CN103401835A

Movatterモバイル変換

Info

Publication number: CN103401835A
Application number: CN2013102720695A
Authority: CN
Inventors: 肖鹏; 钱军
Original assignee: Beijing Qihoo Technology Co Ltd; Qizhi Software Beijing Co Ltd
Current assignee: Beijing Qihoo Technology Co Ltd; Qizhi Software Beijing Co Ltd
Priority date: 2013-07-01
Filing date: 2013-07-01
Publication date: 2013-11-20

Abstract

本发明公开了一种展现微博页面的安全检测结果的方法及装置，其中，所述方法包括：客户端判断用户进入微博网页，对微博网页进行爬取以获取微博页面；从所述微博页面中识别出具有广告欺诈问题的微博链接；展现所述微博页面时，为所述识别出的具有广告欺诈问题的微博链接添加标记，并展现给用户。通过本发明，能够在用户访问微博页面时，提高访问微博的安全性，用户避免访问到广告欺诈网站。

The present invention discloses a method and device for displaying security detection results of microblog pages, wherein the method includes: a client terminal judges that a user enters a microblog webpage, and crawls the microblog webpage to obtain a microblog page; A microblog link with an advertisement fraud problem is identified in the above microblog page; when the microblog page is displayed, a mark is added to the identified microblog link with an advertisement fraud problem, and displayed to the user. Through the present invention, when the user visits the microblog page, the security of accessing the microblog can be improved, and the user can avoid visiting websites of advertising fraud.

Description

A kind of method and device that represents the safety detection result of the microblogging page

Technical field

The present invention relates to field of computer technology, particularly relate to a kind of method and device that represents the safety detection result of the microblogging page.

Background technology

Development along with the universal and the Internet of computer, people are more and more frequent to the use of network, computer network becomes requisite instrument in people's daily life gradually, and the various abundant information service that microblogging can provide because of itself, information and the data of every aspect are provided to the user, be widely used in daily life, brought huge facility for the daily productive life of people.

Microblogging, as a kind of popular social network-i i-platform, has entered in daily life, and microblogging is as a kind of means of Information Communication, more and more receive people's concern, its influence power is increasingly extensive, and therefore, increasing businessman utilizes microblogging to carry out advertising.But some illegal businessmans, in order to speculate, issue sham publicity on microblogging, and some products or service are carried out false publication, have both cheated the consumer, also cause the junk information on microblogging too much, hinder people's normal browsing.

Summary of the invention

The invention provides a kind of method and device that represents the safety detection result of the microblogging page, can improve the fail safe of access microblogging, reduce the user and have access to the possibility of cheating in advertisement microblogging.

The embodiment of the invention discloses a kind of method that represents the safety detection result of the microblogging page, comprising:

Detect while triggering the Action Events that the microblogging webpage opens, the microblogging webpage is crawled to obtain the microblogging page and microblogging link;

Identify the microblogging link with cheating in advertisement problem from described microblogging link;

While representing the described microblogging page, for mark is added in the described microblogging link with cheating in advertisement problem that identifies, and be presented on client end interface.

The embodiment of the invention also discloses a kind of device that represents the safety detection result of the microblogging page, comprising:

Microblogging page acquiring unit,, for detection of when triggering the Action Events that the microblogging webpage opens, crawl to obtain the microblogging page and microblogging link to the microblogging webpage;

Monitoring unit, be used for identifying the microblogging link with cheating in advertisement problem from described microblogging link;

Represent unit, while being used for representing the described microblogging page, for mark is added in the described microblogging link with cheating in advertisement problem that identifies, and be presented on client end interface.

, according to specific embodiment provided by the invention, the invention discloses following technique effect:

The embodiment of the present invention, can know in real time the situation of change of microblogging content, when new microblogging link occurring, start inquiry cloud security server, when representing the described microblogging page, according to the Query Result of described cloud security server, for mark is added in the described microblogging link with cheating in advertisement problem that identifies, and represent to the user, the unsafe factor that cheating in advertisement microblogging etc. may be existed is prompted to the user, improved the user and accessed the fail safe of microblogging.

Description of drawings

In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, below will the accompanying drawing of required use in embodiment be briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain according to these accompanying drawings other accompanying drawing.

Fig. 1 is the flow chart of the method that provides of the embodiment of the present invention;

Fig. 2 is the flow chart of the method that provides of the embodiment of the present invention;

Fig. 3 is the flow chart of the method that provides of the embodiment of the present invention;

Fig. 4 is the schematic diagram of the device that provides of the embodiment of the present invention;

Fig. 5 is the schematic diagram of the device that provides of the embodiment of the present invention;

Fig. 6 is the schematic diagram of the device that provides of the embodiment of the present invention.

Embodiment

Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Based on the embodiment in the present invention, the every other embodiment that those of ordinary skills obtain, belong to the scope of protection of the invention.

Intrinsic not relevant to any certain computer, virtual system or miscellaneous equipment with demonstration at this algorithm that provides.Various general-purpose systems also can with based on using together with this teaching.According to top description, it is apparent constructing the desired structure of this type systematic.In addition, the present invention is not also for any certain programmed language.Should be understood that and can utilize various programming languages to realize content of the present invention described here, and the top description that language-specific is done is in order to disclose preferred forms of the present invention.

The present invention can be applied to computer system/cloud security server, and it can operate together with numerous other universal or special computingasystem environment or configuration.The example that is suitable for well-known computing system, environment and/or the configuration used together with computer system/cloud security server includes but not limited to: personal computer system, cloud security server computer system, thin client, thick client computer, hand-held or laptop devices, the system based on microprocessor, set-top box, programmable consumer electronics, NetPC Network PC, Xiao type Ji calculate machine Xi Tong ﹑ large computer system and comprise the distributed cloud computing technology environment of above-mentioned any system, etc.

Computer system/cloud security server can be described under the general linguistic context of the computer system executable instruction (such as program module) of being carried out by computer system.Usually, program module can comprise routine, program, target program, assembly, logic, data structure etc., and they are carried out specific task or realize specific abstract data type.Computer system/cloud security server can be implemented in distributed cloud computing environment, in distributed cloud computing environment, task is to be carried out by the teleprocessing equipment that connects by communication network.In distributed cloud computing environment, program module can be positioned on the Local or Remote computing system storage medium that comprises memory device.

The flow chart of the method for the safety detection result that represents the microblogging page that Fig. 1 provides for inventive embodiments.As shown in Figure 1, the method for the safety detection result that represents the microblogging page of the present embodiment specifically can comprise:

S101: client judgement user enters the microblogging webpage, and the microblogging webpage is crawled to obtain the microblogging page;

In the embodiment of the present invention, the cloud security server builds the cloud security server by the whole network spider cloud security server cluster, and preserve malice network address storehouse, fishing network address storehouse, cheating in advertisement storehouse etc., support the average daily approximately monitoring of 20,000,000,000 active web pages, therefrom can find the webpage that changes and newly-increased webpage.Browser can be connected to according to the web page address in address field corresponding website, therefore can at first from the address field of browser, obtain the information such as web page address.

In embodiments of the present invention, when the user accesses microblogging, and click while being correlated with the microblogging link, the browser end of client sends to the cloud security server with user's accessing page request, carry the user inputs in the page frame of microblogging keyword in this accessing page request, the cloud security server is after receiving accessing page request, can return to equally the microblogging page that is complementary with keyword, accordingly, at first browser end just can receive the packet that includes the microblogging page that microblogging returns.The microblogging page is in the situation that the not redirect of browser network address dynamically updates content, in the embodiment of the present invention, regularly crawl the microblogging webpage, and according to page typesetting feature, record all microblogging links, original microblogging or forwarding microblogging, record the corresponding type of link of microblogging in the cloud security server, in order to follow-uply for forwarding microblogging and original microblogging, carry out the distinctiveness management, so that effectively recognize the source of cheating in advertisement microblogging.

Wherein, crawling the typesetting feature of microblogging content of pages, is mainly architectural feature and the CSS style characteristics of analyzing web page dom tree, thereby knows the type of microblogging.

In the embodiment of the present invention, step S101 further comprises: the microblogging webpage is crawled, after obtaining the microblogging link; Send to the cloud security server to detect the link of the microblogging of the unknown, and receive the testing result that the cloud security server returns.

In the embodiment of the present invention, can be after client detects the opening operation instruction that the user triggers the microblogging page browsed, utilize the scripted code that is used for capturing web page contents that writes webpage, crawl the content description information of described webpage; Described content description information is resolved, according to analysis result, get the microblogging content of pages.Can insert and carry out a JavaScript script file in the webpage of access, extract the information of microblogging webpage, wherein said information comprises browser type and version number etc.

, for the browser of supporting the plug-in extension function, also can be realized by the plug-in card program that starts with browser in addition; Plug-in unit be write out according to certain application programming interfaces standard, can be called to realize processing by main program the application program of certain affairs, in embodiments of the present invention, for the relevant information of user's accessed web page not being obtained and reporting functions, but can support the browser of browser plug-in expansion, realizing by plug-in card program, is also a kind of effective implementation.

Moreover, can also be by non-browser program and browser plug-in, such as certain monitoring program or program monitoring assembly are completed, by monitoring program or program monitoring assembly, the access request to target web that the user sends is detected, and the relevant information of user's accessed web page is reported.

Need to prove in addition, when specific implementation, in a single day browser end finds that the user accesses certain webpage, just the relevant information of this visit can be reported, perhaps, also can be first at browser end, user's access related information be carried out record, when reaching the certain hour interval, when perhaps the data of record reach a certain amount of, then with forms such as access logs, report, etc.

In actual applications, the feature of cheating in advertisement network address may be in continuous variation, for example, behavior before certain cheating in advertisement network address is to embed a URL(Uniform/Universal Resource Locator, URL(uniform resource locator)), but become again afterwards, carried out a JS(javaScript) call, etc., therefore, generally neither be changeless for the rule of carrying out the cheating in advertisement detection.In order to guarantee the accuracy that detects, the safety detection rule that browser end uses can obtain to upgrade from the cloud security server.In the embodiment of the present invention, the destination object of concrete detection is URL, above-mentioned JS calls a kind of mode that just generates or change URL, by above-mentioned timing testing mechanism, we can find that the URL that produces by JS changes, and uploads to the cloud security server to network address ciphertext corresponding to new URL thus and inquires about.

According to embodiments of the invention, network address ciphertext corresponding to URL that browser end also can directly link the microblogging that comprises in the microblogging page is uploaded to the cloud security server, by the cheating in advertisement storehouse of cloud security server according to its maintenance, distinguish that in these URL, which is to have the cheating in advertisement problem, which does not have the cheating in advertisement problem.The keyword of false microblogging content may include " false one pays for ten ", " clearance sale " etc.; General, the cheating in advertisement webpage can be in counterfeit official website, the aspects such as word, picture.

According to embodiments of the invention, client can gather the microblogging link that contains similar keyword in advance, and the characteristic value of its type of webpage, web page address, microblogging link etc. is carried out record, so that gathering, the microblogging link of preserving in follow-up microblogging link of obtaining described and client database compares, wherein, the link of described microblogging comprises: use the user's name of microblog users as contact names, use the microblogging page address of microblog users as the link of chained address.

According to embodiments of the invention, concrete, when client crawls the microblogging webpage, after obtaining the microblogging content of pages that crawls; According to the typesetting feature of the microblogging content of pages that crawls, judgement microblogging type is also carried out record with described microblogging type, sends to the cloud security server to detect the link of the microblogging of identification, and receives the testing result that the cloud security server returns.

According to embodiments of the invention, in the microblogging link, if the page of some websites is called parent page, the link page that comprises of this parent page is called subpage frame, set membership between parent page and subpage frame, can preserve the set membership of this parent page and subpage frame, and calculate the URL of subpage frame, obtain the page info of subpage frame.If this website has a plurality of subpage frames, need to calculate respectively the URL of each subpage frame, obtain the page info of all subpage frames.With the microblogging link of identification send to that the cloud security server detects within the default time period, also can send the subpage frame, parent page information of microblogging link etc., and receive the testing result that the cloud security server returns, so that improve the accuracy that detects.

Preferably, according to embodiments of the invention, can also gather and gather the information of webpage itself: snapshot, JavaScript, html code, text, picture, link etc., and be encrypted, so that cloud security server cloud security server carries out follow-up analysis etc.

In prior art, generally all plug-in units are squeezed in the installation kit of application program and issued, the hardware devices such as computer are by the described installation kit of operation, complete the installation of application program and plug-in unit, this moment, all plug-in units were installed to this locality, when starting application program therefore, automatically from this locality, load all mounted plug-in units at every turn.Take browser program as example, browser and plug-in unit are packed and are issued together, the client of this browser have been installed when each startup browser program, and plug-in card program can load automatically along with the startup of browser.

In the embodiment of the present invention,, take browser program as example, when browser starts, can load the icon of some plug-in units at every turn, and be presented on the plug-in unit hurdle of browser.

According to embodiments of the invention, after microblogging page trigger event being detected, by code call timer monitoring microblogging content of pages in browser plug-in or the page, and catch predetermined function, the renewal of the monitoring microblogging page, after the microblogging page produces renewal, judge according to the predetermined function of catching whether current page redirect occurs, when current page generation redirect and while being no longer the microblogging page, the timeing closing device.

Concrete, the embodiment of the present invention is in the initialization procedure of plug-in unit, and browser is by calling the starting function of plug-in unit, the function pointer of registered plug-ins call back function.Like this, can call corresponding call back function while triggering Action Events corresponding to function pointer in running when browser,, with the parameter that the Action Events of the current triggering of browser comprises, write in the current relevant parameter that calls call back function.Plug-in unit can know thus what the Action Events of the current triggering of browser is, and plug-in unit can also obtain the parameter that the Action Events of the current triggering of browser comprises.

Suppose that the first Action Events is the DISPID_NAVIGATECOMPLETE2 event, this event is IE browser event as relevant in Web page loading in IE6, IE7, IE8 and IE9.When the IE browser each

Open while appointing webpage, can trigger the DISPID_NAVIGATECOMPLETE2 event, expression IE browser is about to load the web page contents when this webpage of front opening.

For example, at IE(Internet Explorer) can use browser auxiliary object (Browser Helper Object in browser, be called for short: BHO) Plugin Mechanism, can obtain the URL of the current loading of IE by response " BeforeNavigate2 " event.The specified response event interface of using the red fox extension mechanism to provide in red fox (Firefox) browser, obtain the URL of the current loading of red fox browser.Use Netscape plug-in applications DLL (dynamic link library) in Google (chrome) browser (Netscape Plugin Application Programming Interface, be called for short: NPAPI) Plugin Mechanism, obtain the URL of the current loading of Google's browser.Obtaining the page ID of initial page (as ID1) and URL(such as A) after,, with ID1 and the A information as the 1st grade of node of this refer, create the refer chain and be: A (ID1).Wherein, ID1 is index information.Etc., can effectively cover microblogging page generation redirect variation etc.

According to embodiments of the invention, after monitoring the access request of the page, generate the page ID of the page, obtain the URL of the page at the corresponding levels and page ID and the URL of the upper level page, the page at the corresponding levels is the page-level jump page of the upper level page.To be called the page-level redirect by the upper level page link to the page at the corresponding levels by user's on-link mode (OLM) that clickthrough or other user behavior trigger on the upper level page.Monitor after the access request of the page at the corresponding levels of page-level redirect at browser, can load the page at the corresponding levels.In the process that loads the page at the corresponding levels, browser generates the page ID of a unique ID as this grade page, and obtains the URL of this grade page.Wherein the URL of the page at the corresponding levels can obtain by the specified response event interface, for example by the specified response event interface that realizes standard plug-in unit mechanism, obtains.Can capture accurately thus the relevant microblogging page of each microblogging link.

According to embodiments of the invention, concrete, open new window or new tab page by analyzing the IE browser, the relevant treatment function that can find IE browser internal module establishment new window or new tab page to call, catch (Hook) this function, utilize the return value of this function to obtain the interface object pointer of new window or new tab page (will load window or the tab page of the page at the corresponding levels), as the IWEBBROWSER2 pointer; Due to this moment browser also do not start to load the page at the corresponding levels, page ID and the URL of the page ID of the current page that browser records and URL or the upper level page that obtains in the process that loads the upper level page, therefore, this moment, browser can write according to this interface object pointer page ID and the URL of the upper level page to the IWEBBROWSER2 object.After starting to load the page at the corresponding levels,, by the information that the IWEBBROWSER2 object that reads the page at the corresponding levels provides, just can obtain page ID and the URL of the upper level page., by getting the ID of every one-level page, can get each microblogging page.

In the embodiment of the present invention, know variation and the renewal of the current microblogging page by browser plug-in, comprise the generation redirect, close, open the event that unsuccessfully waits.Get the redirect situation of the page, thereby can work as after the microblogging page produce to upgrade, judge whether current page redirect occurs, when current page generation redirect and while being no longer the microblogging page, by browser plug-in timeing closing device.When redirect does not occur current page, continue the event of the detecting microblogging page.

Need to prove, in practical application, the computed applied environment of people, as being not quite similar of operating system, browser type etc., therefore, the executive agent of aforementioned each step also can have multiple implementation.Can be for example a kind of browser with identification and interpolation mark function, wherein, browser can be that the browser Internet Explorer(that Windows operating system carries is called for short IE), and other third party's browsers.So-called third party's browser; be often referred to the browser software of the non-IE that moves on Windows operating system; this class third party browser can be expanded because it has for user's abundant unique function design and personalization usually, for the user provides many application easily.For example, same Plugin Mechanism can run on polytype browser, and for example, browser is IE, firefox, google chrome, safari, opera, QQ browser, the browser of roaming, search dog browser or cheetah browser etc.

In the embodiment of the present invention, when carrying out the above-mentioned variation and update status of knowing the current microblogging page by browser plug-in, record the microblogging link of obtaining by browser plug-in, the microblogging link set of preserving in described microblogging link of obtaining and client database is compared, the microblogging of not preserving in client database is chained the cloud security query interface of reporting for work inquire about, and receive the testing result that the cloud security server returns.

In the embodiment of the present invention, the microblogging link for having recorded, can, in advance according to the result of client records, feed back to the page and process.

General, because the type of webpage and kind etc. are very many, and real-time meeting changes, and client does not know which kind of emerging microblogging type is false, judges whether that false standard is mainly by the cloud security server controls., because a microblogging page can dynamically update, need to initiate repeatedly inquiry request.

Preferably, according to embodiments of the invention, what client database was preserved is its chained address and Query Result of having inquired about before, for the same chained address of having inquired about, result that can an evaluation of back page, reduce the inquiry cloud security needed time of server.Yet the client None-identified goes out the feature of emerging cheating in advertisement webpage, and for emerging microblogging link type, namely client database is not preserved, and client need to all be kept at wherein important data and judged result on the cloud security server.

Wherein, the link of described microblogging comprises: use the user's name of microblog users as contact names, use the microblogging page address of microblog users as the link of chained address.

S102: identify the microblogging link with cheating in advertisement problem from the microblogging page;

Wherein, step S102 can also further comprise:

While confirming that current page is the microblogging page, start timer by browser plug-in, regularly to the page, initiate the new operation requests that crawls webpage, the cloud security server records all microblogging links that recognize according to page typesetting feature by browser plug-in, after regularly crawling and recognize the microblogging link, compare with the microblogging link set of recording in client, vicissitudinous microblogging link is sent to the cloud security server inquire about.For the microblogging link of having identified, client can directly return results, so that the mark that the loaded and displayed microblogging links on webpage fast.

Certainly, even browser end can obtain from the cloud security server renewal of safety detection rule, but be to use the rule that gets before after all, cheating in advertisement is carried out in current microblogging link to be detected, therefore, the problem that more or less can exist rule to lag behind, that is to say that carrying out the cheating in advertisement detection in the preset rule of use inaccurate problem may occur.

For this reason, in other embodiments of the invention, can also carry out in the following manner: the network address ciphertext corresponding to uniform resource position mark URL of microblogging link to be reported is uploaded to the cloud security server, if be labeled as network address ciphertext coupling corresponding to the URL of cheating in advertisement in network address ciphertext corresponding to URL and high in the clouds database, to described client, return to cheating in advertisement Web site query result; According to the Query Result that returns, the microblogging link with cheating in advertisement problem is processed.Need to prove, the content that sends to the cloud security server is the network address ciphertext, is namely the information after reversible or non-reversible algorithm are encrypted, and does not comprise original URL information.

S103: while representing the microblogging page, for mark is added in the described microblogging link with cheating in advertisement problem that identifies, and represent to the user.

According to embodiments of the invention, after the cloud security query interface identifies the microblogging link with cheating in advertisement problem, can be just that certain mark is added in this microblogging link in client, it is certain page elements, and the microblogging page represent the page in this mark is represented to the user, like this, the user just can judge the link of this microblogging according to this mark and has certain cheating in advertisement problem, engine user's attention.Wherein, this mark that shows can be that the form with word exists, and such as the right-hand mark of microblogging link having the cheating in advertisement problem, shows printed words such as " cheating in advertisements ", makes the user can understand very intuitively its implication.Perhaps, this mark also can the form by icon exist, and for example have the right-hand display pattern of microblogging link of cheating in advertisement problem, while as the user, mouse being moved on this pattern, can point out below pattern " cheating in advertisement " etc.Certainly, can also exist with other forms, and when representing this mark, can also increase some highlighted, texts that glimmer, perhaps eject an air bubble-shaped message box, in order to more can cause user's attention.

, except the mode by mark on user interface is pointed out, can also move up and carry out the suspended window prompting or directly shield or hide sham publicity on webpage by mouse.

Wherein, specifically when adding mark, concrete, be before passing through the browser renders microblogging page, find the page elements of cheating in advertisement network address correspondence in the microblogging page, then can process with reminding user page elements corresponding to cheating in advertisement network address in several ways.For example: can different colors be set in order to eye-catching reminding user according to different harmful grades to the background attribute of page elements, perhaps, whether safe little picture web page element, digital element or textual description is with eye-catching mark to inserting after page elements microblogging link text, the mouseover event (when mouse pointer is positioned at above element, the mouseover event can occur) of response web page element is with the tooltip(control tip) mode cheating in advertisement cause of this network address etc. is described.

According to embodiments of the invention, during specific implementation, can insert one section specific Javascript code in the page of microblogging webpage, and target URL corresponding to unsafe microblogging page that analyzes out passed to the Javascript code as parameter, the Javascript code can use the dynamic page operating technology to find out the position of unsafe download link in the page, create a DIV(division, the DIV element is that the element of structure and background is provided for the content of bulk in html document (block-level); The start-tag of DIV and all the elements between end-tag all are used for forming this piece, wherein the characteristic of institute's containing element is controlled by the attribute of DIV label) floating layer on unsafe download link, the button that the user can operate on the floating layer of DIV cuts out floating layer, to realize shielding or covering sham publicity on webpage, avoid clicking blindly and accessing operation, suffer the infringement of cheating in advertisement website.

As seen, in embodiments of the present invention, due to browser end after receiving the microblogging page that the cloud security server returns, can at first identify the microblogging link that wherein has the cheating in advertisement problem, then when representing the microblogging page, can be by adding tagged mode, this unsafe factor that may exist is prompted to the user, therefore, within the time period of presetting of the fail safe that improves the access microblogging, and can the fluency of accessed web page not impacted.

In addition for the browser of supporting the plug-in extension function, above-mentioned identification and add tagged step and also can be realized by the plug-in card program that starts with browser; Plug-in unit be write out according to certain application programming interfaces standard, can be called to realize processing by main program the application program of certain affairs, in embodiments of the present invention, for microblogging not being linked and carries out fail safe identification and add mark function, but can support the browser of browser plug-in expansion, realizing by plug-in card program, is also a kind of effective implementation.

In the embodiment of the present invention, the microblogging webpage is crawled, obtain the microblogging link; Send to the cloud security server to detect the link of the microblogging of the unknown, and receive the testing result that the cloud security server returns.

According to embodiments of the invention, above-mentioned steps comprises: record the microblogging link of obtaining by browser plug-in, the microblogging link set of preserving in described microblogging link of obtaining and high in the clouds database is compared, the microblogging of not preserving in the database of high in the clouds is chained the cloud security query interface of reporting for work inquire about.According to embodiments of the invention, the microblogging link set of preserving in microblogging link and high in the clouds database is compared, preferred, the link of contrast microblogging itself, also can contrast other unique identification informations of link etc., and the embodiment of the present invention is not as limit.

The embodiment of the present invention, can know in real time the situation of change of microblogging content, when new microblogging link occurring, start inquiry cloud security server, can be when representing the described microblogging page, according to the Query Result of described cloud security server, for mark is added in the described microblogging link with cheating in advertisement problem that identifies, and represent to the user, the unsafe factor that cheating in advertisement microblogging etc. may be existed is prompted to the user, improved the user and accessed the fail safe of microblogging.

The embodiment of the present invention, after sending to the cloud security server to detect the link of the microblogging of the unknown, need to pass through the cloud security query interface according to the interface protocol standard, and the content delivery of request detection is arrived the cloud security server.

Fig. 2 is the flow chart of the method for the safety detection result that represents the microblogging page in the embodiment of the present invention,

The present embodiment article is based on the flow process of the safety detection method of the microblogging page in high in the clouds, and as shown in Figure 2, the method for the present embodiment, can comprise the steps:

Step S301, obtain the inquiry request of cloud security query interface, and the network address ciphertext corresponding to uniform resource position mark URL of microblogging link to be reported is uploaded to the cloud security server;

Concrete, client, browser for example, after the network address ciphertext corresponding to uniform resource position mark URL of microblogging link to be reported was uploaded to the cloud security server, namely the described cloud security server of the embodiment of the present invention received the inquiry request of cloud security query interface.

Concrete, according to embodiments of the invention, when the client-access microblogging page, extract network address ciphertext corresponding to URL from website information, the network address ciphertext that URL is corresponding is submitted to the cloud security query interface, the ciphertext coupling of storing in the network address ciphertext that the cloud security server is corresponding with URL and high in the clouds database, complete Safety query and the checking of network address, and client determines how to show on the microblogging page according to the result of cloud security server.The method does not rely on client database, the Safety query of network address all is placed on the cloud security server side with checking completes.Because the high in the clouds database of cloud security server side can upgrade all kinds of cheating in advertisement network address on the Internet timely, its upgrade cycle is significantly shorter than the high in the clouds database of client terminal local, and in the high in the clouds database of cloud security server side, the information storage of advertisement network address is very large, coverage rate is very wide, thereby can cover fast various emerging cheating in advertisement class microblogging links.

In the embodiment of the present invention, above-mentioned network address ciphertext, can be via MD5(Message-Digest Algorithm5, md5-challenge) the MD5 identifying code that draws of computing, or SHA1 code, or CRC(Cyclic Redundancy Check, cyclic redundancy check (CRC)) but code waits the condition code of unique identification original program.

Step S302, carry out cheating in advertisement according to the cheating in advertisement website information of preserving in the database of high in the clouds to each microblogging link in the described microblogging page and detect, and identifies the microblogging link with cheating in advertisement problem according to testing result.

Concrete, in the embodiment of the present invention, according to inquiry request, according to the cheating in advertisement website information of preserving in the database of high in the clouds, cheating in advertisement being carried out in each microblogging link in the described microblogging page detects, identify the microblogging link with cheating in advertisement problem according to testing result, and described recognition result is returned to the cloud security query interface.

According to embodiments of the invention, database has been analyzed in advance the fail safe of network address and has been generated the high in the clouds database take webpage, website as unit beyond the clouds.The included scope of web page address is minimum, and it is the most accurate therefore web page address being detected, can only have a web page address to have safety problem in a website, if therefore described web page address detected, has problem just can send safety warning.

in the embodiment of the present invention, for the microblogging webpage, the high in the clouds database is preserved microblogging sham publicity type, the cheating in advertisement storehouse of upgrading while being equivalent to safeguard really, the URL of the cheating in advertisement network address of in store real-time update wherein, therefore the cloud security server is after the URL that receives each microblogging link that browser end uploads, can be respectively with the cheating in advertisement storehouse in the network address ciphertext of URL of each network address mate, if exist cheating in advertisement network address microblogging corresponding to URL that links with certain microblogging to link, network address corresponding to this microblogging link is the cheating in advertisement network address, if there be not network address corresponding to URL that links with certain microblogging in the cheating in advertisement storehouse, network address corresponding to this microblogging link is not the cheating in advertisement network address.

According to embodiments of the invention, after completing the comparison of each microblogging link, just comparison result can be returned to browser end, browser end is according to this comparison result, determine which microblogging link is to have the link of the microblogging of cheating in advertisement problem, which is not for example, the microblogging link that is judged to be the cheating in advertisement network address by the cloud security server can be identified as and have the cheating in advertisement problem.

According to embodiments of the invention, database beyond the clouds, can also by domain name registration information, web portal security information, website characteristic qualification information, Intellectual Property Right of Enterprises information and the credit information of enterprise of web site name, website domain name, the term of validity, Business Name, number of registration, registered address, legal representative, registered capital, the type of business, business scope, annual test year, website domain name, webpage be classified and be detected.

For example, when server returned to ICP recorded website type information, its result was as follows: { icp.info:{d: website rhizosphere name } { the site owners type in the website of t:icp in putting on record } { v: version number } { p: matched rule } }.Wherein, icp.info represents that the information of returning is ICP recorded website information.

When the cloud security server returns to security website's type information, for example, can feed back following information:

{ kx.info:{d: website rhizosphere name } { n: web site name } { t: the site owners type in security website } { pr: website scoring } { v: version number } { p: matched rule } }, wherein, kx.info represents that the information of returning is security website's information.

When the Type of website was security website, the request of transmission was as follows:Http: // business card server domainName/trust.php key=Mi Yao ﹠amp; The MD5 of domain=rhizosphere name

Wherein, trust.php represents that the Type of website is security website.

When the Type of website was the ICP recorded website, the request of transmission was as follows:

Http: // business card server domain name/icp.php key=Mi Yao ﹠amp; The MD5 of domain=rhizosphere name

Wherein, icp.php represents that the Type of website is the ICP recorded website.

When not inquiring the Type of website of website, the request of transmission is as follows:

Http: // business card server domain name/noicp.php key=Mi Yao ﹠amp; The MD5 of domain=rhizosphere name.Above information myopia is an example in the embodiment of the present invention, and is concrete not as limit.

According to embodiments of the invention, also can be by setting up the mode of feature high in the clouds database, all cheating in advertisement website URL in the blacklist of extraction cloud security server.Wherein blacklist is the url list that comprises the existing cheating in advertisement website that has detected, and corresponding with blacklist is white list, and white list is the url list that comprises existing credible website; Blacklist/the white list that sets in advance by traversal, if this website is existing true website or cheating in advertisement website on blacklist/white list, do not need to carry out again follow-up reference feature coupling and reference model and mate to judge whether this website is the cheating in advertisement website, has simplified operating procedure.Can be in advance according to the information of network address (as: content that network address URL, this network address load, this network address whether malice network address, this network address alexa rank, this network address whether counterfeit website, this network address whether by online friend's report etc.) determine that this network address belongs to blacklist or white list.

Concrete, the cheating in advertisement network address of database detection has some attributes beyond the clouds, as harmful grade, the explanation of malice cause etc.) and unknown network address etc.

According to embodiments of the invention, the microblogging link that can comprise in each webpage at the cloud security server detects respectively, then according to testing result, determines the level of security of each microblogging page and processes suggestion.Return to the processing mode of cloud security query interface for this microblogging page according to level of security and processing suggestion.For example,, for the higher microblogging page of degree of risk, can select the higher prompting of level of security or protection mode.

, according to embodiments of the invention, in actual applications, after client detects the user and enters the microblogging website, obtain the information of each microblogging of user's access; Preferably, can be at the client microblogging that wherein do not contain microblogging link or advertisement according to the information filtering of the microblogging that obtains; The information of the microblogging that contains advertisement and microblogging link by network after client will be filtered sends to the cloud security server; Inquire about in its high in the clouds database relatively according to the information of the microblogging that receives at the cloud security server, according to Query Result, whether microblogging is belonged to sham publicity and judge, and judged result is returned to client; After receiving the judged result that the cloud security server returns, insert labeled marker by client and be judged as the microblogging of sham publicity in webpage, and comparative result is presented in label.

Step S303: in mark cheating in advertisement microblogging link on user interface, microblogging chains and carries out suspended window prompting, directly shielding or hide sham publicity on mouse moves.

For example, in the embodiment of the present invention, can work as mouse click or the microblogging that hovers and chain, show an interface box, show more detailed website information.

according to embodiments of the invention, client is according to the Query Result that returns, microblogging link with cheating in advertisement problem is processed, can send the checking request to the cloud security data by the cloud security query interface of building between terminal and cloud security service end, the cloud security query interface has defined the data communication agreement between client and cloud security server, such as form of data etc., these data comprise keyword, the snapshot of page access result and safety instruction information etc., and effectively by website qualification signal auditing cheating in advertisement microbloggings such as ICP record informations, and can be by means of the data-handling capacity of cloud security server, expansion is for the capture range of cheating in advertisement microblogging, thereby improved the detection efficiency of cheating in advertisement microblogging.

See also Fig. 3, Fig. 3 is the flow chart of the method for the safety detection result that represents the microblogging page in the embodiment of the present invention, wherein shows an example upgrading the cheating in advertisement storehouse:

According to embodiments of the invention, wherein, described method comprises:

Receive user's report, if receive the user of predetermined threshold, submit same microblogging link within the default time period, by this microblogging link, upgrade the cheating in advertisement website information of preserving in the database of high in the clouds; And/or,

The microblogging link of electric business's Type of website that inquiry cloud security server is collected, determine wherein whether to comprise sham publicity swindle microblogging according to predetermined rule, determines the sham publicity that wherein whether comprises swindle microblogging; And/or,

Non-electric business's Type of website that judgement cloud security server is collected, judge whether this microblogging link is fishing website, and fishing website, join described microblogging link in the cheating in advertisement storehouse in this way.

In order the cheating in advertisement in the microblogging link to be detected more accurately, concrete, in the embodiment of the present invention, comprising:

Step S401, cloud security server receive user's report request, described request are turned in the database of high in the clouds and inquire about, as determine it is the cheating in advertisement microblogging, the cheating in advertisement storehouse are upgraded.

Concrete, Website page can show information and the option of some expansions, as " complaining this website ", " comment " etc.After user clicks on tabs, browser receive this order, trigger the order of complaining website, browser is then opened the operation of complaining the page after receiving this order.If have a large number of users to report that within certain time period same microblogging is the cheating in advertisement microblogging, with this microblogging bookmark, be the cheating in advertisement microblogging, and its network address is joined in the cheating in advertisement storehouse.

, in order further to improve the accuracy to the detection of cheating in advertisement microblogging,, according to embodiments of the invention, also further comprise:

The electric business website that step S402, inquiry are collected, determine the sham publicity that wherein whether comprises swindle microblogging.

according to embodiments of the invention, if electric business website items for merchandising, for example, for Jingdone district, Taobao, perhaps Suning such as easily purchases at the website, judge that certain class commodity price is whether less than the default ratio value of the market price, for example, less than 10%(Nike for example, Adidas, evil spirit sound earphone etc.), and the microblogging with the number that has a large amount of beans vermicelli and the number of concern and waterborne troops's forwarding, and the bean vermicelli number that will obtain, the concern number, creation-time and a microblogging frequency compare with default threshold value, judge whether described microblogging is the cheating in advertisement website, mark to be carried out in this microblogging link to join in the cheating in advertisement storehouse.

If step S403 is non-electric business's Type of website, judge whether the network address of this user's access is fishing website, fishing website, join in the cheating in advertisement storehouse in this way.

Step S404, return to the report request results of user to the cheating in advertisement microblogging.

Need to prove, optional, according to embodiments of the invention, step S404 also can carry out after S402 or step S403, concrete, not as limit.

In the microblogging link that gets, non-electric business's Type of website, judge whether it is fishing website,, if judgement is fishing website, the information of this website is joined it is joined in the cheating in advertisement storehouse.

According to embodiments of the invention, general, the preset keyword of sham publicity can comprise the keyword that easily is utilized, mainly comprise false ticketing service, false get the winning number in a bond, personation Net silver, false shopping etc., and the keyword that these easily are utilized such as store, Jingdone district, Taobao store, Amazon store, Tsing-Hua University, government's homepage name, colleges and universities' homepage name, fly five game etc.Whether contain the printed words such as ' Taobao ', ' get the winning number in a bond ' such as detecting in webpage title and keywords, the linkage extraction of the doubtful cheating in advertisement webpage of some of them is out joined in the database of high in the clouds and analyzes.

Need to prove, according to embodiments of the invention, the cheating in advertisement storehouse belongs to the part of high in the clouds database, and the high in the clouds database also comprises fishing network address storehouse, has wherein preserved the url list of fishing website, and the malice network address storehouse of other types etc.Can set up the interface of inquiry between a plurality of databases,, so that the website information of preserving in each dissimilar database is shared, improve the search efficiency of cheating in advertisement network address.

Concrete, the present embodiment is in order to identify the method for fishing website: analyzing sight that at present usually fishing occurs and be exactly network game, net purchase, network bank business based, search engine search etc., feature by fishing website is set up fishing network address storehouse in database beyond the clouds, extract the feature of fishing website page info, the url list of the fishing website that has detected is set, for non-electric business's Type of website wherein, if detect this moment is fishing website, can think the link of cheating in advertisement microblogging, it is carried out mark, and join in the cheating in advertisement storehouse.

Concrete,, according to embodiments of the invention, can mate the architectural feature of dom tree.Because the architectural feature of the dom tree of webpage is certain, therefore, carry out dom tree identification for a plurality of points in current load page content, and choose architectural feature in the dom tree of current load page, and with the architectural feature of the dom tree of fishing website, mate, if coupling, confirm that current load page is fishing website.For example, in the dom tree of current load page in the 3rd layer the 5th element with class (class) title " alipay ", thinking current is the architectural feature of a fishing website corresponding to Alipay website, and coupling structural according to this dom tree can judge that whether this webpage is the webpage of fishing website.Perhaps further judge the information such as blacklist, white list, independent guest access number, server location, hour of log-on, domain name, IP address, registrant, the payment page, structure of web page feature, concrete, the present invention is not restricted this.

According to embodiments of the invention, the cloud security server can also utilize and be similar to decision tree, bayesian algorithm, the methods such as nerve net territory calculating, perhaps use simple Threshold Analysis to analyze for the web page characteristics information of collecting, above method can well be applied on the basis of the embodiment of the present invention.

Generally speaking, in the embodiment of the present invention, the information of need collecting comprises: by URL of the URL of the potential advertisement website of the URL of the potential cheating in advertisement website of client feedback, user's report, cheating in advertisement website that third party website provides etc., concrete not as limit.

In the embodiment of the present invention, can know in real time the situation of change of microblogging content, when new microblogging link occurring, start inquiry cloud security server, can be when representing the described microblogging page, according to the Query Result of described cloud security server, for mark is added in the described microblogging link with cheating in advertisement problem that identifies, and represent to the user, the unsafe factor that cheating in advertisement microblogging etc. may be existed is prompted to the user, improved the user and accessed the fail safe of microblogging.

Corresponding with the method that represents the microblogging page that the embodiment of the present invention provides, the embodiment of the present invention also provides a kind of device that represents the safety detection result of the microblogging page, and as shown in Figure 4, this device comprises:

Microbloggingpage acquiring unit 201,, for detection of when triggering the Action Events that the microblogging webpage opens, crawl to obtain the microblogging page and microblogging link to the microblogging webpage;

Monitoring unit 202, be used for identifying the microblogging link with cheating in advertisement problem from described microblogging link;

Representunit 203, while being used for representing the described microblogging page, for mark is added in the described microblogging link with cheating in advertisement problem that identifies, and be presented on client end interface.

Below by a specific embodiment, said method is elaborated.This embodiment is only for the method for mentioning in expository writing better, does not form improper restriction of the present invention.

Fig. 5 shows a kind of device that represents the safety detection result of the microblogging page, on the basis of the corresponding embodiment of above-mentioned Fig. 4, can also comprise the structural representation that is illustrated in fig. 5 shown below.

Wherein, microbloggingpage acquiring unit 201,, for detection of when triggering the Action Events that the microblogging webpage opens, crawl to obtain the microblogging page and microblogging link to the microblogging webpage;

Concrete, according to embodiments of the invention, the cloud security server receives user's report, if receive the user of predetermined threshold, submits same microblogging link within the default time period, by this microblogging link, upgrades the cheating in advertisement website information of preserving in high in theclouds database 204; And/or

The microblogging link of electric business's Type of website that the cloud security server lookup is collected, determine wherein whether to comprise sham publicity swindle microblogging according to predetermined rule, determines the sham publicity that wherein whether comprises swindle microblogging; And/or

Non-electric business's Type of website that the judgement of cloud security server is collected, and by the fishingnetwork address storehouse 205 in high in theclouds database 204, judge whether this microblogging link is fishing website, fishing website, join described microblogging link in cheating inadvertisement storehouse 206 in this way.

According to the embodiment of the present invention, the cloud security server has been analyzed in advance the fail safe of network address and has been generated high in the clouds database 204 take webpage, website as unit, and supports client by the access of cloud security query interface to the cloud security server.For example, for microblogging, microblogging sham publicity type is preserved in cheating in advertisement storehouse 206.for fishing webpage, the type of fishing is also preserved in fishing network address storehouse 205, the cheating in advertisement network address of upgrading while namely safeguarding really and fishing network address, the URL of the cheating in advertisement network address of in store real-time discovery wherein, also information such as the fishing website of in store real-time discovery and fishing webpage, therefore the cloud security server is after the URL that receives each microblogging link that browser end uploads, can be respectively with cheating in advertisement storehouse 206 in the network address ciphertext of URL of each network address mate, if exist cheating in advertisement network address microblogging corresponding to URL that links with certain microblogging to link, network address corresponding to this microblogging link is the cheating in advertisement network address, if there be not network address corresponding to URL that links with certain microblogging in cheating in advertisement storehouse 206, network address corresponding to this microblogging link is not the cheating in advertisement network address.At this moment, the fishing webpage information that can call in fishing network address storehouse 205 is carried out auxiliary judgment, if hit the type of fishing webpage, the cloud security server can further determine whether to point out the user according to the information such as type of concrete fishing website.Need further judgement as harmful grade, malice cause etc., after completing the comparison of each microblogging link, just comparison result can be returned to browser end, browser end is according to this comparison result, determine which microblogging link is to have the link of the microblogging of cheating in advertisement problem, which is not for example, the microblogging link that is judged to be the cheating in advertisement network address by the cloud security server can be identified as and have the cheating in advertisement problem.

In the embodiment of the present invention, can also be by setting up the mode of feature high in the clouds database, all cheating in advertisement website URL in the blacklist of extraction cloud security server.Wherein blacklist is the url list that comprises the existing cheating in advertisement website that has detected, and corresponding with blacklist is white list, and white list is the url list that comprises existing credible website; Blacklist/the white list that sets in advance by traversal, if this website is existing true website or cheating in advertisement website on blacklist/white list, do not need to carry out again follow-up reference feature coupling and reference model and mate to judge whether this website is the cheating in advertisement website, has simplified operating procedure.

In the embodiment of the present invention,database 204 beyond the clouds, can also be by domain name registration information, web portal security information, website characteristic qualification information, Intellectual Property Right of Enterprises information and the credit information of enterprise of web site name, website domain name, the term of validity, Business Name, number of registration, registered address, legal representative, registered capital, the type of business, business scope, annual test year, website domain name, webpage is classified and detected, so that improve the accuracy of testing result.

Concrete, in the embodiment of the present invention, in any one step in the method for above-mentioned cloud security server judgement cheating in advertisement microblogging, further the ICP record information of query web, WHOIS information etc.: such as: a webpage can be sold air ticket, but record information is without the ticketing service operation, and the possibility of swindle is very large so; For another example: registrar website under one's name often goes out malicious web pages, and trust record is very poor, and the webpage that so newly goes out is that the likelihood ratio of malice is higher.Also can estimate with reference to the neighbourhood (weight in other search engines and the webpage amount of including etc.) as: everybody to weight not high, do not include corresponding webpage yet, in identification, also can fall and grade such webpage.

In the embodiment of the present invention, the cheating in advertisement network address ofdatabase 204 detections has some attributes beyond the clouds, as harmful grade, the explanation of malice cause etc.) and unknown network address etc.

, according to embodiments of the invention, in actual applications, after client detects the user and enters the microblogging website, obtain the information of each microblogging of user's access; At the client microblogging that wherein do not contain microblogging link or advertisement according to the information filtering of the microblogging that obtains; The information of the microblogging that contains advertisement and microblogging link by network after client will be filtered sends to the cloud security server; Inquire about relatively in its default high in the clouds database according to the information of the microblogging that receives at the cloud security server, according to comparative result, whether microblogging is belonged to sham publicity and judge, and judged result is returned to client; After receiving the judged result that the cloud security server returns, insert labeled marker by client and be judged as the microblogging of sham publicity in webpage, and comparative result is presented in label.

According to embodiments of the invention, can know in real time the situation of change of microblogging content, when new microblogging link occurring, start inquiry cloud security server, can be when representing the described microblogging page, according to the Query Result of described cloud security server, for mark is added in the described microblogging link with cheating in advertisement problem that identifies, and represent to the user, the unsafe factor that cheating in advertisement microblogging etc. may be existed is prompted to the user, improved the user and accessed the fail safe of microblogging.

As shown in Figure 6, show a kind of device that represents the safety detection result of the microblogging page, on the basis of the corresponding embodiment of above-mentioned Fig. 4, can also comprise the structure that is illustrated in fig. 6 shown below.

In the embodiment of the present invention, described microbloggingpage acquiring unit 201 comprises:

The first detection sub-unit 301, crawl the microblogging webpage, obtains the microblogging link; Send to the cloud security server to detect the link of the microblogging of the unknown, and receive the testing result that the cloud security server returns.

Wherein, the first detection sub-unit 301 also is used for the microblogging webpage is crawled, and obtains the microblogging content of pages that crawls; After the first 301 pairs of detection sub-unit microblogging webpage crawls,, according to the typesetting feature of the microblogging content of pages that crawls, obtain the microblogging type, and described microblogging type is carried out record, in order to for microblogging, link the analysis that becomes more meticulous.

Described microbloggingpage acquiring unit 201 comprises:

Report subelement 302, record the microblogging link of obtaining by browser plug-in, the microblogging link set of preserving in described microblogging link of obtaining and client database is compared, the microblogging of not preserving in client database is chained the cloud security query interface of reporting for work inquire about.

According to the device described in the embodiment of the present invention, wherein, according to embodiments of the invention,

The first detection sub-unit 301, concrete being used for after microblogging page trigger event being detected, by code call timer monitoring microblogging content of pages in browser plug-in or the page, and catch predetermined function, the renewal of the monitoring microblogging page, after the microblogging page produces renewal, judge according to the predetermined function of catching whether current page redirect occurs, when current page generation redirect and while being no longer the microblogging page, the timeing closing device.

Device described according to the embodiment of the present invention, describedmonitoring unit 202 also comprises:

The second recognin unit 401, obtain the inquiry request of cloud security query interface, and the network address ciphertext corresponding to uniform resource position mark URL of microblogging link to be reported is uploaded to the cloud security server;

The second judgment sub-unit 402, carry out cheating in advertisement according to the cheating in advertisement website information of preserving in the database of high in the clouds to each microblogging link in the described microblogging page and detect, and identifies the microblogging link with cheating in advertisement problem according to testing result.

Wherein, the second judgment sub-unit 402 specifically is used for: the network address ciphertext corresponding to uniform resource position mark URL of microblogging link to be reported is uploaded to the cloud security server, if be labeled as network address ciphertext coupling corresponding to the URL of cheating in advertisement in network address ciphertext corresponding to URL and high in the clouds database, to described client, return to cheating in advertisement Web site query result.

Representing the unit (not shown) in the embodiment of the present invention comprises:

Interface identification subelement 501, be used in mark cheating in advertisement microblogging link on user interface, microblogging chains and carries out suspended window prompting, directly shielding or hide sham publicity on mouse moves.

According to embodiments of the invention, can know in real time the situation of change of microblogging content, when new microblogging link occurring, start inquiry cloud security server, can be when representing the described microblogging page, Query Result according to described cloud security server, for mark is added in the described microblogging link with cheating in advertisement problem that identifies, and represent to the user, the unsafe factor that cheating in advertisement microblogging etc. may be existed is prompted to the user, has improved the user and has accessed microblogging and have access to the possibility of cheating in advertisement microblogging webpage.

According to the device of the embodiment of the present invention, microblogging page acquiring unit comprises:

The first detection sub-unit, crawl the microblogging webpage, obtains the microblogging link; Send to the cloud security server to detect the link of the microblogging of the unknown, and receive the testing result that the cloud security server returns;

Report subelement, record the microblogging link of obtaining by browser plug-in, the microblogging link set of preserving in described microblogging link of obtaining and high in the clouds database is compared, the microblogging of not preserving in the database of high in the clouds is chained the cloud security query interface of reporting for work inquire about.

According to the device of the embodiment of the present invention, wherein:

The first detection sub-unit, concrete being used for after microblogging page trigger event being detected, by code call timer monitoring microblogging content of pages in browser plug-in or the page, and catch predetermined function, the renewal of the monitoring microblogging page, after the microblogging page produces renewal, judge according to the predetermined function of catching whether current page redirect occurs, when current page generation redirect and while being no longer the microblogging page, the timeing closing device.

According to the device of the embodiment of the present invention, described monitoring unit comprises:

The second recognin unit, obtain the inquiry request of cloud security query interface, and the network address ciphertext corresponding to uniform resource position mark URL of microblogging link to be reported is uploaded to the cloud security server;

The second judgment sub-unit, carry out cheating in advertisement according to the cheating in advertisement website information of preserving in the database of high in the clouds to each microblogging link in the described microblogging page and detect, and identifies the microblogging link with cheating in advertisement problem according to testing result.

Device according to the embodiment of the present invention, wherein, the second judgment sub-unit specifically is used for: the network address ciphertext corresponding to uniform resource position mark URL of microblogging link to be reported is uploaded to the cloud security server, if be labeled as network address ciphertext coupling corresponding to the URL of cheating in advertisement in network address ciphertext corresponding to URL and high in the clouds database, to described client, return to cheating in advertisement Web site query result.

According to the device of the embodiment of the present invention, the described unit that represents comprises:

The interface identification subelement, be used in mark cheating in advertisement microblogging link on user interface, microblogging chains and carries out suspended window prompting, directly shielding or hide sham publicity on mouse moves.

As seen through the above description of the embodiments, those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential general hardware platform.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product can be stored in storage medium, as ROM/RAM, magnetic disc, CD etc., comprise that some instructions are with so that a computer equipment (can be personal computer, server, the perhaps network equipment etc.) carry out the described method of some part of each embodiment of the present invention or embodiment.

Each embodiment in this specification all adopts the mode of going forward one by one to describe, and between each embodiment, identical similar part is mutually referring to getting final product, and each embodiment stresses is difference with other embodiment.Especially, for device or system embodiment, substantially similar in appearance to embodiment of the method, so describe fairly simplely, relevant part gets final product referring to the part explanation of embodiment of the method due to it.Apparatus and system embodiment described above is only schematic, wherein said unit as the separating component explanation can or can not be also physically to separate, the parts that show as unit can be or can not be also physical locations, namely can be positioned at a place, perhaps also can be distributed on a plurality of network element.Can select according to the actual needs wherein some or all of module to realize the purpose of the present embodiment scheme.Those of ordinary skills in the situation that do not pay creative work, namely can understand and implement.

Above method and the device that a kind of method that represents the safety detection result of the microblogging page provided by the present invention is represented the safety detection result of the microblogging page, be described in detail, applied specific case herein principle of the present invention and execution mode are set forth, the explanation of above embodiment just is used for helping to understand method of the present invention and core concept thereof; Within the default time period,, for one of ordinary skill in the art,, according to thought of the present invention, all will change in specific embodiments and applications.In sum, this description should not be construed as limitation of the present invention.