CN102467633A

Movatterモバイル変換

Info

Publication number: CN102467633A
Application number: CN2010105525703A
Authority: CN
Inventors: 陶伟华; 刘起
Original assignee: Qizhi Software Beijing Co Ltd
Current assignee: Qizhi Software Beijing Co Ltd
Priority date: 2010-11-19
Filing date: 2010-11-19
Publication date: 2012-05-23
Also published as: CN107016287A

Abstract

The invention relates to a safety method for browsing web pages and a system thereof.A browser sends related information of a website to be accessed by a user to a cloud server through the Internet; then the cloud server receives the website relevant information and matches the website relevant information with the information in the cloud library; and finally, determining the security category of the website to be accessed by the user, and determining whether to give a prompt and/or intercept the website to be accessed. The invention can be applied to the field of network security.

Description

Translated fromChinese

一种安全浏览网页的方法及其系统A method and system for safely browsing web pages

技术领域technical field

本发明涉及计算机网络技术，尤其涉及计算机网络安全技术。The invention relates to computer network technology, in particular to computer network security technology.

背景技术Background technique

随着互联网的发展，基于WEB的应用日益普及，人们通过浏览器可以查询银行账户、网上购物、电子商务、查询信息、获取知识、进行娱乐等，WEB为人们提供了方便和快捷的交互方式。With the development of the Internet, WEB-based applications are becoming more and more popular. People can query bank accounts, online shopping, e-commerce, query information, acquire knowledge, and perform entertainment through browsers. WEB provides people with a convenient and fast way of interaction.

然而，人们在上网冲浪浏览网页的同时，经常会遭遇到恶意网站的侵袭，导致计算机被病毒、木马等感染。However, when people are surfing the Internet and browsing the web, they often encounter attacks from malicious websites, causing computers to be infected by viruses, Trojan horses, and the like.

不安全网站主要有恶意网站、挂马网站、钓鱼网站、欺诈网站等，目前用于对抗不安全网站最常用的方法有两种，一种是基于本地的解决方案，即将防病毒软件安装到本地计算机中，并通过该防病毒软件过滤病毒、木马等危险内容，从而防止病毒、木马等对计算机的攻击。另一种是基于网络的解决方案，该方法通过分析网络上的业务量及危险代码来防止病毒对计算机的攻击，如采用万维网过滤器等，此种方法通常依靠代理服务器来过滤危险或恶意代码，以防止病毒在网络服务器与计算机之间传递。Unsafe websites mainly include malicious websites, websites linked to horses, phishing websites, fraudulent websites, etc. Currently, there are two most commonly used methods to combat unsafe websites. One is a local-based solution, which is to install anti-virus software locally In the computer, and through the anti-virus software to filter viruses, Trojans and other dangerous content, so as to prevent viruses, Trojans and other attacks on the computer. The other is a network-based solution, which prevents viruses from attacking computers by analyzing traffic and dangerous codes on the network, such as using World Wide Web filters, etc. This method usually relies on proxy servers to filter dangerous or malicious codes , to prevent viruses from passing between the web server and the computer.

然而，由于新病毒的不断开发，防病毒软件需要及时得到更新，在未更新前，计算机处于危险状态；而代理服务器虽然用于过滤从网络服务器到计算机之间的网页，但最终仍然要将网页发送至计算机，因此仍旧在一定程度上存在风险。However, due to the continuous development of new viruses, the antivirus software needs to be updated in time, and the computer is in a dangerous state before it is updated; and although the proxy server is used to filter the webpage from the network server to the computer, it still has to upload the webpage to the computer in the end. sent to a computer, so there is still some risk involved.

由此可见，尽管人们做了大量工作来阻止恶意网站，但是用户通过浏览器浏览网页时仍然存在受恶意网址侵袭的风险。It can be seen that although people have done a lot of work to block malicious websites, users still have the risk of being attacked by malicious URLs when browsing web pages through browsers.

发明内容Contents of the invention

本发明提供了一种能解决以上问题的安全浏览网页的方法及其系统。The invention provides a method and system for safely browsing webpages capable of solving the above problems.

在第一方面，本发明提供了一种基于浏览器的安全浏览方法，且该浏览器通过互联网与云端服务器进行信息交互，该方法包括以下步骤：In a first aspect, the present invention provides a browser-based safe browsing method, and the browser performs information interaction with a cloud server through the Internet, and the method includes the following steps:

首先，该浏览器将用户所要访问的网址相关信息，通过互联网发送至该云端服务器；然后，该云端服务器接收该网址相关信息，再将该网址相关信息与云库中的信息进行匹配；最后确定该用户所要访问网站的安全类别，并决定是否给出提示和/或拦截所要访问的网址。First, the browser sends the relevant information of the website that the user wants to visit to the cloud server through the Internet; then, the cloud server receives the relevant information of the website, and then matches the relevant information of the website with the information in the cloud library; finally, it is determined The security category of the website that the user wants to visit, and decide whether to give a prompt and/or block the website to be visited.

在第二方面，本发明提供了一种安全浏览系统，该系统包括浏览器和云端服务器。该浏览器用于将用户所要访问的网址相关信息，通过互联网发送至该云端服务器。该云端服务器用于接收该网址相关信息，再将该网址相关信息与云库中的信息进行匹配，并确定该用户所要访问网站的安全类别，并决定是否给出提示和/或拦截所要访问的网址。In a second aspect, the present invention provides a safe browsing system, which includes a browser and a cloud server. The browser is used to send the relevant information of the website to be visited by the user to the cloud server through the Internet. The cloud server is used to receive the relevant information of the website, and then match the relevant information of the website with the information in the cloud library, and determine the security category of the website that the user wants to visit, and decide whether to give a prompt and/or block the website to be visited. URL.

在第三方面，本发明提供了一种基于浏览器的安全浏览方法，且该浏览器通过互联网与云端服务器进行信息交互，并且该浏览器、过滤模块处于本地计算机中，该方法包括以下步骤：In a third aspect, the present invention provides a browser-based safe browsing method, and the browser performs information interaction with the cloud server through the Internet, and the browser and the filtering module are located in the local computer, and the method includes the following steps:

首先，该过滤模块接收所述网址相关信息，再对该网址相关信息进行检测，以确定该网址相关信息所属类别，若该过滤模块无法对该网址相关信息进行分类，则将该网址相关信息及其网址发送至云端服务器；Firstly, the filtering module receives the relevant information of the website, and then detects the relevant information of the website to determine the category to which the relevant information of the website belongs. If the filtering module cannot classify the relevant information of the website, then the relevant information of the website and Its URL is sent to the cloud server;

最后，该云端服务器接收所述网址相关信息及其网址，并将该网址相关信息与云库中的信息进行匹配，以确定该用户所要访问网站的安全类别。Finally, the cloud server receives the website-related information and its website address, and matches the website-related information with the information in the cloud library to determine the security category of the website that the user wants to visit.

在第四方面，本发明提供了一种基于浏览器的安全浏览系统，该系统包括浏览器、过滤模块、云端服务器。In a fourth aspect, the present invention provides a browser-based secure browsing system, which includes a browser, a filtering module, and a cloud server.

该浏览器用于将用户所要访问的网址相关信息，发送至该过滤模块。该过滤模块用于接收所述网址相关信息，再对该网址相关信息进行检测，以确定该网址相关信息所属类别，若该该过滤模块无法对该网址相关信息进行分类，则将该网址相关信息及其网址发送至云端服务器。该云端服务器用于接收所述网址相关信息及其网址，并将该网址相关信息与云库中的信息进行匹配，以确定该用户所要访问网站的安全类别，并决定是否给出提示和/或拦截所要访问的网址。The browser is used to send the relevant information of the website to be visited by the user to the filtering module. The filtering module is used to receive the relevant information of the website, and then detect the relevant information of the website to determine the category of the relevant information of the website, if the filtering module cannot classify the relevant information of the website, then the relevant information of the website and its URL are sent to the cloud server. The cloud server is used to receive the relevant information of the website and its website, and match the relevant information of the website with the information in the cloud library to determine the security category of the website that the user wants to visit, and decide whether to give a prompt and/or Block the URL you want to visit.

在第五方面，本发明提供了一种基于浏览器的安全浏览方法，且该浏览器通过互联网与云端服务器进行信息交互，并且该浏览器、过滤模块处于本地计算机中，该方法包括以下步骤：In the fifth aspect, the present invention provides a browser-based safe browsing method, and the browser performs information interaction with the cloud server through the Internet, and the browser and the filtering module are located in the local computer, and the method includes the following steps:

首先，该浏览器将用户所要访问的网址相关信息，发送至该过滤模块及该云端服务器；Firstly, the browser sends information related to the website to be visited by the user to the filtering module and the cloud server;

然后，该过滤模块接收来自该浏览器的网址相关信息，再对该网址相关信息进行检测，以确定该网址相关信息所属类别，然后将该该检测结果发送至该浏览器；和/或Then, the filtering module receives the URL-related information from the browser, and then detects the URL-related information to determine the category to which the URL-related information belongs, and then sends the detection result to the browser; and/or

该云端服务器接收来自该浏览器的网址相关信息，再将该网址相关信息与云库中的信息进行匹配，然后将该匹配结果发送至该浏览器；The cloud server receives URL-related information from the browser, matches the URL-related information with information in the cloud library, and then sends the matching result to the browser;

最后，该浏览器接收来自该过滤模块和/或该云端服务器的相应结果，并根据该结果来确定该用户所要访问网站的安全类别，从而决定是否给出提示和/或拦截所要访问的网址。Finally, the browser receives the corresponding result from the filtering module and/or the cloud server, and determines the security category of the website that the user wants to visit according to the result, so as to decide whether to give a prompt and/or block the website to be visited.

本发明通过云端服务器判定用户所访问网页是否安全，从而保证了用户通过浏览器安全地访问网页，阻止了木马、病毒等不安全因素通过浏览器侵入到计算机中。此外，由于云端服务器具有实时性特征，其能够识别出最新危险网址特征，因此确保了用户浏览网页时，其计算机受到新恶意网站的侵害。The invention judges whether the webpage accessed by the user is safe through the cloud server, thereby ensuring that the user safely accesses the webpage through the browser, and preventing unsafe factors such as Trojans and viruses from intruding into the computer through the browser. In addition, because the cloud server has real-time characteristics, it can identify the latest dangerous website characteristics, thus ensuring that the user's computer is infringed by new malicious websites when browsing the web.

附图说明Description of drawings

下面将参照附图对本发明的具体实施方案进行更详细的说明，在附图中：Specific embodiments of the present invention will be described in more detail below with reference to the accompanying drawings, in the accompanying drawings:

图1是本发明一个实施例的安全浏览系统示意图；Fig. 1 is a schematic diagram of a safe browsing system according to an embodiment of the present invention;

图2是本发明另一个实施例的安全浏览系统示意图；Fig. 2 is a schematic diagram of a safe browsing system according to another embodiment of the present invention;

图3是本发明又一个实施例的安全浏览系统示意图。Fig. 3 is a schematic diagram of a safe browsing system according to another embodiment of the present invention.

具体实施方式Detailed ways

图1是本发明一个实施例的安全浏览系统示意图，该安全浏览系统包括浏览器110、过滤模块120、云端服务器130；其中，浏览器110和过滤模块120存在于本地计算机中。FIG. 1 is a schematic diagram of a safe browsing system according to an embodiment of the present invention. The safe browsing system includes a browser 110, a filtering module 120, and a cloud server 130; wherein, the browser 110 and the filtering module 120 exist in a local computer.

浏览器110将用户所要访问或其可能访问网页的网址信息，发送至过滤模块120；其中，该网址信息包括用户浏览网页的网址、用户浏览网页网址中的部分内容、用户收藏夹的网址、用户收藏夹中网址的部分内容等，以下将其统称为网址信息。The browser 110 sends the URL information of the webpage that the user wants to visit or may visit to the filtering module 120; wherein, the URL information includes the URL of the webpage browsed by the user, part of the content in the URL of the webpage browsed by the user, the URL of the user's favorites, the user's Some content of URLs in favorites, etc., are collectively referred to as URL information hereinafter.

需要说明的是，浏览器每次可以发送一个网址信息也可以发送一批网址信息。It should be noted that the browser can send one URL information or a batch of URL information each time.

过滤模块120接收来自浏览器110的该网址信息，并提取该信息中的特征，再将该提取到的特征与过滤模块120所属恶意网址库中的信息进行匹配，以识别该网址是否为危险网址。需要说明的是，过滤模块120也可以不提取网址信息中的特征，而是直接将该网址信息与恶意网址库中信息进行匹配。The filtering module 120 receives the URL information from the browser 110, and extracts the features in the information, and then matches the extracted features with the information in the malicious URL library to which the filtering module 120 belongs, to identify whether the URL is a dangerous URL . It should be noted that the filtering module 120 may also not extract the features in the URL information, but directly match the URL information with the information in the malicious URL database.

其中，该过滤模块120所采用的匹配方法为，将来自浏览器110的网址信息采用哈希算法计算得到哈希值，再将该哈希值与云库中信息进行匹配。Wherein, the matching method adopted by the filtering module 120 is to calculate a hash value from the URL information from the browser 110 using a hash algorithm, and then match the hash value with the information in the cloud database.

一个例子中，所述提取到的特征与恶意网址库中某一危险网址特征相匹配，则说明该特征所属网页为不安全网页，则过滤模块120将“该网页为不安全网页”这一信息返回给浏览器110；而后一旦用户访问该网页，浏览器110就会在该页面上显示红灯，以警告用户其所要访问的网页为不安全网页。In an example, if the extracted feature matches a dangerous URL feature in the malicious URL database, it indicates that the webpage to which the feature belongs is an unsafe webpage, and the filtering module 120 will filter the information "this webpage is an unsafe webpage" Return to the browser 110; then once the user visits the webpage, the browser 110 will display a red light on the page to warn the user that the webpage to be visited is an unsafe webpage.

另一个例子中，所述提取到的特征与恶意网址库中某一疑似危险网址特征相匹配，则说明该特征所属网页为疑似不安全网页，则过滤模块120将“该网页为疑似不安全网页”这一信息返回给浏览器110；而后一旦用户访问该网页，浏览器110就会在该网页上显示黄灯，以提示用户其所要访问网页为疑似不安全网页。In another example, if the extracted feature matches a suspected dangerous URL feature in the malicious URL library, it means that the webpage to which the feature belongs is a suspected unsafe webpage, and the filtering module 120 will "this webpage is a suspected unsafe webpage "This information is returned to browser 110; Then once the user visits this webpage, browser 110 will display a yellow light on this webpage, to remind the user that the webpage it wants to visit is a suspected unsafe webpage.

又一个例子中，所述提取到的特征与恶意网址库中任何危险网址特征及疑似危险网址特征均不匹配，则该特征尚未被过滤模块120中的恶意网址库定义，因此该特征所属网页可能是安全网页，则过滤模块120将该提取到的特征通过互联网发送至云端服务器130，以便云端服务器130能够继续判定该特征所属网页是否安全。In yet another example, if the extracted feature does not match any dangerous URL feature or suspected dangerous URL feature in the malicious URL library, then the feature has not been defined by the malicious URL library in the filtering module 120, so the webpage to which the feature belongs may If the webpage is a secure webpage, the filtering module 120 sends the extracted feature to the cloud server 130 through the Internet, so that the cloud server 130 can continue to determine whether the webpage to which the feature belongs is safe.

云端服务器130将过滤模块120提取到的特征与云库中的危险网址信息进行匹配，以便确定该特征所属网站的安全类别及相应安全等级；并且云端服务器130在判定到该特征所属网页为不安全网页时，其将该网页及该特征发送至过滤模块120，以便扩充过滤模块120中恶意网址库中的危险网址特征；其中，该云库属于该云端服务器130中。其中，该网站安全类别可分为挂马网站、钓鱼网站、欺诈网站、恶意网站、安全网站等，且每一类别网站均设有相应安全等级，如安全等级从1级到10级，从而使云端服务器130能够将该匹配到信息进行归类，并获得该匹配到信息在该类别中所处安全等级。The cloud server 130 matches the feature extracted by the filtering module 120 with the dangerous website information in the cloud library, so as to determine the safety category and corresponding security level of the website to which the feature belongs; and the cloud server 130 determines that the webpage to which the feature belongs is unsafe webpage, it sends the webpage and the features to the filtering module 120, so as to expand the features of dangerous URLs in the malicious URL library in the filtering module 120; wherein, the cloud library belongs to the cloud server 130. Among them, the security category of the website can be divided into Trojan websites, phishing websites, fraudulent websites, malicious websites, safe websites, etc., and each type of website has a corresponding security level, such as security levels from 1 to 10, so that The cloud server 130 can classify the matched information, and obtain the security level of the matched information in the category.

一个例子中，所述特征与云库中的某一危险网址特征相匹配，则说明该特征所属网页为不安全网页，如恶意网站、欺诈网站等明显包含恶意广告代码等性质的网页，因此云端服务器130将“该网页为不安全网页”这一信息通过互相网返回给浏览器110；而后浏览器110根据云端服务器130得到的该分析结果，在用户访问该网页时，在该页面上显示红灯，以警告用户该网站为不安全网站，并推荐其正确的官方网站的网址。In one example, if the feature matches a certain dangerous website feature in the cloud library, it means that the webpage to which the feature belongs is an unsafe webpage, such as a malicious website, a fraudulent website, etc., which obviously contain malicious advertising codes, etc. The server 130 returns the information "this webpage is an unsafe webpage" to the browser 110 through the Internet; then the browser 110 displays a red flag on the webpage when the user visits the webpage according to the analysis result obtained by the cloud server 130. light to warn users that the site is unsafe and recommend them the URL of the correct official site.

另一个例子中，所述特征与云库中的某一疑似危险网址相匹配时，则说明该特征所属网页为疑似不安全网页，如含有部分广告性质的恶意脚本代码等，因此云端服务器130将“该网页为疑似不安全网页”这一信息通过互联网返回给浏览器110；而后浏览器110根据云端服务器130得到的该分析结果，在用户访问网页时，在该页面上显示黄灯，以提示用户该网站为疑似不安全网站。In another example, when the feature matches a suspected dangerous website in the cloud library, it indicates that the web page to which the feature belongs is a suspected unsafe web page, such as containing some malicious script codes of advertisement nature, etc., so the cloud server 130 will The information "this webpage is a suspected unsafe webpage" is returned to the browser 110 through the Internet; then the browser 110 displays a yellow light on the page when the user visits the webpage according to the analysis result obtained by the cloud server 130, to prompt The user's website is a suspected unsafe website.

又一个例子中，所述特征与云库中的所有危险网址及疑似危险网址均不匹配，则说明该特征所属网页为安全网页，因此云端服务器130将“该网页为安全网页”这一信息通过互联网返回给浏览器110；而后浏览器110根据云端服务器130得到的该分析结果，在用户访问该网页时，在该页面上显示绿灯，以表示该用户所访问网站为安全网站。In yet another example, if the feature does not match all dangerous URLs and suspected dangerous URLs in the cloud library, it indicates that the webpage to which the feature belongs is a safe webpage, so the cloud server 130 sends the information "this webpage is a safe webpage" through The Internet returns to the browser 110; then the browser 110 displays a green light on the page when the user visits the webpage according to the analysis result obtained by the cloud server 130, to indicate that the website visited by the user is a safe website.

此外，云端服务器130定期对云库中的不安全网站及疑似不安全网站进行再分析，如判定其是否已经成为安全网站，或者其是否新增了不安全特征，然后将已成为安全网站的网址从云库中删除，将新增的不安全特征提取并存储至云库中；并且云端服务器130还可以将已成为安全网站的网址从过滤模块120的恶意网址库中删除，将新增的不安全特征提取并存储至过滤模块120的恶意网址库中。In addition, the cloud server 130 regularly re-analyzes the unsafe websites and suspected unsafe websites in the cloud library, such as determining whether it has become a safe website, or whether it has added an unsafe feature, and then it will become the URL of the safe website Delete from the cloud library, extract and store the newly added insecure features into the cloud library; The security features are extracted and stored in the malicious URL library of the filtering module 120 .

图2是本发明另一个实施例的安全浏览系统示意图，该安全浏览系统包括浏览器210和云端服务器230。FIG. 2 is a schematic diagram of a safe browsing system according to another embodiment of the present invention. The safe browsing system includes a browser 210 and a cloud server 230 .

浏览器210将用户所要访问或其可能访问的网页相关信息，通过互联网发送至云端服务器230。云端服务器230接收来自浏览器210中的该网址信息，并提取该信息中的特征，再将该提取到的特征与云库中的信息进行匹配，以判定该特征所属网页是否安全；其中，该云库属于该云端服务器230。The browser 210 sends the relevant information of the webpage that the user wants to visit or the webpage that the user may visit to the cloud server 230 through the Internet. The cloud server 230 receives the URL information from the browser 210, extracts the features in the information, and then matches the extracted features with the information in the cloud database to determine whether the webpage to which the feature belongs is safe; wherein, the The cloud library belongs to the cloud server 230 .

一个例子中，所述特征与云库中的某一危险网址特征相匹配，则说明该特征所属网页为不安全网页，则云端服务器230将“该网页为不安全网页”这一信息通过互相网发送至浏览器210；在用户访问该网页时，浏览器210在该页面上显示红灯，以警告用户该网站为不安全网站，并推荐其正确的官方网站的网址。In one example, if the feature matches a certain dangerous website feature in the cloud library, it means that the webpage to which the feature belongs is an unsafe webpage, and the cloud server 230 sends the information "this webpage is an unsafe webpage" through the Internet. Sent to the browser 210; when the user visits the webpage, the browser 210 displays a red light on the page to warn the user that the website is an unsafe website, and recommends its correct official website URL.

另一个例子中，所述特征与云库中的某一疑似危险网址相匹配，则说明该特征所属网页为疑似不安全网页，则云端服务器230将“该网页为疑似不安全网页”这一信息通过互联网发送至浏览器210；在用户访问该网页时，浏览器210在该页面上显示黄灯，以提示用户该网站为疑似不安全网站。In another example, if the feature matches a suspected dangerous website in the cloud library, it means that the webpage to which the feature belongs is a suspected unsafe webpage, and the cloud server 230 will send the information "this webpage is a suspected unsafe webpage" to It is sent to the browser 210 through the Internet; when the user visits the webpage, the browser 210 displays a yellow light on the page to remind the user that the website is a suspected unsafe website.

又一个例子中，所述特征与云库中的所有危险网址及疑似危险网址均不匹配，则说明该特征所属网页为安全网页，则云端服务器230将“该网页为安全网页”这一信息通过互联网发送至浏览器210；在用户访问该网页时，浏览器210在该页面上显示绿灯，以表示该用户所访问网站为安全网站。In yet another example, if the feature does not match all dangerous URLs and suspected dangerous URLs in the cloud library, it means that the webpage to which the feature belongs is a safe webpage, and the cloud server 230 passes the information "this webpage is a safe webpage" through The Internet is sent to the browser 210; when the user visits the webpage, the browser 210 displays a green light on the page to indicate that the website visited by the user is a safe website.

此外，云端服务器230定期对云库中的不安全网站进行再分析，如判定其是否已经成为安全网站，或者其是否新增了不安全特征，然后将已成为安全网站的网址从云库中删除，将新增的不安全特征提取并存储至云库中。In addition, the cloud server 230 regularly re-analyzes the unsafe websites in the cloud library, such as determining whether it has become a safe website, or whether it has added an unsafe feature, and then deletes the URL that has become a safe website from the cloud library , extract and store the newly added insecure features into the cloud library.

图3是本发明又一个实施例的安全浏览系统示意图，该安全浏览系统包括浏览器310、过滤模块320、云端服务器330；其中，浏览器310、过滤模块320存在于本地计算机中，并且该过滤模块320是一个可选模块。Fig. 3 is a schematic diagram of a safe browsing system according to another embodiment of the present invention, the safe browsing system includes a browser 310, a filtering module 320, and a cloud server 330; wherein, the browser 310 and the filtering module 320 exist in a local computer, and the filtering Module 320 is an optional module.

图3中，浏览器310将用户所要访问或其可能访问的网页相关信息发送至过滤模块320，以及通过互联网将其发送至云端服务器330。网址信息过滤模块320接收来自浏览器310中的网址信息，然后提取该信息中的特征，再将该特征与其所属恶意网址库中的恶意网址特征进行匹配和分析，最后将匹配分析结果返回给浏览器310；其中，该匹配分析结果为“网站为安全网站”、“网站为不安全网站”或“网站为疑似不安全网站”中的一个。In FIG. 3 , the browser 310 sends information about the web pages that the user wants to visit or may visit to the filtering module 320 , and then sends it to the cloud server 330 via the Internet. The URL information filtering module 320 receives the URL information from the browser 310, then extracts the features in the information, then matches and analyzes the features with the malicious URL features in the malicious URL library to which it belongs, and finally returns the matching analysis result to the browser The device 310; wherein, the matching analysis result is one of "the website is a safe website", "the website is an unsafe website" or "the website is a suspected unsafe website".

云端服务器330通过互联网接收来自浏览器310中的网址信息，然后提取该信息中的特征，再将该特征与其所属云库中的危险网址特征进行匹配和分析，最后将匹配分析结果发送至浏览器310；其中，该匹配分析结果为“网站为安全网站”、“网站为不安全网站”或“网站为疑似不安全网站”中的一个。The cloud server 330 receives the website information from the browser 310 through the Internet, then extracts the features in the information, then matches and analyzes the features with the dangerous website features in the cloud library to which it belongs, and finally sends the matching analysis results to the browser 310; wherein, the matching analysis result is one of "the website is a safe website", "the website is an unsafe website" or "the website is a suspected unsafe website".

浏览器310接收来自过滤模块320的匹配分析结果以及接收云端服务器330的匹配分析结果，并将其最先接收到的该匹配分析结果(来自过滤模块或来自云端服务器)作为最终结果，将其以红黄绿灯形式在网页中显示出来。The browser 310 receives the matching analysis result from the filter module 320 and the matching analysis result from the cloud server 330, and takes the first received matching analysis result (from the filter module or from the cloud server) as the final result, and converts it to The red, yellow and green lights are displayed on the web page.

此外，云端服务器330定期对云库中的不安全网站及疑似不安全网站进行再分析，如判定其是否已经成为安全网站，或者其是否新增了不安全特征，然后将已成为安全网站的网址从云库中删除，将新增的不安全特征提取并存储至云库中；并且云端服务器330还可以将已成为安全网站的网址从过滤模块320的恶意网址库中删除，将新增的不安全特征提取并存储至过滤模块320的恶意网址库中。In addition, the cloud server 330 regularly re-analyzes the unsafe websites and suspected unsafe websites in the cloud library, such as determining whether it has become a safe website, or whether it has added an unsafe feature, and then lists the URL of the safe website Delete from the cloud library, extract and store the newly added insecure features in the cloud library; The security features are extracted and stored in the malicious URL library of the filtering module 320 .

显而易见，在不偏离本发明的真实精神和范围的前提下，在此描述的本发明可以有许多变化。因此，所有对于本领域技术人员来说显而易见的改变，都应包括在本权利要求书所涵盖的范围之内。本发明所要求保护的范围仅由所述的权利要求书进行限定。It will be apparent that many changes may be made to the invention described herein without departing from the true spirit and scope of the invention. Therefore, all changes obvious to those skilled in the art shall be included within the scope covered by the claims. The claimed scope of the present invention is limited only by the claims set forth.