CN102663319B - Prompting method and device for download link security - Google Patents
Prompting method and device for download link security Download PDFInfo
- Publication number
- CN102663319B CN102663319B CN201210089560.XA CN201210089560A CN102663319B CN 102663319 B CN102663319 B CN 102663319B CN 201210089560 A CN201210089560 A CN 201210089560A CN 102663319 B CN102663319 B CN 102663319B
- Authority
- CN
- China
- Prior art keywords
- download link
- unsafe
- link
- web page
- source web
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 31
- 239000000284 extract Substances 0.000 claims description 17
- 238000000605 extraction Methods 0.000 claims description 6
- 108010001267 Protein Subunits Proteins 0.000 claims description 3
- 241000700605 Viruses Species 0.000 description 10
- 238000001514 detection method Methods 0.000 description 4
- 239000002699 waste material Substances 0.000 description 4
- 230000002354 daily effect Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 244000035744 Hura crepitans Species 0.000 description 1
- 230000003203 everyday effect Effects 0.000 description 1
- 239000002360 explosive Substances 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 230000001902 propagating effect Effects 0.000 description 1
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a prompting method and device for download link security, wherein the method comprises the steps of: for a source webpage that a user visits, judging whether an unsafe download link is included; if the unsafe download link is included, acquiring the relavant information of the unsafe download link; and showing a prompt message of the unsafe download link in a user interface according to the relavant information. The method and the device provided by the invention can reduce the probability of the malicious program attacks in the internet download process of a user.
Description
Technical field
The present invention relates to field of computer technology, particularly relate to download link safety instruction method and device.
Background technology
Along with the universal of computing machine and the development of internet, the use of people to network is more and more frequent, computer network becomes requisite instrument in people's daily life gradually, and the various abundant software application that the various Web servers on network provide and information service, provide the user information and the data of every aspect, be widely used in daily life, bring huge facility to the productive life that people are daily.
And while explosive growth along with the network information, network also there is simultaneously the such as wooden horse of One's name is legion, the rogue program of virus and so on, these rogue programs are propagated by various medium, and to destroy, attack, for the purpose of steal information etc., without restraint affect the normal use of ordinary internet users to internet, the case attacked by rogue program is too numerous to enumerate, Internet user and even site owners are deeply hurt, even have also appeared on current internet some by profit for the purpose of Malware generate website, the abuse of hacking technique has made people not need to possess a lot of professional knowledge, just rogue program can be got, and then have influence on the normal use of other users to internet by propagating these rogue programs.
Wherein, one of main path that during web download, wooden horse, virus are propagated, and the principal mode of web download is the download link in the access websites page, the click page, also be, first wooden horse, virus-spreader place rogue program on network, this rogue program can directly be accessed by network and download, on other webpages, then add the hyperlink pointing to rogue program download path, finally guides user to access the webpage adding malicious downloading link.Wooden horse, virus-spreader can use toward contact has epigamic word or the picture anchor tag as malicious downloading chain, the chance of malicious downloading link is clicked with adding users, in addition, also can by placing malicious downloading link to improve the display machine meeting of malicious downloading link on the website that user's visit capacity is large.In a word, network exists in a large number with the Web page of malicious link, and its quantity every day is all in increase at a high speed, the Web page with malicious link of vast number, also makes Internet user be increased sharply by the probability of malware attacks.
Safety product of the prior art suffers the infringement of rogue program in order to avoid user, is generally after user clicks on links has downloaded program file, the security of scrutiny program file, checks out reminding user when being rogue program and isolates dangerous file.This way for be the wooden horse, the virus document that have downloaded to subscriber computer this locality, when finding dangerous, file has downloaded on subscriber set, and this adds by the probability attacked to a certain extent, wastes download time and the network bandwidth simultaneously.Therefore, the technical matters solved in the urgent need to those skilled in the art is just how to provide more efficiently mode, reduces user at the probability carrying out attacked by rogue program in web download process.
Summary of the invention
The invention provides download link safety instruction method and device, user can be reduced at the probability carrying out attacked by rogue program in web download process.
The invention provides following scheme:
A kind of download link safety instruction method, comprising:
For the source web page of user's access, judge wherein whether comprise unsafe download link;
If comprised, obtain the relevant information of described unsafe download link;
According to described relevant information, represent the information about described unsafe download link to user in the user interface.
Wherein, the described source web page for user's access, judges that wherein whether comprising unsafe download link comprises:
The unique identification information of described source web page is sent to first server inquire about, in described first server, preserves the security level information of source web page;
According to the response message that described first server returns, judge whether comprise unsafe download link in described source web page.
Wherein, the relevant information of the described unsafe download link of described acquisition comprises:
The unique identification information of described source web page is sent to second server inquire about, in described second server, preserves the corresponding relation between source web page and the dangerous download link wherein comprised;
According to the response message that described second server returns, obtain the relevant information of described unsafe download link.
Wherein, the relevant information of the described unsafe download link of described acquisition comprises:
The link wherein comprised is extracted from described source web page;
The identification information of the link extracted is sent to the 3rd server to inquire about, in described 3rd server, preserves the security level information of download link;
According to the response message that described 3rd server returns, obtain the relevant information of described unsafe download link.
Wherein, the link comprised in described source web page comprises web page interlinkage and download link, describedly from described source web page, extracts the link wherein comprised comprise:
According to the feature of the destination Uniform Resource finger URL URL of link correspondence, from described source web page, extract the download link wherein comprised.
Wherein, also comprise:
Extract the domain name of the URL of described source web page, and the domain name of target URL corresponding to download link;
If the domain name of the target URL that download link is corresponding is different from the domain name of the URL of described source web page, and the domain name of target URL corresponding to download link does not belong to secure domain name, then described download link is defined as suspicious download link;
Described the 3rd server that the link extracted is sent to carries out inquiry and comprises:
Described suspicious download link is sent to the 3rd server inquire about.
Wherein, the relevant information of the described unsafe download link of described acquisition comprises:
Obtain the target URL that described dangerous download link is corresponding;
Described according to described relevant information, the information represented about described unsafe download link to user in the user interface comprises:
The target URL corresponding according to described dangerous download link, determines the position of described dangerous download link in the described source web page page;
The information about described unsafe download link is represented in described position.
A kind of download link safety reminding device, comprising:
Judging unit, for the source web page of accessing for user, judges wherein whether comprise unsafe download link;
Information acquisition unit, if for comprising, obtains the relevant information of described unsafe download link;
Represent unit, for according to described relevant information, represent the information about described unsafe download link to user in the user interface.
Wherein, described judging unit comprises:
First inquiry subelement, inquires about for the unique identification information of described source web page is sent to first server, preserves the security level information of source web page in described first server;
Judgment sub-unit, for the response message returned according to described first server, judges whether comprise unsafe download link in described source web page.
Wherein, described information acquisition unit comprises:
Second inquiry subelement, inquires about for the unique identification information of described source web page is sent to second server, preserves the corresponding relation between source web page and the dangerous download link wherein comprised in described second server;
First obtains subelement, for the response message returned according to described second server, obtains the relevant information of described unsafe download link.
Wherein, described information acquisition unit comprises:
Subelement is extracted in link, for extracting the link wherein comprised from described source web page;
3rd inquiry subelement, inquiring about for the identification information of the link extracted being sent to the 3rd server, preserving the security level information of download link in described 3rd server;
Second obtains subelement, for the response message returned according to described 3rd server, obtains the relevant information of described unsafe download link.
Wherein, the link comprised in described source web page comprises web page interlinkage and download link, and described link is extracted subelement and comprised:
Download link extracts subelement, for the feature of the destination Uniform Resource finger URL URL according to link correspondence, extracts the download link wherein comprised from described source web page.
Wherein, also comprise:
Domain name extraction unit, for extracting the domain name of the URL of described source web page, and the domain name of target URL corresponding to download link;
Suspicious download link determining unit, if different from the domain name of the URL of described source web page for the domain name of target URL corresponding to download link, and the domain name of the target URL that download link is corresponding does not belong to secure domain name, then described download link is defined as suspicious download link;
Described 3rd inquiry subelement specifically for: described suspicious download link is sent to the 3rd server and inquires about.
Wherein, described information acquisition unit comprises:
Target URL obtains subelement, for obtaining target URL corresponding to described dangerous download link;
The described unit that represents comprises:
Subelement is determined in position, for the target URL corresponding according to described dangerous download link, determines the position of described dangerous download link in the described source web page page;
Prompting subelement, for representing the information about described unsafe download link in described position.
According to specific embodiment provided by the invention, the invention discloses following technique effect:
Pass through the present invention, can when judging to comprise unsafe download link in source web page, get the relevant information of unsafe download link, and represent the information about described unsafe download link to user in the user interface accordingly, like this, user just can be made to have gained some understanding to the security of download link before click download link, avoid clicking blindly and down operation, suffer the infringement of the rogue program such as virus or wooden horse.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the process flow diagram of the method that the embodiment of the present invention provides;
Fig. 2 is the schematic diagram of the device that the embodiment of the present invention provides.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, the every other embodiment that those of ordinary skill in the art obtain, all belongs to the scope of protection of the invention.
See Fig. 1, the download link safety instruction method that the embodiment of the present invention provides can comprise the following steps:
S101: for the source web page of user's access, judges wherein whether comprise unsafe download link;
In order to judge whether comprise unsafe download link in the source web page that user accesses fast, a database can be preserved in advance at server, the security level information of source web page is preserved in this database, that is, whether include unsafe download link at server end to each source web page in advance to add up, then statistics is preserved in a database.If do not comprise unsafe download link in a source web page, then level of security is higher, comprises unsafe download link else if, then the level of security of source web page is lower.Like this, for the source web page of user's access, just the unique identification of source web page (such as, the uniform resource position mark URL of webpage or the MD5 value of URL etc.) can be sent to this server and inquire about, accordingly, this server just can return Query Result.And then the result that just can return according to server at browser end judges whether there is unsafe download link in current source web page.Such as, if server return as a result, the level of security of this source web page is higher, then can determine there is not unsafe download link in this source web page, not need to carry out follow-up operation again.But, if the level of security of the Query Result display source web page that server returns is lower, then prove may there is unsafe download link in this source web page, and then also need to determine the relevant information of unsafe download link in this source web page (the target URL that such as unsafe download link is corresponding and/or the position in source web page etc.) further.
Wherein, server end can know the level of security of each source web page by all means, then carries out preserving.Such as, can be at server end, the download link comprised in each source web page is detected respectively, then determine the level of security of each source web page according to testing result.File download corresponding for download link, when carrying out safety detection to download link, also can get off by server end, and whether then detect based on virus base or malice feature database etc. is virus or trojan horse program.Or, if also can perform at browser end, the detection of download link is operated, then testing result can also to be uploaded onto the server end by browser end, then be preserved by server end, to upgrade existing database, etc.
S102: if comprised, obtains the relevant information of described unsafe download link;
For a source web page, the download link wherein comprised may be have a lot of, but unsafe download link may be only one of them or several.Therefore, when there is unsafe download link in discovery source web page be, not only need to inform in this source web page of user and comprise unsafe download link, also user will be informed, specifically which or which download link is unsafe, like this, really could play the effect of prompting user, not affect user to operations such as the clicks that other secure download link simultaneously.Therefore, after knowing in source web page and there is unsafe download link, the relevant information of unsafe download link can also be got.Such as, target URL corresponding to unsafe download link, link text can be got, or, the position of unsafe download link in source web page can also be got, etc.
Wherein, when obtaining the relevant information of unsafe download link, multiple implementation can be had, such as, wherein under a kind of mode, one database can be set at server end, the corresponding relation between each source web page and the unsafe download link wherein comprised in this database, can be preserved.That is, can detect the source web page including dangerous download link at server end in advance, the dangerous link wherein comprised be extracted, is then kept at server end.Like this, at browser end, comprise unsafe download link in known current source web page after, just directly the unique identification information such as the MD5 value of URL or URL of source web page can be sent to server to inquire about, like this, the unsafe download link comprised in source web page just directly can be returned to browser end by server end, and browser end just can know the relevant information of unsafe download link accordingly, also namely, know that concrete which or which download link is unsafe.
Or under another kind of implementation, server end can preserve the security level information of download link, also, download link all in server end is in advance to network detects, and then, generates database according to testing result.Such as, if after detecting certain download link, discovery is unsafe, then the level of security of this download link is lower, or, be directly designated dangerous download link; And if find that certain download link is safe, then its level of security can be set to higher level, or be directly designated secure download link, etc.Certainly, can also only preserve unsafe download link in a database, other do not occur that link in a database is all thought safe, or, only preserve safe download link in a database, other do not occur that link in a database is all thought unsafe, or think unknown, its security can also be detected further, etc.In a word, preserve in the server, the relevant information whether each download link is safe.Like this, for the source web page of user's access, if find wherein to comprise unsafe download link by step S101, then at browser end, the link comprised in source web page can be extracted, then the security (what be specifically sent to server can be the identification information linking the links such as corresponding target URL or its MD5 value) of query link in this server is sent, server end is after the identification information receiving link, just can inquire about its database, and Query Result is returned to browser end, the result that such browser end just can return according to server determines whether each link is safe link.
Wherein, extracting link and the identification information of link is sent in the process of server lookup from source web page, in order to for simplicity, directly the whole links comprised in source web page all can be extracted, and inquire about.But, if the number of links comprised in source web page is very many, then obviously can take more transmission and computational resource, and may not all link be all unsafe, if each is sent to server and goes to inquire about, the waste of resource can be caused.Therefore, in embodiments of the present invention, when extracting link from source web page, can be selectively extract.Such as, first, because the link in webpage can be divided into common web page interlinkage (also namely to link the URL that corresponding target URL is a webpage, after clicking this link, can jump in this webpage), and download link (is also that the embodiment of the present invention is paid close attention to, the download path of the target URL of its correspondence certain file often, after clicking download link, browser can call and download, carry out the download of file), and it is of concern that download link in the obvious embodiment of the present invention, therefore, when extracting link from source web page, only can extract download link wherein.In order to reach this object, can add up the feature of download link in advance, set up the information of similar download link feature database, such as, generally comprise " download.php " etc. in the target URL that download link is corresponding, like this, when extracting link from source web page, just can this feature database of comparison, the link meeting download link feature is extracted, and inquire about, so just greatly can reduce taking resource, avoid the waste causing resource.
Certainly, toward contact, there are some features for the unsafe download link comprised in source web page, such as: if the domain name of target URL corresponding to the download link in a source web page is identical with the URL domain name of source web page, then this download link is all generally safe, or, even if the domain name of the target URL that the download link in a source web page is corresponding is different from the URL domain name of source web page, but the domain name of the target URL that download link is corresponding is a known secure domain name, then this download link is generally also all safe.Only have when the domain name of target URL corresponding to download link is different with the URL domain name of source web page, and the domain name of target URI corresponding to download link also not in the list of secure domain name time, the unsafe possibility of this download link is just higher.Therefore, when extracting the link in source web page and inquire about, above-mentioned factor can also be further considered, also, first judge that whether the domain name of the target URL that download link is corresponding is identical with the domain name of source web page URL, if identical, then no longer extracts; If different, then judge whether the domain name of the target URL that download link is corresponding is secure domain name further, if so, also no longer extract, if not, then it can be used as suspicious download link to extract, and be sent to server and carry out security inquiry.During specific implementation, the list (can certainly be the list of dangerous domain name) of secure domain name can be obtained by number of ways in advance, be kept at browser end, compare use for browser end.Such as, can be that server end collection relevant information generates this list, then be issued to browser end, regularly or aperiodically can also upgrade this list etc.During the link comprised in extraction source webpage, due to general corresponding HTML (the HypertextMarkup Language of source web page, HTML (Hypertext Markup Language)) etc. file, therefore, API (Application Programming Interface, the application programming interface) function etc. that can directly use operating system to provide carries out extracting.
In a word, no matter be directly the URL of source web page is sent to server lookup, or re-send to server lookup after first extracting link from source web page, can learn which or which download link is unsafe from server end, wherein, the information that server returns is all generally target URL corresponding to unsafe download link, and namely this information can be used as follow-up foundation when representing information.
It should be noted that, in actual applications, if do not need the factor of consideration time, can also be that extract at browser end can after download link, directly in this locality, security detection is carried out (such as to download link, can in sandbox can file download corresponding to download link to local, then detect according to virus characteristic storehouse etc.), or, can after download link be sent to server end, if server end cannot determine according to current database that certain download link is safe or unsafe, then first server also can perform the detection to download link, again testing result is returned to browser end afterwards.Even, in step S101, also the link wherein comprised can directly be extracted from source web page, then each download link whether safety is analyzed successively, thus judge whether comprise unsafe download link in source web page, meanwhile, the relevant information of unsafe web page interlinkage in source web page can also be obtained out.
S103: according to described relevant information, represents the information about described unsafe download link to user in the user interface.
After having known the target URL that unsafe download link is corresponding, just can to eject the mode such as dialog box or bubble, target URL corresponding for unsafe download link or link text etc. are shown, like this, user just can know in current source web page, and which or which download link may be unsafe, therefore, just can no longer download by clickthrough, to avoid the infringement suffering virus, wooden horse etc.Or, after the target URL that unsafe download link is corresponding can also have been known, find out the position of unsafe download link in source web page, so just can point out to user, non-safety information is presented to user more intuitively in the position at unsafe download link place.During specific implementation, one section of specific Javascript code is inserted in the page of source web page, and using analyzing target URL corresponding to unsafe download link out as Parameter transfer to Javascript code, Javascript code can use dynamic page operative technique in the page, find out the position of unsafe download link, (division, DIV element is used to as the content of bulk in html document (block-level) provides the element of structure and background to create a DIV; All the elements between the start-tag of DIV and end-tag are all used to form this block, wherein the characteristic of institute's containing element is controlled by the attribute of DIV label) floating layer on unsafe download link, user can operate DIV and float button on layer and close floating layer.
In a word, in embodiments of the present invention, can when judging to comprise unsafe download link in source web page, get the relevant information of unsafe download link, and represent the information about described unsafe download link to user in the user interface accordingly, like this, user just can be made to have gained some understanding to the security of download link before click download link, avoid clicking blindly and down operation, suffer the infringement of the rogue program such as virus or wooden horse.
Corresponding with the download link safety instruction method that the embodiment of the present invention provides, the embodiment of the present invention this provide a kind of download link safety reminding device, see Fig. 1, this device can comprise:
Judging unit 101, for the source web page of accessing for user, judges wherein whether comprise unsafe download link;
Information acquisition unit 102, if for comprising, obtains the relevant information of described unsafe download link;
Represent unit 103, for according to described relevant information, represent the information about described unsafe download link to user in the user interface.
Wherein, judging unit 101 can comprise:
First inquiry subelement, inquires about for the unique identification information of described source web page is sent to first server, preserves the security level information of source web page in described first server;
Judgment sub-unit, for the response message returned according to described first server, judges whether comprise unsafe download link in described source web page.
Specifically when obtaining the relevant information of unsafe download link, information acquisition unit 102 can comprise:
Second inquiry subelement, inquires about for the unique identification information of described source web page is sent to second server, preserves the corresponding relation between source web page and the dangerous download link wherein comprised in described second server;
First obtains subelement, for the response message returned according to described second server, obtains the relevant information of described unsafe download link.
Or under another kind of implementation, information acquisition unit 102 also can comprise:
Subelement is extracted in link, for extracting the link wherein comprised from described source web page;
3rd inquiry subelement, inquiring about for the identification information of the link extracted being sent to the 3rd server, preserving the security level information of download link in described 3rd server;
Second obtains subelement, for the response message returned according to described 3rd server, obtains the relevant information of described unsafe download link.
In order to avoid waste transmission and computational resource, when the link comprised in source web page comprises web page interlinkage and download link, described link is extracted subelement and can be comprised:
Download link extracts subelement, for the feature of the destination Uniform Resource finger URL URL according to link correspondence, extracts the download link wherein comprised from described source web page.
Further, this device can also comprise:
Domain name extraction unit, for extracting the domain name of the URL of described source web page, and the domain name of target URL corresponding to download link;
Suspicious download link determining unit, if different from the domain name of the URL of described source web page for the domain name of target URL corresponding to download link, and the domain name of the target URL that download link is corresponding does not belong to secure domain name, then described download link is defined as suspicious download link;
Accordingly, described 3rd inquiry subelement specifically for: described suspicious download link is sent to the 3rd server and inquires about.
Wherein, information acquisition unit 202 specifically can comprise:
Target URL obtains subelement, for obtaining target URL corresponding to described dangerous download link;
Represent unit 203 specifically can comprise:
Subelement is determined in position, for the target URL corresponding according to described dangerous download link, determines the position of described dangerous download link in the described source web page page;
Prompting subelement, for representing the information about described unsafe download link in described position.
In a word, in the download link safety reminding device that the embodiment of the present invention provides, can when judging to comprise unsafe download link in source web page, get the relevant information of unsafe download link, and represent the information about described unsafe download link to user in the user interface accordingly, like this, user just can be made to have gained some understanding to the security of download link before click download link, avoid clicking blindly and down operation, suffer the infringement of the rogue program such as virus or wooden horse.
As seen through the above description of the embodiments, those skilled in the art can be well understood to the mode that the present invention can add required general hardware platform by software and realizes.Based on such understanding, technical scheme of the present invention can embody with the form of software product the part that prior art contributes in essence in other words, this computer software product can be stored in storage medium, as ROM/RAM, magnetic disc, CD etc., comprising some instructions in order to make a computer equipment (can be personal computer, server, or the network equipment etc.) perform the method described in some part of each embodiment of the present invention or embodiment.
Each embodiment in this instructions all adopts the mode of going forward one by one to describe, between each embodiment identical similar part mutually see, what each embodiment stressed is the difference with other embodiments.Especially, for device or system embodiment, because it is substantially similar to embodiment of the method, so describe fairly simple, relevant part illustrates see the part of embodiment of the method.Apparatus and system embodiment described above is only schematic, the wherein said unit illustrated as separating component or can may not be and physically separates, parts as unit display can be or may not be physical location, namely can be positioned at a place, or also can be distributed in multiple network element.Some or all of module wherein can be selected according to the actual needs to realize the object of the present embodiment scheme.Those of ordinary skill in the art, when not paying creative work, are namely appreciated that and implement.
Above to download link safety instruction method provided by the present invention and device, be described in detail, apply specific case herein to set forth principle of the present invention and embodiment, the explanation of above embodiment just understands method of the present invention and core concept thereof for helping; Meanwhile, for one of ordinary skill in the art, according to thought of the present invention, all will change in specific embodiments and applications.In sum, this description should not be construed as limitation of the present invention.
Claims (14)
1. a download link safety instruction method, is characterized in that, comprising:
For the source web page of user's access, the download link in browser end source web page according to the information extraction of the download link feature database set up in advance, and judge wherein whether comprise unsafe download link;
If comprised, described browser end obtains the relevant information of described unsafe download link; The relevant information of described unsafe download link comprises target URL corresponding to described unsafe download link, link text or the described position of unsafe download link in described source web page;
According to described relevant information, described browser end represents the information about described unsafe download link to user in the user interface;
Wherein, the described information represented about described unsafe download link to user in the user interface comprises: target URL corresponding for unsafe download link or link text show by ejection dialog box or bubble; Or the target URL corresponding according to described unsafe download link and the described position of unsafe download link in described source web page, dispose establishment D IV and float layer at unsafe download link place.
2. method according to claim 1, is characterized in that, the described source web page for user's access, judges that wherein whether comprising unsafe download link comprises:
The unique identification information of described source web page is sent to first server inquire about, in described first server, preserves the security level information of source web page;
According to the response message that described first server returns, judge whether comprise unsafe download link in described source web page.
3. method according to claim 1 and 2, is characterized in that, the relevant information of the described unsafe download link of described acquisition comprises:
The unique identification information of described source web page is sent to second server inquire about, in described second server, preserves the corresponding relation between source web page and the dangerous download link wherein comprised;
According to the response message that described second server returns, obtain the relevant information of described unsafe download link.
4. method according to claim 1 and 2, is characterized in that, the relevant information of the described unsafe download link of described acquisition comprises:
The link wherein comprised is extracted from described source web page;
The identification information of the link extracted is sent to the 3rd server to inquire about, in described 3rd server, preserves the security level information of download link;
According to the response message that described 3rd server returns, obtain the relevant information of described unsafe download link.
5. method according to claim 4, is characterized in that, the link comprised in described source web page comprises web page interlinkage and download link, describedly from described source web page, extracts the link wherein comprised comprise:
According to the feature of the destination Uniform Resource finger URL URL of link correspondence, from described source web page, extract the download link wherein comprised.
6. method according to claim 5, is characterized in that, also comprises:
Extract the domain name of the URL of described source web page, and the domain name of target URL corresponding to download link;
If the domain name of the target URL that download link is corresponding is different from the domain name of the URL of described source web page, and the domain name of target URL corresponding to download link does not belong to secure domain name, then described download link is defined as suspicious download link;
Described the 3rd server that the link extracted is sent to carries out inquiry and comprises:
Described suspicious download link is sent to the 3rd server inquire about.
7. method according to claim 1, is characterized in that, the relevant information of the described unsafe download link of described acquisition comprises:
Obtain the target URL that described dangerous download link is corresponding;
Described according to described relevant information, the information represented about described unsafe download link to user in the user interface comprises:
The target URL corresponding according to described dangerous download link, determines the position of described dangerous download link in the described source web page page;
The information about described unsafe download link is represented in described position.
8. a download link safety reminding device, is characterized in that, comprising:
Judging unit, for the source web page of accessing for user, the download link in browser end source web page according to the information extraction of the download link feature database set up in advance, and judge wherein whether comprise unsafe download link;
Information acquisition unit, if for comprising, described browser end obtains the relevant information of described unsafe download link; The relevant information of described unsafe download link comprises target URL corresponding to described unsafe download link, link text or the described position of unsafe download link in described source web page;
Represent unit, for according to described relevant information, described browser end represents the information about described unsafe download link to user in the user interface; Wherein, the described information represented about described unsafe download link to user in the user interface comprises: target URL corresponding for unsafe download link or link text show by ejection dialog box or bubble; Or the target URL corresponding according to described unsafe download link and the described position of unsafe download link in described source web page, dispose establishment D IV and float layer at unsafe download link place.
