Method and device for real-time detection of webpage cross-domain requests

A technology for cross-domain request and real-time detection of web pages, applied in data exchange networks, digital transmission systems, electrical components, etc. Effect

Active Publication Date: 2013-03-27
XIAMEN MEIYA PICO INFORMATION
View PDF4 Cites 25 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Due to the diversity of WEB applications and browsers, traditional protection and detection methods...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for real-time detection of webpage cross-domain requests
  • Method and device for real-time detection of webpage cross-domain requests
  • Method and device for real-time detection of webpage cross-domain requests

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030] The first embodiment of the present invention discloses a method for real-time detection of webpage cross-domain requests. Such as figure 1 shown, including:

[0031] Step 1, monitor the page elements and their behaviors marking the webpage resources in the webpage, capture the address domain name of the page resource, and / or the new domain name generated by the page element behavior.

[0032] In this step, the client browser JAVASCRIPT script can be used to monitor page elements and behaviors. Page element: the DOM node in the HTML page. HTML uses a closed tag to indicate the node element type (such as: , which means that the tag src refers to an external resource. For example: , that is, the onerror of the label triggers the js behavior).

[0033] Specifically include:

[0034] 1) Capture the external resource address referenced by the current page (the address here is expressed in the form of a domain name).

[0035] Here, the browser JAVASCRIPT script can be us...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for real-time detection of webpage cross-domain requests. The method includes: monitoring page elements marking webpage page resources in a webpage and behavior of the page elements so as to capture an address and a domain name of the page resources and/or capture a new domain name generated by the behavior of the page elements; performing abnormal domain identification according to the extracted domain; and if the domain name is an abnormal domain name, acquiring page information of the abnormal domain name and blocking application programs to access to the domain name. The method judges whether malicious codes exist or not on the basis of detecting whether a client side browser crosses domains to reference unknown resources or not instead of detecting injected codes by a server, so that a vulnerability detection base and keyword filtering are not needed. In addition, the method is high in timeliness, low in cost, less prone to perceiving and bypassing and capable of achieving timely acquisition, prevention and analysis.

Description

technical field [0001] The invention relates to an Internet security detection method, a method and a device for real-time detection of webpage cross-domain requests. Background technique [0002] With the development of Internet technology, the current website contains a lot of dynamic content to improve user experience, which is much more complicated than in the past. The so-called dynamic content means that WEB applications can output corresponding content according to user input. This dynamic site is subject to a threat called "Cross Site Scripting" (Cross Site Scripting, usually written as XSS). Once the cross-site scripting attack is successful, it can maliciously steal information from website users, especially stored cross-site scripting is more harmful. Today, as the dynamic content of websites is becoming more and more complex, cross-site scripting attack methods are also becoming more and more diverse. More and more attacks are aimed at vulnerabilities of WEB a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/26H04L29/06
Inventor 卢文浩罗佳
Owner XIAMEN MEIYA PICO INFORMATION
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap