CN105743904B - The leakage detection method and system of the user information of website - Google Patents
The leakage detection method and system of the user information of website Download PDFInfo
- Publication number
- CN105743904B CN105743904B CN201610143205.4A CN201610143205A CN105743904B CN 105743904 B CN105743904 B CN 105743904B CN 201610143205 A CN201610143205 A CN 201610143205A CN 105743904 B CN105743904 B CN 105743904B
- Authority
- CN
- China
- Prior art keywords
- user
- information
- data packet
- state
- website
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses the leakage detection method of the user information of website and systems, the described method includes: obtaining, Website server is received and the data packet of response user's request, the data packet include one for requesting the request packet for obtaining user information and one to be used for the response bag of feedback user information;Judge whether user is in abnormal login state according to the content of the request packet, and using the page corresponding to the response bag of feedback user information in the case where user is in abnormal login state as an information leakage page;The abnormal login state includes that the state and the state logged in using erroneous logons number that accession number logs in is not used.The present invention can carry out strict detection with the presence or absence of leakage for the information of user, and take control measure to the leakage page detected in the later period, improve the safety of the user data in website, it is therefore prevented that user information is abused by criminal.
Description
Technical field
The present invention relates to a kind of leakage detection method of the user information of website and systems.
Background technique
Major electric business website is produced successively because certain code vulnerabilities cause user's order data to be let out on a large scale in recent years
Dew event.Order data is the core data of electric business website, is related to user information and Transaction Details, and content is very sensitive, these
Yi Dan obtained by swindle group, they can palm off customer service and carry out all kinds of frauds, this class behavior pair to user customer transaction data
The brand and word-of-mouth influence of website are very severe.
It and is usually in the prior art the detection data at the egress gateways of electric business network to the detection method of information leakage
Whether there is sensitive data outgoing in packet, then blocks request to prevent data from leaking if there is sensitive data, to prevent electric business
Internal data leakage.But this mode leaks to from internal network the inspection of external network only for the business data of electric business
It surveys, detection can not be executed to the leakage of the data of user.
Summary of the invention
The technical problem to be solved by the present invention is in order to overcome website in the prior art user information be easy leakage and by
Criminal's abuse and traditional information leakage detection method can not execute the defect of detection to the leakage of the data of user, mention
For the leakage detection method and system of a kind of user information of website.
The present invention is to solve above-mentioned technical problem by following technical proposals:
A kind of leakage detection method of the user information of website, it is characterized in that, comprising:
S1, obtain that Website server receives and the data packet of response user's request, the data packet include one for requesting
Obtain the request packet and a response bag for feedback user information of user information;
S2, judge according to the content of the request packet whether user is in abnormal login state, and will be in different in user
The page corresponding to the response bag of feedback user information is as an information leakage page under normal logging state;
The abnormal login state includes that the state and the state logged in using erroneous logons number that accession number logs in is not used.
Analyzed in the present solution, accessing the data packet of user information involved in the data packet of website to user, with
Family is under abnormal login state the page for still returning to user information as the information leakage page, can be directed to the information of user
Strict detection is carried out with the presence or absence of leakage, and control measure is taken to the leakage page detected, improves the use in website
The safety of user data, it is therefore prevented that user information is abused by criminal.
Preferably, step S1Include:
S11, mirror user access website generate data packet;Mirror image refers to duplication operation.
S12, extracted by a keyword detection algorithm include in the data packet user information data packet, and will mention
The data packet taken receives and responds the data packet that user requests as Website server is obtained.
Keyword in keyword detection algorithm may include user name, cell-phone number, identification card number, bank's card number etc., these
Keyword is about user information, and keyword detection algorithm is in the prior art for detecting key in user information
The algorithm of word.
Preferably, the request packet includes a login banner number, step S2It is middle to judge to use according to the content of the request packet
Whether family is in abnormal login state are as follows:
S21, by the value of the login banner number judge whether user is in abnormal login state.
Preferably, step S21Are as follows:
When the value of the login banner number is the first preset value, user is in the state that accession number logs in that is not used;When
When the value of the login banner number is the second preset value, user is in the state logged in using erroneous logons number.
Preferably, the leakage detection method further include:
S3, website fire prevention wall layers to the information leakage page execute plugging operations.
Preferably, the user information includes user name and the contact method of user, and the address information including user
It is one or more in the Transaction Information executed on the web with user.
The present invention also provides a kind of leak detection systems of the user information of website, it is characterized in that, including a data packet
Obtain module, a logging state judgment module and an information leakage judgment module;
The data packet obtains module and is used to obtain the data packet that Website server receives and response user requests, the number
It include one for requesting the request packet for obtaining user information and one to be used for the response bag of feedback user information according to packet;
The logging state judgment module is used to judge whether user is in abnormal login according to the content of the request packet
State;
The information leakage judgment module is used for the response of the feedback user information in the case where user is in abnormal login state
The corresponding page of packet is judged as an information leakage page;
The abnormal login state includes that the state and the state logged in using erroneous logons number that accession number logs in is not used.
Preferably, it includes a mirror module and an extraction module that the data packet, which obtains module,;
The data packet that the mirror module is generated for mirror user access website;
The extraction module includes user information for being extracted in the data packet by a keyword detection algorithm
Data packet, and the data packet that user requests is received and responded using the data packet of extraction as Website server is obtained.
Preferably, the request packet includes a login banner number, the logging state judgment module according to for asking
The content of packet is asked to judge whether user is in abnormal login state are as follows:
The logging state judgment module is used to judge by the value of the login banner number whether user to be in abnormal and step on
Record state.
Preferably, the leak detection systems further include a plugging module, the plugging module is used for the fire prevention in website
Wall layers execute plugging operations to the information leakage page.
The positive effect of the present invention is that: user is accessed user information involved in the data packet of website by the present invention
Data packet is analyzed, and the page of user information is still returned in the case where user is in abnormal login state as information leakage page
Face can carry out strict detection with the presence or absence of leakage for the information of user, and adopt in the later period to the leakage page detected
Control measure is taken, improves the safety of the user data in website, it is therefore prevented that user information is abused by criminal.
Detailed description of the invention
Fig. 1 is the leakage detection method flow chart of the user information of the website of the embodiment of the present invention 1.
Fig. 2 is the architecture diagram of the leak detection systems of the user information of the website of the embodiment of the present invention 2.
Specific embodiment
The present invention is further illustrated below by the mode of embodiment, but does not therefore limit the present invention to the reality
It applies among a range.
Embodiment 1
The present invention relates to a kind of leakage detection methods of the user information of website, as shown in Figure 1, comprising:
Step 101 obtains the data packet that Website server receives and response user requests;
The data packet includes one for requesting the request packet for obtaining user information and one to be used for the sound of feedback user information
It should wrap;
Specifically, the data packet that mirror user access website generates such as replicates whole http that user accesses website
(Hyper Text Transfer Protocol, hypertext transfer protocol) flow, can be multiple by bypassing at core switch
Make those flows, then extracted by a keyword detection algorithm include in the data packet user information data packet, and
The data packet that user requests is received and responded using the data packet of extraction as Website server is obtained.Such as, pass through identification card number, silver
The information extractions such as row card number are related to the data packet of user information, which includes user name, the contact method of user, user
Address information and the Transaction Information that executes on the web of user, such as the order information of user.
Step 102 judges whether user is in abnormal login state according to the content of the request packet, and will be at user
The page corresponding to the response bag of feedback user information is as an information leakage page under abnormal login state;
The abnormal login state includes that the state and the state logged in using erroneous logons number that accession number logs in is not used.
Specifically, the request packet includes a login banner number, whether judges user by the value of the login banner number
In abnormal login state, since the login banner number of each user is different, stepping on before each user logs in and after logging in
The value for recording identification number is not also identical, and when the value of the login banner number is the first preset value, user, which is in, is not used accession number
The state of login;When the value of the login banner number is the second preset value, user is in the shape logged in using erroneous logons number
State.And such technical solution (can be referred to for distinguishing user identity, conversate tracking storage by the cookie of accession number
Data on user local terminal) mode realizes.
And if user still can return to the page of user information under abnormal login state, illustrate the user that request obtains
Information is external disclosure, be it is unprotected, such situation then think user information in the presence of leakage.For popular, when
User A is requested when checking the air ticket order information just bought on website, and the air ticket that Website server normally returns to user A is ordered
Single information, and after changing user A Website login using login banner, such as using the login banner number of a test account, A weight
When checking the air ticket order information just bought on website, Website server still returns to the air ticket order of user A for new request
Information then illustrates that the air ticket order information of user A has leakage at this time.
It is appreciated that the air ticket order information of user A can only be checked by user A, and using test account when views
The page should be the air ticket order information of test account, can then detect the leaking data point of user information at this time.Similarly, work as user
Simultaneously accession number Website login is not used in A, and user A needs check the air ticket order information just bought, website service on website
Device remains on the air ticket order information for returning to user A, also illustrates that the air ticket order information of user A has leakage at this time.
Since the login banner number of each user is different, any accession number and user without using user A
The login banner number of A checks the user of the user information of A, in the user letter of user A for not obtaining user A authorization and obtaining
Breath, can determine whether as information leakage point.
Step 103, the fire prevention wall layers in website execute plugging operations to the information leakage page.
Plugging operations can are as follows: when user A request obtains the user data of itself, Website server does not return to user information.
When finding information leakage point, website issues alarm signal with timely notification technique personnel, and technical staff can be fast after receiving the report for police service
Speed response, and the patching bugs page, avoid large-scale leaking data, reduce user's loss, improve web portal security.
After the detection method of the present embodiment, technical staff can actively perceive user information into website be leaked,
By test, website runs the page of half a year accumulative discovery user information leakage up to 100 many places, effectively prevent large-scale data
Leakage problem.
The data packet that user is accessed user information involved in the data packet of website by the present embodiment is analyzed, at user
The page of user information is still returned under abnormal login state as the information leakage page, can for user information whether
Strict detection is carried out in the presence of leakage, and control measure is taken to the leakage page detected in the later period, is improved in website
The safety of user data, it is therefore prevented that user information is abused by criminal.
Embodiment 2
The present embodiment provides a kind of leak detection systems of the user information of website, including a data packet to obtain module, one
Logging state judgment module and an information leakage judgment module;
The data packet obtains module and is used to obtain the data packet that Website server receives and response user requests, the number
It include one for requesting the request packet for obtaining user information and one to be used for the response bag of feedback user information according to packet;
It includes a mirror module and an extraction module that the data packet, which obtains module,;
The data packet that the mirror module is generated for mirror user access website;
The extraction module includes user information for being extracted in the data packet by a keyword detection algorithm
Data packet, and the data packet that user requests is received and responded using the data packet of extraction as Website server is obtained.
The logging state judgment module is used to judge whether user is in abnormal login according to the content of the request packet
State;
The request packet includes a login banner number, and the logging state judgment module is used for according in the request packet
Appearance judges whether user is in abnormal login state are as follows:
The logging state judgment module is used to judge by the value of the login banner number whether user to be in abnormal and step on
Record state.
The information leakage judgment module is used for the response of the feedback user information in the case where user is in abnormal login state
The corresponding page of packet is judged as an information leakage page;
The abnormal login state includes that the state and the state logged in using erroneous logons number that accession number logs in is not used.
The leak detection systems further include a plugging module, and the plugging module is used for the fire prevention wall layers in website to institute
It states the information leakage page and executes plugging operations.
As shown in Fig. 2, in specific implementation, user A access website X, corresponding more Web (network) server of website X,
User A is accessed user at core switch by the Web server that the network connected by core switch accesses website X
Traffic mirroring get off, and filter which includes the data packets of user information, and those data packets be transmitted to flow analysis
Device, NetStream Data Analyzer are connect with a monitoring background terminal, and administrator executes the user information of website on monitoring background terminal
Leaking data monitoring, and such implementation is within the scope of the invention.
As it can be seen that the leak detection systems of the present embodiment be deployed in externally provided with electric business website web services server it is same
One network segment analyzes all data packets relevant to user information by way of bypassing mirror image, can be directed to the information of user
Strict detection is carried out with the presence or absence of leakage, and control measure is taken to the leakage page detected in the later period, improves website
The safety of interior user data, it is therefore prevented that user information is abused by criminal.And the patching bugs page, it avoids large-scale
Leaking data reduces user's loss, improves web portal security.
Although specific embodiments of the present invention have been described above, it will be appreciated by those of skill in the art that these
It is merely illustrative of, protection scope of the present invention is defined by the appended claims.Those skilled in the art is not carrying on the back
Under the premise of from the principle and substance of the present invention, many changes and modifications may be made, but these are changed
Protection scope of the present invention is each fallen with modification.
Claims (8)
1. a kind of leakage detection method of the user information of website characterized by comprising
S1, obtain Website server receive and response user request data packet, the data packet include one for request used
The request packet of family information and a response bag for feedback user information;
S2, according to the content of the request packet judge whether user is in abnormal login state, and abnormal login will be in user
The page corresponding to the response bag of feedback user information is as an information leakage page under state;
The abnormal login state includes that the state and the state logged in using erroneous logons number that accession number logs in is not used;
Step S1Include:
S11, mirror user access website generate data packet;
S12, extracted by a keyword detection algorithm include in the data packet user information data packet, and by extraction
Data packet receives and responds the data packet that user requests as Website server is obtained.
2. leakage detection method as described in claim 1, which is characterized in that the request packet includes a login banner number, step
Rapid S2The middle content according to the request packet judges whether user is in abnormal login state are as follows:
S21, by the value of the login banner number judge whether user is in abnormal login state.
3. leakage detection method as claimed in claim 2, which is characterized in that step S21Are as follows:
When the value of the login banner number is the first preset value, user is in the state that accession number logs in that is not used;When described
When the value of login banner number is the second preset value, user is in the state logged in using erroneous logons number.
4. leakage detection method as described in claim 1, which is characterized in that the leakage detection method further include:
S3, website fire prevention wall layers to the information leakage page execute plugging operations.
5. the leakage detection method as described in any one of claim 1-4, which is characterized in that the user information includes using
In the contact method of name in an account book and user, and the Transaction Information that executes on the web of the address information including user and user
It is one or more.
6. a kind of leak detection systems of the user information of website, which is characterized in that obtain module, a login including a data packet
Condition judgment module and an information leakage judgment module;
The data packet obtains module and is used to obtain the data packet that Website server receives and response user requests, the data packet
Including one for requesting the request packet for obtaining user information and one to be used for the response bag of feedback user information;
The logging state judgment module is used to judge whether user is in abnormal login state according to the content of the request packet;
The information leakage judgment module is used for the response bag institute of the feedback user information in the case where user is in abnormal login state
The corresponding page is judged as an information leakage page;
The abnormal login state includes that the state and the state logged in using erroneous logons number that accession number logs in is not used;
It includes a mirror module and an extraction module that the data packet, which obtains module,;
The data packet that the mirror module is generated for mirror user access website;
The extraction module be used for extracted by a keyword detection algorithm include in the data packet user information data
Packet, and the data packet that user requests is received and responded using the data packet of extraction as Website server is obtained.
7. leak detection systems as claimed in claim 6, which is characterized in that the request packet includes a login banner number, institute
Logging state judgment module is stated for judging whether user is in abnormal login state according to the content of the request packet are as follows:
The logging state judgment module is used to judge whether user is in abnormal login shape by the value of the login banner number
State.
8. leak detection systems as claimed in claim 6, which is characterized in that the leak detection systems further include a closure mould
Block, the plugging module are used to execute plugging operations to the information leakage page in the fire prevention wall layers of website.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610143205.4A CN105743904B (en) | 2016-03-14 | 2016-03-14 | The leakage detection method and system of the user information of website |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610143205.4A CN105743904B (en) | 2016-03-14 | 2016-03-14 | The leakage detection method and system of the user information of website |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105743904A CN105743904A (en) | 2016-07-06 |
CN105743904B true CN105743904B (en) | 2019-02-01 |
Family
ID=56250512
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610143205.4A Active CN105743904B (en) | 2016-03-14 | 2016-03-14 | The leakage detection method and system of the user information of website |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105743904B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110895593B (en) * | 2018-09-12 | 2023-06-20 | 阿里巴巴集团控股有限公司 | Data processing method and device and electronic equipment |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102546272A (en) * | 2010-12-08 | 2012-07-04 | ***通信集团公司 | Information leakage detection method and device and system utilizing method |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102402517A (en) * | 2010-09-09 | 2012-04-04 | 北京启明星辰信息技术股份有限公司 | Method and system for establishing normal database login model and method and system for detecting abnormal login behavior |
CN103888451B (en) * | 2014-03-10 | 2017-09-26 | 百度在线网络技术(北京)有限公司 | Authorization method, the apparatus and system of certification |
CN105099676B (en) * | 2014-04-18 | 2018-10-02 | 阿里巴巴集团控股有限公司 | A kind of user login method, user terminal and server |
-
2016
- 2016-03-14 CN CN201610143205.4A patent/CN105743904B/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102546272A (en) * | 2010-12-08 | 2012-07-04 | ***通信集团公司 | Information leakage detection method and device and system utilizing method |
Also Published As
Publication number | Publication date |
---|---|
CN105743904A (en) | 2016-07-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106033514B (en) | A kind of detection method and device of suspicious process | |
CN104301302B (en) | Go beyond one's commission attack detection method and device | |
US10587647B1 (en) | Technique for malware detection capability comparison of network security devices | |
CN101841533B (en) | Method and device for detecting distributed denial-of-service attack | |
CN110472414A (en) | Detection method, device, terminal device and the medium of system vulnerability | |
CN109039987A (en) | A kind of user account login method, device, electronic equipment and storage medium | |
CN108156131A (en) | Webshell detection methods, electronic equipment and computer storage media | |
CN111083132B (en) | Safe access method and system for web application with sensitive data | |
CN102710770A (en) | Identification method for network access equipment and implementation system for identification method | |
CN104901962B (en) | A kind of detection method and device of web page attacks data | |
CN108989355A (en) | A kind of leak detection method and device | |
CN103856471A (en) | Cross-site scripting attack monitoring system and method | |
CN107517214A (en) | System and method for providing computer network security | |
CN105678193A (en) | Tamper-proof processing method and device | |
CN103001946A (en) | Website security detection method, website security detection equipment and website security detection system | |
CN102970282A (en) | Website security detection system | |
CN109547262A (en) | A kind of method and its system based on zabbix monitoring trading system exception | |
CN103095693A (en) | Method for positioning and accessing database user host information | |
CN102624721B (en) | Feature code verification platform system and feature code verification method | |
CN104573486B (en) | leak detection method and device | |
EP3451223B1 (en) | Systems and methods for detecting fraudulent use of a serial code for accessing an associated value stored on a network | |
CN117501658A (en) | Evaluation of likelihood of security event alarms | |
CN105743904B (en) | The leakage detection method and system of the user information of website | |
KR20070059898A (en) | Method for deterrence of personal information using server registration and apparatus thereof | |
CN112118241A (en) | Audit penetration testing method, testing node server, management server and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |