, wherein the network security verification request comprises a network identifier corresponding to the available network, and different available networks correspond to different network identifiers;
receiving security result information corresponding to the network identification returned by the server according to the network security verification request;
and displaying the available network to a preset network connection operation interface according to the safety result information and the network identification.
When a user turns on a networking function of a terminal, the terminal can detect and search one or more available networks which can support connection of the terminal (for example, the user turns on a WiFi function of the terminal, the terminal can search a WiFi network which broadcasts an SSID signal nearby or a hidden WiFi network which does not broadcast the SSID signal but stores the SSID and the password of the network in the terminal), and therefore an available network list which the terminal allows to be connected is formed; or, in the case that the terminal is connected to one network, the terminal may also search for other available networks that can be connected, and periodically update the available network list that the terminal can support to connect. Then, the terminal may send a corresponding network security authentication request to the server through a currently connected network or through a data network (e.g., 2G/3G, etc.), where the network security authentication request includes a network identifier of the available network, and different available networks correspondingly have different network identifiers, that is, the terminal may send the SSID and MAC address in the searched available network list to the server through the network, so that the server authenticates and returns security of all or part of available networks in the available network list. When the server receives the network security verification request sent by the terminal, the server will respond to the network security verification request, search and determine the security result information of all or part of the networks in the available network list in the server, that is, search the network security result information corresponding to the network identifier respectively, and further send the searched security result information corresponding to the network identifier to the terminal. The terminal may receive security result information corresponding to the network identifier returned by the server according to the network security verification request, and further, the terminal may display the available networks in a preset network connection operation interface according to the security result information and the network identifier, that is, the terminal may display the security of the network behind each available network according to a search result (i.e., security result information) of the server, for example, display information such as "secure/trusted network", "unsecure network", "possibly secure network" behind an SSID of each WiFi.
Optionally, the displaying the available network to a preset network connection operation interface according to the security result information and the network identifier includes:
displaying safety result information corresponding to all available networks to a preset network connection operation interface according to the network identification; or,
and displaying the target available network to a preset network connection operation interface according to the network identification, wherein the safety result information corresponding to the target available network is preset safety network result information.
The terminal can display the safety result information corresponding to all available networks supported and connected by the terminal to a preset network connection operation interface which is preset in the terminal by a user/system in a user-defined manner according to the network identification; or, the terminal may display the target available network on a preset network connection operation interface according to the network identifier, where the security result information corresponding to the target available network is preset security network result information that is preset by a user/system in the terminal in a self-defined manner, such as a secure/trusted network or a possible security network, that is, the terminal may display the target available network determined to be secure or possible to be secure on the preset network connection operation interface according to the network identifier and the security result information.
Optionally, the method further includes:
the terminal sends a second acquisition request to the server;
receiving first network access information and second network access information returned by the server according to the second acquisition request, wherein the first network access information refers to network access information which is stored by the server and generated by network access operation according to a preset network address under a network to be detected, the second network access information refers to network access information which is stored by the server and generated by network access operation according to a preset network address under a preset security network, and the network access information comprises an access script or an access link;
and determining the security of the network to be tested according to the matching analysis of the first network access information and the second network access information.
The terminal may send a second acquisition request to the server by wired/wireless communication (e.g. wifi, bluetooth, data line, etc.), the second acquisition request is used for acquiring the first network access information and the second network access information stored in the server, the first network access information may refer to network access information generated during a network access operation of the terminal under one or more networks to be tested according to a preset network address set by a user/system in a self-defined manner, the second network access information may refer to network access information generated during a process that the terminal performs network access operation again according to the preset network address under one or more preset secure networks (e.g., a data network, a 2G/3G/4G network) determined by the terminal/user. After the terminal sends the second acquisition request to the server, the server may receive and respond to the second acquisition request, and respectively or simultaneously send, to the terminal, first network access information and second network access information, which are generated by performing a network access operation on the terminal recorded/stored by the server under the network to be tested or a preset secure network according to a preset network address/preset access information. The terminal may receive the first network access information and the second network access information that are sent/returned to the server by the server according to the second acquisition request. Further, the terminal may determine the security of the network to be tested according to a matching analysis of the received/acquired first network access information and the second network access information.
Optionally, the determining the security of the network to be tested according to the matching analysis of the first network access information and the second network access information includes:
matching and analyzing the access script or access link in the first network access information and the access script or access link in the second network access information to obtain corresponding matching result information;
if the preset access tampering information exists in the matching result information, determining that the network to be tested is an unsafe network; or, if the preset access tampering information does not exist in the matching result information, determining that the network to be tested is a secure network or a possible secure network.
The terminal may perform matching analysis on an access script or an access link in the first network access information and an access script or an access link in the second network access information to obtain corresponding matching result information, and in a specific implementation, the terminal may determine whether the access script or the access link in the first network access information matches with the access script or the access link in the second network access information, and if so, the terminal may consider that network access information generated by performing a network access operation according to a preset network address when the terminal is connected to the network to be tested is not tampered, or consider that the network to be tested is possibly secured or secured, that is, the terminal may determine that the terminal performs matching analysis on the first network access information and the second network access information to obtain information such as that the network access information is not tampered, The network to be tested is matching result information such as a secure network or a possible secure network; otherwise, the terminal may consider that the network access information generated by performing the same network access operation as the preset secure network when the terminal is connected to the network to be tested is tampered or the network to be tested is an insecure network, that is, it is determined that the terminal performs matching analysis on the first network access information and the second network access information to obtain matching result information such as that the network access information is tampered or the network to be tested is an insecure network. Further, the terminal may determine whether preset access tampering information (for example, network access information is tampered) which is customized in the terminal by a user/system in advance exists in matching result information obtained by the matching analysis of the first network access information and the second network access information, if so, the terminal may directly consider/determine that the network to be tested is an insecure network, and if not, the terminal may consider that the network to be tested is an insecure network or an insecure network. That is, the terminal may match and compare the access script or the access link in the first network access information with the access script or the access link in the second network access information, if the access script or the access link in the first network access information is the same as the access script or the access link in the second network access information, the terminal may consider the network to be tested to which the terminal is previously connected as a secure network or a possibly secure network, and if the access script or the access link in the first network access information is not the same as the access script or the access link in the second network access information, the terminal may consider the network to be tested to which the terminal is previously connected as an unsecure network.
Optionally, the determining the security of the network to be tested according to the matching analysis of the first network access information and the second network access information includes:
matching and analyzing the access script or access link in the first network access information and the access script or access link in the second network access information to obtain corresponding matching result information;
sending a third acquisition request including the matching result information to the server; the third obtaining request is used for obtaining the frequency corresponding to the matching result information stored in the server under test in the network under test, or is used for obtaining the security of the network under test determined by the server according to the stored frequency corresponding to the matching result information in the network under test;
receiving the frequency corresponding to the stored matching result information in the network to be tested returned by the server according to the third acquisition request, and determining the safety of the network to be tested according to the stored frequency corresponding to the matching result information in the network to be tested; or receiving the security of the network to be tested returned by the server according to the third acquisition request.
The terminal may perform matching analysis on an access script or an access link in the first network access information and an access script or an access link in the second network access information to obtain corresponding matching result information, and in a specific implementation, the terminal may determine whether the access script or the access link in the first network access information matches with the access script or the access link in the second network access information, and if so, the terminal may consider that network access information generated by performing a network access operation according to a preset network address when the terminal is connected to the network to be tested is not tampered, or the network to be tested may be a secure network/a possible secure network, that is, the terminal may determine that the terminal performs matching analysis on the first network access information and the second network access information to obtain information such as that the network access information is not tampered, The network to be tested is matching result information such as a secure network/a possible secure network and the like; otherwise, the terminal may consider that the network access information generated by performing the same network access operation as the preset secure network when the terminal is connected to the network to be tested is tampered or the network to be tested is an insecure network, that is, it is determined that the terminal performs matching analysis on the first network access information and the second network access information to obtain matching result information such as that the network access information is tampered or the network to be tested is an insecure network. Further, the terminal may send a third obtaining request to the server, where the third obtaining request may include the matching result information, and the third obtaining request may be used to obtain a frequency corresponding to the matching result information stored in the server in the network to be tested, or the third obtaining request may be used to obtain the security of the network to be tested, which is determined by the server according to the stored frequency corresponding to the matching result information in the network to be tested. Optionally, after each terminal is connected to the network to be tested and performs different or same network access operations, each terminal may repeatedly perform the matching analysis on the corresponding network access information obtained by performing the same network access operation on the network to be tested and a preset secure network (i.e., whether the network access information is tampered), and each terminal may also upload the obtained corresponding matching result information to the server; the server can count and store whether the network access information corresponding to the network access operation of each terminal under the network to be tested is tampered, and the number of times of tampering and other matching result information.
After the server receives the third acquisition request, if the third acquisition request is used to acquire the frequency corresponding to the matching result information stored in the server and existing in the network to be tested, the server may find out the frequency/number of times corresponding to the matching result information existing in the network to be tested at each terminal counted/stored in the server according to the indication of the third acquisition request, the server may send the frequency corresponding to the matching result information existing in the network to be tested and stored in the found server to the terminal, the terminal may receive the frequency corresponding to the matching result information existing in the network to be tested and stored in the server returned according to the third acquisition request, and further, the terminal may further exist the matching result information existing in the network to be tested and stored in the server And determining the safety of the network to be tested according to the frequency corresponding to the information.
After the server receives the third obtaining request, if the third obtaining request is used to obtain the security of the network to be tested, which is determined by the server according to the stored frequency corresponding to the matching result information existing in the network to be tested, the server may first find out, according to the indication of the third obtaining request, the frequency/frequency corresponding to the matching result information existing in the network to be tested at each terminal counted/stored in the server (that is, the number of times that the network access information generated by the network access operation performed by connecting each terminal to the network to be tested is tampered with by the server or the number of times that the network to be tested is considered as a secure network/an insecure network/a possible secure network by each terminal), and then, according to the found frequency corresponding to the matching result information existing in the network to be tested and stored in the server The security of the network to be tested is determined to determine the security of the network to be tested, and finally the determined security of the network to be tested is sent to the terminal. The terminal may receive the security of the network to be tested, which is returned by the server according to the third acquisition request.
Optionally, the determining the security of the network to be tested according to the matching analysis of the first network access information and the second network access information includes:
sending a fourth acquisition request to the server, where the fourth acquisition request is used to instruct the server to perform matching analysis on an access script or an access link in the first network access information and an access script or an access link in the second network access information to obtain corresponding matching result information, and searching and sending a frequency stored in the server and corresponding to the matching result information existing in the network to be tested; or, the server is configured to instruct the server to perform matching analysis on the access script or the access link in the first network access information and the access script or the access link in the second network access information to obtain corresponding matching result information, determine the security of the network to be tested according to the stored frequency corresponding to the matching result information existing in the network to be tested, and send the determined security of the network to be tested to the terminal;
receiving the stored frequency corresponding to the matching result information existing in the network to be tested returned by the server according to the fourth acquisition request, and determining the safety of the network to be tested according to the stored frequency corresponding to the matching result information existing in the network to be tested; or receiving the security of the network to be tested returned by the server according to the fourth acquisition request.
In a specific implementation, the terminal may send a fourth acquisition request to the server, where the fourth acquisition request is used to instruct the server to perform matching analysis on an access script or an access link in the first network access information and an access script or an access link in the second network access information to obtain corresponding matching result information, and search and send a frequency corresponding to the matching result information stored in the server under the network to be tested, and when the server receives the fourth acquisition request, the server may acquire, according to an instruction of the fourth acquisition request, the first network access information and the second network access information generated by the terminal performing network access operations according to preset network addresses under the network to be tested and the preset secure network respectively, and then the server may enable the access script or the access link in the first network access information and the third network access information to be obtained by the server Matching, comparing and analyzing access scripts or access links in the network access information, and if the access scripts or the access links are matched, performing matching, comparing and analyzing to obtain matching result information such as that the network access information generated by the terminal performing the same network operation as a preset secure network under the network to be tested is not tampered, or the network to be tested is a secure network or a possible secure network; otherwise, the matching comparison analysis is carried out to obtain the matching result information such as that the network access information generated by the terminal carrying out the network operation which is the same as the preset secure network under the network to be tested is tampered, or the network to be tested is an unsafe network. Secondly, the server can find out the times of falsification of network access information generated by network access operation performed when each terminal counted/stored by the server is connected to the network to be tested, or the times of statistics/thought of the network to be tested as a safe/unsafe/possible secure network by each terminal, that is, the server can find out the frequency/times corresponding to the matching result information stored in the server under test, and further the server can send the frequency/times corresponding to the matching result information stored in the server under test to the terminal; the terminal may receive the frequency/number of times that the matching result information exists in the server according to the fourth acquisition request, and send the frequency/number of times to the terminal, and determine the security of the network to be tested by sending the frequency/number of times that the matching result information exists in the network to be tested to the terminal according to the frequency/number of times that the matching result information exists in the network to be tested.
Or, the terminal may send a fourth acquisition request to the server, if the fourth acquisition request is used to instruct the server to perform matching analysis on an access script or an access link in the first network access information and an access script or an access link in the second network access information to obtain corresponding matching result information, determine the security of the network to be tested according to the stored frequency corresponding to the matching result information existing in the network to be tested, and send the determined security of the network to be tested to the terminal, when the server receives the fourth acquisition request sent by the terminal, the server may acquire the first network access information and the second network access information generated by the terminal performing network access operations according to preset network addresses in the network to be tested and the preset secure network respectively according to an instruction of the fourth acquisition request, then, the server may perform matching comparison analysis on the access script or the access link in the first network access information and the access script or the access link in the second network access information, and if the access script or the access link in the first network access information and the access script or the access link in the second network access information are matched, the matching comparison analysis is performed to obtain matching result information such as that the network access information generated by the terminal performing the same network operation as that of a preset secure network under the network to be tested is not tampered, or the network to be tested is a secure network or a possible secure network; otherwise, the matching comparison analysis is carried out to obtain the matching result information such as that the network access information generated by the terminal carrying out the network operation which is the same as the preset secure network under the network to be tested is tampered, or the network to be tested is an unsafe network. Secondly, the server may find out, from the server, the number of times that the network access information, which is counted/stored by the server and generated by the network access operation performed when each terminal is connected to the network to be tested, is tampered, or the number of times that each terminal counts/considers that the network to be tested is a safe/unsafe/possible secure network, that is, the server may find out the frequency/number of times that the matching result information stored in the server exists under the network to be tested. Then, the server may determine the security of the network to be tested according to the found frequency/number of times corresponding to the matching result information stored in the server and existing in the network to be tested, and finally, the server may send the determined security of the network to be tested to the terminal, and the terminal may receive the security of the network to be tested returned by the server according to the fourth acquisition request.
Optionally, the determining the security of the network to be tested according to the stored frequency corresponding to the matching result information existing in the network to be tested includes:
if the frequency is within a preset fourth threshold range, determining that the network to be tested is a safe network;
if the frequency is within a preset fifth threshold range, determining that the network to be tested is a possible safe network;
and if the frequency is within a preset sixth threshold range, determining that the network to be tested is an unsafe network.
The specific implementation step of determining the security of the network to be tested according to the stored frequency corresponding to the matching result information existing in the network to be tested may include: judging/determining the frequency corresponding to the matching result information stored by the server under the network to be tested is within a threshold range which is self-defined and set by a user/system and is pre-stored in the terminal/the server to determine the safety of the network to be tested, and exemplarily, when the frequency corresponding to the matching result information stored by the server under the network to be tested is within a preset fourth threshold range which is pre-defined and set by the user/system, determining/determining that the network to be tested is a safe network; when the frequency, stored by the server, corresponding to the matching result information existing in the network to be tested is within a preset fifth threshold range set by a user/system in a user-defined manner in advance, the network to be tested can be considered/determined as a possible secure network; and when the frequency, stored by the server, corresponding to the matching result information existing in the network to be tested is within a preset sixth threshold range preset by a user/system in a self-defined manner, the network to be tested can be regarded/determined as an unsafe network.
It should be noted that the preset first threshold range, the preset second threshold range …, and up to the preset sixth threshold range may be set by a user/system in advance in a customized manner in the terminal/the server, and the preset first threshold range and up to the preset sixth threshold range may refer to the same threshold range or different threshold ranges, which is not limited in the embodiment of the present invention.
The embodiment of the invention can determine the security of the network to be tested according to the network attack data and/or the operation abnormal data if the network access information contains the operation abnormal data caused by the network access operation and/or the network attack data obtained from the server by acquiring the network access information generated by the network access operation of the terminal under the network to be tested according to the preset network address; therefore, whether corresponding abnormal operation data and/or network attack data are generated or not in the network access operation under the network to be detected can be detected to simply and reliably obtain/determine the safety of the network to be detected, and then a user/terminal can automatically and intelligently select a network with safety or higher safety to connect and communicate; the safety of the user for surfing the internet is improved.
Please refer to fig. 3, which is a flowchart illustrating a network security management method according to another embodiment of the present invention, where the method according to the embodiment of the present invention may be applied to terminals with communication network functions, such as smart phones, tablet computers, smart wearable devices, and the like, and may be specifically implemented by processors of the terminals. The method of embodiments of the present invention further includes the following steps.
S201, network access information generated by a terminal performing network access operation according to a preset network address under a network to be tested is obtained.
S202, judging whether the network access information contains abnormal operation data caused by the network access operation and/or network attack data acquired from a server.
In the embodiment of the present invention, when the terminal determines that the network access information includes the abnormal operation data caused by the network access operation and/or the network attack data acquired from the server, the terminal may continue to execute step S203; otherwise, ending the process or directly determining that the network to be tested is a safe/possible safe network.
S203, sending an acquisition request to the server, wherein the acquisition request comprises the network attack data and/or the abnormal operation data, and the acquisition request is used for acquiring the frequency corresponding to the network attack data and/or the abnormal operation data stored in the server under the network to be tested; or, the security of the network to be tested is determined by the server according to the stored frequency corresponding to the network attack data and/or the abnormal operation data existing in the network to be tested.
It should be noted that, when the obtaining request is used to obtain the frequency corresponding to the network attack data and/or the abnormal operation data stored in the server in the network to be tested, the terminal continues to execute step S204; when the obtaining request is used to obtain the security of the network to be tested, which is determined by the server according to the stored frequency corresponding to the network attack data and/or the abnormal operation data existing in the network to be tested, the terminal continues to execute step S205.
S204, receiving the frequency corresponding to the stored network attack data and/or the abnormal operation data which are returned by the server according to the acquisition request, and determining the safety of the network to be tested according to the stored frequency corresponding to the network attack data and/or the abnormal operation data which are stored in the network to be tested.
The determining the security of the network to be tested according to the stored frequency corresponding to the network attack data and/or the abnormal operation data existing in the network to be tested specifically includes the following implementation steps: if the frequency is within a preset first threshold range, determining that the network to be tested is a safe network; if the frequency is within a preset second threshold range, determining that the network to be tested is a possible safe network; and if the frequency is within a preset third threshold range, determining that the network to be tested is an unsafe network.
S205, receiving the security of the network to be tested returned by the server according to the acquisition request.
The embodiment of the invention can determine the security of the network to be tested according to the network attack data and/or the operation abnormal data if the network access information contains the operation abnormal data caused by the network access operation and/or the network attack data obtained from the server by acquiring the network access information generated by the network access operation of the terminal under the network to be tested according to the preset network address; therefore, whether corresponding abnormal operation data and/or network attack data are generated or not in the network access operation under the network to be detected can be detected to simply and reliably obtain/determine the safety of the network to be detected, and then a user/terminal can automatically and intelligently select a network with safety or higher safety to connect and communicate; the safety of the user for surfing the internet is improved.
Please refer to fig. 4, which is a flowchart illustrating a network security management method according to another embodiment of the present invention, where the method according to the embodiment of the present invention may include all or part of the implementation steps provided in the embodiment of fig. 3, and the method according to the embodiment of the present invention further includes the following steps.
S301, when it is detected that the terminal supports connection with at least one available network, sending a corresponding network security verification request to the server, wherein the network security verification request includes a network identifier corresponding to the available network, and different available networks correspond to different network identifiers.
S302, receiving security result information corresponding to the network identification returned by the server according to the network security verification request.
And S303, displaying the safety result information corresponding to all available networks to a preset network connection operation interface according to the network identification.
S304, displaying the target available network to a preset network connection operation interface according to the network identification, wherein the safety result information corresponding to the target available network is preset safety network result information.
It should be noted that step S304 may be another alternative to step S303.
The embodiment of the invention can determine the security of the network to be tested according to the network attack data and/or the operation abnormal data if the network access information contains the operation abnormal data caused by the network access operation and/or the network attack data obtained from the server by acquiring the network access information generated by the network access operation of the terminal under the network to be tested according to the preset network address; therefore, whether corresponding abnormal operation data and/or network attack data are generated or not in the network access operation under the network to be detected can be detected to simply and reliably obtain/determine the safety of the network to be detected, and then a user/terminal can automatically and intelligently select a network with safety or higher safety to connect and communicate; the safety of the user for surfing the internet is improved.
Referring to fig. 5, a schematic structural diagram of a terminal according to an embodiment of the present invention is shown, where the terminal 5 according to the embodiment of the present invention includes:
the acquiring unit 50 is configured to acquire network access information generated by the terminal performing a network access operation according to a preset network address in a network to be tested;
a determining unit 51, configured to determine whether there is running abnormal data caused by the network access operation in the network access information and/or network attack data acquired from a server;
a determining unit 52, configured to determine, if the determination result of the determining unit 51 is yes, security of the network to be tested according to the network attack data and/or the operation abnormal data.
For specific implementation of each unit related in the embodiments of the present invention, reference may be made to descriptions of related functional units or implementation steps in the embodiments corresponding to fig. 1 to fig. 4, which are not described herein again.
The embodiment of the invention can determine the security of the network to be tested according to the network attack data and/or the operation abnormal data if the network access information contains the operation abnormal data caused by the network access operation and/or the network attack data obtained from the server by acquiring the network access information generated by the network access operation of the terminal under the network to be tested according to the preset network address; therefore, whether corresponding abnormal operation data and/or network attack data are generated or not in the network access operation under the network to be detected can be detected to simply and reliably obtain/determine the safety of the network to be detected, and then a user/terminal can automatically and intelligently select a network with safety or higher safety to connect and communicate; the safety of the user for surfing the internet is improved.
Referring to fig. 6, which is a schematic structural diagram of a terminal according to another embodiment of the present invention, the terminal 6 according to the embodiment of the present invention may include: the above-mentioned acquiring unit 50, judging unit 51, and determining unit 52, wherein,
the determining unit 52 is specifically configured to send an obtaining request to the server, where the obtaining request includes the network attack data and/or the abnormal operation data, and the obtaining request is used to obtain a frequency corresponding to the network attack data and/or the abnormal operation data stored in the server and existing in the network to be tested; or, the security of the network to be tested is determined by the server according to the stored frequency corresponding to the network attack data and/or the abnormal operation data existing in the network to be tested; receiving the frequency corresponding to the network attack data and/or the abnormal operation data stored in the network to be tested returned by the server according to the acquisition request, and determining the safety of the network to be tested according to the frequency corresponding to the network attack data and/or the abnormal operation data stored in the network to be tested; or receiving the security of the network to be tested returned by the server according to the acquisition request.
Wherein optionally, the first and second optical fibers are,
the determining unit 52 is specifically configured to determine that the network to be detected is a secure network if the frequency is within a preset first threshold range; if the frequency is within a preset second threshold range, determining that the network to be tested is a possible safe network; and if the frequency is within a preset third threshold range, determining that the network to be tested is an unsafe network.
Optionally, the terminal further includes:
a sending unit 53, configured to send, to the server, a corresponding network security authentication request when it is detected that the terminal supports connection to at least one available network, where the network security authentication request includes a network identifier corresponding to the available network, and different available networks correspond to different network identifiers;
a receiving unit 54, configured to receive security result information corresponding to the network identifier, which is returned by the server according to the network security authentication request;
and the display unit 55 is configured to display the available network to a preset network connection operation interface according to the security result information and the network identifier.
Wherein optionally, the first and second optical fibers are,
the display unit 55 is specifically configured to display security result information corresponding to all available networks to a preset network connection operation interface according to the network identifier; or displaying the target available network to a preset network connection operation interface according to the network identifier, wherein the safety result information corresponding to the target available network is preset safety network result information.
For specific implementation of each unit related in the embodiments of the present invention, reference may be made to descriptions of related functional units or implementation steps in the embodiments corresponding to fig. 1 to fig. 5, which are not described herein again.
The embodiment of the invention can determine the security of the network to be tested according to the network attack data and/or the operation abnormal data if the network access information contains the operation abnormal data caused by the network access operation and/or the network attack data obtained from the server by acquiring the network access information generated by the network access operation of the terminal under the network to be tested according to the preset network address; therefore, whether corresponding abnormal operation data and/or network attack data are generated or not in the network access operation under the network to be detected can be detected to simply and reliably obtain/determine the safety of the network to be detected, and then a user/terminal can automatically and intelligently select a network with safety or higher safety to connect and communicate; the safety of the user for surfing the internet is improved.
Fig. 7 is a schematic view of another terminal structure according to another embodiment of the present invention. The terminal in this embodiment as shown in the figure may include: one or more processors 801; one or more input devices 802, one or more output devices 803, and memory 804. The processor 801, the input device 802, the output device 803, and the memory 804 described above are connected by a bus 805. The memory 802 is used to store instructions and the processor 801 is used to execute instructions stored by the memory 802. Wherein the processor 801 is configured to:
acquiring network access information generated by a terminal performing network access operation according to a preset network address under a network to be tested;
judging whether the network access information contains abnormal operation data caused by the network access operation and/or network attack data acquired from a server;
and if so, determining the security of the network to be tested according to the network attack data and/or the abnormal operation data.
Further, the processor 801 is further configured to:
sending an acquisition request to the server, wherein the acquisition request comprises the network attack data and/or the abnormal operation data, and the acquisition request is used for acquiring the frequency corresponding to the network attack data and/or the abnormal operation data stored in the server under the network to be tested; or, the security of the network to be tested is determined by the server according to the stored frequency corresponding to the network attack data and/or the abnormal operation data existing in the network to be tested;
receiving the frequency corresponding to the network attack data and/or the abnormal operation data stored in the network to be tested returned by the server according to the acquisition request, and determining the safety of the network to be tested according to the frequency corresponding to the network attack data and/or the abnormal operation data stored in the network to be tested; or receiving the security of the network to be tested returned by the server according to the acquisition request.
Further, the processor 801 is further configured to:
if the frequency is within a preset first threshold range, determining that the network to be tested is a safe network;
if the frequency is within a preset second threshold range, determining that the network to be tested is a possible safe network;
and if the frequency is within a preset third threshold range, determining that the network to be tested is an unsafe network.
Further, the processor 801 is further configured to:
when detecting that the terminal supports connection with at least one available network, sending a corresponding network security verification request to the server, wherein the network security verification request comprises a network identifier corresponding to the available network, and different available networks correspond to different network identifiers;
receiving security result information corresponding to the network identification returned by the server according to the network security verification request;
and displaying the available network to a preset network connection operation interface according to the safety result information and the network identification.
Further, the processor 801 is further configured to:
displaying safety result information corresponding to all available networks to a preset network connection operation interface according to the network identification; or,
and displaying the target available network to a preset network connection operation interface according to the network identification, wherein the safety result information corresponding to the target available network is preset safety network result information.
It should be understood that in the present embodiment, the Processor 801 may be a Central Processing Unit (CPU), and the Processor may be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The input device 802 may include a touch pad, a fingerprint sensor (for collecting fingerprint information of a user and direction information of the fingerprint), a microphone, etc., and the output device 803 may include a display (LCD, etc.), a speaker, etc.
The memory 804 may include both read-only memory and random access memory, and provides instructions and data to the processor 801. A portion of the memory 804 may also include non-volatile random access memory. For example, the memory 804 may also store device type information.
In a specific implementation, the processor 801, the input device 802, and the output device 803 described in this embodiment of the present invention may execute the implementation manners described in the first embodiment and the fifth embodiment of the method for network security management provided in this embodiment of the present invention, and may also execute the implementation manners of the terminal described in this embodiment of the present invention, which is not described herein again.
Fig. 8 is a schematic structural diagram of a network security management system according to an embodiment of the present invention. The network security management system in the present embodiment as shown in the figure may include: a server 80 and a terminal 81; wherein,
the terminal 81 is configured to send a first acquisition request to the server 80; receiving first network access information and second network access information returned by the server according to the first acquisition request, wherein the first network access information refers to network access information which is stored by the server and generated by network access operation according to a preset network address under a network to be detected, the second network access information refers to network access information which is stored by the server and generated by network access operation according to a preset network address under a preset security network, and the network access information comprises an access script or an access link; according to the matching analysis of the first network access information and the second network access information, the safety of the network to be tested is determined;
the server 80 is configured to receive a first acquisition request sent by a terminal 81; sending the stored first network access information and second network access information to the terminal 81 in response to the first acquisition request; the first network access information refers to network access information, which is stored by the server and generated by performing a network access operation according to a preset network address under a network to be tested, the second network access information refers to network access information, which is stored by the server 80 and generated by performing a network access operation according to a preset network address under a preset security network, and the network access information includes an access script or an access link.
Wherein optionally, the first and second optical fibers are,
the terminal 81 is further configured to perform matching analysis on the access script or the access link in the first network access information and the access script or the access link in the second network access information to obtain corresponding matching result information; sending a second acquisition request including the matching result information to the server 80; the second obtaining request is used to obtain the frequency corresponding to the matching result information stored in the server in the network to be tested, or is used to obtain the security of the network to be tested, which is determined by the server 80 according to the stored frequency corresponding to the matching result information in the network to be tested; receiving the stored frequency corresponding to the matching result information existing in the network to be tested returned by the server 80 according to the second acquisition request, and determining the security of the network to be tested according to the stored frequency corresponding to the matching result information existing in the network to be tested; or, receiving the security of the network to be tested returned by the server 80 according to the second acquisition request;
the server 80 is further configured to receive a second acquisition request sent by the terminal 81, where the second acquisition request includes matching result information, the matching result information refers to matching analysis performed by the terminal on an access script or an access link in the first network access information and an access script or an access link in the second network access information, and matching result information is obtained correspondingly, and the second acquisition request is used to acquire the frequency, stored in the server 80, corresponding to the matching result information existing in the network to be tested, or is used to acquire the security of the network to be tested, determined by the server 80 according to the stored frequency, corresponding to the matching result information existing in the network to be tested; responding to the second acquisition request, and sending the stored frequency corresponding to the matching result information existing in the network to be tested to the terminal; or, in response to the second acquisition request, determining the security of the network to be tested according to the stored frequency corresponding to the matching result information existing in the network to be tested, and sending the determined security of the network to be tested to the terminal 81.
Wherein optionally, the first and second optical fibers are,
the terminal 81 is further configured to send a third acquisition request to the server 80, where the third acquisition request is used to instruct the server 80 to perform matching analysis on an access script or an access link in the first network access information and an access script or an access link in the second network access information to obtain corresponding matching result information, and search and send a frequency stored in the server and corresponding to the matching result information in the network to be tested; or, the server 80 is configured to instruct the server 80 to perform matching analysis on the access script or the access link in the first network access information and the access script or the access link in the second network access information to obtain corresponding matching result information, determine the security of the network to be tested according to the stored frequency corresponding to the matching result information existing in the network to be tested, and send the determined security of the network to be tested to the terminal; receiving the stored frequency corresponding to the matching result information existing in the network to be tested returned by the server 80 according to the third acquisition request, and determining the security of the network to be tested according to the stored frequency corresponding to the matching result information existing in the network to be tested; or, receiving the security of the network to be tested returned by the server 80 according to the third acquisition request;
the server 80 is further configured to receive a third acquisition request sent by the terminal 81, where the third acquisition request is used to instruct the server 80 to perform matching analysis on an access script or an access link in the first network access information and an access script or an access link in the second network access information to obtain corresponding matching result information, and search for a frequency corresponding to the matching result information in the network to be tested stored in the server 80; or, the server 80 is configured to instruct the server 80 to perform matching analysis on the access script or the access link in the first network access information and the access script or the access link in the second network access information to obtain corresponding matching result information, and determine the security of the network to be tested according to the stored frequency corresponding to the matching result information existing in the network to be tested; responding to the third acquisition request, performing matching analysis on the first access link or the first access script and the second access link or the second access script to obtain corresponding matching result information, searching for the frequency corresponding to the matching result information stored in the server 80 in the network to be tested, and sending the stored frequency corresponding to the matching result information in the network to be tested to the terminal 81; or, the first access link or the first access script and the second access link or the second access script are subjected to matching analysis to obtain corresponding matching result information, the frequency corresponding to the matching result information existing in the network to be tested and stored in the server 80 is searched, the security of the network to be tested is determined according to the stored frequency corresponding to the matching result information existing in the network to be tested, and the determined security of the network to be tested is sent to the terminal 81.
Wherein optionally, the first and second optical fibers are,
the terminal 81 is further configured to send a fourth acquisition request to the server 80, where the fourth acquisition request includes the network attack data and/or the abnormal operation data, and the fourth acquisition request is used to acquire a frequency, stored in the server 80, corresponding to the network attack data and/or the abnormal operation data existing in the network to be tested; or, the security of the network to be tested is determined by the server 80 according to the stored frequency corresponding to the network attack data and/or the abnormal operation data existing in the network to be tested; receiving the frequency corresponding to the stored network attack data and/or the abnormal operation data existing in the network to be tested returned by the server 80 according to the acquisition request, and determining the security of the network to be tested according to the stored frequency corresponding to the network attack data and/or the abnormal operation data existing in the network to be tested; or, receiving the security of the network to be tested returned by the server 80 according to the acquisition request;
the server 80 is further configured to receive a fourth acquisition request sent by the terminal 81; the fourth obtaining request is used to obtain the frequency corresponding to the network attack data and/or the abnormal operation data stored in the server 80 in the network to be tested; or, the security of the network to be tested is determined by the server 80 according to the stored frequency corresponding to the network attack data and/or the abnormal operation data existing in the network to be tested; in response to the fourth acquisition request, searching for a frequency corresponding to the presence of the network attack data and/or the abnormal operation data in the network to be tested, which is stored in the server 80, and sending the stored frequency corresponding to the presence of the network attack data and/or the abnormal operation data in the network to be tested to the terminal 81; or, the frequency corresponding to the network attack data and/or the abnormal operation data stored in the server 80 in the network to be tested is searched, the security of the network to be tested is determined according to the stored frequency corresponding to the network attack data and/or the abnormal operation data in the network to be tested, and the determined security of the network to be tested is sent to the terminal 81.
Wherein optionally, the first and second optical fibers are,
the terminal 81 is further configured to send a corresponding network security authentication request to the server 80 when it is detected that the terminal supports connection with at least one available network, where the network security authentication request includes a network identifier corresponding to the available network, and different available networks correspond to different network identifiers; receiving security result information corresponding to the network identifier, which is returned by the server 80 according to the network security verification request; and displaying the available network to a preset network connection operation interface according to the safety result information and the network identification.
The server 80 is further configured to receive a network security verification request sent by the terminal 81; the network security verification request comprises a network identifier corresponding to at least one available network which the terminal supports connection, and different available networks correspond to different network identifiers; and responding to the network security verification information, and sending the searched security result information corresponding to the network identifier to the terminal 81, so that the terminal 81 can acquire the security of each available network.
According to the embodiment of the invention, the security of the network to be tested can be determined by acquiring first network access information which is stored in a server and generated by network access operation according to a preset network address under the network to be tested and second network access information which is stored in the server and generated by network access operation according to the preset network address again under a preset security network, and further according to the matching analysis of the first network access information and the second network access information; therefore, the network access information recorded by the server can be compared to simply and reliably obtain/determine the security of the network to be tested, and a user/terminal can automatically and intelligently select a network with high security or higher security to connect and communicate; the safety of the user for surfing the internet is improved.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described in a functional general in the foregoing description for the purpose of illustrating clearly the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the system, the terminal and the unit described above may refer to corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, terminal and method can be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may also be an electric, mechanical or other form of connection.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment of the present invention.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention essentially or partially contributes to the prior art, or all or part of the technical solution can be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
While the invention has been described with reference to specific embodiments, the invention is not limited thereto, and various equivalent modifications and substitutions can be easily made by those skilled in the art within the technical scope of the invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. A method of network security management, the method comprising:
acquiring network access information generated by a terminal performing network access operation according to a preset network address under a network to be tested;
judging whether the network access information contains abnormal operation data caused by the network access operation and/or network attack data acquired from a server;
and if so, determining the security of the network to be tested according to the network attack data and/or the abnormal operation data.
2. The method of claim 1, wherein said determining the security of the network under test from the network attack data and/or the operational anomaly data comprises:
sending an acquisition request to the server, wherein the acquisition request comprises the network attack data and/or the abnormal operation data, and the acquisition request is used for acquiring the frequency corresponding to the network attack data and/or the abnormal operation data stored in the server under the network to be tested; or, the security of the network to be tested is determined by the server according to the stored frequency corresponding to the network attack data and/or the abnormal operation data existing in the network to be tested;
receiving the frequency corresponding to the network attack data and/or the abnormal operation data stored in the network to be tested returned by the server according to the acquisition request, and determining the safety of the network to be tested according to the frequency corresponding to the network attack data and/or the abnormal operation data stored in the network to be tested; or receiving the security of the network to be tested returned by the server according to the acquisition request.
3. The method as claimed in claim 2, wherein the determining the security of the network under test according to the stored frequency corresponding to the existence of the network attack data and/or the abnormal operation data in the network under test comprises:
if the frequency is within a preset first threshold range, determining that the network to be tested is a safe network;
if the frequency is within a preset second threshold range, determining that the network to be tested is a possible safe network;
and if the frequency is within a preset third threshold range, determining that the network to be tested is an unsafe network.
4. The method of any one of claims 1-3, further comprising:
when detecting that the terminal supports connection with at least one available network, sending a corresponding network security verification request to the server, wherein the network security verification request comprises a network identifier corresponding to the available network, and different available networks correspond to different network identifiers;
receiving security result information corresponding to the network identification returned by the server according to the network security verification request;
and displaying the available network to a preset network connection operation interface according to the safety result information and the network identification.
5. The method of claim 4, wherein the displaying the available network to a preset network connection operation interface according to the security result information and the network identifier comprises:
displaying safety result information corresponding to all available networks to a preset network connection operation interface according to the network identification; or,
and displaying the target available network to a preset network connection operation interface according to the network identification, wherein the safety result information corresponding to the target available network is preset safety network result information.
6. A terminal, characterized in that the terminal comprises:
the terminal comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring network access information generated by network access operation of the terminal under a network to be tested according to a preset network address;
the judging unit is used for judging whether the network access information contains running abnormal data caused by the network access operation and/or network attack data acquired from a server;
and the determining unit is used for determining the safety of the network to be tested according to the network attack data and/or the abnormal operation data if the judgment result of the judging unit is positive.
7. The terminal of claim 6,
the determining unit is specifically configured to send an acquisition request to the server, where the acquisition request includes the network attack data and/or the abnormal operation data, and the acquisition request is used to acquire a frequency corresponding to the network attack data and/or the abnormal operation data stored in the server and existing in the network to be tested; or, the security of the network to be tested is determined by the server according to the stored frequency corresponding to the network attack data and/or the abnormal operation data existing in the network to be tested; receiving the frequency corresponding to the network attack data and/or the abnormal operation data stored in the network to be tested returned by the server according to the acquisition request, and determining the safety of the network to be tested according to the frequency corresponding to the network attack data and/or the abnormal operation data stored in the network to be tested; or receiving the security of the network to be tested returned by the server according to the acquisition request.
8. The terminal of claim 7,
the determining unit is specifically configured to determine that the network to be tested is a secure network if the frequency is within a preset first threshold range; if the frequency is within a preset second threshold range, determining that the network to be tested is a possible safe network; and if the frequency is within a preset third threshold range, determining that the network to be tested is an unsafe network.
9. The terminal according to any of claims 6-8, characterized in that the terminal further comprises:
a sending unit, configured to send, to the server, a corresponding network security authentication request when it is detected that the terminal supports connection with at least one available network, where the network security authentication request includes a network identifier corresponding to the available network, and different available networks correspond to different network identifiers;
a receiving unit, configured to receive security result information corresponding to the network identifier, which is returned by the server according to the network security verification request;
and the display unit is used for displaying the available network to a preset network connection operation interface according to the safety result information and the network identification.
10. The terminal of claim 9,
the display unit is specifically used for displaying the safety result information corresponding to all available networks to a preset network connection operation interface according to the network identification; or displaying the target available network to a preset network connection operation interface according to the network identifier, wherein the safety result information corresponding to the target available network is preset safety network result information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610822777.5A CN106209918A (en) | 2016-09-13 | 2016-09-13 | The method of a kind of internet security management and terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610822777.5A CN106209918A (en) | 2016-09-13 | 2016-09-13 | The method of a kind of internet security management and terminal |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106209918A true CN106209918A (en) | 2016-12-07 |
Family
ID=58067444
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610822777.5A Withdrawn CN106209918A (en) | 2016-09-13 | 2016-09-13 | The method of a kind of internet security management and terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106209918A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107979845A (en) * | 2017-05-03 | 2018-05-01 | 上海掌门科技有限公司 | The indicating risk method and apparatus of wireless access point |
CN112565228A (en) * | 2020-11-27 | 2021-03-26 | 北京高途云集教育科技有限公司 | Client network analysis method and device |
CN109902491B (en) * | 2019-02-28 | 2021-08-31 | 苏州浪潮智能科技有限公司 | Safe operation management architecture of server and server |
CN113591080A (en) * | 2021-06-16 | 2021-11-02 | 盐城一方信息技术有限公司 | Computer network safety control system and control method |
CN113875205A (en) * | 2019-05-31 | 2021-12-31 | 微软技术许可有限责任公司 | Suppressing security risks associated with insecure websites and networks |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103891332A (en) * | 2011-08-12 | 2014-06-25 | F-赛酷公司 | Detection of suspect wireless access points |
CN104219670A (en) * | 2014-09-03 | 2014-12-17 | 珠海市君天电子科技有限公司 | Method and system for identifying false wifi (wireless fidelity), client side and server side |
CN104703184A (en) * | 2015-02-12 | 2015-06-10 | 中山大学 | Safe WiFi hot spot information publishing method |
CN105162768A (en) * | 2015-07-31 | 2015-12-16 | 腾讯科技(深圳)有限公司 | Method and device for detecting phishing Wi-Fi hotspots |
CN105357221A (en) * | 2015-12-04 | 2016-02-24 | 北京奇虎科技有限公司 | Method and apparatus for identifying phishing website |
CN105611534A (en) * | 2014-11-25 | 2016-05-25 | 阿里巴巴集团控股有限公司 | Method and device for recognizing pseudo WiFi network by wireless terminal |
-
2016
- 2016-09-13 CN CN201610822777.5A patent/CN106209918A/en not_active Withdrawn
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103891332A (en) * | 2011-08-12 | 2014-06-25 | F-赛酷公司 | Detection of suspect wireless access points |
CN104219670A (en) * | 2014-09-03 | 2014-12-17 | 珠海市君天电子科技有限公司 | Method and system for identifying false wifi (wireless fidelity), client side and server side |
CN105611534A (en) * | 2014-11-25 | 2016-05-25 | 阿里巴巴集团控股有限公司 | Method and device for recognizing pseudo WiFi network by wireless terminal |
CN104703184A (en) * | 2015-02-12 | 2015-06-10 | 中山大学 | Safe WiFi hot spot information publishing method |
CN105162768A (en) * | 2015-07-31 | 2015-12-16 | 腾讯科技(深圳)有限公司 | Method and device for detecting phishing Wi-Fi hotspots |
CN105357221A (en) * | 2015-12-04 | 2016-02-24 | 北京奇虎科技有限公司 | Method and apparatus for identifying phishing website |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107979845A (en) * | 2017-05-03 | 2018-05-01 | 上海掌门科技有限公司 | The indicating risk method and apparatus of wireless access point |
CN109902491B (en) * | 2019-02-28 | 2021-08-31 | 苏州浪潮智能科技有限公司 | Safe operation management architecture of server and server |
CN113875205A (en) * | 2019-05-31 | 2021-12-31 | 微软技术许可有限责任公司 | Suppressing security risks associated with insecure websites and networks |
US11637850B2 (en) | 2019-05-31 | 2023-04-25 | Microsoft Technology Licensing, Llc | Mitigating security risks associated with unsecured websites and networks |
CN112565228A (en) * | 2020-11-27 | 2021-03-26 | 北京高途云集教育科技有限公司 | Client network analysis method and device |
CN113591080A (en) * | 2021-06-16 | 2021-11-02 | 盐城一方信息技术有限公司 | Computer network safety control system and control method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6680840B2 (en) | Automatic detection of fraudulent digital certificates | |
US20210076212A1 (en) | Recognizing users with mobile application access patterns learned from dynamic data | |
US8782745B2 (en) | Detection of unauthorized wireless access points | |
US7730219B2 (en) | System and method for detecting free and open wireless networks | |
CN103023867B (en) | Portable secure device and method for dynamically configuration network security setting | |
CN106209918A (en) | The method of a kind of internet security management and terminal | |
WO2015058616A1 (en) | Recognition method and device for malicious website | |
WO2016050146A1 (en) | Method and apparatus for processing interface information in mobile terminal device | |
US20190014532A1 (en) | Adss enabled global roaming system | |
CN105281906A (en) | Safety authentication method and device | |
CN107493378B (en) | Method and device for logging in application program, computer equipment and readable storage medium | |
WO2015035936A1 (en) | Identity authentication method, identity authentication apparatus, and identity authentication system | |
CN108092970B (en) | Wireless network maintenance method and equipment, storage medium and terminal thereof | |
CN106302519A (en) | The method of a kind of internet security management and terminal | |
CN108769366B (en) | Authority management method, device, mobile terminal and storage medium | |
CN103973649A (en) | Authentication system and authentication method | |
US11474801B1 (en) | Automatic application installation based on proximity detection | |
CN106411862A (en) | Network security management method and terminal | |
CN114448645A (en) | Method, device, storage medium and program product for processing webpage access | |
CN109818972A (en) | A kind of industrial control system information security management method, device and electronic equipment | |
US11356478B2 (en) | Phishing protection using cloning detection | |
US10805012B1 (en) | Systems and methods for protecting users | |
CN107247900B (en) | Method and device for acquiring login password of operating system | |
CN110856173B (en) | Network access method and device and electronic equipment | |
CN108804122B (en) | Information security processing system, virtual dedicated server, and control method thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20161207 |
|
WW01 | Invention patent application withdrawn after publication |