9. device according to claim 8, is characterized in that, described judging unit comprises:
First inquiry subelement, inquires about for the unique identification information of described source web page is sent to first server, preserves the security level information of source web page in described first server;
Judgment sub-unit, for the response message returned according to described first server, judges whether comprise unsafe download link in described source web page.
10. device according to claim 8 or claim 9, it is characterized in that, described information acquisition unit comprises:
Second inquiry subelement, inquires about for the unique identification information of described source web page is sent to second server, preserves the corresponding relation between source web page and the dangerous download link wherein comprised in described second server;
First obtains subelement, for the response message returned according to described second server, obtains the relevant information of described unsafe download link.
11. devices according to claim 8 or claim 9, it is characterized in that, described information acquisition unit comprises:
Subelement is extracted in link, for extracting the link wherein comprised from described source web page;
3rd inquiry subelement, inquiring about for the identification information of the link extracted being sent to the 3rd server, preserving the security level information of download link in described 3rd server;
Second obtains subelement, for the response message returned according to described 3rd server, obtains the relevant information of described unsafe download link.
12. devices according to claim 11, is characterized in that, the link comprised in described source web page comprises web page interlinkage and download link, and described link is extracted subelement and comprised:
Download link extracts subelement, for the feature of the destination Uniform Resource finger URL URL according to link correspondence, extracts the download link wherein comprised from described source web page.
13. devices according to claim 12, is characterized in that, also comprise:
Domain name extraction unit, for extracting the domain name of the URL of described source web page, and the domain name of target URL corresponding to download link;
Suspicious download link determining unit, if different from the domain name of the URL of described source web page for the domain name of target URL corresponding to download link, and the domain name of the target URL that download link is corresponding does not belong to secure domain name, then described download link is defined as suspicious download link;
Described 3rd inquiry subelement specifically for: described suspicious download link is sent to the 3rd server and inquires about.
14. devices according to claim 8, is characterized in that, described information acquisition unit comprises:
Target URL obtains subelement, for obtaining target URL corresponding to described dangerous download link;
The described unit that represents comprises:
Subelement is determined in position, for the target URL corresponding according to described dangerous download link, determines the position of described dangerous download link in the described source web page page;
Prompting subelement, for representing the information about described unsafe download link in described position.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210089560.XA CN102663319B (en) | 2012-03-29 | 2012-03-29 | Prompting method and device for download link security |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210089560.XA CN102663319B (en) | 2012-03-29 | 2012-03-29 | Prompting method and device for download link security |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102663319A CN102663319A (en) | 2012-09-12 |
| CN102663319B true CN102663319B (en) | 2015-04-15 |
Family
ID=46772805
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210089560.XA Active CN102663319B (en) | 2012-03-29 | 2012-03-29 | Prompting method and device for download link security |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102663319B (en) |
Families Citing this family (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103020519A (en) * | 2012-11-15 | 2013-04-03 | 百度在线网络技术(北京)有限公司 | Method and equipment for providing safety relevant information corresponding to access request |
| CN103077349B (en) * | 2013-01-05 | 2016-04-13 | 北京奇虎科技有限公司 | A kind of method of browser side prompting access secure information and device |
| CN104008331A (en) * | 2013-02-21 | 2014-08-27 | 腾讯科技(深圳)有限公司 | Access method, device and system of malicious web |
| CN104348803B (en) * | 2013-07-31 | 2018-12-11 | 深圳市腾讯计算机系统有限公司 | Link kidnaps detection method, device, user equipment, Analysis server and system |
| US9450968B2 (en) * | 2014-01-17 | 2016-09-20 | Microsoft Technology Licensing, Llc | Media stream trust display |
| CN105991746A (en) * | 2015-03-04 | 2016-10-05 | 腾讯科技(深圳)有限公司 | File downloading method and file downloading device |
| CN105141607A (en) * | 2015-08-24 | 2015-12-09 | 成都秋雷科技有限责任公司 | Cloud-based malicious link interception method |
| CN105183793A (en) * | 2015-08-24 | 2015-12-23 | 成都秋雷科技有限责任公司 | Method for quickly intercepting popup windows of webpage |
| CN105208001A (en) * | 2015-08-24 | 2015-12-30 | 成都秋雷科技有限责任公司 | Malicious link rapid interception method |
| CN105227542A (en) * | 2015-08-24 | 2016-01-06 | 成都秋雷科技有限责任公司 | Malicious link hold-up interception method |
| CN105592105B (en) * | 2016-02-26 | 2018-12-25 | 北京奇虎科技有限公司 | Guarantee the asynchronous system Network Access Method and device of safety |
| CN106487793A (en) * | 2016-10-19 | 2017-03-08 | 广东欧珀移动通信有限公司 | application installation method and device |
| US10380229B2 (en) * | 2016-12-20 | 2019-08-13 | Google Llc | Method and system providing contextual functionality in static web pages |
| CN108111584B (en) * | 2017-12-15 | 2020-02-21 | 中南大学 | Effective download link identification method and system based on feature extraction |
| CN110046494B (en) * | 2019-04-24 | 2019-11-19 | 天聚地合(苏州)数据股份有限公司 | Big data processing method and system based on terminal |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101490685A (en) * | 2005-06-28 | 2009-07-22 | 阿拉丁知识系统有限公司 | A method for increasing the security level of a user machine browsing web pages |
| CN101500000A (en) * | 2008-01-30 | 2009-08-05 | 珠海金山软件股份有限公司 | Security evaluation method for Internet website and apparatus thereof |
| CN102332071A (en) * | 2011-09-30 | 2012-01-25 | 奇智软件(北京)有限公司 | Methods and devices for discovering suspected malicious information and tracking malicious file |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102355469A (en) * | 2011-10-31 | 2012-02-15 | 北龙中网(北京)科技有限责任公司 | Method for displaying credibility certification for website in address bar of browser |
-
2012
- 2012-03-29 CN CN201210089560.XA patent/CN102663319B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101490685A (en) * | 2005-06-28 | 2009-07-22 | 阿拉丁知识系统有限公司 | A method for increasing the security level of a user machine browsing web pages |
| CN101500000A (en) * | 2008-01-30 | 2009-08-05 | 珠海金山软件股份有限公司 | Security evaluation method for Internet website and apparatus thereof |
| CN102332071A (en) * | 2011-09-30 | 2012-01-25 | 奇智软件(北京)有限公司 | Methods and devices for discovering suspected malicious information and tracking malicious file |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102663319A (en) | 2012-09-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102663319B (en) | Prompting method and device for download link security | |
| Nunan et al. | Automatic classification of cross-site scripting in web pages using document-based and URL-based features | |
| CN102333122B (en) | Downloaded resource provision method, device and system | |
| CN102419808A (en) | Method, device and system for detecting security of download link | |
| CN102957664B (en) | A kind of method and device identifying fishing website | |
| CN105760379B (en) | Method and device for detecting webshell page based on intra-domain page association relation | |
| CN104766014A (en) | Method and system used for detecting malicious website | |
| CN102663052B (en) | Method and device for providing search results of search engine | |
| CN102833258A (en) | Website access method and system | |
| CN105303109A (en) | Malicious code information analysis method and system | |
| CN112989348B (en) | Attack detection method, model training method, device, server and storage medium | |
| CN102664925B (en) | A kind of method of displaying searching result and device | |
| CN104168293A (en) | Method and system for recognizing suspicious phishing web page in combination with local content rule base | |
| CN104767747A (en) | Click jacking safety detection method and device | |
| CN108494762A (en) | Web access method, device and computer readable storage medium, terminal | |
| CN103647678A (en) | Method and device for online verification of website vulnerabilities | |
| CN103647767A (en) | Website information display method and apparatus | |
| CN102255915A (en) | Internet virus detection method, apparatus thereof and system thereof | |
| CN105488400A (en) | Comprehensive detection method and system of malicious webpage | |
| CN113518077A (en) | Malicious web crawler detection method, device, equipment and storage medium | |
| CN104158828A (en) | Method and system for identifying doubtful phishing webpage on basis of cloud content rule base | |
| CN105975599B (en) | Method and device for monitoring page embedded points of website | |
| CN108494728B (en) | Method, device, equipment and medium for creating blacklist library for preventing traffic hijacking | |
| CN107103243B (en) | Vulnerability detection method and device | |
| CN103390128A (en) | Page labeling method and device and terminal equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| ASS | Succession or assignment of patent right |
Owner name: QIZHI SOFTWARE (BEIJING) CO., LTD. Effective date: 20120926 Owner name: BEIJING QIHU TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: QIZHI SOFTWARE (BEIJING) CO., LTD. Effective date: 20120926 |
|
| C10 | Entry into substantive examination | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 100016 CHAOYANG, BEIJING TO: 100088 XICHENG, BEIJING |
|
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20120926 Address after: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park) Applicant after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Applicant after: Qizhi software (Beijing) Co.,Ltd. Address before: The 4 layer 100016 unit of Beijing city Chaoyang District Jiuxianqiao Road No. 14 Building C Applicant before: Qizhi software (Beijing) Co.,Ltd. |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220727 Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |