CN108712403A - The illegal domain name method for digging of similitude is constructed based on domain name - Google Patents
The illegal domain name method for digging of similitude is constructed based on domain name Download PDFInfo
- Publication number
- CN108712403A CN108712403A CN201810419153.8A CN201810419153A CN108712403A CN 108712403 A CN108712403 A CN 108712403A CN 201810419153 A CN201810419153 A CN 201810419153A CN 108712403 A CN108712403 A CN 108712403A
- Authority
- CN
- China
- Prior art keywords
- domain name
- illegal
- similar
- domain
- class
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/23—Clustering techniques
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
Abstract
The present invention provides a kind of illegal domain name method for digging constructing similitude based on domain name, the technical issues of cannot actively excavating a large amount of illegal domain names which solve existing method;Include the following steps:Step 1, illegal domain name is read from domain name blacklist;Step 2, it judges whether to assemble successful class, if being not present, goes to step 10;Otherwise, continue in next step;Step 3, judge whether current domain name can be grouped into i-th of aggregation class, if cannot, go to step 10;Otherwise, continue in next step;The foundation of judgement is whether current domain name is similar to central field name, and center domain name refers to representational domain name in aggregation class;Step 4, current domain name is incorporated to i-th of aggregation class, and extracts current domain name and generated generation pattern in the matching process of such center domain name, continued in next step;Generation pattern is to assemble the wild-character string that each domain name is extracted with center domain name in class.The present invention is widely used in information technology field.
Description
Technical field
The present invention relates to a kind of illegal domain name method for digging, and the illegal of similitude is constructed based on domain name more particularly to a kind of
Domain name method for digging.
Background technology
With quickly growing for internet, the domain name of one of the product occurred with internet is also gradually recognized
With it is universal, domain name also can not more under cover be kept away while bringing memory website to us and changing the facility on IP
The security risk exempted from.
In this year, more and more illegal organizations carry some illegal behaviors by domain name, such as Botnet, Fishing net
It stands, porns, gambling and drugs class website etc., numerous netizens bring damage difficult to the appraisal in property and mentally and therefore urgently want
The method for efficiently and rapidly excavating illegal domain name is asked to be suggested.
Overwhelming majority browsers use preprepared blacklist at present, safeguard blacklist by regularly updating and contain
Netizen accesses illegal website, but because lacking the method for actively excavating a large amount of illegal domain names, and lack timeliness.
Invention content
The technical issues of present invention cannot actively excavate a large amount of illegal domain names for existing method, providing one kind can be actively
Excavate the illegal domain name method for digging that similitude is constructed based on domain name of a large amount of illegal domain names.
For this purpose, the technical scheme is that, include the following steps:
Step 1, illegal domain name is read from domain name blacklist;
Step 2, it judges whether to assemble successful class, if being not present, goes to step 10;Otherwise, continue in next step;
Step 3, judge whether current domain name can be grouped into i-th of aggregation class, if cannot, go to step 10;It is no
Then, continue in next step;
The foundation of judgement is whether current domain name is similar to central field name, and center domain name refers to representational in aggregation class
Domain name;
Step 4, current domain name is incorporated to i-th of aggregation class, and extracts the matching of current domain name and such center domain name
Generated generation pattern in the process continues in next step;
Generation pattern is to assemble the wild-character string that each domain name is extracted with center domain name in class;
Step 5, similar regions name similar with central field name that may be present is generated by carrying out enumerating in generation pattern, and
The illegal domain name being put in storage in similar domain name is screened out, is continued in next step;
Step 6, whether there is come the similar domain name after being screened in judgment step 5 one by one by obtaining domain name WHOIS information,
If being not present, abandon;Otherwise, retain, continue in next step;
Step 7, whether the domain name for detecting reservation is illegal, if it is detected that illegally, being added to illegal domain name concentration;Otherwise, add
Unknown domain name is added to concentrate;Continue in next step;
Step 8, whether the similar domain name after being screened in judgment step 5, which detects, finishes, if detection finishes, continues in next step;
Otherwise, step 6 is gone to;
Step 9, whether the illegal domain name of judgment step 1 is clustered finishes, and is finished if having clustered, algorithm terminates;It is no
Then, step 1 is gone to;
Step 10, new class is created, current domain name is set to such center domain name, goes to step 9.
Preferably, in step 3, the i-th aggregation class is the i-th class for being polymerized to similar domain name according to rule of similarity.
Preferably, rule of similarity is as follows:
(1) if two domain names only have top level domain different, other parts are identical, then two domain names are similar;
(2) if two domain name top level domain are identical, when two level length of field is identical, the same position of second-level domain is no more than 2
Character is different;Or continuously multiple identical characters are different for same position, then two domain names are similar;When two domain name two level length of field phases
Poor 1 and long domain name when removing a character and can become short domain name, then two domain names are similar;
(3) if not being determined as similar, two domain name dissmilarities in (1) and (2).
Preferably, in step 4, generation pattern replaces the difference section between two illegal domain names using asterisk wildcard, makes
The enumeration operation of specified asterisk wildcard is indicated with indicator.
Preferably, in step 7, detection is carried out by detecting interface by authoritative third party.
Beneficial effects of the present invention:This method performs an analysis on the basis of being built upon existing large quantities of illegal domain names, to dig
Excavate a large amount of illegal domain names for not including.First, the illegal domain name collection in the blacklist that is ready for is clustered, it will structurally
Similar illegal domain name is polymerized to one kind, to form multiple aggregation classes;Then, one or more generations are extracted from each class
Pattern obtains the set of generation pattern;Furthermore it is enumerated by generation pattern, generates doubtful illegal similar domain name;Most
Afterwards, it detects interface using third party authority to be detected doubtful illegal generation domain name collection, filters out illegal similar domain name.
This method constructs similitude angle from illegal domain name, actively excavates the illegal domain name being not present in a large amount of library, and
There is very strong relevance between the illegal domain name come out based on domain name construction similarity mining, be conducive to the association of illegal domain name
Analysis, clique's analysis.
Description of the drawings
Fig. 1 is the allomeric function flow chart of the embodiment of the present invention;
Fig. 2 is the method flow diagram of the embodiment of the present invention.
Specific implementation mode
The present invention is described further with reference to embodiment.
There is the similitudes of construction between illegal domain name, are structurally slightly changed often through to single illegal domain name
Can generate the illegal domain name of batch, and thus obtained this batch of illegal domain name be particularly likely that come from the same registrant or
Person is same illegal organization's registration.More similar illegal domain names such as can be excavated by illegal domain name 00080d.com
00080e.com, 00080f.com, 00080w.com etc..
As shown in Figure 1, 2, the present embodiment provides a kind of illegal domain name method for digging constructing similitude based on domain name, mainly
Step includes similitude clustering, generation schema extraction, generates similar domain name, the existence for detecting similar domain name and illegalities four bulk
Step.The present embodiment is to be clustered using gambling, pornographic, swindle class illegal domain name collection as blacklist, and what is taken is self-defined
Rule of similarity, similar domain name will be constructed and be polymerized to one kind, then extraction generates similar domain name, most per a kind of generation pattern
Final inspection measures illegal and physical presence similar domain name.It is as follows:
Step 1, illegal domain name is read from domain name blacklist;
Step 2, it judges whether to assemble successful class, if being not present, goes to step 10;Otherwise, continue in next step;
Step 3, judge whether current domain name can be grouped into i-th of aggregation class, if cannot, go to step 10;It is no
Then, continue in next step;
Wherein, the method for judgement is to judge whether domain name is similar to central field name, and center domain name refers to having generation in aggregation class
The domain name of table;
I-th aggregation class is the i-th class for being polymerized to similar domain name according to customized rule of similarity, and rule of similarity is as follows:
(1) if two domain names only have top level domain different, other parts are identical, such as 08vip.vip and 08vip.tv, then two
Domain name is similar;
(2) if two domain name top level domain are identical, when two level length of field is identical, the same position of second-level domain is no more than 2
Character is different, as 00037b.com and 00037c.com, 099sun.com and 099sky.com, 1188030.com and
1388033.com;Or continuously multiple identical characters are different for same position, as 4148ww.com and 4148nn.com,
4040uuu.com and 4040jjj.com, then two domain names are similar;When two domain name two level length of field differences 1 and long domain name is removed
When one character can become short domain name, such as 0000524.com and 00001524.com, then two domain names are similar;
(3) if not being determined as similar, two domain name dissmilarities in (1) and (2).
Step 4, current domain name is incorporated to i-th of aggregation class, and extracts the matching of current domain name and such center domain name
Generated generation pattern in the process continues in next step;
Wherein, generation pattern is to assemble the wild-character string that each domain name is extracted with center domain name in class;Generation pattern
Extracting method be to replace the difference section between two illegal domain names using asterisk wildcard, indicated using indicator specified
The enumeration operation of asterisk wildcard, is described as follows:
(1) if two domain names only have top level domain different, such as 08vip.vip and 08vip.tv, generation pattern can be extracted
08vip.%;
(2) if two domain names it is similar and only differ a character, as 0000524.com and 00001524.com can be extracted
Go out pattern 00001524-.com or 0000524+.com;
(3) if two domain names are similar and same position is no more than 2 character differences, when the kinds of characters of same position is
When digital, such as 1188030.com and 1388033.com, pattern 1#8803#.com can be extracted;When the difference of same position
When character is letter, such as 00037b.com and 00037c.com, 099sun.com and 099sky.com, pattern can be extracted
00037#.com,099s**.com;When the kinds of characters of same position is letter while for number, such as 004zyz.com
And 0044y8.com, 004 $ y $ .com of pattern can be extracted;
(4) if two domain names are similar and only continuously multiple identical characters are different for same position, such as 4148ww.com and
4148nn.com, 4040uuu.com and 4040jjj.com, 1186655.com and 1186699.com, can extract respectively
With pattern 4148**&.com,4040***&.com,11866##&.com.
Step 5, it is generated come guiding enumerating by asterisk wildcard in generation pattern and indicator that may be present in
The similar similar domain name of heart domain name, and the illegal domain name being put in storage in similar domain name is screened out, continue in next step;
Asterisk wildcard, indicator are described as follows:
(1) % is top level domain asterisk wildcard, and % is substituted for the top level domain extracted in blacklist when enumerating;
(2)-,+it is indicator, instruction need to delete some character of second-level domain or increase some character when enumerating;
(3) * is alphabetical asterisk wildcard, # is digital asterisk wildcard, $ is alphanumeric asterisk wildcard, changed into when * is enumerated alphabetical a~
Z, it is changed into when # is enumerated when digital 0~9, $ is enumerated and changes 0~9, a~z into;
(4)&For continuous indicator, instruction all asterisk wildcards replacements same character when enumerating;
Step 6, whether there is come the similar domain name after being screened in judgment step 5 one by one by obtaining domain name WHOIS information,
If being not present, abandon;Otherwise, retain, continue to operate in next step;
Step 7, whether the domain name that interface detection reservation is detected by authoritative third party is illegal, if it is detected that illegally, addition
It is concentrated to illegal domain name;Otherwise, it is added to unknown domain name to concentrate, continues in next step;
The domain name periodically concentrated to unknown domain name is detected, and judges whether it is illegal domain name, if it is detected that illegally, adding
It is added to illegal domain name concentration;Otherwise, unknown domain name is retained in concentrate;
Step 8, whether the similar domain name after being screened in judgment step 5, which detects, finishes, if detection finishes, continues in next step;
Otherwise, step 6 is gone to;
Step 9, whether the illegal domain name of judgment step 1 is clustered finishes, and is finished if having clustered, algorithm terminates;It is no
Then, step 1 is gone to;
Step 10, new class is created, current domain name is set to such center domain name, goes to step 9.
This method performs an analysis on the basis of being built upon existing large quantities of illegal domain names, to excavate it is a large amount of do not include it is non-
Method domain name.First, the illegal domain name collection in the blacklist that is ready for is clustered, will structurally similar illegal domain name be polymerized to
One kind, to form multiple aggregation classes;Then, one or more generation patterns are extracted from each class, obtain generation pattern
Set;Furthermore it is enumerated by generation pattern, generates doubtful illegal similar domain name;Finally, it is examined using third party authority
It surveys interface to be detected doubtful illegal generation domain name collection, filters out illegal similar domain name.This method is from illegal domain name structure
It makes similitude angle to set out, actively excavates the illegal domain name being not present in a large amount of library, and similitude is constructed based on domain name
There is very strong relevance between the illegal domain name excavated, be conducive to association analysis, clique's analysis of illegal domain name etc..
The only above person, only specific embodiments of the present invention, when cannot be limited the scope of implementation of the present invention with this, therefore
The displacement of its equivalent assemblies, or according to equivalent variations made by scope of patent protection of the present invention and modification, all should still belong to power of the present invention
The scope that sharp claim is covered.
Claims (5)
1. a kind of illegal domain name method for digging constructing similitude based on domain name, characterized in that include the following steps:
Step 1, illegal domain name is read from domain name blacklist;
Step 2, it judges whether to assemble successful class, if being not present, goes to step 10;Otherwise, continue in next step;
Step 3, judge whether current domain name can be grouped into i-th of aggregation class, if cannot, go to step 10;Otherwise, after
Continuous next step;
The foundation of the judgement is whether current domain name is similar to central field name, and the center domain name refers to having representative in aggregation class
The domain name of property;
Step 4, current domain name is incorporated to i-th of aggregation class, and extracts the matching process of current domain name and such center domain name
In generated generation pattern, continue in next step;
The generation pattern is to assemble the wild-character string that each domain name is extracted with center domain name in class;
Step 5, similar regions name similar with central field name that may be present is generated by carrying out enumerating in generation pattern, and screened
Fall the illegal domain name being put in storage in similar domain name, continues in next step;
Step 6, whether there is come the similar domain name after being screened in judgment step 5 one by one by obtaining domain name WHOIS information, if not
In the presence of discarding;Otherwise, retain, continue in next step;
Step 7, whether the domain name for detecting reservation is illegal, if it is detected that illegally, being added to illegal domain name concentration;Otherwise, it is added to
Unknown domain name is concentrated;Continue in next step;
Step 8, whether the similar domain name after being screened in judgment step 5, which detects, finishes, if detection finishes, continues in next step;Otherwise,
Go to step 6;
Step 9, whether the illegal domain name of judgment step 1 is clustered finishes, and is finished if having clustered, algorithm terminates;Otherwise, turn
To step 1;
Step 10, new class is created, current domain name is set to such center domain name, goes to step 9.
2. the illegal domain name method for digging according to claim 1 for constructing similitude based on domain name, which is characterized in that described
In step 3, the i-th aggregation class is the i-th class for being polymerized to similar domain name according to rule of similarity.
3. the illegal domain name method for digging according to claim 2 for constructing similitude based on domain name, which is characterized in that described
Rule of similarity is as follows:
(1) if two domain names only have top level domain different, other parts are identical, then two domain names are similar;
(2) if two domain name top level domain are identical, when two level length of field is identical, the same position of second-level domain is no more than 2 characters
It is different;Or continuously multiple identical characters are different for same position, then two domain names are similar;When two domain name two level length of field differences 1
And long domain name when removing a character and can become short domain name, then two domain names are similar;
(3) if not being determined as similar, two domain name dissmilarities in (1) and (2).
4. the illegal domain name method for digging according to claim 1 for constructing similitude based on domain name, which is characterized in that described
In step 4, the generation pattern replaces the difference section between two illegal domain names using asterisk wildcard, carrys out table using indicator
Show the enumeration operation of specified asterisk wildcard.
5. the illegal domain name method for digging according to claim 1 for constructing similitude based on domain name, which is characterized in that described
In step 7, the detection is carried out by detecting interface by authoritative third party.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810419153.8A CN108712403B (en) | 2018-05-04 | 2018-05-04 | Illegal domain name mining method based on domain name construction similarity |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810419153.8A CN108712403B (en) | 2018-05-04 | 2018-05-04 | Illegal domain name mining method based on domain name construction similarity |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108712403A true CN108712403A (en) | 2018-10-26 |
CN108712403B CN108712403B (en) | 2020-08-04 |
Family
ID=63867784
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810419153.8A Active CN108712403B (en) | 2018-05-04 | 2018-05-04 | Illegal domain name mining method based on domain name construction similarity |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108712403B (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109495475A (en) * | 2018-11-19 | 2019-03-19 | 中国联合网络通信集团有限公司 | Domain name detection method and device |
CN109889491A (en) * | 2019-01-02 | 2019-06-14 | 兰州理工大学 | A kind of malice domain name rapid detection method based on lexical characteristics |
CN110336777A (en) * | 2019-04-30 | 2019-10-15 | 北京邮电大学 | The communication interface acquisition method and device of Android application |
CN112073549A (en) * | 2020-08-25 | 2020-12-11 | 山东伏羲智库互联网研究院 | Domain name based system relationship determination method and device |
CN113157997A (en) * | 2020-01-23 | 2021-07-23 | 华为技术有限公司 | Domain name feature extraction method and feature extraction device |
CN113315739A (en) * | 2020-02-26 | 2021-08-27 | 深信服科技股份有限公司 | Malicious domain name detection method and system |
CN114710468A (en) * | 2022-03-31 | 2022-07-05 | 绿盟科技集团股份有限公司 | Domain name generation and identification method, device, equipment and medium |
CN114710468B (en) * | 2022-03-31 | 2024-05-14 | 绿盟科技集团股份有限公司 | Domain name generation and identification method, device, equipment and medium |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102098235A (en) * | 2011-01-18 | 2011-06-15 | 南京邮电大学 | Fishing mail inspection method based on text characteristic analysis |
US20110289138A1 (en) * | 2010-05-20 | 2011-11-24 | Bhavin Turakhia | Method, machine and computer program product for sharing an application session across a plurality of domain names |
CN102299978A (en) * | 2011-09-23 | 2011-12-28 | 上海西默通信技术有限公司 | Black list adding, filtering and redirecting method applied to DNS (Domain Name System) |
CN102523311A (en) * | 2011-11-25 | 2012-06-27 | 中国科学院计算机网络信息中心 | Illegal domain name recognition method and device |
CN102831248A (en) * | 2012-09-18 | 2012-12-19 | 北京奇虎科技有限公司 | Network hotspot mining method and network hotspot mining device |
CN103812966A (en) * | 2014-03-03 | 2014-05-21 | 刁永平 | Implementation method of autonomous extensible IP internet (AEIP) by loose source and record route (LSRR) |
US8850474B2 (en) * | 2010-07-26 | 2014-09-30 | Cisco Technology, Inc. | Virtual content store in interactive services architecture |
US20160255049A1 (en) * | 2013-05-03 | 2016-09-01 | Fortinet, Inc. | Securing email communications |
CN106330811A (en) * | 2015-06-15 | 2017-01-11 | 中兴通讯股份有限公司 | Domain name credibility determination method and device |
-
2018
- 2018-05-04 CN CN201810419153.8A patent/CN108712403B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110289138A1 (en) * | 2010-05-20 | 2011-11-24 | Bhavin Turakhia | Method, machine and computer program product for sharing an application session across a plurality of domain names |
US8850474B2 (en) * | 2010-07-26 | 2014-09-30 | Cisco Technology, Inc. | Virtual content store in interactive services architecture |
CN102098235A (en) * | 2011-01-18 | 2011-06-15 | 南京邮电大学 | Fishing mail inspection method based on text characteristic analysis |
CN102299978A (en) * | 2011-09-23 | 2011-12-28 | 上海西默通信技术有限公司 | Black list adding, filtering and redirecting method applied to DNS (Domain Name System) |
CN102523311A (en) * | 2011-11-25 | 2012-06-27 | 中国科学院计算机网络信息中心 | Illegal domain name recognition method and device |
CN102831248A (en) * | 2012-09-18 | 2012-12-19 | 北京奇虎科技有限公司 | Network hotspot mining method and network hotspot mining device |
US20160255049A1 (en) * | 2013-05-03 | 2016-09-01 | Fortinet, Inc. | Securing email communications |
CN103812966A (en) * | 2014-03-03 | 2014-05-21 | 刁永平 | Implementation method of autonomous extensible IP internet (AEIP) by loose source and record route (LSRR) |
CN106330811A (en) * | 2015-06-15 | 2017-01-11 | 中兴通讯股份有限公司 | Domain name credibility determination method and device |
Non-Patent Citations (2)
Title |
---|
吕品等: "《基于域名的恶意行为检测技术》", 《信息通信技术》 * |
程亚楠等: "《基于改进马尔可夫链的域名获取方法研究》", 《高技术通讯》 * |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109495475A (en) * | 2018-11-19 | 2019-03-19 | 中国联合网络通信集团有限公司 | Domain name detection method and device |
CN109495475B (en) * | 2018-11-19 | 2022-03-18 | 中国联合网络通信集团有限公司 | Domain name detection method and device |
CN109889491A (en) * | 2019-01-02 | 2019-06-14 | 兰州理工大学 | A kind of malice domain name rapid detection method based on lexical characteristics |
CN110336777A (en) * | 2019-04-30 | 2019-10-15 | 北京邮电大学 | The communication interface acquisition method and device of Android application |
CN110336777B (en) * | 2019-04-30 | 2020-10-16 | 北京邮电大学 | Communication interface acquisition method and device for android application |
CN113157997A (en) * | 2020-01-23 | 2021-07-23 | 华为技术有限公司 | Domain name feature extraction method and feature extraction device |
CN113315739A (en) * | 2020-02-26 | 2021-08-27 | 深信服科技股份有限公司 | Malicious domain name detection method and system |
CN112073549A (en) * | 2020-08-25 | 2020-12-11 | 山东伏羲智库互联网研究院 | Domain name based system relationship determination method and device |
CN112073549B (en) * | 2020-08-25 | 2023-06-02 | 山东伏羲智库互联网研究院 | Domain name based system relation determining method and device |
CN114710468A (en) * | 2022-03-31 | 2022-07-05 | 绿盟科技集团股份有限公司 | Domain name generation and identification method, device, equipment and medium |
CN114710468B (en) * | 2022-03-31 | 2024-05-14 | 绿盟科技集团股份有限公司 | Domain name generation and identification method, device, equipment and medium |
Also Published As
Publication number | Publication date |
---|---|
CN108712403B (en) | 2020-08-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108712403A (en) | The illegal domain name method for digging of similitude is constructed based on domain name | |
CN105550583B (en) | Android platform malicious application detection method based on random forest classification method | |
CN103843003B (en) | The method of recognition network fishing website | |
Miao et al. | Extracting data records from the web using tag path clustering | |
CN101702179B (en) | Method and device for removing duplication from data mining | |
US20040267709A1 (en) | Method and platform for term extraction from large collection of documents | |
CN109753800A (en) | Merge the Android malicious application detection method and system of frequent item set and random forests algorithm | |
CN106302438A (en) | A kind of method of actively monitoring fishing website of Behavior-based control feature by all kinds of means | |
CN103136358B (en) | A kind of method of Automatic Extraction forum data | |
CN107437038A (en) | A kind of detection method and device of webpage tamper | |
CN103607391B (en) | SQL injection attack detection method based on K-means | |
CN104899508A (en) | Multistage phishing website detecting method and system | |
CN110177114A (en) | The recognition methods of network security threats index, unit and computer readable storage medium | |
CN107798080B (en) | Similar sample set construction method for fishing URL detection | |
CN110519276A (en) | A method of detection Intranet transverse shifting attack | |
CN108111526A (en) | A kind of illegal website method for digging based on abnormal WHOIS information | |
CN107743128A (en) | It is a kind of that domain name and the illegal website method for digging with service IP are associated based on homepage | |
Chung et al. | A study of link farm distribution and evolution using a time series of web snapshots | |
CN103455754B (en) | A kind of malicious searches keyword recognition methods based on regular expression | |
CN106330861A (en) | Website detection method and apparatus | |
Shinn et al. | Morphometric discrimination of Gyrodactylus salaris Malmberg (Monogenea) from species of Gyrodactylus parasitising British salmonids using novel parameters | |
George et al. | Reindeer range inventory in western Alaska from computer-aided digital classification of Landsat data | |
CN108959922A (en) | A kind of malice document detection method and device based on Bayesian network | |
CN109409748B (en) | Checking method and system for farmland quality evaluation index relevance | |
Zaman et al. | Phishing website detection using effective classifiers and feature selection techniques |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |