CN104216930A - Method and device for detecting skipping type phishing webpage - Google Patents
Method and device for detecting skipping type phishing webpage Download PDFInfo
- Publication number
- CN104216930A CN104216930A CN201310326542.3A CN201310326542A CN104216930A CN 104216930 A CN104216930 A CN 104216930A CN 201310326542 A CN201310326542 A CN 201310326542A CN 104216930 A CN104216930 A CN 104216930A
- Authority
- CN
- China
- Prior art keywords
- url
- cluster entity
- object url
- cluster
- fishing webpage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
Abstract
The invention discloses a method and device for detecting a skipping type phishing webpage. The method includes the steps of receiving the original URL; obtaining a target URL set corresponding to the original URL, wherein the target URL set comprises at least one target URL; obtaining a clustering entity set corresponding to the target URL set, wherein the clustering entity set comprises clustering entities corresponding to the target URLs; judging whether the same clustering entities exist in the clustering entity set and a preset clustering information base or not, wherein the clustering information base comprises the clustering entities; marking the original URL as the phishing webpage if the same clustering entities exist in the clustering entity set and the preset clustering information base. The method and the device effectively solve the problem that in the prior art, the skipping type phishing webpage can not be detected, all the URLs of the skipping type phishing webpage can be detected, and report omission of the phishing webpage is avoided.
Description
Technical field
The present invention relates to information security field, be specifically related to a kind of detection method and device of jump class fishing webpage.
Background technology
Fishing webpage typically refers to disguise oneself as bank web page or ecommerce webpage, and main harm steals the private information such as account No., password of user's submission.So-called " fishing webpage " is a kind of network fraud behavior, refer to that lawless person utilizes various means, the URL(web page address of counterfeit actual site) and content of pages, or utilize the leak on actual site server program in some webpage of website, insert dangerous HTML(HTML (Hypertext Markup Language)) code, gain user bank or the private data such as credit card account, password by cheating with this.Because " fishing webpage " exists larger threat to the personal information security of user, so increasing fishing webpage detection method arises at the historic moment.
But, prior art is all often detect for the initial URL of fishing webpage, lawless person appreciates this shortcoming of prior art just, so the mode that have employed URL redirect hides detection, illustrate, t.cn/123456 is the initial URL of a fishing webpage, it can jump to the URL:a.com/1.asp of another fishing webpage, if the latter is real entity of doing evil, utilize prior art the latter URL:a.com/1.asp can not be detected, so will cause failing to report of fishing webpage.
To sum up, the URL of jump class fishing webpage can not all detect by the method that the initial URL for fishing webpage of prior art carries out detecting, so result in failing to report of fishing webpage.
Summary of the invention
The invention provides a kind of detection method and device of jump class fishing webpage, the URL of jump class fishing webpage all can be detected, avoid failing to report of fishing webpage.
Embodiments provide a kind of detection method of jump class fishing webpage, described method comprises:
Receive initial URL;
Obtain the object URL set that described initial URL is corresponding, described object URL set comprises at least one object URL;
Obtain described object URL and gather corresponding cluster entity sets, described cluster entity sets comprises cluster entity corresponding to described object URL;
Judge whether described cluster entity sets exists identical cluster entity with the clustering information storehouse of presetting, and described clustering information storehouse comprises cluster entity, if so, then described initial URL is labeled as fishing webpage.
Preferably, described method also comprises:
When described cluster entity sets with preset clustering information stock at identical cluster entity time, obtain described cluster entity;
Obtain the object URL that described cluster entity is corresponding;
Object URL in described object URL set except described object URL is labeled as fishing webpage.
The embodiment of the present invention additionally provides a kind of pick-up unit of jump class fishing webpage, and described device comprises:
Receiver module, for receiving initial URL;
First acquisition module, for obtaining object URL set corresponding to described initial URL, described object URL set comprises at least one object URL;
Second acquisition module, gather corresponding cluster entity sets for obtaining described object URL, described cluster entity sets comprises cluster entity corresponding to described object URL;
Judge module, for judging whether described cluster entity sets exists identical cluster entity with the clustering information storehouse of presetting, and described clustering information storehouse comprises cluster entity;
First mark module, for when the result of described judge module is for being, is labeled as fishing webpage by described initial URL.
Preferably, described device also comprises:
3rd acquisition module, for when described cluster entity sets with preset clustering information stock at identical cluster entity time, obtain described cluster entity;
4th acquisition module, for obtaining object URL corresponding to described cluster entity;
Second mark module, for being labeled as fishing webpage by the object URL in described object URL set except described object URL.
First the present invention receives initial URL; Secondly, obtain the object URL set that this initial URL is corresponding, wherein, object URL set comprises at least one object URL; Again, obtain the cluster entity sets that object URL set is corresponding, wherein, cluster entity sets comprises cluster entity corresponding to described object URL; Finally, judge whether this cluster entity sets exists identical cluster entity with the clustering information storehouse of presetting, and wherein, clustering information storehouse comprises cluster entity, when judged result is yes, initial URL is labeled as fishing webpage.The present invention is by obtaining the object URL set of initial URL, thus judge this object URL gather in cluster entity corresponding to object URL whether be present in default clustering information storehouse, finally fishing webpage is determined according to judged result, efficiently solve prior art non-detectable jump class fishing webpage problem, the URL of jump class fishing webpage all can be detected, avoid failing to report of fishing webpage.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme in the embodiment of the present application, below the accompanying drawing used required in describing embodiment is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the application, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
The detection method process flow diagram of the jump class fishing webpage that Fig. 1 provides for the embodiment of the present invention one;
The structure of the detecting device figure of the jump class fishing webpage that Fig. 2 provides for the embodiment of the present invention two;
The server architecture schematic diagram that Fig. 3 provides for the embodiment of the present invention two.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present application, be clearly and completely described the technical scheme in the embodiment of the present application, obviously, described embodiment is only some embodiments of the present application, instead of whole embodiments.Based on the embodiment in the application, those of ordinary skill in the art are not making the every other embodiment obtained under creative work prerequisite, all belong to the scope of the application's protection.
Embodiment one
Jump class fishing webpage is the URL(web page address that user inputs at the address field of browser) fishing webpage different from the URL of the page that this user final accesses.Fishing webpage detection method due to prior art is carry out detecting, so temporarily can not realize for the detection of jump class fishing webpage at the URL that the address field of browser inputs for user.The present embodiment, by obtaining the URL of the page of visit to end user, obtains the cluster entity sets of this URL simultaneously, is compared by cluster entity sets, finally determine fishing webpage with the clustering information storehouse of presetting.
With reference to the detection method process flow diagram of the jump class fishing webpage that figure 1, Fig. 1 provides for the present embodiment, specifically comprise:
Step 101: receive initial URL.
In the present embodiment, first receive the initial URL of user's input, wherein, initial URL can be the URL that user inputs at the address field of browser.
Step 102: obtain the object URL set that described initial URL is corresponding, described object URL set comprises at least one object URL.
Because the feature of jump class fishing webpage is: the URL that user inputs at the address field of browser is different from the URL of the page of visit to end user, so, in order to realize the detection of jump class fishing webpage, the present embodiment, after the initial URL of reception, obtains the object URL set that this initial URL is corresponding.Wherein, object URL set comprises at least one object URL.
In practical operation, object URL set only can comprise an object URL, and namely this jump class fishing webpage is one-level redirect.Such as, when initial URL is A, object URL can be B, and namely object URL set is for { B} now, jumps to B by A and is one-level redirect.Same, object URL set can comprise and be greater than an object URL, and such as, object URL set can comprise two object URL, that is, when initial URL is A, first can jump to B from A, next jumps to C, so, object URL is B and C, and namely object URL set is { B, C}.Now, jump to B from A, then jump to C and be secondary redirect.
Wherein, the URL redirect technology kind used by jump class fishing webpage is more, and the redirect mode of main flow comprises 301,302 redirects, js(javascript) redirect, iframe (embedded frame) nested redirect etc.The present embodiment does not limit for the redirect mode used by jump class fishing webpage, and all can obtain the object URL set of its correspondence.
Step 103: obtain described object URL and gather corresponding cluster entity sets, described cluster entity sets comprises cluster entity corresponding to described object URL.
In the present embodiment, after obtaining object URL set corresponding to initial URL, obtain this object URL and gather corresponding cluster entity sets, wherein, cluster entity sets comprises cluster entity corresponding to described object URL.
Cluster entity in the present embodiment can comprise territory, stands, secondary territory under second level domain and path.
For object URL set for { b.a.com/path1, d.c.com/path1/path2/1.asp} illustrate the process obtaining cluster entity sets.First the cluster entity that b.a.com/path1 is corresponding can be obtained, the territory that b.a.com/path1 is corresponding is a.com, the station that b.a.com/path1 is corresponding is b.a.com, the path that b.a.com/path1 is corresponding is b.a.com/path1, so, a.com, b.a.com and b.a.com/path1 are the cluster entity that b.a.com/path1 is corresponding, and the cluster entity that in like manner can obtain d.c.com/path1/path2/1.asp corresponding is respectively c.com, d.c.com, d.c.com/path1 and d.c.com/path1/path2.To sum up draw, { for the purpose of a.com, b.a.com, b.a.com/path1, c.com, d.c.com, d.c.com/path1, d.c.com/path1/path2}, URL gathers { the cluster entity sets that b.a.com/path1, d.c.com/path1/path2/1.asp} are corresponding.
Step 104: judge whether described cluster entity sets exists identical cluster entity with the clustering information storehouse of presetting, and described clustering information storehouse comprises cluster entity, if so, enters step 105.
In the present embodiment, after obtaining cluster entity sets, this cluster entity sets and the clustering information storehouse of presetting are compared, judge whether this cluster entity sets exists identical cluster entity with the clustering information storehouse of presetting, and if so, then enters step 105.Wherein, clustering information storehouse comprises cluster entity, and this cluster entity is the entity being determined to be fishing webpage.
In practical operation, can judge whether the cluster entity in cluster entity sets exists identical with the cluster entity in the clustering information storehouse of presetting, wherein, number identical with the cluster examination question in clustering information storehouse in cluster entity sets does not limit, identical number can be one, also can be greater than one, if existed, then can enter step 105.
Meanwhile, the obtain manner in clustering information storehouse is more, all at the protection domain of the present embodiment.
Step 105: described initial URL is labeled as fishing webpage.
In the present embodiment, when cluster entity sets with preset clustering information stock at identical cluster entity time, initial URL is labeled as fishing webpage.
Meanwhile, when cluster entity sets does not exist identical cluster entity with the clustering information storehouse of presetting, can not need to mark any URL.
In order to detect jump class fishing webpage thoroughly, the present embodiment is handled as follows for the object URL in object URL set, specifically can comprise:
First, when described cluster entity sets with preset clustering information stock at identical cluster entity time, obtain described cluster entity;
Secondly, the object URL that described cluster entity is corresponding is obtained;
Finally, the object URL in described object URL set except described object URL is labeled as fishing webpage.
In the present embodiment, first the cluster entity in the cluster entity sets identical with the cluster entity in the clustering information storehouse of presetting is obtained, secondly the object URL corresponding with this cluster entity is obtained, finally, because this object URL is confirmed as fishing webpage, so only need other the object URL in this object URL set to be labeled as fishing webpage.
Wherein, because the cluster entity in cluster entity sets is obtained by object URL, so object URL corresponding to cluster entity is the object URL in the acquisition source of this cluster entity.
First the present embodiment receives initial URL; Secondly, obtain the object URL set that this initial URL is corresponding, wherein, object URL set comprises at least one object URL; Again, obtain the cluster entity sets that object URL set is corresponding, wherein, cluster entity sets comprises cluster entity corresponding to described object URL; Finally, judge whether this cluster entity sets exists identical cluster entity with the clustering information storehouse of presetting, and wherein, clustering information storehouse comprises cluster entity, when judged result is yes, initial URL is labeled as fishing webpage.The present embodiment is by obtaining the object URL set of initial URL, thus judge this object URL gather in cluster entity corresponding to object URL whether be present in default clustering information storehouse, finally fishing webpage is determined according to judged result, efficiently solve prior art non-detectable jump class fishing webpage problem, the URL of jump class fishing webpage all can be detected, avoid failing to report of fishing webpage.
Embodiment two
With reference to the structure of the detecting device figure of the jump class fishing webpage that figure 2, Fig. 2 provides for the present embodiment, specifically can comprise:
Receiver module 201, for receiving initial URL;
First acquisition module 202, for obtaining object URL set corresponding to described initial URL, described object URL set comprises at least one object URL;
Second acquisition module 203, gather corresponding cluster entity sets for obtaining described object URL, described cluster entity sets comprises cluster entity corresponding to described object URL;
Judge module 204, for judging whether described cluster entity sets exists identical cluster entity with the clustering information storehouse of presetting, and described clustering information storehouse comprises cluster entity;
First mark module 205, for when the result of described judge module is for being, is labeled as fishing webpage by described initial URL.
In order to detect jump class fishing webpage thoroughly, the device in the present embodiment can also comprise:
3rd acquisition module, for when described cluster entity sets with preset clustering information stock at identical cluster entity time, obtain described cluster entity;
4th acquisition module, for obtaining object URL corresponding to described cluster entity;
Second mark module, for being labeled as fishing webpage by the object URL in described object URL set except described object URL.
Please refer to Fig. 3, a kind of server that its Fig. 3 provides for the present embodiment, this server may be used for the method implementing to provide in above-described embodiment.Specifically:
Server can include the storer 310 of one or more readable storage medium storing program for executing, input block 320, output unit 330 include the parts such as processor 340 and power supply 450 that more than or processes core.Wherein:
Storer 310 can be used for storing software program and module, and processor 330 is stored in software program and the module of storer 310 by running, thus performs the application of various function and data processing.Storer 310 mainly can comprise storage program district and store data field, and wherein, storage program district can store operating system, application program needed at least one function; Store data field and can store the data etc. created according to the use of computing machine.In addition, storer 310 can comprise high-speed random access memory, can also comprise nonvolatile memory, such as at least one disk memory, flush memory device or other volatile solid-state parts.Correspondingly, storer 310 can also comprise Memory Controller, to provide the access of processor 340 and input block 320 pairs of storeies 310.
Input block 320 can be used for the numeral or the character information that receive input, and produces and to arrange with user and function controls relevant keyboard, mouse, control lever, optics or trace ball signal and inputs.
Processor 340 is control centers of server, utilize various interface and connection various piece, software program in storer 310 and/or module is stored in by running or performing, and call the data be stored in storer 310, perform various function and the process data of computing machine, thus integral monitoring is carried out to mobile phone.Optionally, processor 340 can comprise one or more process core.
Server also comprises the power supply 350(such as battery of powering to all parts), preferably, power supply can be connected with processor 330 logic by power-supply management system, thus realizes the functions such as management charging, electric discharge and power managed by power-supply management system.Power supply 350 can also comprise one or more direct current or AC power, recharging system, power failure detection circuit, power supply changeover device or the random component such as inverter, power supply status indicator.
Specifically in the present embodiment, processor 330 can according to following instruction, executable file corresponding for the process of one or more application program is loaded in storer 310, and runs storage application program in memory 310 by processor 330, thus realize various function:
Receive initial URL;
Obtain the object URL set that described initial URL is corresponding, described object URL set comprises at least one object URL;
Obtain described object URL and gather corresponding cluster entity sets, described cluster entity sets comprises cluster entity corresponding to described object URL;
Judge whether described cluster entity sets exists identical cluster entity with the clustering information storehouse of presetting, and described clustering information storehouse comprises cluster entity, if so, then described initial URL is labeled as fishing webpage.
Preferably, described method also comprises:
When described cluster entity sets with preset clustering information stock at identical cluster entity time, obtain described cluster entity;
Obtain the object URL that described cluster entity is corresponding;
Object URL in described object URL set except described object URL is labeled as fishing webpage.
The present embodiment receives initial URL; Obtain the object URL set that this initial URL is corresponding, wherein, object URL set comprises at least one object URL; Obtain the cluster entity sets that object URL set is corresponding, wherein, cluster entity sets comprises cluster entity corresponding to described object URL; Judge whether this cluster entity sets exists identical cluster entity with the clustering information storehouse of presetting, and wherein, clustering information storehouse comprises cluster entity, when judged result is yes, initial URL is labeled as fishing webpage.The present embodiment is by obtaining the object URL set of initial URL, thus judge this object URL gather in cluster entity corresponding to object URL whether be present in default clustering information storehouse, finally fishing webpage is determined according to judged result, efficiently solve prior art non-detectable jump class fishing webpage problem, the URL of jump class fishing webpage all can be detected, avoid failing to report of fishing webpage.
For device embodiment, because it corresponds essentially to embodiment of the method, so relevant part illustrates see the part of embodiment of the method.Device embodiment described above is only schematic, the wherein said unit illustrated as separating component or can may not be and physically separates, parts as unit display can be or may not be physical location, namely can be positioned at a place, or also can be distributed in multiple network element.Some or all of module wherein can be selected according to the actual needs to realize the object of the present embodiment scheme.Those of ordinary skill in the art, when not paying creative work, are namely appreciated that and implement.
It should be noted that, in this article, the such as relational terms of first and second grades and so on is only used for an entity or operation to separate with another entity or operational zone, and not necessarily requires or imply the relation that there is any this reality between these entities or operation or sequentially.And, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thus make to comprise the process of a series of key element, method, article or equipment and not only comprise those key elements, but also comprise other key elements clearly do not listed, or also comprise by the intrinsic key element of this process, method, article or equipment.When not more restrictions, the key element limited by statement " comprising ... ", and be not precluded within process, method, article or the equipment comprising described key element and also there is other identical element.
Above the detection method of the jump class fishing webpage that the embodiment of the present invention provides and device are described in detail, apply specific case herein to set forth principle of the present invention and embodiment, the explanation of above embodiment just understands method of the present invention and core concept thereof for helping; Meanwhile, for one of ordinary skill in the art, according to thought of the present invention, all will change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention.
Claims (4)
1. a detection method for jump class fishing webpage, is characterized in that, described method comprises:
Receive initial URL;
Obtain the object URL set that described initial URL is corresponding, described object URL set comprises at least one object URL;
Obtain described object URL and gather corresponding cluster entity sets, described cluster entity sets comprises cluster entity corresponding to described object URL;
Judge whether described cluster entity sets exists identical cluster entity with the clustering information storehouse of presetting, and described clustering information storehouse comprises cluster entity, if so, then described initial URL is labeled as fishing webpage.
2. method according to claim 1, is characterized in that, described method also comprises:
When described cluster entity sets with preset clustering information stock at identical cluster entity time, obtain described cluster entity;
Obtain the object URL that described cluster entity is corresponding;
Object URL in described object URL set except described object URL is labeled as fishing webpage.
3. a pick-up unit for jump class fishing webpage, is characterized in that, described device comprises:
Receiver module, for receiving initial URL;
First acquisition module, for obtaining object URL set corresponding to described initial URL, described object URL set comprises at least one object URL;
Second acquisition module, gather corresponding cluster entity sets for obtaining described object URL, described cluster entity sets comprises cluster entity corresponding to described object URL;
Judge module, for judging whether described cluster entity sets exists identical cluster entity with the clustering information storehouse of presetting, and described clustering information storehouse comprises cluster entity;
First mark module, for when the result of described judge module is for being, is labeled as fishing webpage by described initial URL.
4. device according to claim 3, is characterized in that, described device also comprises:
3rd acquisition module, for when described cluster entity sets with preset clustering information stock at identical cluster entity time, obtain described cluster entity;
4th acquisition module, for obtaining object URL corresponding to described cluster entity;
Second mark module, for being labeled as fishing webpage by the object URL in described object URL set except described object URL.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310326542.3A CN104216930B (en) | 2013-07-30 | 2013-07-30 | A kind of detection method and device of jump class fishing webpage |
| PCT/CN2014/083219 WO2015014271A1 (en) | 2013-07-30 | 2014-07-29 | Method and device for detecting jump actd/ities of phishing webpages |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310326542.3A CN104216930B (en) | 2013-07-30 | 2013-07-30 | A kind of detection method and device of jump class fishing webpage |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104216930A true CN104216930A (en) | 2014-12-17 |
| CN104216930B CN104216930B (en) | 2018-04-27 |
Family
ID=52098425
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310326542.3A Active CN104216930B (en) | 2013-07-30 | 2013-07-30 | A kind of detection method and device of jump class fishing webpage |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN104216930B (en) |
| WO (1) | WO2015014271A1 (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105100061A (en) * | 2015-06-19 | 2015-11-25 | 小米科技有限责任公司 | Method and device for detecting hijacking of website |
| CN105653941A (en) * | 2015-07-31 | 2016-06-08 | 哈尔滨安天科技股份有限公司 | Heuristic detection method and system for phishing website |
| CN108259416A (en) * | 2016-12-28 | 2018-07-06 | 华为技术有限公司 | Detect the method and relevant device of malicious web pages |
| CN109657179A (en) * | 2018-12-07 | 2019-04-19 | 北京奇虎科技有限公司 | A kind of method for processing business, system and storage medium |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114640492A (en) * | 2020-12-16 | 2022-06-17 | 深信服科技股份有限公司 | URL detection method, system, equipment and computer readable storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007037232A1 (en) * | 2005-09-29 | 2007-04-05 | Kyocera Corporation | Information communicating apparatus and program thereof |
| US7555561B2 (en) * | 2001-03-19 | 2009-06-30 | The Aerospace Corporation | Cooperative adaptive web caching routing and forwarding web content data broadcasting method |
| US7590707B2 (en) * | 2006-08-07 | 2009-09-15 | Webroot Software, Inc. | Method and system for identifying network addresses associated with suspect network destinations |
| CN102594934A (en) * | 2011-12-30 | 2012-07-18 | 奇智软件(北京)有限公司 | Method and device for identifying hijacked website |
| CN102622553A (en) * | 2012-04-24 | 2012-08-01 | 腾讯科技(深圳)有限公司 | Method and device for detecting webpage safety |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120136764A1 (en) * | 2010-11-29 | 2012-05-31 | Intuit Inc. | On-line tax preparation application screen navigation using url bookmarks |
-
2013
- 2013-07-30 CN CN201310326542.3A patent/CN104216930B/en active Active
-
2014
- 2014-07-29 WO PCT/CN2014/083219 patent/WO2015014271A1/en active Application Filing
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7555561B2 (en) * | 2001-03-19 | 2009-06-30 | The Aerospace Corporation | Cooperative adaptive web caching routing and forwarding web content data broadcasting method |
| WO2007037232A1 (en) * | 2005-09-29 | 2007-04-05 | Kyocera Corporation | Information communicating apparatus and program thereof |
| US7590707B2 (en) * | 2006-08-07 | 2009-09-15 | Webroot Software, Inc. | Method and system for identifying network addresses associated with suspect network destinations |
| CN102594934A (en) * | 2011-12-30 | 2012-07-18 | 奇智软件(北京)有限公司 | Method and device for identifying hijacked website |
| CN102622553A (en) * | 2012-04-24 | 2012-08-01 | 腾讯科技(深圳)有限公司 | Method and device for detecting webpage safety |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105100061A (en) * | 2015-06-19 | 2015-11-25 | 小米科技有限责任公司 | Method and device for detecting hijacking of website |
| CN105653941A (en) * | 2015-07-31 | 2016-06-08 | 哈尔滨安天科技股份有限公司 | Heuristic detection method and system for phishing website |
| CN108259416A (en) * | 2016-12-28 | 2018-07-06 | 华为技术有限公司 | Detect the method and relevant device of malicious web pages |
| CN109657179A (en) * | 2018-12-07 | 2019-04-19 | 北京奇虎科技有限公司 | A kind of method for processing business, system and storage medium |
| CN109657179B (en) * | 2018-12-07 | 2024-04-16 | 北京奇虎科技有限公司 | Service processing method, system and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104216930B (en) | 2018-04-27 |
| WO2015014271A1 (en) | 2015-02-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103095681B (en) | A kind of method and device detecting leak | |
| CN104216930A (en) | Method and device for detecting skipping type phishing webpage | |
| CN103425736B (en) | A kind of web information recognition, Apparatus and system | |
| CN103399912A (en) | Fishing web page clustering method and device | |
| CN102592089B (en) | Detection method and detection device for webpage redirection skip loophole | |
| CN105210051A (en) | Estimating visibility of content items | |
| CN104317938A (en) | Webpage validation method and device | |
| CN102769632A (en) | Method and system for grading detection and prompt of fishing website | |
| CN103577658A (en) | Method and system for evaluating intelligent terminal hardware | |
| CN104572299A (en) | resource transfer method and device | |
| CN104794396A (en) | Cross-site script vulnerability detection method and device | |
| CN102929656A (en) | Method for using ActiveX plug-in in browser, and client | |
| CN114095567B (en) | Data access request processing method and device, computer equipment and medium | |
| KR102242219B1 (en) | Method and device for preventing the server from being attacked | |
| CN105511727A (en) | Message processing method and device | |
| CN103975336A (en) | Encoding labels in values to capture information flows | |
| CN105791261A (en) | Detection method and detection device for cross-site scripting attack | |
| CN108471359A (en) | A kind of website visiting abnormality monitoring method, device and medium | |
| CN104462983A (en) | PHP source code processing method and system | |
| CN104468459B (en) | A kind of leak detection method and device | |
| CN107947875B (en) | Method and device for detecting electromagnetic radiation emitted by base station | |
| CN109615211A (en) | A kind of Project Risk Assessment system, method and a kind of storage medium | |
| CN104519007A (en) | Loophole detection method and server | |
| CN115858311A (en) | Operation and maintenance monitoring method and device, electronic equipment and readable storage medium | |
| CN104618336A (en) | Account number management method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |