Unlock instant, AI-driven research and patent intelligence for your innovation.

A method and device for real-time detection of webpage cross-domain requests

A web page cross-domain request and real-time detection technology, applied in the direction of data exchange network, digital transmission system, electrical components, etc., can solve the serious problems of computer network security, and achieve the goal of imperceptible and bypass, high real-time performance and timely acquisition Effect

Active Publication Date: 2016-08-10
XIAMEN MEIYA PICO INFORMATION
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Due to the diversity of WEB applications and browsers, traditional protection and detection methods have certain limitations, which has become an increasingly serious problem in computer network security.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and device for real-time detection of webpage cross-domain requests
  • A method and device for real-time detection of webpage cross-domain requests
  • A method and device for real-time detection of webpage cross-domain requests

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030] The first embodiment of the present invention discloses a method for real-time detection of webpage cross-domain requests. Such as figure 1 shown, including:

[0031] Step 1, monitor the page elements and their behaviors marking the webpage resources in the webpage, capture the address domain name of the page resource, and / or the new domain name generated by the page element behavior.

[0032] In this step, the client browser JAVASCRIPT script can be used to monitor page elements and behaviors. Page element: the DOM node in the HTML page. HTML uses closing tags to indicate node element types (such as: , which means that the tag src refers to an external resource. Such as: , that is, the onerror of the label triggers the js behavior).

[0033] Specifically include:

[0034] 1) Capture the external resource address referenced by the current page (the address here is expressed in the form of a domain name).

[0035] Here, the browser JAVASCRIPT script can be used...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for real-time detection of webpage cross-domain requests. The method includes: monitoring page elements marking webpage page resources in a webpage and behavior of the page elements so as to capture an address and a domain name of the page resources and / or capture a new domain name generated by the behavior of the page elements; performing abnormal domain identification according to the extracted domain; and if the domain name is an abnormal domain name, acquiring page information of the abnormal domain name and blocking application programs to access to the domain name. The method judges whether malicious codes exist or not on the basis of detecting whether a client side browser crosses domains to reference unknown resources or not instead of detecting injected codes by a server, so that a vulnerability detection base and keyword filtering are not needed. In addition, the method is high in timeliness, low in cost, less prone to perceiving and bypassing and capable of achieving timely acquisition, prevention and analysis.

Description

technical field [0001] The invention relates to an Internet security detection method, a method and a device for real-time detection of webpage cross-domain requests. Background technique [0002] With the development of Internet technology, the current website contains a lot of dynamic content to improve user experience, which is much more complicated than in the past. The so-called dynamic content means that WEB applications can output corresponding content according to user input. This dynamic site is subject to a threat called "Cross Site Scripting" (Cross Site Scripting, usually written as XSS). Once the cross-site scripting attack is successful, it can maliciously steal information from website users, especially stored cross-site scripting is more harmful. Today, as the dynamic content of websites is becoming more and more complex, cross-site scripting attack methods are also becoming more and more diverse. More and more attacks are aimed at vulnerabilities of WEB a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/26H04L29/06
Inventor 卢文浩罗佳
Owner XIAMEN MEIYA PICO INFORMATION