CN112153043A

Movatterモバイル変換

Info

Publication number: CN112153043A
Application number: CN202011002863.4A
Authority: CN
Inventors: 胡招武; 范渊
Original assignee: Hangzhou Dbappsecurity Technology Co Ltd
Current assignee: DBAPPSecurity Co Ltd; Hangzhou Dbappsecurity Technology Co Ltd
Priority date: 2020-09-22
Filing date: 2020-09-22
Publication date: 2020-12-29

Abstract

The application discloses a website security detection method, which comprises the following steps: obtaining a target website and threat degree coefficients of accessible links of the target website on each threat information platform; calculating a final threat degree coefficient of the target website according to the threat degree coefficient; and outputting the final threat degree coefficient of the target website. The threat degree of the target website is obtained by obtaining the threat degree coefficient of the target website and the real-time update of the accessible link of the target website on the threat information platform, the defect that a user continues to visit a dangerous website, namely the target website, due to the fact that the blacklist information of the malicious website is not updated timely in the related technology is avoided, the user can know the threat degree of the target website according to the threat information data updated in real time, the user access safety risk is reduced, and the user experience is improved. The application also provides a website safety detection device, an electronic device and a storage medium, and the website safety detection device, the electronic device and the storage medium have the beneficial effects.

Description

Website security detection method and device, electronic equipment and storage medium

Technical Field

The present application relates to the field of website security technologies, and in particular, to a method and an apparatus for detecting website security, an electronic device, and a storage medium.

Background

When accessing a target website, a netizen user may access a malicious website under an unknown condition, so that a user terminal is damaged by computer viruses. Generally, a user cannot be completely prevented from accessing a target website, but technical means can help the user identify the threat level of the target website, and give an early warning and a prompt before the user accesses the target website so as to prevent or reduce the risk brought to the user by accessing the target website. At present, the security of a target website is judged through a malicious website blacklist provided by each security manufacturer or stored by a server, but the traditional blacklist identification mode has the defect that the blacklist information is not updated timely, and the access security risk of a user is increased.

Disclosure of Invention

The application aims to provide a website security detection method, so that a user can know the threat degree of a target website according to threat information data updated in real time, the access security risk of the user is reduced, and the user experience is improved. The specific scheme is as follows:

in a first aspect, the present application discloses a website security detection method, including:

acquiring a target website and a threat degree coefficient of an accessible link of the target website on a threat intelligence platform;

calculating a final threat degree coefficient of the target website according to the threat degree coefficient;

and outputting the final threat degree coefficient of the target website.

Optionally, calculating a final threat degree coefficient of the target website according to the threat degree coefficient, including:

distributing corresponding weights to the threat degree coefficients of each threat intelligence platform, and respectively calculating preliminary threat degree values of the target website and the accessible links by using a weighted average method;

and assigning corresponding weights to the preliminary threat degree value of the target website and the preliminary threat degree value of the accessible link, and calculating a final threat degree coefficient of the target website by using a weighted average method.

Optionally, assigning corresponding weights to the preliminary threat degree value of the target website and the preliminary threat degree value of the accessible link, and calculating a final threat degree coefficient of the target website by using a weighted average method, including:

setting respective corresponding weights of the preliminary threat degree values of the target website and the accessible link, so that the weight occupied by the target website is greater than the weight occupied by the accessible link;

and calculating a final threat degree coefficient of the target website by using a weighted average method according to the preliminary threat degree values of the target website and the accessible links and the corresponding weights.

Optionally, the obtaining manner of the accessible link of the target website includes:

and analyzing the content of the a label in the target website by using an XPath tool to obtain the accessible link of the target website.

Optionally, the obtaining of the threat degree coefficient of the target website and the accessible link of the target website on the threat intelligence platform includes:

acquiring initial threat degree coefficients of the target website and the accessible links on each threat intelligence platform;

and carrying out standardization processing on the initial threat degree coefficient by using a dispersion standardization method to obtain the threat degree coefficient corresponding to the target website and the accessible link.

Optionally, after outputting the final threat degree coefficient of the target website, the method further includes:

and dividing the threat level of the target website according to a preset threat level table and the final threat level coefficient, and outputting the threat level of the target website.

In a second aspect, the present application discloses a website security detection apparatus, including:

the system comprises an acquisition module, a storage module and a processing module, wherein the acquisition module is used for acquiring a target website and threat degree coefficients of accessible links of the target website on each threat information platform;

the calculation module is used for calculating the final threat degree coefficient of the target website according to the threat degree coefficient;

and the output module is used for outputting the final threat degree coefficient of the target website.

Optionally, the method further includes:

and the dividing module is used for dividing the threat level of the target website according to a preset threat level table and the final threat level coefficient and outputting the threat level of the target website.

In a third aspect, the present application discloses an electronic device, comprising:

a memory for storing a computer program;

and the processor is used for realizing the steps of the website security detection method when executing the computer program.

In a fourth aspect, the present application provides a storage medium, having a computer program stored thereon, where the computer program is executed by a processor to implement the steps of the website security detection method.

The application provides a website security detection method, which comprises the following steps: acquiring a target website and a threat degree coefficient of an accessible link of the target website on a threat intelligence platform; calculating a final threat degree coefficient of the target website according to the threat degree coefficient; and outputting the final threat degree coefficient of the target website.

Therefore, the threat degree coefficient of the target website is obtained by obtaining the threat degree coefficient of the target website and the accessible link of the target website updated in real time on the threat information platform, and the final threat degree coefficient of the target website is obtained by calculation, so that the threat degree of the target website of the user is prompted, the defect that the user continues to visit the dangerous website, namely the target website, due to the fact that the blacklist information of the malicious website is not updated timely in the related technology is avoided, the user can know the threat degree of the target website according to the threat information data updated in real time, the access safety risk of the user is reduced, and the user experience is improved. The application also provides a website safety detection device, an electronic device and a storage medium, and the website safety detection device, the electronic device and the storage medium have the beneficial effects and are not repeated herein.

Drawings

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.

Fig. 1 is a flowchart of a website security detection method according to an embodiment of the present disclosure;

fig. 2 is a flowchart of another website security detection method according to an embodiment of the present application;

fig. 3 is a schematic structural diagram of a website security detection apparatus according to an embodiment of the present disclosure.

Detailed Description

In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

In a common website security detection method, the threat degree of a target website is judged in a malicious website blacklist mode, but the disadvantage that website information in the malicious website blacklist is not updated timely is overcome in the malicious website detection method, so that a user continues to access the malicious website, and the risk of viruses in a user terminal is increased. Based on the above technical problem, this embodiment provides a website security detection method, which obtains a threat level of a target website by obtaining a threat level coefficient updated in real time by an accessible link of the target website and the target website on a threat information platform, and reduces a user access security risk, specifically referring to fig. 1, where fig. 1 is a flowchart of a website security detection method provided in this embodiment of the present application, and specifically includes:

s101, threat degree coefficients of the target website and the accessible links of the target website on each threat intelligence platform are obtained.

In this embodiment, the target website refers to the target website itself, i.e. the root link, which is recorded asx₀The accessible link of the target website is a sub-link of the target website. The content of the target website and the accessible link of the target website is not limited in this embodiment, and may be a text document, a picture, a video, or one or any combination thereof. Each threat information platform can provide a real-time updating function by analyzing data returned by the same target object or target website, support real-time response to the threat information data, and support network defense and threat analysis. In the embodiment, by acquiring threat intelligence data, namely a threat degree coefficient, about the target website and the target website accessible link in the threat intelligence platform, which is updated in real time, the real-time latest threat degree of the target website can be known, and the access security risk is reduced. The number of each threat intelligence platform is not limited in this embodiment, and may be one or more, and may be selected according to actual conditions. In order to improve the accuracy of the acquired threat intelligence data, the number of threat intelligence platforms in the embodiment is multiple, so that the contingency of target website root links and sub-link threat intelligence data in a single threat intelligence platform can be reduced.

The embodiment does not limit the obtaining manner of the accessible link of the target website, and may use an XPath tool, or other obtaining sub-link manners, which may be selected according to the actual situation. In order to improve the operation efficiency of the processor, the manner of obtaining the accessible link of the target website in this embodiment may include: and analyzing the content of the a label in the target website by using an XPath tool to obtain the accessible link of the target website. It can be understood that the process of obtaining the accessible link of the target website may be, first, constructing a request message, sending a request to simulate accessing the target website, then, obtaining the response content of the request, that is, the response message of the target website, and finally, parsing and extracting the content of the specific tag, that is, the a tag, by using an XPath tool. XPath is a language tool which can be used to search specific content in XML document, and can conveniently and quickly search and extract the specific content in the document with tree structure according to node attributesThe contents of the node. In this embodiment, only the content of the target website a label node attribute needs to be extracted and recorded as x_iWhere i is 1 to n, n represents the total number of extracted a-tag contents.

The data interval of the threat level coefficient is not limited in this embodiment, and may be 1 to 100, 1 to 10, or 0 to 1, depending on the data interval mode stored by each threat intelligence platform, and it can be understood that a larger threat level data value indicates a larger threat level. In order to determine the threat level of the target website according to the degree of the threat level, the threat intelligence data acquired by each threat intelligence platform needs to be standardized uniformly, the embodiment does not limit the specific manner of the unified standardization, and the method can be z-score standardization or min-max standardization (dispersion standardization), and a user can select the threat level according to the actual situation. In order to reduce the computational complexity, in this embodiment, obtaining the target website and the threat level coefficient of the target website accessible to link with the threat intelligence platform may include: acquiring initial threat degree coefficients of a target website and accessible links on each threat information platform; and carrying out standardization processing on the initial threat degree coefficient by using a dispersion standardization method to obtain the threat degree coefficient corresponding to the target website and the accessible link. That is, in this embodiment, a dispersion standardization method is adopted, and initial threat degree values of the target website and the links and the sub-links, which are acquired by each threat information platform, are standardized to obtain a unified and standardized threat degree coefficient.

And S102, calculating the final threat degree coefficient of the target website according to the threat degree coefficient.

It should be noted that, in this embodiment, the weight values corresponding to each threat information platform are not limited, the same weight value, that is, the average method, may also be distributed according to a preset weight table, the corresponding weight values are also not limited in this embodiment, the setting rule of the preset weight table is also not limited in this embodiment, the setting may be performed according to experience, or may be determined according to an algorithm, and it is understood that the sum of the weight values corresponding to each threat information platform is 1. Similarly, the sum of the weighted values corresponding to the preliminary threat degree values of the root link and the sub-link of the target website is also 1, and the embodiment does not limit the weights corresponding to the preliminary threat degree values of the target website itself and the sub-link of the target website, as long as the sum of the weighted values is 1.

For example, the threat degree coefficient of the target website on each threat intelligence platform is obtained as y_ijWherein i is 0 to n, j is 1 to m, namely the number of the target website sub-links is n, and the number of the threat information platforms is m. For m different threat information platforms, a weight ratio can be set for each platform by analyzing the credibility of threat information data and the information updating time, and the weight ratio is set as p_jAnd the range is 0 to 1, the credibility score of the threat information data in the threat information platform is represented, the larger the proportion is, the higher the credibility is represented, and the initial threat degree coefficient of the target website and the accessible link of the target website can be calculated by the following formula:

wherein r is_iRepresenting a Link x_iA preliminary threat level score, y, calculated from the threat intelligence_i,jRepresenting a Link x_iThe threat level on platform j is scored, i from 0 to n, and j from 1 to m. It should be noted that p corresponds to different links, i.e., the root link and each child link_jAre identical, i.e. p_jThe value of (c) is relevant only to the threat intelligence platform.

As another example, target site root link x₀The initial threat degree value of (1) accounts for the main proportion, the weight value is set as q, and the weight of each sub-link accounts for

The final threat level coefficient for the target website may then be derived from the following equation:

wherein, R represents the final threat degree coefficient of the target website, and i is 1 to n.

And S103, outputting the final threat degree coefficient of the target website.

The output mode of the final threat degree coefficient of the target website is not limited in this embodiment, and may be in a text form or a voice form, and the user may set the final threat degree coefficient according to actual conditions. The output content is not limited in this embodiment, the final threat degree coefficient may be directly output, and other content, such as access recommendation or access non-recommendation, may be added on the basis of outputting the final threat degree coefficient, and the user may set according to actual needs.

Based on the technical scheme, the threat degree coefficient of the target website is obtained by obtaining the threat degree coefficient which is accessible and linked to each threat information platform and is updated in real time by the target website and the target website, the threat degree of the target website can be further judged by using a weighted average method, the defect that a user continues to visit the malicious website, namely the target website, due to the fact that the blacklist information of the malicious website is not updated in time in the related technology is avoided, the safety risk of the user visiting the malicious website is effectively reduced, and the user experience is improved.

Based on the foregoing embodiment, in order to improve user experience and enable a user to clearly know the threat level of a target website, this embodiment provides a website security detection method, in which a calculated final threat level coefficient of the target website is matched with a preset threat level table, and a threat level of the target website is obtained by dividing, specifically referring to fig. 2, where fig. 2 is a flowchart of another website security detection method provided in this embodiment of the present application, and the method includes:

s201, threat degree coefficients of the target website and the accessible links of the target website on each threat intelligence platform are obtained.

S202, calculating the final threat degree coefficient of the target website according to the threat degree coefficient.

For specific contents of step S201 and step S202, reference may be made to the above embodiments, and details are not repeated in this embodiment.

And S203, dividing the threat level of the target website according to the preset threat level table and the final threat level coefficient, and outputting the threat level of the target website.

The present embodiment does not limit the level design rule of the preset level table, for example, the final threat level coefficient of the target website is between 1 and 30 points, and is set as a low risk; the final threat degree coefficient of the target website is between 31 and 60 points and is set as medium risk; the final threat level coefficient for the target web site is between 61 and 100 points, set as high risk. Or the final threat degree coefficient of the target website is between 1 and 20 points, and the security is set; the final threat degree coefficient of the target website is between 21 and 40 points and is set as low risk; the final threat degree coefficient of the target website is between 41 and 70 points and is set as medium risk; the final threat degree coefficient of the target website is between 71 and 100 points and is set as high risk, and the user can select and adjust the coefficient according to the actual effect.

Based on the technical scheme, the embodiment enables the user to simply and directly know the threat degree of the target website by dividing the threat level of the target website, provides powerful decision information for the user to judge whether to continue accessing the target website, and improves user experience.

Referring to fig. 3, fig. 3 is a schematic structural diagram of a website security detection apparatus according to an embodiment of the present disclosure, where the website security detection apparatus described below and the website security detection method described above are referred to with reference to each other, and the website security detection apparatus includes:

in some specific embodiments, the method specifically includes:

an obtainingmodule 301, configured to obtain a target website and threat degree coefficients of accessible links of the target website on each threat information platform;

a calculatingmodule 302, configured to calculate a final threat degree coefficient of the target website according to the threat degree coefficient;

and anoutput module 303, configured to output the final threat degree coefficient of the target website.

In some specific embodiments, thecalculation module 302 includes:

the first calculation unit is used for distributing corresponding weights to the threat degree coefficients of all threat information platforms and calculating preliminary threat degree values of the target website and the accessible links respectively by using a weighted average method;

and the second calculation unit is used for allocating corresponding weights to the preliminary threat degree value of the target website and the preliminary threat degree value of the accessible link, and calculating a final threat degree coefficient of the target website by using a weighted average method.

In some specific embodiments, the second computing unit includes:

the setting subunit is used for setting respective corresponding weights of the preliminary threat degree values of the target website and the accessible links, so that the weight occupied by the target website is greater than the weight occupied by the accessible links;

and the weighted average subunit is used for calculating a final threat degree coefficient of the target website by using a weighted average method according to the preliminary threat degree values of the target website and the accessible links and the corresponding weights.

In some specific embodiments, the obtainingmodule 301 includes:

and the accessible link acquisition unit is used for analyzing the content of the a label in the target website by using an XPath tool to obtain the accessible link of the target website.

In some specific embodiments, the obtainingmodule 301 includes:

the initial threat degree coefficient acquisition unit is used for acquiring the initial threat degree coefficients of the target website and accessible links on each threat information platform;

and the standardization unit is used for carrying out standardization processing on the initial threat degree coefficient by using a dispersion standardization method to obtain the threat degree coefficient corresponding to the target website and the accessible link.

In some specific embodiments, the method further comprises:

and the dividing module is used for dividing the threat level of the target website according to the preset threat level table and the final threat level coefficient, and outputting the threat level of the target website.

Since the embodiment of the website security detection apparatus corresponds to the embodiment of the website security detection method, reference is made to the description of the embodiment of the website security detection apparatus for the embodiment of the website security detection apparatus, and details are not repeated here.

In the following, an electronic device provided by an embodiment of the present application is introduced, and the electronic device described below and the method described above may be referred to correspondingly.

The application provides an electronic device, including:

a memory for storing a computer program;

Since the embodiment of the electronic device portion corresponds to the embodiment of the website security detection method portion, please refer to the description of the embodiment of the website security detection method portion for the embodiment of the electronic device portion, which is not repeated here.

In the following, a storage medium provided by an embodiment of the present application is described, and the storage medium described below and the method described above may be referred to correspondingly.

The application provides a storage medium, wherein a computer program is stored on the storage medium, and when being executed by a processor, the computer program realizes the steps of the website security detection method.

Since the embodiment of the storage medium portion corresponds to the embodiment of the website security detection method portion, please refer to the description of the embodiment of the website security detection method portion for the embodiment of the storage medium portion, which is not repeated here.

The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.

Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.

The website security detection method, the website security detection device, the electronic device and the storage medium provided by the present application are described in detail above. The principles and embodiments of the present application are explained herein using specific examples, which are provided only to help understand the method and the core idea of the present application. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.

Claims

1. A website security detection method is characterized by comprising the following steps:

obtaining a target website and threat degree coefficients of accessible links of the target website on each threat information platform;

and outputting the final threat degree coefficient of the target website.

2. The website security detection method according to claim 1, wherein calculating a final threat level coefficient of the target website according to the threat level coefficient includes:

3. The website security detection method according to claim 2, wherein the preliminary threat level value of the target website and the preliminary threat level value of the accessible link are assigned with corresponding weights, and a final threat level coefficient of the target website is calculated by using a weighted average method, including:

4. The website security detection method according to claim 1, wherein the manner of obtaining the accessible link of the target website includes:

5. The website security detection method according to claim 1, wherein the obtaining of the threat level coefficient of the target website and the accessible link of the target website on a threat intelligence platform comprises:

6. The website security detection method according to any one of claims 1 to 5, further comprising, after outputting the final threat degree coefficient of the target website:

7. A website security detection apparatus, comprising:

8. The website security detection apparatus according to claim 7, further comprising:

9. An electronic device, comprising:

a memory for storing a computer program;

a processor for implementing the steps of the website security detection method according to any one of claims 1 to 6 when executing the computer program.

10. A storage medium having stored thereon a computer program for implementing the steps of the website security detection method according to any one of claims 1 to 6 when executed by a processor.