CN113127828A - Interface protection method, device, equipment and storage medium based on network security - Google Patents
Interface protection method, device, equipment and storage medium based on network security Download PDFInfo
- Publication number
- CN113127828A CN113127828A CN202110538993.8A CN202110538993A CN113127828A CN 113127828 A CN113127828 A CN 113127828A CN 202110538993 A CN202110538993 A CN 202110538993A CN 113127828 A CN113127828 A CN 113127828A
- Authority
- CN
- China
- Prior art keywords
- interface
- user
- network security
- access
- keywords
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/451—Execution arrangements for user interfaces
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Human Computer Interaction (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention relates to the technical field of computer network security, and discloses an interface protection method, device, equipment and storage medium based on network security, wherein the method comprises the following steps: acquiring a user access request received by the terminal equipment; determining the identity of the user according to the user access request; pushing a corresponding display interface to the terminal equipment according to the user identity; acquiring user access data; and updating the display interface according to the user access data. The invention can solve the problem that personal network information is stolen because account passwords are stolen and a system is not locked.
Description
Technical Field
The invention relates to the technical field of computer network security, in particular to an interface protection method, device, equipment and storage medium based on network security.
Background
With the increasing rise of various services of networks, increasingly large networks and their rapidly updated related technologies also bring increasing security threats. The network information is like a double-edged sword, so that the development of science and technology and the social progress are promoted on the one hand; on the other hand, network security has attracted global attention due to information pollution, information authorization, infiltration of message solicitation, and even information crime by the network.
At present, when a network system provides information for a user, in order to ensure the security of the information, the login of the network system is often required to be encrypted, however, the encryption mode in the traditional technology is generally performed in a mode that a single login account number is matched with an account number password, so that some lawbreakers can easily enter the network system after obtaining the login account number and the login password by a certain technical means and can illegally steal data information in the network system, and the security is low; in another scenario, after the user himself logs in the network system, the user himself may leave the terminal device for a short time, and the user himself does not lock the network system, and at this time, other people can steal information in the network system in a handy manner, and the security is low.
Disclosure of Invention
The embodiment of the invention aims to provide an interface protection method, device, equipment and storage medium based on network security, which can solve the problem that personal network information is stolen due to account password stealing and system unlocking.
In order to achieve the above object, an embodiment of the present invention provides an interface protection method based on network security, where the method is executed by a server, and the server is connected to a terminal device, and the method includes:
acquiring a user access request received by the terminal equipment;
determining the identity of the user according to the user access request;
pushing a corresponding display interface to the terminal equipment according to the user identity;
acquiring user access data;
and updating the display interface according to the user access data.
Preferably, the user access request includes a user ID and a current login address, then,
the determining the user identity according to the user access request specifically includes:
acquiring a common login address corresponding to the user ID according to the user ID;
when the current login address is consistent with the common login address, determining that the user identity is the user himself;
and when the current login address is inconsistent with the common login address, determining that the user identity is suspected of other people.
Preferably, the pushing the corresponding display interface to the terminal device according to the user identity specifically includes:
when the user identity is the user owner, pushing a real interface to the terminal equipment;
and when the user identity is suspected to be the other person, pushing a virtual interface to the terminal equipment.
Preferably, the updating the display interface according to the user access data specifically includes:
extracting access keywords of the user access data, and calculating the matching degree of the access keywords and preset keywords;
when the matching degree is higher than a preset matching threshold value, updating the display interface to the real interface;
when the matching degree is lower than the preset matching threshold, updating the display interface to the virtual interface; further, the preset matching threshold is not less than 80%.
Furthermore, a Jaro-Winkler calculation method, a longest public string calculation method or a similarity calculation method based on an editing distance is adopted as a matching degree calculation method.
Preferably, the extracting access keywords of the user access data and calculating the matching degree of the access keywords and preset keywords specifically include:
counting the occurrence frequency of different words in the user access data, and taking the words with the frequency higher than a preset frequency threshold value as the access keywords;
acquiring a preset keyword corresponding to a current user; the preset keywords are determined according to historical access data of the current user;
calculating the matching degree of the access keywords and the preset keywords;
further, the method for calculating the matching degree comprises the following steps: and respectively judging whether each access keyword exists in a preset keyword set, counting the number of the access keywords consistent with the preset keywords, and taking the ratio of the counted number to the total number of all the access keywords as the matching degree of the corresponding access keywords and the preset keywords.
The invention adopts a matching method suitable for smaller keyword strings, and has the advantages of small space and time complexity, high performance efficiency, good stability of matching results and real-time and quick speed.
Preferably, the updating the display interface to the real interface specifically includes:
if the display interface is a real interface, continuing to push the real interface to the terminal equipment;
and if the display interface is a virtual interface, converting the display interface into the real interface and pushing the real interface to the terminal equipment.
Preferably, the updating the display interface to the virtual interface specifically includes:
if the display interface is a real interface, converting the display interface into the virtual interface and pushing the virtual interface to the terminal equipment;
and if the display interface is a virtual interface, continuing to push the virtual interface to the terminal equipment.
Another embodiment of the present invention provides an interface protection device based on network security, where the interface protection device is disposed in a server, the interface protection device is connected to a terminal device, and the interface protection device is configured to implement all the processes of any one of the interface protection methods based on network security, where the interface protection device includes:
an access request acquisition module, configured to acquire a user access request received by the terminal device;
the user identity determining module is used for determining the user identity according to the user access request;
the interface pushing module is used for pushing a corresponding display interface to the terminal equipment according to the user identity;
and the access data acquisition module is used for acquiring the user access data.
Yet another embodiment of the present invention provides a network security-based interface protection apparatus, which includes a processor, a memory, and a computer program stored in the memory and configured to be executed by the processor, and when the processor executes the computer program, the network security-based interface protection method according to any one of the above embodiments is implemented.
The invention further provides a computer-readable storage medium, which includes a stored computer program, wherein when the computer program runs, the apparatus in which the computer-readable storage medium is located is controlled to execute any one of the above-mentioned methods for interface protection based on network security.
Compared with the prior art, the interface protection method, the device, the equipment and the storage medium based on network security provided by the embodiment of the invention have the advantages that firstly, when the current user is confirmed to be the user, the real interface is pushed to the user, the user can continuously browse or search the required information in a network system through the real interface, if the user is confirmed to be not the user, the virtual interface is pushed to the user, so that the current suspected other users can not see the data information in the real interface to a certain extent, further, whether the access keywords browsed and searched in the display interface are matched with the preset keywords or not is determined, whether the current user is continuously operated by the user can be further confirmed through judging the matching degree of the keywords, and then different display interfaces can be continuously selected to push the user, therefore, the safety protection of the system network data is realized, and the network information is prevented from being stolen in real time.
Drawings
Fig. 1 is a schematic flowchart of an interface protection method based on network security according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of an interface protection device based on network security according to an embodiment of the present invention;
fig. 3 is a schematic diagram of an interface protection device based on network security according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, which is a flowchart illustrating an interface protection method based on network security according to the embodiment of the present invention, where the method is executed by a server, and the server is connected to a terminal device, the method includes steps S1 to S5:
s1, acquiring a user access request received by the terminal equipment;
s2, determining the user identity according to the user access request;
s3, pushing a corresponding display interface to the terminal equipment according to the user identity;
s4, acquiring user access data;
and S5, updating the display interface according to the user access data.
It should be noted that the present invention adopts a Server-Client, i.e. Client-Server (C/S) structure, and the execution main body of the above method is set at the Server side, and the Server is connected with the terminal device for pushing information. The terminal device may be hardware or software. When the terminal device is hardware, it may be various electronic devices having communication, sound recording and camera functions, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like. When the terminal device is software, the terminal device can be installed in the electronic devices listed above. It may be implemented as multiple pieces of software or software modules, or as a single piece of software or software module. And is not particularly limited herein.
Specifically, the user accesses the terminal device, that is, the terminal device receives an access request of the user and forwards the access request to the server, or the server actively acquires the access request of the user received by the terminal device.
And the server determines the user identity according to the user access request. Generally, the user access request includes login information of the user, so that basic information of the user who logs in the network system at the moment can be determined according to the login information, and further, the identity of the user is temporarily determined according to the basic information of the user. The user identity includes the user himself and the suspected others, namely the login of the network system performed by the user himself or the login operation of the non-user himself.
Pushing a corresponding display interface to the terminal equipment according to the user identity; if the user is judged to be the user himself, the real interface is pushed, and if the user is judged to be suspected of other people, the virtual interface is pushed. The difference between the real interface and the virtual interface is the difference of the display information, that is, the information displayed in the real interface is real and effective, and the information displayed in the virtual interface is false and ineffective.
After the terminal equipment receives and displays the display interface pushed by the server, the login user can interact with the terminal equipment to realize information transmission, so that user access data are generated, and accordingly the server can acquire the user access data.
In order to further ensure the network information security, the server further determines the authenticity of the user identity according to the user access data, and correspondingly updates the current display interface according to the authenticity of the user identity.
The embodiment of the invention effectively solves the problem that personal network information is stolen due to account password stealing and system unlocking by providing the interface protection method based on network security and correspondingly pushing different display interfaces to the terminal equipment according to different user identities.
As an improvement of the above solution, the user access request includes a user ID and a current login address, then,
the determining the user identity according to the user access request specifically includes:
acquiring a common login address corresponding to the user ID according to the user ID;
when the current login address is consistent with the common login address, determining that the user identity is the user himself;
and when the current login address is inconsistent with the common login address, determining that the user identity is suspected of other people.
Specifically, the user access request includes a user ID and a current login address, then,
the determining the user identity according to the user access request specifically includes:
in the preliminary determination of the user identity, the registered user information when the user accesses the terminal device for the first time can be used as the entry point. Generally, the registered user information includes a user ID and a common login address. Therefore, the common login address corresponding to the user ID can be acquired according to the user ID.
And after the common login address is obtained, judging whether the current login address is consistent with the common login address.
When the current login address is consistent with the common login address, determining the identity of the user as the user himself;
and when the current login address is inconsistent with the common login address, determining that the user identity is suspected of other people.
As an improvement of the above scheme, the pushing a corresponding display interface to the terminal device according to the user identity specifically includes:
when the user identity is the user owner, pushing a real interface to the terminal equipment;
and when the user identity is suspected to be the other person, pushing a virtual interface to the terminal equipment.
Specifically, when the user identity is the user owner, a real interface is pushed to the terminal device, so that the user owner can normally acquire information in the network system.
When the user identity is suspected to be other people, in order to ensure the safety of the network system, a virtual interface is pushed to the terminal equipment, so that the network information of the real interface is prevented from being stolen.
As an improvement of the above scheme, the updating the display interface according to the user access data specifically includes:
extracting access keywords of the user access data, and calculating the matching degree of the access keywords and preset keywords;
when the matching degree is higher than a preset matching threshold value, updating the display interface to the real interface;
and when the matching degree is lower than the preset matching threshold, updating the display interface to the virtual interface.
It can be understood that when others adopt the correct user ID and log in the network system under the common login address, misjudgment of the user identity may occur, and the current user is misjudged as the user himself. Of course, when a real user himself logs in by using other terminal devices in a different place, there may be a case that the user himself is judged as a suspected other person by mistake; based on this, in the embodiment of the present invention, when the current user browses the real interface or the virtual interface, the keyword extraction may be performed on the information interest point of the current user in the network system, and then the keyword of the current user is matched with the preset keyword of the user of the current user ID, when the matching degree is high, the identity of the user may be continuously confirmed, and the identity of a suspected other person determined by mistake may also be converted into the user, so that the user may obtain normal data of the network system.
Specifically, an access keyword of user access data is extracted, and a matching degree between the access keyword and a preset keyword is calculated, and a calculation method of the matching degree may adopt a Jaro-Winkler calculation method, a calculation method of a longest public word string, a calculation method of similarity based on an edit distance, or the like. The information interest points of each user are relatively stable, so that the selection of the preset keywords can be determined according to the historical access data of the users. It should be noted that each user has a corresponding preset keyword, which may be the same or different.
When the matching degree is higher than the preset matching threshold value, the current login user is the user himself with a high probability, the display interface is updated to be a real interface, namely, the final display interface of the terminal equipment is guaranteed to be the real interface, so that normal data acquisition of the network system by the user himself is met. The method comprises the steps that whether a current login user is the user is identified through an interface protection method, so that the identification is not accurate in percentage, a preset matching threshold value is set, and if the preset matching threshold value is higher than the preset matching threshold value, the current login user is considered to be the user.
Preferably, the preset matching threshold value preferably sets the range interval to not less than 80%.
When the matching degree is lower than a preset matching threshold value, the current login user is probably not the user himself, the display interface is updated to be a virtual interface, namely, the final display interface of the terminal equipment is guaranteed to be the virtual interface, so that network information of a real interface is prevented from being stolen. In order to further improve safety supervision, relevant information of the current user can be collected and sent to a network management center so as to remind management personnel to take corresponding measures in time. The related information of the user includes, but is not limited to, user access data, user information, and biological information of the user, the biological information being face image information, and the like.
As an improvement of the above scheme, the extracting access keywords of the user access data, and calculating a matching degree between the access keywords and preset keywords specifically include:
counting the occurrence frequency of different words in the user access data, and taking the words with the frequency higher than a preset frequency threshold value as the access keywords;
acquiring a preset keyword corresponding to a current user; the preset keywords are determined according to historical access data of the current user;
and calculating the matching degree of the access keywords and the preset keywords.
Specifically, user access data are obtained, access words in the user access data are extracted, the occurrence frequency of different words in the user access data is counted, and words with the frequency higher than a preset frequency threshold value are used as access keywords;
and acquiring preset keywords corresponding to the current user, specifically acquiring the preset keywords correspondingly according to the user ID. The preset keywords are determined according to historical access data of a current user, after the historical access data of the user is obtained, words with the frequency higher than a preset threshold value in the historical access data are extracted to serve as the preset keywords, and then the preset keywords are updated and stored in corresponding user information.
Calculating the matching degree of the access keywords and the preset keywords, specifically: and respectively judging whether each access keyword exists in a preset keyword set, counting the number of the access keywords consistent with the preset keywords, and taking the ratio of the counted number to the total number of all the access keywords as the matching degree of the corresponding access keywords and the preset keywords.
The invention adopts a matching method suitable for smaller keyword strings, and has the advantages of small space and time complexity, high performance efficiency, good stability of matching results and real-time and quick speed.
As an improvement of the above scheme, the updating the display interface to the real interface specifically includes:
if the display interface is a real interface, continuing to push the real interface to the terminal equipment;
and if the display interface is a virtual interface, converting the display interface into the real interface and pushing the real interface to the terminal equipment.
Specifically, if the display interface is a real interface, the real interface is continuously pushed to the terminal device, which corresponds to the first determination that the user identity is the user identity and the second determination that the user identity is also the user identity, and at this time, the display interface does not need to be converted, and the current state is maintained.
If the display interface is a virtual interface, the display interface is converted into a real interface and pushed to the terminal device through preliminary judgment, which corresponds to the situation that the user identity is judged to be suspected other people for the first time, and the user identity is judged to be the user himself for the second time, and at the moment, the display interface needs to be converted into the real interface.
As an improvement of the above scheme, the updating the display interface to the virtual interface specifically includes:
if the display interface is a real interface, converting the display interface into the virtual interface and pushing the virtual interface to the terminal equipment;
and if the display interface is a virtual interface, continuing to push the virtual interface to the terminal equipment.
Specifically, if the display interface is a real interface, converting the display interface into a virtual interface and pushing the virtual interface to the terminal device; the situation corresponds to the first judgment that the user identity is the user identity, the second judgment that the user identity is suspected of other people, and at this moment, the display interface needs to be converted into a virtual interface.
If the display interface is a virtual interface, continuously pushing the virtual interface to the terminal equipment; the situation corresponds to the first judgment that the user identity is suspected of other people and the second judgment that the user identity is also suspected of other people, and at this moment, the display interface does not need to be converted, and the virtual interface is kept.
Referring to fig. 2, which is a schematic structural diagram of an interface protection device based on network security according to the embodiment of the present invention, the interface protection device is disposed in the server, and the interface protection device is connected to a terminal device, where the interface protection device includes:
an access request obtaining module 11, configured to obtain a user access request received by the terminal device;
a user identity determining module 12, configured to determine a user identity according to the user access request;
the interface pushing module 13 is configured to push a corresponding display interface to the terminal device according to the user identity;
an access data acquisition module 14, configured to acquire user access data;
and the interface updating module 15 is configured to update the display interface according to the user access data.
The interface protection device based on network security provided by the embodiment of the present invention can implement all the processes of the interface protection method based on network security described in any of the above embodiments, and the functions and technical effects of each module and unit in the device are respectively the same as those of the interface protection method based on network security described in the above embodiments, and are not described herein again.
Preferably, the user access request includes a user ID and a current login address, then,
the user identity determining module 12 specifically includes:
a login address obtaining unit, configured to obtain a common login address corresponding to the user ID according to the user ID;
the first user identity determining unit is used for determining the user identity as the user when the current login address is consistent with the common login address;
and the second user identity determining unit is used for determining the user identity as suspected other people when the current login address is inconsistent with the common login address.
Preferably, the interface pushing module 13 specifically includes:
the first interface pushing unit is used for pushing a real interface to the terminal equipment when the user identity is the user owner;
and the second interface pushing unit is used for pushing a virtual interface to the terminal equipment when the user identity is suspected to be other person.
Preferably, the interface updating module 15 specifically includes:
the matching degree calculation unit is used for extracting the access keywords of the user access data and calculating the matching degree of the access keywords and preset keywords; the method for calculating the matching degree adopts a Jaro-Winkler calculation method, a longest public word string calculation method or a similarity calculation method based on an editing distance;
the first interface updating unit is used for updating the display interface to the real interface when the matching degree is higher than a preset matching threshold;
the second interface updating unit is used for updating the display interface into the virtual interface when the matching degree is lower than the preset matching threshold; further, the preset matching threshold is not less than 80%.
Preferably, the matching degree calculation unit is specifically configured to:
counting the occurrence frequency of different words in the user access data, and taking the words with the frequency higher than a preset frequency threshold value as the access keywords;
acquiring a preset keyword corresponding to a current user; the preset keywords are determined according to historical access data of the current user;
calculating the matching degree of the access keywords and the preset keywords;
further, the method for calculating the matching degree comprises the following steps: and respectively judging whether each access keyword exists in a preset keyword set, counting the number of the access keywords consistent with the preset keywords, and taking the ratio of the counted number to the total number of all the access keywords as the matching degree of the corresponding access keywords and the preset keywords.
Preferably, the first interface updating unit is specifically configured to:
if the display interface is a real interface, continuing to push the real interface to the terminal equipment;
and if the display interface is a virtual interface, converting the display interface into the real interface and pushing the real interface to the terminal equipment.
Preferably, the second interface updating unit is specifically configured to:
if the display interface is a real interface, converting the display interface into the virtual interface and pushing the virtual interface to the terminal equipment;
and if the display interface is a virtual interface, continuing to push the virtual interface to the terminal equipment.
Referring to fig. 3, it is a schematic diagram of an interface protection apparatus based on network security according to this embodiment of the present invention, where the interface protection apparatus based on network security includes a processor 10, a memory 20, and a computer program stored in the memory 20 and configured to be executed by the processor 10, and when the processor 10 executes the computer program, the interface protection method based on network security according to any of the above embodiments is implemented.
Illustratively, the computer program may be divided into one or more modules/units, which are stored in the memory 20 and executed by the processor 10 to implement the present invention. One or more modules/units may be a series of computer program instruction segments capable of performing specific functions, which are used to describe the execution process of a computer program in the interface protection method based on network security. For example, the computer program may be divided into an access request obtaining module, a user identity determining module, an interface pushing module, an access data obtaining module, and an interface updating module, where the specific functions of the modules are as follows:
an access request obtaining module 11, configured to obtain a user access request received by the terminal device;
a user identity determining module 12, configured to determine a user identity according to the user access request;
the interface pushing module 13 is configured to push a corresponding display interface to the terminal device according to the user identity;
an access data acquisition module 14, configured to acquire user access data;
and the interface updating module 15 is configured to update the display interface according to the user access data.
The interface protection device based on network security can be a desktop computer, a notebook computer, a palm computer, a cloud server and other computing devices. The interface protection device based on network security can include, but is not limited to, a processor and a memory. It will be understood by those skilled in the art that the schematic diagram 3 is merely an example of the interface protection device based on network security, and does not constitute a limitation to the terminal device, and may include more or less components than those shown, or combine some components, or different components, for example, the interface protection device based on network security may further include an input-output device, a network access device, a bus, etc.
The Processor 10 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. The general-purpose processor may be a microprocessor or the processor 10 may be any conventional processor or the like, the processor 10 being the control center of the terminal device and connecting the various parts of the whole terminal device with various interfaces and lines.
The memory 20 may be used to store the computer programs and/or modules, and the processor 10 implements various functions of the terminal device by running or executing the computer programs and/or modules stored in the memory 20 and calling data stored in the memory 20. The memory 20 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone, and the like. In addition, the memory 20 may include high speed random access memory, and may also include non-volatile memory, such as a hard disk, a memory, a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), at least one magnetic disk storage device, a Flash memory device, or other volatile solid state storage device.
Wherein, the integrated module of the interface protection device based on network security can be stored in a computer readable storage medium if it is implemented in the form of software functional unit and sold or used as a stand-alone product. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium and can implement the steps of the embodiments of the method when the computer program is executed by a processor. The computer program includes computer program code, and the computer program code may be in a source code form, an object code form, an executable file or some intermediate form. The computer readable medium may include: any entity or device capable of carrying computer program code, recording medium, U.S. disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution media, and the like. It should be noted that the computer readable medium may contain other components which may be suitably increased or decreased as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, in accordance with legislation and patent practice, the computer readable medium does not include electrical carrier signals and telecommunications signals.
The embodiment of the present invention further provides a computer-readable storage medium, where the computer-readable storage medium includes a stored computer program, and when the computer program runs, a device where the computer-readable storage medium is located is controlled to execute the interface protection method based on network security according to any of the foregoing embodiments.
To sum up, the interface protection method, apparatus, device and storage medium based on network security provided by the embodiments of the present invention first push a real interface to a user when it is determined that a current user is the user's own person, and the user can continue browsing or retrieving required information in a network system through the real interface, and when it is determined that the user may not be the user's own person, first push a virtual interface to the user, thereby ensuring to a certain extent that the current suspected other person user does not see data information in the real interface, further determining whether an access keyword for browsing and retrieving in a display interface matches with a preset keyword, and by determining a keyword matching degree, it is further possible to determine whether the current user is continuously operating as the user's own person, and further continue to select different display interfaces to push the user, and when it is determined that the user is not the user's own person, the current access log data which is not the user is stored and sent to the network management personnel, so that the safety protection of the system network data is realized, lawless persons who steal information can be puzzled by displaying the virtual interface, the network information is prevented from being stolen in real time, and the effect of sending early warning information to the network management personnel is achieved.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention.
Claims (10)
1. An interface protection method based on network security, the method is executed by a server, the server is connected with a terminal device, and the method is characterized by comprising the following steps:
acquiring a user access request received by the terminal equipment;
determining the identity of the user according to the user access request;
pushing a corresponding display interface to the terminal equipment according to the user identity;
acquiring user access data;
and updating the display interface according to the user access data.
2. The interface protection method based on network security of claim 1, wherein the user access request includes a user ID and a current login address, then,
the determining the user identity according to the user access request specifically includes:
acquiring a common login address corresponding to the user ID according to the user ID;
when the current login address is consistent with the common login address, determining that the user identity is the user himself;
and when the current login address is inconsistent with the common login address, determining that the user identity is suspected of other people.
3. The interface protection method based on network security according to claim 1, wherein the pushing of the corresponding display interface to the terminal device according to the user identity specifically includes:
when the user identity is the user owner, pushing a real interface to the terminal equipment;
and when the user identity is suspected to be the other person, pushing a virtual interface to the terminal equipment.
4. The interface protection method based on network security according to any one of claims 1 to 3, wherein the updating the display interface according to the user access data specifically includes:
extracting access keywords of the user access data, and calculating the matching degree of the access keywords and preset keywords;
when the matching degree is higher than a preset matching threshold value, updating the display interface to the real interface;
when the matching degree is lower than the preset matching threshold, updating the display interface to the virtual interface; further, the preset matching threshold is not less than 80%.
5. The interface protection method based on network security according to claim 4, wherein the extracting of the access keyword of the user access data and the calculating of the matching degree of the access keyword and the preset keyword specifically comprise:
counting the occurrence frequency of different words in the user access data, and taking the words with the frequency higher than a preset frequency threshold value as the access keywords;
acquiring a preset keyword corresponding to a current user; the preset keywords are determined according to historical access data of the current user;
calculating the matching degree of the access keywords and the preset keywords;
further, the method for calculating the matching degree comprises the following steps: and respectively judging whether each access keyword exists in a preset keyword set, counting the number of the access keywords consistent with the preset keywords, and taking the ratio of the counted number to the total number of all the access keywords as the matching degree of the corresponding access keywords and the preset keywords.
6. The interface protection method based on network security according to claim 4, wherein the updating the display interface to the real interface specifically includes:
if the display interface is a real interface, continuing to push the real interface to the terminal equipment;
and if the display interface is a virtual interface, converting the display interface into the real interface and pushing the real interface to the terminal equipment.
7. The interface protection method based on network security according to claim 4, wherein the updating the display interface to the virtual interface specifically includes:
if the display interface is a real interface, converting the display interface into the virtual interface and pushing the virtual interface to the terminal equipment;
and if the display interface is a virtual interface, continuing to push the virtual interface to the terminal equipment.
8. An interface protection device based on network security, the interface protection device being disposed in the server, the interface protection device being connected to a terminal device, wherein the interface protection device is configured to implement all processes of the interface protection method based on network security according to any one of claims 1 to 7, and the interface protection device comprises:
an access request acquisition module, configured to acquire a user access request received by the terminal device;
the user identity determining module is used for determining the user identity according to the user access request;
the interface pushing module is used for pushing a corresponding display interface to the terminal equipment according to the user identity;
the access data acquisition module is used for acquiring user access data;
9. an interface protection device based on network security, comprising a processor, a memory and a computer program stored in the memory and configured to be executed by the processor, wherein the processor implements the interface protection method based on network security according to any one of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, comprising a stored computer program, wherein the computer program, when executed, controls an apparatus in which the computer-readable storage medium is located to perform the interface protection method based on network security according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110538993.8A CN113127828A (en) | 2021-05-18 | 2021-05-18 | Interface protection method, device, equipment and storage medium based on network security |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110538993.8A CN113127828A (en) | 2021-05-18 | 2021-05-18 | Interface protection method, device, equipment and storage medium based on network security |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113127828A true CN113127828A (en) | 2021-07-16 |
Family
ID=76782127
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110538993.8A Pending CN113127828A (en) | 2021-05-18 | 2021-05-18 | Interface protection method, device, equipment and storage medium based on network security |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113127828A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115664857A (en) * | 2022-12-26 | 2023-01-31 | 安徽国审信息科技有限公司 | Method, system, equipment and storage medium for protecting network information security |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104036160A (en) * | 2013-03-07 | 2014-09-10 | 腾讯科技(深圳)有限公司 | Web browsing method, device and browser |
| CN106896983A (en) * | 2017-02-10 | 2017-06-27 | 合网络技术(北京)有限公司 | Interface display control method and device |
| CN107748848A (en) * | 2017-10-16 | 2018-03-02 | 维沃移动通信有限公司 | A kind of information processing method and mobile terminal |
| CN108958585A (en) * | 2018-06-30 | 2018-12-07 | 上海爱优威软件开发有限公司 | A kind of information displaying method and terminal device of chat interface |
| CN111353174A (en) * | 2020-03-16 | 2020-06-30 | 刘琴 | Private customer information management system and method for medical institution |
| CN111666543A (en) * | 2020-05-08 | 2020-09-15 | 武汉文华众创空间管理有限公司 | Identity authentication code generation system and method based on user input habit |
-
2021
- 2021-05-18 CN CN202110538993.8A patent/CN113127828A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104036160A (en) * | 2013-03-07 | 2014-09-10 | 腾讯科技(深圳)有限公司 | Web browsing method, device and browser |
| CN106896983A (en) * | 2017-02-10 | 2017-06-27 | 合网络技术(北京)有限公司 | Interface display control method and device |
| CN107748848A (en) * | 2017-10-16 | 2018-03-02 | 维沃移动通信有限公司 | A kind of information processing method and mobile terminal |
| CN108958585A (en) * | 2018-06-30 | 2018-12-07 | 上海爱优威软件开发有限公司 | A kind of information displaying method and terminal device of chat interface |
| CN111353174A (en) * | 2020-03-16 | 2020-06-30 | 刘琴 | Private customer information management system and method for medical institution |
| CN111666543A (en) * | 2020-05-08 | 2020-09-15 | 武汉文华众创空间管理有限公司 | Identity authentication code generation system and method based on user input habit |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115664857A (en) * | 2022-12-26 | 2023-01-31 | 安徽国审信息科技有限公司 | Method, system, equipment and storage medium for protecting network information security |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107809371B (en) | Shared resource display method and device | |
| WO2017045443A1 (en) | Image retrieval method and system | |
| CN113486339B (en) | Data processing method, device, equipment and machine-readable storage medium | |
| CN114637746B (en) | Condition trace query method, system and device based on privacy calculation | |
| CN111159413A (en) | Log clustering method, device, equipment and storage medium | |
| CN110324314B (en) | User registration method and device, storage medium and electronic equipment | |
| CN112992152B (en) | Individual-soldier voiceprint recognition system and method, storage medium and electronic equipment | |
| CN113596044B (en) | Network protection method and device, electronic equipment and storage medium | |
| CN112184241B (en) | An identity authentication method and device | |
| WO2021244531A1 (en) | Payment method and apparatus based on facial recognition | |
| US20180218134A1 (en) | Determining computer ownership | |
| CN111027065B (en) | Leucavirus identification method and device, electronic equipment and storage medium | |
| CN113127828A (en) | Interface protection method, device, equipment and storage medium based on network security | |
| CN112182520B (en) | Identification method and device of illegal account number, readable medium and electronic equipment | |
| CN110457600B (en) | Method, device, storage medium and computer equipment for searching target group | |
| CN107786349B (en) | Security management method and device for user account | |
| US11704392B2 (en) | Fraud estimation system, fraud estimation method and program | |
| CN118277504A (en) | Document association storage method and related device based on association analysis | |
| CN110232267B (en) | Business card display method and device, electronic equipment and storage medium | |
| CN112035677A (en) | Knowledge graph-based fraud person discovery method and device | |
| AbuAlghanam et al. | Android Malware Detection System Based on Ensemble Learning | |
| CN107172068A (en) | Information sending control method, server, system, device and storage medium | |
| CN116561737A (en) | Password validity detection method based on user behavior base line and related equipment thereof | |
| CN111597453A (en) | User image drawing method and device, computer equipment and computer readable storage medium | |
| CN111291150B (en) | Method and device for determining information to be searched and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210716 |
|
| RJ01 | Rejection of invention patent application after publication |