CN105743904B - The leakage detection method and system of the user information of website - Google Patents

The leakage detection method and system of the user information of website Download PDF

Info

Publication number
CN105743904B
CN105743904B CN201610143205.4A CN201610143205A CN105743904B CN 105743904 B CN105743904 B CN 105743904B CN 201610143205 A CN201610143205 A CN 201610143205A CN 105743904 B CN105743904 B CN 105743904B
Authority
CN
China
Prior art keywords
user
information
data packet
state
website
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610143205.4A
Other languages
Chinese (zh)
Other versions
CN105743904A (en
Inventor
章锦成
凌云
李天爽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Ctrip Business Co Ltd
Original Assignee
Shanghai Ctrip Business Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Ctrip Business Co Ltd filed Critical Shanghai Ctrip Business Co Ltd
Priority to CN201610143205.4A priority Critical patent/CN105743904B/en
Publication of CN105743904A publication Critical patent/CN105743904A/en
Application granted granted Critical
Publication of CN105743904B publication Critical patent/CN105743904B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses the leakage detection method of the user information of website and systems, the described method includes: obtaining, Website server is received and the data packet of response user's request, the data packet include one for requesting the request packet for obtaining user information and one to be used for the response bag of feedback user information;Judge whether user is in abnormal login state according to the content of the request packet, and using the page corresponding to the response bag of feedback user information in the case where user is in abnormal login state as an information leakage page;The abnormal login state includes that the state and the state logged in using erroneous logons number that accession number logs in is not used.The present invention can carry out strict detection with the presence or absence of leakage for the information of user, and take control measure to the leakage page detected in the later period, improve the safety of the user data in website, it is therefore prevented that user information is abused by criminal.

Description

The leakage detection method and system of the user information of website
Technical field
The present invention relates to a kind of leakage detection method of the user information of website and systems.
Background technique
Major electric business website is produced successively because certain code vulnerabilities cause user's order data to be let out on a large scale in recent years Dew event.Order data is the core data of electric business website, is related to user information and Transaction Details, and content is very sensitive, these Yi Dan obtained by swindle group, they can palm off customer service and carry out all kinds of frauds, this class behavior pair to user customer transaction data The brand and word-of-mouth influence of website are very severe.
It and is usually in the prior art the detection data at the egress gateways of electric business network to the detection method of information leakage Whether there is sensitive data outgoing in packet, then blocks request to prevent data from leaking if there is sensitive data, to prevent electric business Internal data leakage.But this mode leaks to from internal network the inspection of external network only for the business data of electric business It surveys, detection can not be executed to the leakage of the data of user.
Summary of the invention
The technical problem to be solved by the present invention is in order to overcome website in the prior art user information be easy leakage and by Criminal's abuse and traditional information leakage detection method can not execute the defect of detection to the leakage of the data of user, mention For the leakage detection method and system of a kind of user information of website.
The present invention is to solve above-mentioned technical problem by following technical proposals:
A kind of leakage detection method of the user information of website, it is characterized in that, comprising:
S1, obtain that Website server receives and the data packet of response user's request, the data packet include one for requesting Obtain the request packet and a response bag for feedback user information of user information;
S2, judge according to the content of the request packet whether user is in abnormal login state, and will be in different in user The page corresponding to the response bag of feedback user information is as an information leakage page under normal logging state;
The abnormal login state includes that the state and the state logged in using erroneous logons number that accession number logs in is not used.
Analyzed in the present solution, accessing the data packet of user information involved in the data packet of website to user, with Family is under abnormal login state the page for still returning to user information as the information leakage page, can be directed to the information of user Strict detection is carried out with the presence or absence of leakage, and control measure is taken to the leakage page detected, improves the use in website The safety of user data, it is therefore prevented that user information is abused by criminal.
Preferably, step S1Include:
S11, mirror user access website generate data packet;Mirror image refers to duplication operation.
S12, extracted by a keyword detection algorithm include in the data packet user information data packet, and will mention The data packet taken receives and responds the data packet that user requests as Website server is obtained.
Keyword in keyword detection algorithm may include user name, cell-phone number, identification card number, bank's card number etc., these Keyword is about user information, and keyword detection algorithm is in the prior art for detecting key in user information The algorithm of word.
Preferably, the request packet includes a login banner number, step S2It is middle to judge to use according to the content of the request packet Whether family is in abnormal login state are as follows:
S21, by the value of the login banner number judge whether user is in abnormal login state.
Preferably, step S21Are as follows:
When the value of the login banner number is the first preset value, user is in the state that accession number logs in that is not used;When When the value of the login banner number is the second preset value, user is in the state logged in using erroneous logons number.
Preferably, the leakage detection method further include:
S3, website fire prevention wall layers to the information leakage page execute plugging operations.
Preferably, the user information includes user name and the contact method of user, and the address information including user It is one or more in the Transaction Information executed on the web with user.
The present invention also provides a kind of leak detection systems of the user information of website, it is characterized in that, including a data packet Obtain module, a logging state judgment module and an information leakage judgment module;
The data packet obtains module and is used to obtain the data packet that Website server receives and response user requests, the number It include one for requesting the request packet for obtaining user information and one to be used for the response bag of feedback user information according to packet;
The logging state judgment module is used to judge whether user is in abnormal login according to the content of the request packet State;
The information leakage judgment module is used for the response of the feedback user information in the case where user is in abnormal login state The corresponding page of packet is judged as an information leakage page;
The abnormal login state includes that the state and the state logged in using erroneous logons number that accession number logs in is not used.
Preferably, it includes a mirror module and an extraction module that the data packet, which obtains module,;
The data packet that the mirror module is generated for mirror user access website;
The extraction module includes user information for being extracted in the data packet by a keyword detection algorithm Data packet, and the data packet that user requests is received and responded using the data packet of extraction as Website server is obtained.
Preferably, the request packet includes a login banner number, the logging state judgment module according to for asking The content of packet is asked to judge whether user is in abnormal login state are as follows:
The logging state judgment module is used to judge by the value of the login banner number whether user to be in abnormal and step on Record state.
Preferably, the leak detection systems further include a plugging module, the plugging module is used for the fire prevention in website Wall layers execute plugging operations to the information leakage page.
The positive effect of the present invention is that: user is accessed user information involved in the data packet of website by the present invention Data packet is analyzed, and the page of user information is still returned in the case where user is in abnormal login state as information leakage page Face can carry out strict detection with the presence or absence of leakage for the information of user, and adopt in the later period to the leakage page detected Control measure is taken, improves the safety of the user data in website, it is therefore prevented that user information is abused by criminal.
Detailed description of the invention
Fig. 1 is the leakage detection method flow chart of the user information of the website of the embodiment of the present invention 1.
Fig. 2 is the architecture diagram of the leak detection systems of the user information of the website of the embodiment of the present invention 2.
Specific embodiment
The present invention is further illustrated below by the mode of embodiment, but does not therefore limit the present invention to the reality It applies among a range.
Embodiment 1
The present invention relates to a kind of leakage detection methods of the user information of website, as shown in Figure 1, comprising:
Step 101 obtains the data packet that Website server receives and response user requests;
The data packet includes one for requesting the request packet for obtaining user information and one to be used for the sound of feedback user information It should wrap;
Specifically, the data packet that mirror user access website generates such as replicates whole http that user accesses website (Hyper Text Transfer Protocol, hypertext transfer protocol) flow, can be multiple by bypassing at core switch Make those flows, then extracted by a keyword detection algorithm include in the data packet user information data packet, and The data packet that user requests is received and responded using the data packet of extraction as Website server is obtained.Such as, pass through identification card number, silver The information extractions such as row card number are related to the data packet of user information, which includes user name, the contact method of user, user Address information and the Transaction Information that executes on the web of user, such as the order information of user.
Step 102 judges whether user is in abnormal login state according to the content of the request packet, and will be at user The page corresponding to the response bag of feedback user information is as an information leakage page under abnormal login state;
The abnormal login state includes that the state and the state logged in using erroneous logons number that accession number logs in is not used.
Specifically, the request packet includes a login banner number, whether judges user by the value of the login banner number In abnormal login state, since the login banner number of each user is different, stepping on before each user logs in and after logging in The value for recording identification number is not also identical, and when the value of the login banner number is the first preset value, user, which is in, is not used accession number The state of login;When the value of the login banner number is the second preset value, user is in the shape logged in using erroneous logons number State.And such technical solution (can be referred to for distinguishing user identity, conversate tracking storage by the cookie of accession number Data on user local terminal) mode realizes.
And if user still can return to the page of user information under abnormal login state, illustrate the user that request obtains Information is external disclosure, be it is unprotected, such situation then think user information in the presence of leakage.For popular, when User A is requested when checking the air ticket order information just bought on website, and the air ticket that Website server normally returns to user A is ordered Single information, and after changing user A Website login using login banner, such as using the login banner number of a test account, A weight When checking the air ticket order information just bought on website, Website server still returns to the air ticket order of user A for new request Information then illustrates that the air ticket order information of user A has leakage at this time.
It is appreciated that the air ticket order information of user A can only be checked by user A, and using test account when views The page should be the air ticket order information of test account, can then detect the leaking data point of user information at this time.Similarly, work as user Simultaneously accession number Website login is not used in A, and user A needs check the air ticket order information just bought, website service on website Device remains on the air ticket order information for returning to user A, also illustrates that the air ticket order information of user A has leakage at this time.
Since the login banner number of each user is different, any accession number and user without using user A The login banner number of A checks the user of the user information of A, in the user letter of user A for not obtaining user A authorization and obtaining Breath, can determine whether as information leakage point.
Step 103, the fire prevention wall layers in website execute plugging operations to the information leakage page.
Plugging operations can are as follows: when user A request obtains the user data of itself, Website server does not return to user information. When finding information leakage point, website issues alarm signal with timely notification technique personnel, and technical staff can be fast after receiving the report for police service Speed response, and the patching bugs page, avoid large-scale leaking data, reduce user's loss, improve web portal security.
After the detection method of the present embodiment, technical staff can actively perceive user information into website be leaked, By test, website runs the page of half a year accumulative discovery user information leakage up to 100 many places, effectively prevent large-scale data Leakage problem.
The data packet that user is accessed user information involved in the data packet of website by the present embodiment is analyzed, at user The page of user information is still returned under abnormal login state as the information leakage page, can for user information whether Strict detection is carried out in the presence of leakage, and control measure is taken to the leakage page detected in the later period, is improved in website The safety of user data, it is therefore prevented that user information is abused by criminal.
Embodiment 2
The present embodiment provides a kind of leak detection systems of the user information of website, including a data packet to obtain module, one Logging state judgment module and an information leakage judgment module;
The data packet obtains module and is used to obtain the data packet that Website server receives and response user requests, the number It include one for requesting the request packet for obtaining user information and one to be used for the response bag of feedback user information according to packet;
It includes a mirror module and an extraction module that the data packet, which obtains module,;
The data packet that the mirror module is generated for mirror user access website;
The extraction module includes user information for being extracted in the data packet by a keyword detection algorithm Data packet, and the data packet that user requests is received and responded using the data packet of extraction as Website server is obtained.
The logging state judgment module is used to judge whether user is in abnormal login according to the content of the request packet State;
The request packet includes a login banner number, and the logging state judgment module is used for according in the request packet Appearance judges whether user is in abnormal login state are as follows:
The logging state judgment module is used to judge by the value of the login banner number whether user to be in abnormal and step on Record state.
The information leakage judgment module is used for the response of the feedback user information in the case where user is in abnormal login state The corresponding page of packet is judged as an information leakage page;
The abnormal login state includes that the state and the state logged in using erroneous logons number that accession number logs in is not used.
The leak detection systems further include a plugging module, and the plugging module is used for the fire prevention wall layers in website to institute It states the information leakage page and executes plugging operations.
As shown in Fig. 2, in specific implementation, user A access website X, corresponding more Web (network) server of website X, User A is accessed user at core switch by the Web server that the network connected by core switch accesses website X Traffic mirroring get off, and filter which includes the data packets of user information, and those data packets be transmitted to flow analysis Device, NetStream Data Analyzer are connect with a monitoring background terminal, and administrator executes the user information of website on monitoring background terminal Leaking data monitoring, and such implementation is within the scope of the invention.
As it can be seen that the leak detection systems of the present embodiment be deployed in externally provided with electric business website web services server it is same One network segment analyzes all data packets relevant to user information by way of bypassing mirror image, can be directed to the information of user Strict detection is carried out with the presence or absence of leakage, and control measure is taken to the leakage page detected in the later period, improves website The safety of interior user data, it is therefore prevented that user information is abused by criminal.And the patching bugs page, it avoids large-scale Leaking data reduces user's loss, improves web portal security.
Although specific embodiments of the present invention have been described above, it will be appreciated by those of skill in the art that these It is merely illustrative of, protection scope of the present invention is defined by the appended claims.Those skilled in the art is not carrying on the back Under the premise of from the principle and substance of the present invention, many changes and modifications may be made, but these are changed Protection scope of the present invention is each fallen with modification.

Claims (8)

1. a kind of leakage detection method of the user information of website characterized by comprising
S1, obtain Website server receive and response user request data packet, the data packet include one for request used The request packet of family information and a response bag for feedback user information;
S2, according to the content of the request packet judge whether user is in abnormal login state, and abnormal login will be in user The page corresponding to the response bag of feedback user information is as an information leakage page under state;
The abnormal login state includes that the state and the state logged in using erroneous logons number that accession number logs in is not used;
Step S1Include:
S11, mirror user access website generate data packet;
S12, extracted by a keyword detection algorithm include in the data packet user information data packet, and by extraction Data packet receives and responds the data packet that user requests as Website server is obtained.
2. leakage detection method as described in claim 1, which is characterized in that the request packet includes a login banner number, step Rapid S2The middle content according to the request packet judges whether user is in abnormal login state are as follows:
S21, by the value of the login banner number judge whether user is in abnormal login state.
3. leakage detection method as claimed in claim 2, which is characterized in that step S21Are as follows:
When the value of the login banner number is the first preset value, user is in the state that accession number logs in that is not used;When described When the value of login banner number is the second preset value, user is in the state logged in using erroneous logons number.
4. leakage detection method as described in claim 1, which is characterized in that the leakage detection method further include:
S3, website fire prevention wall layers to the information leakage page execute plugging operations.
5. the leakage detection method as described in any one of claim 1-4, which is characterized in that the user information includes using In the contact method of name in an account book and user, and the Transaction Information that executes on the web of the address information including user and user It is one or more.
6. a kind of leak detection systems of the user information of website, which is characterized in that obtain module, a login including a data packet Condition judgment module and an information leakage judgment module;
The data packet obtains module and is used to obtain the data packet that Website server receives and response user requests, the data packet Including one for requesting the request packet for obtaining user information and one to be used for the response bag of feedback user information;
The logging state judgment module is used to judge whether user is in abnormal login state according to the content of the request packet;
The information leakage judgment module is used for the response bag institute of the feedback user information in the case where user is in abnormal login state The corresponding page is judged as an information leakage page;
The abnormal login state includes that the state and the state logged in using erroneous logons number that accession number logs in is not used;
It includes a mirror module and an extraction module that the data packet, which obtains module,;
The data packet that the mirror module is generated for mirror user access website;
The extraction module be used for extracted by a keyword detection algorithm include in the data packet user information data Packet, and the data packet that user requests is received and responded using the data packet of extraction as Website server is obtained.
7. leak detection systems as claimed in claim 6, which is characterized in that the request packet includes a login banner number, institute Logging state judgment module is stated for judging whether user is in abnormal login state according to the content of the request packet are as follows:
The logging state judgment module is used to judge whether user is in abnormal login shape by the value of the login banner number State.
8. leak detection systems as claimed in claim 6, which is characterized in that the leak detection systems further include a closure mould Block, the plugging module are used to execute plugging operations to the information leakage page in the fire prevention wall layers of website.
CN201610143205.4A 2016-03-14 2016-03-14 The leakage detection method and system of the user information of website Active CN105743904B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610143205.4A CN105743904B (en) 2016-03-14 2016-03-14 The leakage detection method and system of the user information of website

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610143205.4A CN105743904B (en) 2016-03-14 2016-03-14 The leakage detection method and system of the user information of website

Publications (2)

Publication Number Publication Date
CN105743904A CN105743904A (en) 2016-07-06
CN105743904B true CN105743904B (en) 2019-02-01

Family

ID=56250512

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610143205.4A Active CN105743904B (en) 2016-03-14 2016-03-14 The leakage detection method and system of the user information of website

Country Status (1)

Country Link
CN (1) CN105743904B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110895593B (en) * 2018-09-12 2023-06-20 阿里巴巴集团控股有限公司 Data processing method and device and electronic equipment

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102546272A (en) * 2010-12-08 2012-07-04 ***通信集团公司 Information leakage detection method and device and system utilizing method

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102402517A (en) * 2010-09-09 2012-04-04 北京启明星辰信息技术股份有限公司 Method and system for establishing normal database login model and method and system for detecting abnormal login behavior
CN103888451B (en) * 2014-03-10 2017-09-26 百度在线网络技术(北京)有限公司 Authorization method, the apparatus and system of certification
CN105099676B (en) * 2014-04-18 2018-10-02 阿里巴巴集团控股有限公司 A kind of user login method, user terminal and server

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102546272A (en) * 2010-12-08 2012-07-04 ***通信集团公司 Information leakage detection method and device and system utilizing method

Also Published As

Publication number Publication date
CN105743904A (en) 2016-07-06

Similar Documents

Publication Publication Date Title
CN106033514B (en) A kind of detection method and device of suspicious process
CN104301302B (en) Go beyond one's commission attack detection method and device
US10587647B1 (en) Technique for malware detection capability comparison of network security devices
CN101841533B (en) Method and device for detecting distributed denial-of-service attack
CN110472414A (en) Detection method, device, terminal device and the medium of system vulnerability
CN109039987A (en) A kind of user account login method, device, electronic equipment and storage medium
CN108156131A (en) Webshell detection methods, electronic equipment and computer storage media
CN111083132B (en) Safe access method and system for web application with sensitive data
CN102710770A (en) Identification method for network access equipment and implementation system for identification method
CN104901962B (en) A kind of detection method and device of web page attacks data
CN108989355A (en) A kind of leak detection method and device
CN103856471A (en) Cross-site scripting attack monitoring system and method
CN107517214A (en) System and method for providing computer network security
CN105678193A (en) Tamper-proof processing method and device
CN103001946A (en) Website security detection method, website security detection equipment and website security detection system
CN102970282A (en) Website security detection system
CN109547262A (en) A kind of method and its system based on zabbix monitoring trading system exception
CN103095693A (en) Method for positioning and accessing database user host information
CN102624721B (en) Feature code verification platform system and feature code verification method
CN104573486B (en) leak detection method and device
EP3451223B1 (en) Systems and methods for detecting fraudulent use of a serial code for accessing an associated value stored on a network
CN117501658A (en) Evaluation of likelihood of security event alarms
CN105743904B (en) The leakage detection method and system of the user information of website
KR20070059898A (en) Method for deterrence of personal information using server registration and apparatus thereof
CN112118241A (en) Audit penetration testing method, testing node server, management server and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant