[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN113779475A - Advertisement blocking method and device, storage medium and computer equipment - Google Patents

Advertisement blocking method and device, storage medium and computer equipment Download PDF

Info

Publication number
CN113779475A
CN113779475A CN202110956774.1A CN202110956774A CN113779475A CN 113779475 A CN113779475 A CN 113779475A CN 202110956774 A CN202110956774 A CN 202110956774A CN 113779475 A CN113779475 A CN 113779475A
Authority
CN
China
Prior art keywords
packet
domain name
target
dns
address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110956774.1A
Other languages
Chinese (zh)
Inventor
舒超
罗浩
冯兴鑫
田野
何世伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Luyi Technology Co ltd
Original Assignee
Chengdu Luyi Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Luyi Technology Co ltd filed Critical Chengdu Luyi Technology Co ltd
Priority to CN202110956774.1A priority Critical patent/CN113779475A/en
Publication of CN113779475A publication Critical patent/CN113779475A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/958Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/957Browsing optimisation, e.g. caching or content distillation
    • G06F16/9577Optimising the visualization of content, e.g. distillation of HTML documents
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • G06Q30/0601Electronic shopping [e-shopping]

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Finance (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses an advertisement blocking method, an advertisement blocking device, a storage medium and computer equipment, relates to the technical field of information, and mainly aims to effectively block a popup advertisement. The method comprises the following steps: intercepting a target IP packet sent to a DNS by an application program; analyzing the target IP packet, and determining a domain name to be analyzed in the target IP packet; judging whether the domain name to be analyzed is in a preset advertisement domain name blacklist or not; if the domain name to be analyzed is in the preset advertisement domain name blacklist, intercepting the target IP packet; and if the domain name to be analyzed is not in the preset advertisement domain name blacklist, sending the target IP packet to the DNS server so that the DNS server can feed back the IP address of the corresponding software server to the application program according to the domain name to be analyzed. The method is suitable for intercepting the pop-up window advertisement.

Description

Advertisement blocking method and device, storage medium and computer equipment
Technical Field
The invention relates to the technical field of information, in particular to an advertisement blocking method, an advertisement blocking device, a storage medium and computer equipment.
Background
When a user uses a network to shop, play a game or look up information, the user is often disturbed by some advertisements which are automatically popped up, and how to effectively intercept the advertisements to avoid the disturbance of the pop-up advertisements is an important research topic in the technical field of the internet.
Currently, advertisements are generally intercepted according to an interception policy set by a client. However, since the interception policy set by the client is simple, only part of the advertisements can be intercepted, so that some malicious advertisements which are not successfully intercepted seriously affect the internet surfing experience of the user, and even bring property loss to the user.
Disclosure of Invention
The invention provides an advertisement blocking method, an advertisement blocking device, a storage medium and computer equipment, and mainly aims to effectively block a popup advertisement.
According to a first aspect of the present invention, there is provided an advertisement blocking method, including:
intercepting a target IP packet sent to a DNS by an application program;
analyzing the target IP packet, and determining a domain name to be analyzed in the target IP packet;
judging whether the domain name to be analyzed is in a preset advertisement domain name blacklist or not;
if the domain name to be analyzed is in the preset advertisement domain name blacklist, intercepting the target IP packet;
and if the domain name to be resolved is not in the preset advertisement domain name blacklist, sending the target IP packet to the DNS so that the DNS feeds back an IP address of a corresponding software server to the application program according to the domain name to be resolved, and the application program accesses the software server based on the IP address and acquires popup content fed back by the software server to display at a client.
According to a second aspect of the present invention, there is provided an advertisement blocking apparatus comprising:
the system comprises a first interception unit, a second interception unit and a third interception unit, wherein the first interception unit is used for intercepting a target IP packet sent to a DNS (domain name server) by an application program;
the determining unit is used for analyzing the target IP packet and determining a domain name to be analyzed in the target IP packet;
the judging unit is used for judging whether the domain name to be analyzed is in a preset advertisement domain name blacklist or not;
the second intercepting unit is used for intercepting the target IP packet if the domain name to be analyzed is in the preset advertisement domain name blacklist;
and the sending unit is used for sending the target IP packet to the DNS server if the domain name to be resolved is not in the preset advertisement domain name blacklist, so that the DNS server feeds back an IP address of a corresponding software server to the application program according to the domain name to be resolved, the application program accesses the software server based on the IP address, and acquires popup content fed back by the software server to display at a client.
According to a third aspect of the present invention, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of:
intercepting a target IP packet sent to a DNS by an application program;
analyzing the target IP packet, and determining a domain name to be analyzed in the target IP packet;
judging whether the domain name to be analyzed is in a preset advertisement domain name blacklist or not;
if the domain name to be analyzed is in the preset advertisement domain name blacklist, intercepting the target IP packet;
and if the domain name to be resolved is not in the preset advertisement domain name blacklist, sending the target IP packet to the DNS so that the DNS feeds back an IP address of a corresponding software server to the application program according to the domain name to be resolved, and the application program accesses the software server based on the IP address and acquires popup content fed back by the software server to display at a client.
According to a fourth aspect of the present invention, there is provided a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the following steps when executing the program:
intercepting a target IP packet sent to a DNS by an application program;
analyzing the target IP packet, and determining a domain name to be analyzed in the target IP packet;
judging whether the domain name to be analyzed is in a preset advertisement domain name blacklist or not;
if the domain name to be analyzed is in the preset advertisement domain name blacklist, intercepting the target IP packet;
and if the domain name to be resolved is not in the preset advertisement domain name blacklist, sending the target IP packet to the DNS so that the DNS feeds back an IP address of a corresponding software server to the application program according to the domain name to be resolved, and the application program accesses the software server based on the IP address and acquires popup content fed back by the software server to display at a client.
Compared with the current mode of setting some simple interception strategies at a client to intercept the advertisement, the advertisement interception method, the advertisement interception device, the storage medium and the computer equipment provided by the invention can intercept the target IP packet sent by an application program to a DNS (domain name system) server; analyzing the target IP packet, and determining a domain name to be analyzed in the target IP packet; meanwhile, judging whether the domain name to be analyzed is in a preset advertisement domain name blacklist or not; if the domain name to be analyzed is in the preset advertisement domain name blacklist, intercepting the target IP packet; and if the domain name to be resolved is not in the preset advertisement domain name blacklist, sending the target IP packet to the DNS so that the DNS feeds back an IP address of a corresponding software server to the application program according to the domain name to be resolved, and the application program accesses the software server based on the IP address and acquires popup content fed back by the software server to display at a client. Therefore, by intercepting the domain name resolution request sent by the application program to the DNS server, the application program can be prevented from obtaining the IP address of the corresponding software server, the software server cannot be accessed, and then the advertisement popup window cannot be displayed at the client side, so that the purpose of effectively intercepting the advertisement popup window at the client side is realized, meanwhile, all advertisement domain name resolution requests can be effectively intercepted through presetting the advertisement domain name blacklist, the interception rate of the advertisement popup window is improved, and the influence on the internet surfing experience of a user is avoided.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
FIG. 1 is a flow chart of an advertisement blocking method according to an embodiment of the present invention;
FIG. 2 is a flow chart of another advertisement blocking method provided by the embodiment of the invention;
FIG. 3 is a schematic structural diagram illustrating an advertisement blocking device according to an embodiment of the present invention;
FIG. 4 is a schematic structural diagram of another advertisement blocking device provided in the embodiment of the present invention;
fig. 5 shows a physical structure diagram of a computer device according to an embodiment of the present invention.
Detailed Description
The invention will be described in detail hereinafter with reference to the accompanying drawings in conjunction with embodiments. It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
Currently, advertisements are generally intercepted according to an interception policy set by a client. However, since the interception policy set by the client is simple, only part of the advertisements can be intercepted, so that some malicious advertisements which are not successfully intercepted seriously affect the internet surfing experience of the user, and even bring property loss to the user.
In order to solve the above problem, an embodiment of the present invention provides an advertisement blocking method, as shown in fig. 1, where the method includes:
101. and intercepting a target IP packet sent to the DNS by the application program.
The application is installed on the user computer, the DNS server is a public server, and its corresponding IP address, for example, 114.114.114.114, and the destination IP packet is an outbound packet including UDP packet and all destination ports of the client are 53. In order to overcome the defect that the advertisement popup cannot be effectively intercepted in the prior art, the embodiment of the invention can intercept the domain name resolution request sent by the application program to the DNS by sending the preset advertisement domain name blacklist established by the server to the client, so that the application program can be prevented from obtaining the IP address of the corresponding software server, the application program cannot access the software server, and the advertisement popup cannot be displayed on the client, and the purpose of effectively intercepting the advertisement popup is achieved. The execution subject of the embodiment of the invention is a device or equipment capable of intercepting advertisements, and can be specifically arranged at one side of a client.
Specifically, the application program on the user computer sends out an IP packet, and in order to intercept malicious advertisements on the user computer, a Windows WFP technology may be used to detect all IP packets of the client, and if a target port corresponding to a certain IP packet is 53, and at the same time, includes a UDP protocol packet, and is an outbound packet, it may be determined that the IP packet is a target IP packet sent by the application program to the DNS server, and is intercepted.
102. And analyzing the target IP packet, and determining the domain name to be analyzed in the target IP packet.
Where the domain name to be resolved is a URL link, such as www.baidu.com. For the embodiment of the invention, in order to intercept the advertisement popup on the user computer, the target IP packet is analyzed to obtain the domain name to be analyzed in the target IP packet, and if the domain name to be analyzed is in the preset advertisement domain name blacklist, the target IP packet is intercepted; if the domain name to be resolved is not in the preset advertisement domain name blacklist, the IP packet is subjected to release processing, the DNS public network server can receive the target IP packet and feed back the IP address of the corresponding software server to the application program, the application program can send a request for acquiring popup content to the software server based on the IP address, the software server can feed back the popup content to the application program after receiving the request, and the application program can display the popup content on a user computer.
Specifically, after the target IP packet is intercepted, a corresponding payload, that is, a UDP packet is resolved according to a UDP protocol (rfc768), and the target IP packet may further include a TCP packet, in the embodiment of the present invention, the TCP packet is directly released, only the UDP packet is processed, and then the UDP packet is resolved by using a DNS protocol (rfc1035) to obtain a DNS request packet, where multiple resolution requests may be related to the DNS request packet, but in the embodiment of the present invention, only a domain name resolution request is concerned, and after the domain name resolution request is obtained, a domain name to be resolved in the domain name resolution request is read, so as to determine whether the domain name to be resolved is in a preset advertisement blacklist.
103. And judging whether the domain name to be analyzed is in a preset advertisement domain name blacklist or not.
The preset advertisement domain name blacklist can record a large number of advertisement domain names of application programs installed on a user computer in advance and record the advertisement domain names in the blacklist, the preset advertisement domain name blacklist can record advertisement domain names of all application programs used by the user, can also record advertisement domain names of some malicious software only, and can be configured according to actual service requirements. In addition, after the server side completes the construction of the preset advertisement domain name blacklist, the preset advertisement domain name blacklist is issued to the client side, so that the advertisement on the user computer is intercepted by using the preset advertisement domain name blacklist.
For the embodiment of the invention, after a target IP packet is analyzed, a domain name to be analyzed in the target IP packet is obtained, the domain name to be analyzed is matched with each advertisement domain name in a preset advertisement domain name blacklist, namely, whether the domain name to be analyzed exists in the preset advertisement domain name blacklist is judged, if yes, the IP is intercepted, and the IP packet is not sent to a DNS public network server; if not, the IP packet is normally released and sent to the DNS public network server.
104. And if the domain name to be analyzed is in the preset advertisement domain name blacklist, intercepting the target IP packet.
For the embodiment of the invention, if the domain name to be analyzed is in the preset advertisement blacklist, the target IP is intercepted and is not sent to the DNS public network server. Meanwhile, an invalid IP address can be created, for example, 0.0.0.0, an IP packet is created based on the invalid IP address, the IP packet is fed back to the application program, the application program analyzes the IP packet after receiving the IP packet and reads the invalid IP address, and based on the invalid IP address, the application program cannot always access the corresponding software server and further cannot acquire the advertisement content fed back by the software server, so that the advertisement popup window of the application program cannot be displayed on the user computer, and the effective interception of the advertisement popup window is realized.
105. And if the domain name to be resolved is not in the preset advertisement domain name blacklist, sending the target IP packet to the DNS so that the DNS feeds back an IP address of a corresponding software server to the application program according to the domain name to be resolved, and the application program accesses the software server based on the IP address and acquires popup content fed back by the software server to display at a client.
For the embodiment of the invention, if the domain name to be resolved is not in the preset advertisement blacklist, the IP packet is not intercepted, the IP packet is sent to the DNS public network server, the DNS public network server resolves the domain name to be resolved in the target IP packet, the IP address corresponding to the domain name to be resolved, namely the IP address of the software server, the IP address of the software server is fed back to the application program, and the application program can send the acquisition request of the popup content to the software server based on the IP address of the software server, receive the popup content fed back by the software server and display the popup content on the user computer.
Compared with the existing mode that a plurality of simple interception strategies are set at the client side to intercept the advertisement, the advertisement interception method provided by the embodiment of the invention can intercept the target IP packet sent by the application program to the DNS; analyzing the target IP packet, and determining a domain name to be analyzed in the target IP packet; meanwhile, judging whether the domain name to be analyzed is in a preset advertisement domain name blacklist or not; if the domain name to be analyzed is in the preset advertisement domain name blacklist, intercepting the target IP packet; and if the domain name to be resolved is not in the preset advertisement domain name blacklist, sending the target IP packet to the DNS so that the DNS feeds back an IP address of a corresponding software server to the application program according to the domain name to be resolved, and the application program accesses the software server based on the IP address and acquires popup content fed back by the software server to display at a client. Therefore, by intercepting the domain name resolution request sent by the application program to the DNS server, the application program can be prevented from obtaining the IP address of the corresponding software server, the software server cannot be accessed, and then the advertisement popup window cannot be displayed at the client side, so that the purpose of effectively intercepting the advertisement popup window at the client side is realized, meanwhile, all advertisement domain name resolution requests can be effectively intercepted through presetting the advertisement domain name blacklist, the interception rate of the advertisement popup window is improved, and the influence on the internet surfing experience of a user is avoided.
Further, in order to better explain the above process of intercepting the advertisement popup window, as a refinement and an extension of the above embodiment, an embodiment of the present invention provides another advertisement intercepting method, as shown in fig. 2, where the method includes:
201. and intercepting a target IP packet sent to the DNS by the application program.
For the embodiment of the present invention, in order to intercept a target IP packet sent by an application to a DNS server, step 201 specifically includes: acquiring an IP packet of a client, and judging whether the IP packet is an IP packet with a target port of 53; if the IP packet is an IP packet with a target port of 53, judging whether the IP packet contains a UDP protocol packet; if the IP packet contains the UDP protocol packet, judging whether the IP packet is an outbound packet: and if the IP packet is the outbound packet, determining that the IP packet is a target IP packet sent to a DNS server by the application program, and intercepting the target IP packet.
Specifically, all IP packets of the client are detected, whether a target port of an IP packet is 53 is determined, if yes, it is necessary to determine whether the IP packet includes a UDP packet, if yes, it is continuously determined whether the IP packet is an outbound packet, and if so, it may be finally determined that the IP packet is a target IP packet sent by an application to a DNS server, and it is necessary to intercept the target IP packet, so as to determine whether a domain name to be resolved in the target IP packet is in a preset advertisement domain name blacklist.
202. And analyzing the target IP packet, and determining the domain name to be analyzed in the target IP packet.
For the embodiment of the present invention, in order to obtain the domain name to be resolved in the target IP packet, step 202 specifically includes: analyzing a UDP packet in the IP packet according to a UDP protocol; and analyzing the UDP packet according to a DNS protocol to obtain a domain name analysis request in the DNS request packet, and reading a domain name to be analyzed in the domain name analysis request. Further, the analyzing the UDP packet according to the DNS protocol to obtain the domain name resolution request in the DNS request packet includes: analyzing the UDP packet according to the DNS protocol to obtain the DNS request packet: and identifying domain name resolution requests with Qtype of A and CNAME in the DNS request packet.
Specifically, after a target IP packet is intercepted, payload data, namely a UDP packet, in the target IP packet is analyzed according to a UPD protocol (rfc768), the UDP packet is analyzed according to a DNS (rfc1035), a DNS request packet is obtained, and as the DNS request packet comprises a plurality of analysis requests, in the embodiment of the invention, only domain name requests are concerned, so that the analysis requests that Qype is not A and not CNAME in the DNS request are released, domain name analysis requests that Qtype is A and CNAME in the DNS request packet are obtained at the same time, and domain names to be analyzed in the analysis requests are read, so that whether the domain names to be analyzed are in a preset advertisement domain name blacklist or not is judged. Further, after the DNS request packet is obtained, the original IP address, the original port, the destination IP address, and the destination port corresponding to the DNS request packet are recorded.
203. And judging whether the domain name to be analyzed is in a preset advertisement domain name blacklist or not.
For the embodiment of the present invention, the specific process of determining whether the domain name to be resolved is in the preset advertisement domain name blacklist is completely the same as step 103, and is not described herein again.
204. And if the domain name to be analyzed is in the preset advertisement domain name blacklist, intercepting the target IP packet, acquiring an invalid IP address corresponding to the application program, constructing a corresponding IP packet based on the invalid IP address, and feeding back the IP packet to the application program.
For the embodiment of the invention, if the domain name to be resolved is in the preset advertisement domain name blacklist, the target IP packet is intercepted and not sent to the DNS server, and then an invalid IP packet can be generated and fed back to the application program sending the request, aiming at the process, the method comprises the following steps: constructing a DNS response packet corresponding to the DNS request packet according to the DNS protocol based on the invalid IP address corresponding to the application program; setting an original port corresponding to the DNS request packet as a target port corresponding to the DNS response packet, and setting a target port corresponding to the DNS request packet as an original port corresponding to the DNS response packet; setting an original IP address corresponding to the DNS request packet as a target IP address corresponding to the DNS response packet, and setting the target IP address corresponding to the DNS request packet as the original IP address corresponding to the DNS response packet; constructing the DNS response packet into a corresponding UDP packet according to the UDP protocol based on a target port and an original port corresponding to the DNS response packet; and constructing a UDP packet corresponding to the DNS response packet into a corresponding IP packet according to an IP protocol based on the target IP address and the original IP address corresponding to the DNS response packet.
Specifically, after intercepting the target IP packet, if it is determined that the domain name to be resolved is in the preset advertisement domain name blacklist, discarding the target IP packet and creating an IP that cannot provide normal services, such as 0.0.0.0, constructing a DNS response packet corresponding to the DNS request packet according to the DNS protocol based on the invalid IP address, and at the same time, setting the original port as a target port corresponding to the DNS response packet and setting the target port as an original port corresponding to the DNS response packet, constructing a UDP packet according to the UDP protocol based on the target port and the original port corresponding to the DNS response packet and the DNS response packet, further setting the original IP as a target IP of the DNS response packet, setting the target IP as an original IP of the DNS response packet, constructing an IP packet according to the IP protocol (rfc791) based on the target IP and the original IP corresponding to the DNS response packet and the devudp packet, and sending the constructed IP packet to the application program through the windows control api, when the application program receives the IP packet, the application program cannot access the software server, and further cannot acquire advertisement content to be displayed on the client.
205. And if the domain name to be resolved is not in the preset advertisement domain name blacklist, sending the target IP packet to the DNS so that the DNS feeds back an IP address of a corresponding software server to the application program according to the domain name to be resolved, and the application program accesses the software server based on the IP address and acquires popup content fed back by the software server to display at a client.
Compared with the traditional mode that a plurality of simple interception strategies are set at the client side to intercept the advertisement, the other advertisement interception method provided by the embodiment of the invention can intercept the target IP packet sent by the application program to the DNS server; analyzing the target IP packet, and determining a domain name to be analyzed in the target IP packet; meanwhile, judging whether the domain name to be analyzed is in a preset advertisement domain name blacklist or not; if the domain name to be analyzed is in the preset advertisement domain name blacklist, intercepting the target IP packet; and if the domain name to be resolved is not in the preset advertisement domain name blacklist, sending the target IP packet to the DNS so that the DNS feeds back an IP address of a corresponding software server to the application program according to the domain name to be resolved, and the application program accesses the software server based on the IP address and acquires popup content fed back by the software server to display at a client. Therefore, by intercepting the domain name resolution request sent by the application program to the DNS server, the application program can be prevented from obtaining the IP address of the corresponding software server, the software server cannot be accessed, and then the advertisement popup window cannot be displayed at the client side, so that the purpose of effectively intercepting the advertisement popup window at the client side is realized, meanwhile, all advertisement domain name resolution requests can be effectively intercepted through presetting the advertisement domain name blacklist, the interception rate of the advertisement popup window is improved, and the influence on the internet surfing experience of a user is avoided.
Further, as a specific implementation of fig. 1, an embodiment of the present invention provides an advertisement blocking apparatus, as shown in fig. 3, the apparatus includes: a first interception unit 31, a determination unit 32, a determination unit 33, a second interception unit 34 and a sending unit 35.
The first intercepting unit 31 may be configured to intercept a target IP packet sent by an application to the DNS server.
The determining unit 32 may be configured to analyze the target IP packet, and determine a domain name to be analyzed in the target IP packet.
The determining unit 33 may be configured to determine whether the domain name to be resolved is in a preset advertisement domain name blacklist.
The second intercepting unit 34 may be configured to intercept the target IP packet if the domain name to be resolved is in the preset advertisement domain name blacklist.
The sending unit 35 may be configured to send the target IP packet to the DNS server if the domain name to be resolved is not in the preset advertisement domain name blacklist, so that the DNS server feeds back an IP address of a corresponding software server to the application program according to the domain name to be resolved, and the application program accesses the software server based on the IP address and obtains pop-up window content fed back by the software server to display at a client.
In a specific application scenario, in order to intercept a target IP packet sent by an application to a DNS server, as shown in fig. 4, the first intercepting unit 31 includes: a decision block 311 and an intercept block 312.
The determining module 311 may be configured to obtain an IP packet of a client, and determine whether the IP packet is an IP packet with a destination port of 53.
The determining module 311 is further configured to determine whether the IP packet includes a UDP packet if the IP packet is an IP packet with a destination port of 53.
The determining module 311 may be further configured to determine whether the IP packet is an outbound packet if the IP packet includes the UDP protocol packet.
The intercepting module 312 may be configured to determine that the IP packet is a target IP packet sent by the application to the DNS server and intercept the target IP packet if the IP packet is the outbound packet.
In a specific application scenario, in order to obtain a domain name to be resolved in a target IP packet, as shown in fig. 4, the determining unit 32 includes: a first parsing module 321 and a second parsing module 322.
The first parsing module 321 may be configured to parse a UDP packet in the IP packet according to a UDP protocol.
The second parsing module 322 may be configured to parse the UDP packet according to a DNS protocol to obtain a domain name parsing request in a DNS request packet, and read a domain name to be parsed in the domain name parsing request.
Further, to obtain the domain name resolution request in the DNS request packet, the second resolution module 322 includes: the system comprises an analysis submodule and an identification submodule.
The parsing submodule may be configured to parse the UDP packet according to the DNS protocol to obtain the DNS request packet.
The identification submodule may be configured to identify domain name resolution requests with Qtype of a and CNAME in the DNS request packet.
Further, the second parsing module 322 further includes a recording sub-module.
The recording sub-module may be configured to record an original IP address, an original port, a target IP address, and a target port corresponding to the DNS request packet.
In a specific application scenario, in order to feed back an invalid IP packet to an application program, the apparatus further includes: an acquisition unit 36 and a construction unit 37.
The obtaining unit 36 may be configured to obtain an invalid IP address corresponding to the application program.
The constructing unit 37 may be configured to construct a corresponding IP packet based on the invalid IP address, and feed back the IP packet to the application program.
Further, in order to construct an invalid IP packet, the constructing unit 37 specifically includes: a construction module 371 and a setup module 372.
The constructing module 371 may be configured to construct, based on the invalid IP address corresponding to the application program, a DNS response packet corresponding to the DNS request packet according to the DNS protocol.
The setting module 372 may be configured to set an original port corresponding to the DNS request packet as a target port corresponding to the DNS response packet, and set a target port corresponding to the DNS request packet as an original port corresponding to the DNS response packet.
The setting module 372 may be further configured to set an original IP address corresponding to the DNS request packet as a target IP address corresponding to the DNS response packet, and set a target IP address corresponding to the DNS request packet as an original IP address corresponding to the DNS response packet.
The constructing module 371 may be further configured to construct the DNS response packet into a corresponding UDP packet according to the UDP protocol based on the destination port and the original port corresponding to the DNS response packet.
The constructing module 371 may be further configured to construct, based on the target IP address and the original IP address corresponding to the DNS response packet, a UDP packet corresponding to the DNS response packet into a corresponding IP packet according to an IP protocol.
It should be noted that other corresponding descriptions of the functional modules related to the advertisement blocking apparatus provided in the embodiment of the present invention may refer to the corresponding description of the method shown in fig. 1, and are not described herein again.
Based on the method shown in fig. 1, correspondingly, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the following steps: intercepting a target IP packet sent to a DNS by an application program; analyzing the target IP packet, and determining a domain name to be analyzed in the target IP packet; judging whether the domain name to be analyzed is in a preset advertisement domain name blacklist or not; if the domain name to be analyzed is in the preset advertisement domain name blacklist, intercepting the target IP packet; and if the domain name to be resolved is not in the preset advertisement domain name blacklist, sending the target IP packet to the DNS so that the DNS feeds back an IP address of a corresponding software server to the application program according to the domain name to be resolved, and the application program accesses the software server based on the IP address and acquires popup content fed back by the software server to display at a client.
Based on the above embodiments of the method shown in fig. 1 and the apparatus shown in fig. 3, an embodiment of the present invention further provides an entity structure diagram of a computer device, as shown in fig. 5, where the computer device includes: a processor 41, a memory 42, and a computer program stored on the memory 42 and executable on the processor, wherein the memory 42 and the processor 41 are both arranged on a bus 43 such that when the processor 41 executes the program, the following steps are performed: intercepting a target IP packet sent to a DNS by an application program; analyzing the target IP packet, and determining a domain name to be analyzed in the target IP packet; judging whether the domain name to be analyzed is in a preset advertisement domain name blacklist or not; if the domain name to be analyzed is in the preset advertisement domain name blacklist, intercepting the target IP packet; and if the domain name to be resolved is not in the preset advertisement domain name blacklist, sending the target IP packet to the DNS so that the DNS feeds back an IP address of a corresponding software server to the application program according to the domain name to be resolved, and the application program accesses the software server based on the IP address and acquires popup content fed back by the software server to display at a client.
By the technical scheme, the target IP packet sent to the DNS by the application program can be intercepted; analyzing the target IP packet, and determining a domain name to be analyzed in the target IP packet; meanwhile, judging whether the domain name to be analyzed is in a preset advertisement domain name blacklist or not; if the domain name to be analyzed is in the preset advertisement domain name blacklist, intercepting the target IP packet; and if the domain name to be resolved is not in the preset advertisement domain name blacklist, sending the target IP packet to the DNS so that the DNS feeds back an IP address of a corresponding software server to the application program according to the domain name to be resolved, and the application program accesses the software server based on the IP address and acquires popup content fed back by the software server to display at a client. Therefore, by intercepting the domain name resolution request sent by the application program to the DNS server, the application program can be prevented from obtaining the IP address of the corresponding software server, the software server cannot be accessed, and then the advertisement popup window cannot be displayed at the client side, so that the purpose of effectively intercepting the advertisement popup window at the client side is realized, meanwhile, all advertisement domain name resolution requests can be effectively intercepted through presetting the advertisement domain name blacklist, the interception rate of the advertisement popup window is improved, and the influence on the internet surfing experience of a user is avoided.
It will be apparent to those skilled in the art that the modules or steps of the present invention described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed across a network of multiple computing devices, and alternatively, they may be implemented by program code executable by a computing device, such that they may be stored in a storage device and executed by a computing device, and in some cases, the steps shown or described may be performed in an order different than that described herein, or they may be separately fabricated into individual integrated circuit modules, or multiple ones of them may be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. An advertisement blocking method, comprising:
intercepting a target IP packet sent to a DNS by an application program;
analyzing the target IP packet, and determining a domain name to be analyzed in the target IP packet;
judging whether the domain name to be analyzed is in a preset advertisement domain name blacklist or not;
if the domain name to be analyzed is in the preset advertisement domain name blacklist, intercepting the target IP packet;
and if the domain name to be resolved is not in the preset advertisement domain name blacklist, sending the target IP packet to the DNS so that the DNS feeds back an IP address of a corresponding software server to the application program according to the domain name to be resolved, and the application program accesses the software server based on the IP address and acquires popup content fed back by the software server to display at a client.
2. The method of claim 1, wherein intercepting the target IP packet sent by the application to the DNS server comprises:
acquiring an IP packet of a client, and judging whether the IP packet is an IP packet with a target port of 53;
if the IP packet is an IP packet with a target port of 53, judging whether the IP packet contains a UDP protocol packet;
if the IP packet contains the UDP protocol packet, judging whether the IP packet is an outbound packet:
and if the IP packet is the outbound packet, determining that the IP packet is a target IP packet sent to a DNS server by the application program, and intercepting the target IP packet.
3. The method according to claim 1, wherein the parsing the target IP packet and determining the domain name to be parsed in the target IP packet comprises:
analyzing a UDP packet in the IP packet according to a UDP protocol;
and analyzing the UDP packet according to a DNS protocol to obtain a domain name analysis request in the DNS request packet, and reading a domain name to be analyzed in the domain name analysis request.
4. The method according to claim 3, wherein said parsing the UDP packet according to the DNS protocol to obtain the domain name resolution request in the DNS request packet comprises:
analyzing the UDP packet according to the DNS protocol to obtain the DNS request packet:
and identifying domain name resolution requests with Qtype of A and CNAME in the DNS request packet.
5. The method of claim 4, wherein after said parsing said UDP packet according to said DNS protocol to obtain said DNS request packet, said method further comprises:
and recording an original IP address, an original port, a target IP address and a target port corresponding to the DNS request packet.
6. The method of claim 5, wherein after said intercepting the target IP packet, the method further comprises:
acquiring an invalid IP address corresponding to the application program;
and constructing a corresponding IP packet based on the invalid IP address, and feeding back the IP packet to the application program.
7. The method of claim 6, wherein constructing the corresponding IP packet based on the invalid IP address comprises:
constructing a DNS response packet corresponding to the DNS request packet according to the DNS protocol based on the invalid IP address corresponding to the application program;
setting an original port corresponding to the DNS request packet as a target port corresponding to the DNS response packet, and setting a target port corresponding to the DNS request packet as an original port corresponding to the DNS response packet;
setting an original IP address corresponding to the DNS request packet as a target IP address corresponding to the DNS response packet, and setting the target IP address corresponding to the DNS request packet as the original IP address corresponding to the DNS response packet;
constructing the DNS response packet into a corresponding UDP packet according to the UDP protocol based on a target port and an original port corresponding to the DNS response packet;
and constructing a UDP packet corresponding to the DNS response packet into a corresponding IP packet according to an IP protocol based on the target IP address and the original IP address corresponding to the DNS response packet.
8. An advertisement blocking apparatus, comprising:
the system comprises a first interception unit, a second interception unit and a third interception unit, wherein the first interception unit is used for intercepting a target IP packet sent to a DNS (domain name server) by an application program;
the determining unit is used for analyzing the target IP packet and determining a domain name to be analyzed in the target IP packet;
the judging unit is used for judging whether the domain name to be analyzed is in a preset advertisement domain name blacklist or not;
the second intercepting unit is used for intercepting the target IP packet if the domain name to be analyzed is in the preset advertisement domain name blacklist;
and the sending unit is used for sending the target IP packet to the DNS server if the domain name to be resolved is not in the preset advertisement domain name blacklist, so that the DNS server feeds back an IP address of a corresponding software server to the application program according to the domain name to be resolved, the application program accesses the software server based on the IP address, and acquires popup content fed back by the software server to display at a client.
9. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 7.
10. A computer arrangement comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the computer program realizes the steps of the method of any one of claims 1 to 7 when executed by the processor.
CN202110956774.1A 2021-08-19 2021-08-19 Advertisement blocking method and device, storage medium and computer equipment Pending CN113779475A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110956774.1A CN113779475A (en) 2021-08-19 2021-08-19 Advertisement blocking method and device, storage medium and computer equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110956774.1A CN113779475A (en) 2021-08-19 2021-08-19 Advertisement blocking method and device, storage medium and computer equipment

Publications (1)

Publication Number Publication Date
CN113779475A true CN113779475A (en) 2021-12-10

Family

ID=78838321

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110956774.1A Pending CN113779475A (en) 2021-08-19 2021-08-19 Advertisement blocking method and device, storage medium and computer equipment

Country Status (1)

Country Link
CN (1) CN113779475A (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20080049532A (en) * 2006-11-30 2008-06-04 이승훈 Advertising method and system utilizing error page information attained at isp server
US20100268814A1 (en) * 2008-11-19 2010-10-21 Seachange International, Inc. Intercept Device for Providing Content
CN103716286A (en) * 2012-09-29 2014-04-09 联想(北京)有限公司 Advertisement intercepting method and electronic equipment
CN107040541A (en) * 2017-04-26 2017-08-11 努比亚技术有限公司 A kind of Ad blocking method, device and computer-readable medium
CN108282441A (en) * 2017-01-05 2018-07-13 中国移动通信集团辽宁有限公司 Ad blocking method and device
CN108418780A (en) * 2017-02-10 2018-08-17 阿里巴巴集团控股有限公司 Filter method and device, system, the dns server of IP address
CN110602270A (en) * 2019-11-01 2019-12-20 北京博睿宏远数据科技股份有限公司 Domain name resolution method and device, computer equipment and storage medium
CN111193815A (en) * 2019-12-24 2020-05-22 腾讯科技(深圳)有限公司 Domain name resolution method, domain name resolution device, computer readable storage medium and computer equipment
CN112149032A (en) * 2020-09-11 2020-12-29 麒麟合盛网络技术股份有限公司 Advertisement blocking method and device

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20080049532A (en) * 2006-11-30 2008-06-04 이승훈 Advertising method and system utilizing error page information attained at isp server
US20100268814A1 (en) * 2008-11-19 2010-10-21 Seachange International, Inc. Intercept Device for Providing Content
CN103716286A (en) * 2012-09-29 2014-04-09 联想(北京)有限公司 Advertisement intercepting method and electronic equipment
CN108282441A (en) * 2017-01-05 2018-07-13 中国移动通信集团辽宁有限公司 Ad blocking method and device
CN108418780A (en) * 2017-02-10 2018-08-17 阿里巴巴集团控股有限公司 Filter method and device, system, the dns server of IP address
CN107040541A (en) * 2017-04-26 2017-08-11 努比亚技术有限公司 A kind of Ad blocking method, device and computer-readable medium
CN110602270A (en) * 2019-11-01 2019-12-20 北京博睿宏远数据科技股份有限公司 Domain name resolution method and device, computer equipment and storage medium
CN111193815A (en) * 2019-12-24 2020-05-22 腾讯科技(深圳)有限公司 Domain name resolution method, domain name resolution device, computer readable storage medium and computer equipment
CN112149032A (en) * 2020-09-11 2020-12-29 麒麟合盛网络技术股份有限公司 Advertisement blocking method and device

Similar Documents

Publication Publication Date Title
US11916943B2 (en) Name translation monitoring
CN106068639B (en) The Transparent Proxy certification handled by DNS
US9026676B1 (en) Systems and methods for prepending nonce labels to DNS queries to enhance security
US9578040B2 (en) Packet receiving method, deep packet inspection device and system
US7711800B2 (en) Network connectivity determination
US8972571B2 (en) System and method for correlating network identities and addresses
US8533581B2 (en) Optimizing security seals on web pages
US10218733B1 (en) System and method for detecting a malicious activity in a computing environment
US9648033B2 (en) System for detecting the presence of rogue domain name service providers through passive monitoring
US20100057895A1 (en) Methods of Providing Reputation Information with an Address and Related Devices and Computer Program Products
US12003537B2 (en) Mitigating phishing attempts
CN112311722A (en) Access control method, device, equipment and computer readable storage medium
CN106790073B (en) Blocking method and device for malicious attack of Web server and firewall
Čermák et al. Detection of DNS traffic anomalies in large networks
CN113779475A (en) Advertisement blocking method and device, storage medium and computer equipment
CN115190107B (en) Multi-subsystem management method based on extensive domain name, management terminal and readable storage medium
KR20030039732A (en) Attacker traceback method by using edge router's log information in the internet
JP2019522416A (en) System and method for DNS request suppression
CN116723020A (en) Network service simulation method and device, electronic equipment and storage medium
CN111371917B (en) Domain name detection method and system
US11683337B2 (en) Harvesting fully qualified domain names from malicious data packets
CN111669376B (en) Method and device for identifying safety risk of intranet
CN110769004B (en) DNS anti-pollution method used in DNS client or proxy server
KR20200091700A (en) Method for identifying terminals sharing public IP address and apparatus therefor
US20240267359A1 (en) Domain name system (dns) security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20211210

RJ01 Rejection of invention patent application after publication