CN102957693A - Method and device for judging phishing websites - Google Patents
Method and device for judging phishing websites Download PDFInfo
- Publication number
- CN102957693A CN102957693A CN201210413393XA CN201210413393A CN102957693A CN 102957693 A CN102957693 A CN 102957693A CN 201210413393X A CN201210413393X A CN 201210413393XA CN 201210413393 A CN201210413393 A CN 201210413393A CN 102957693 A CN102957693 A CN 102957693A
- Authority
- CN
- China
- Prior art keywords
- website
- grey
- client
- fishing
- domain name
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 230000001143 conditioned effect Effects 0.000 claims description 10
- 238000004519 manufacturing process Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 230000002155 anti-virotic effect Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 230000008676 import Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 241001236644 Lavinia Species 0.000 description 1
- 241000700605 Viruses Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 150000001875 compounds Chemical class 0.000 description 1
- 239000012467 final product Substances 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 230000001846 repelling effect Effects 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
Images
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a method and device for judging phishing websites. The device comprises a grey website judging module in a server, a phishing website judging module in a client, a first judgment module in the client and a second judgment module in the client, wherein the grey website judging module is used for judging whether a target website accessed by the client is a grey website or not; the phishing website judging module is used for getting browsing information of the grey website in the local client and judging whether the browsing information meets preset conditions or not; the first judgment module is used for determining that the grey website is a non-phishing website and allowing the access to the grey website; and the second judgment module is used for getting feature information of a domain name of the grey website, judging that the grey website is a phishing website when the feature information of the domain name meets preset rules and denying the access to the grey website. According to the method and the device, disclosed by the invention, when the server cannot judge whether the website accessed by the client is a phishing website or not or a fault occurs to the service end, the latest generated phishing website can be intercepted at the client at the first time, and so that most of phishing websites can be intercepted to ensure network safety.
Description
Technical field
The present invention relates to the network security technology field, be specifically related to a kind of fishing website determination methods, and, a kind of fishing website judgment means.
Background technology
Fishing website generally has these features: 1, inveigle the user with get the winning number in a bond (qq gets the winning number in a bond, microblogging is got the winning number in a bond, pound golden egg, Avenue of Stars etc.); 2, inveigle the user with low price (plane ticket, Taobao's commodity); 3, cost of manufacture is low.Fishing website can batch making, and uses free second level domain, compares making and the propagation of virus, and the cost of fishing website can be ignored.4, consequence is serious.Fishing website is mostly inveigled the higher commodity of user's purchasing price (such as plane ticket, slr camera etc.), and some Fishing net standing-meeting steals user's Alipay and bank account, can cause very large loss to the user.
The recognition technology of existing fishing website, main method has: 1, the webpage key content is carried out string matching.Whether contain such as detecting among webpage title and the keywords ' Taobao ', ' get the winning number in a bond ' etc. printed words.2, image recognition.Some fishing website is counterfeit brand official website, and the page looks the same with the official website.Such as counterfeit airline and Taobao.3, domain-name information.The employed domain name registration time of fishing website is generally newer, and usually uses free second level domain.Above several method can integrate the identification fishing website, forms at last blacklist.Except blacklist, in order not report by mistake, also have a white list mechanism, visit capacity is large, and the website of once reporting by mistake adds white list.
Existing antivirus software all carries out in service end the identification of fishing website: when a website of client-access, antivirus software sends a request to service end simultaneously, inquires about whether fishing website of this website.If fishing website tackles exactly, if not just letting pass.Such technical scheme has two obvious shortcomings: the one, and the new fishing website service end that produces does not have record, and the result of client query is unknown; The 2nd, when service end is beset by technical hitches etc. when causing query time longer, also may occur failing to report.For the interception fishing website, first shortcoming is difficult to avoid, because the cost of manufacture of fishing website is very low, tend to adopt free second level domain, just discard original domain name after cheating several users, just go to apply for to continue a new domain name to swindle again after the contents such as modification title.
One of problem in the urgent need to address of the present invention is, a kind of method and device of judging fishing website proposed, no in order to website that can not determine client-access when server is fishing website, perhaps during the service end fault, can intercept in the client very first time fishing website of up-to-date generation, tackle most fishing website, to guarantee network security.
Summary of the invention
In view of the above problems, the present invention has been proposed in order to provide a kind of a kind of fishing website determination methods that overcomes the problems referred to above or address the above problem at least in part and corresponding fishing website judgment means.
According to one aspect of the present invention, a kind of fishing website determination methods is provided, comprising:
Server judges whether the targeted website of client-access is grey website, and described grey website is the website in default blacklist and white list not;
Client is obtained the browsing information of described grey website in local client, and it is pre-conditioned to judge whether described browsing information satisfies;
If then be judged to be non-fishing website and allow the described grey website of access;
If not, then client is obtained the domain name characteristic information of described grey website, when the domain name characteristic information meets presetting rule, then is judged to be the described grey website of fishing website and denied access.
Alternatively, comprise the blacklist of storing known fishing website and the white list of storing known non-fishing website in the described server, described server judges that whether the targeted website of client-access is that the step of grey website comprises:
The client-access targeted website, and send to server whether the described targeted website of inquiry is the request of fishing website;
Server receives described request, checks described targeted website whether in blacklist or white list, if the targeted website neither at blacklist also not in white list, judge that then the targeted website is grey website.
Alternatively, described browsing information comprises pageview and browsing time, describedly judges whether browsing information satisfies pre-conditioned step and be:
Judge whether described pageview is higher than predetermined threshold value, and the described browsing time is whether in default time range.
Alternatively, the domain name characteristic information of described grey website comprises the IP address, and domain name and website name, described client are obtained the domain name characteristic information of described grey website, and when the domain name characteristic information met presetting rule, the step that then is judged to be fishing website was:
When the IP address of described grey website is external IP, and the suspicious domain name that presets has been adopted in described grey website, and, when the website name of grey website comprises the responsive vocabulary that presets, be judged to be fishing website.
Alternatively, described method also comprises:
The IP address that meets grey website when the domain name characteristic information of described grey website is external IP, or the suspicious domain name that presets has been adopted in grey website, or the website name of grey website then generates the information that the targeted website is doubtful fishing website when comprising in the responsive vocabulary that presets any two.
Alternatively, described method also comprises:
Client is allowed or the described grey website of denied access, or to generate the targeted website be that the result of the information of doubtful fishing website generates daily record and returns to server.
Alternatively, described server is the corporate intranet Control Server, and described client is the corporate intranet client.
According to a further aspect in the invention, provide a kind of fishing website judgment means, having comprised:
Be positioned at the grey website judge module of server, be used for judging whether the targeted website of client-access is grey website, described grey website is the website in presetting blacklist and white list not;
Be positioned at the fishing website judge module of client, be used for obtaining described grey website at the browsing information of local client, and it be pre-conditioned to judge whether described browsing information satisfies;
Be positioned at the first determination module of client, be used for being judged to be non-fishing website and allow the described grey website of access;
Be positioned at the second determination module of client, be used for obtaining the domain name characteristic information of described grey website, when the domain name characteristic information meets presetting rule, then be judged to be the described grey website of fishing website and denied access.
Alternatively, comprise the blacklist of storing known fishing website and the white list of storing known non-fishing website in the described server, described grey website judge module comprises:
Be positioned at the access submodule of client, be used for the access destination website, and send to server whether the described targeted website of inquiry is the request of fishing website;
Be positioned at the judgement submodule of server, be used for receive described request, check described targeted website whether in blacklist or white list, if the targeted website neither at blacklist also not in white list, judge that then the targeted website is grey website.
Alternatively, described fishing website judge module is:
The browsing information judge module is used for judging whether described pageview is higher than predetermined threshold value, and whether the described browsing time is in default time range.
Alternatively, the domain name characteristic information of described grey website comprises the IP address, domain name and website name, and described the second determination module is:
Domain name characteristic information judge module, the IP address that is used for when described grey website is external IP, and the suspicious domain name that presets has been adopted in described grey website, and, when the website name of grey website comprises the responsive vocabulary that presets, be judged to be fishing website.
Alternatively, described device also comprises:
Doubtful fishing website information module, the IP address that meets grey website for the domain name characteristic information when described grey website is external IP, or the suspicious domain name that presets has been adopted in grey website, or the website name of grey website then generates the information that the targeted website is doubtful fishing website when comprising in the responsive vocabulary that presets any two.
Alternatively, described device also comprises:
Result is returned module, be used for client is allowed or the described grey website of denied access, or to generate the targeted website is that the result of the information of doubtful fishing website generates daily record and returns to server.
Can bring in by the client according to a kind of method of judging fishing website of the present invention and device and to determine whether fishing website, solved thus and can not determine when server that the website of client-access is no and be fishing website, perhaps during the service end fault, obtained the fishing website that to intercept up-to-date generation in the client very first time, tackle most fishing website, guarantee the beneficial effect of network security.
Above-mentioned explanation only is the general introduction of technical solution of the present invention, for can clearer understanding technological means of the present invention, and can be implemented according to the content of specification, and for above and other objects of the present invention, feature and advantage can be become apparent, below especially exemplified by the specific embodiment of the present invention.
Description of drawings
By reading hereinafter detailed description of the preferred embodiment, various other advantage and benefits will become cheer and bright for those of ordinary skills.Accompanying drawing only is used for the purpose of preferred implementation is shown, and does not think limitation of the present invention.And in whole accompanying drawing, represent identical parts with identical reference symbol.In the accompanying drawings:
Fig. 1 shows the according to an embodiment of the invention flow chart of steps of fishing website determination methods embodiment;
Fig. 2 shows the according to an embodiment of the invention structured flowchart of fishing website judgment means embodiment.
Embodiment
Exemplary embodiment of the present disclosure is described below with reference to accompanying drawings in more detail.Although shown exemplary embodiment of the present disclosure in the accompanying drawing, yet should be appreciated that and to realize the disclosure and the embodiment that should do not set forth limits here with various forms.On the contrary, it is in order to understand the disclosure more thoroughly that these embodiment are provided, and can with the scope of the present disclosure complete convey to those skilled in the art.
One of core idea of the embodiment of the invention is, can not determine when server that the website of client-access is no and be fishing website, perhaps during the service end fault, according to user's browsing information and domain name characteristic information and the contrast of the browsing information in local client of website, judge comprehensively whether grey website is fishing website.
With reference to Fig. 1, show the according to an embodiment of the invention flow chart of steps of fishing website determination methods embodiment, specifically can may further comprise the steps:
Step 101, server judge whether the targeted website of client-access is grey website, and described grey website is the website in default blacklist and white list not;
In specific implementation, the blacklist of the known fishing website of storage and the white list of storing known non-fishing website can be set in server, in a preferred embodiment of the present invention, described step 101 specifically can comprise following substep:
Substep S 11, the client-access targeted website, and send to server whether the described targeted website of inquiry is the request of fishing website;
Substep S12, server receive described request, check described targeted website whether in blacklist or white list, if the targeted website neither at blacklist also not in white list, judge that then the targeted website is grey website.
In practice, when the client-access targeted website, can send to service end whether the described targeted website of inquiry is the request of fishing website simultaneously, after server receives query requests, check whether described targeted website is stored in blacklist or white list, if the targeted website neither at blacklist also not in white list, judge that then the targeted website is grey website.The result that service end will be judged to be grey website is back to client, the then heuristic judgement of client terminal start-up.
Step 102, client are obtained the browsing information of described grey website in local client, and it is pre-conditioned to judge whether described browsing information satisfies;
As the concrete a kind of example used of the embodiment of the invention, described browsing information can comprise pageview and browsing time, and described step 102 can comprise the steps:
Judge whether described pageview is higher than predetermined threshold value, and the described browsing time is whether in default time range.
In specific implementation, can be at two main API of client configuration, one is the API that the URL with the targeted website imports into, can pass through browser or fail-safe software, when the user accesses the unknown object website, calls this API; Second is the API of inquiry, and whether can import that the targeted website inquires about into is fishing website.When the heuristic judgement of client terminal start-up, call the API that targeted website URL is imported into, with host, IP, website name, the pageview of grey website, the browsing time is recorded in the data buffer storage, and sorts according to pageview.As a kind of example, the algorithm of ordering can be LRU (Least Recently Used), and often the host of the grey website of access can be saved recently.When the website of user access is grey website, call the API of inquiry, then client is inquired about the pageview data of ordering, if find that record is arranged, and pageview is higher than preset threshold value, just judges it is white website, then client allows this website of access.The data of all grey websites are all put into data buffer storage, and are sorted by LRU in the website, for there not being accessed website to remove from data buffer storage in preset time.The preset threshold value of judging fishing website can adjust according to the statistics of service end, and scope is probably more than 10.
Step 103 is if then be judged to be non-fishing website and allow the described grey website of access;
The grey website of accessing as the user is judged to be non-fishing website, and then client allows the described grey website of access.
Step 104, if not, then client is obtained the domain name characteristic information of described grey website, when the domain name characteristic information meets presetting rule, then is judged to be the described grey website of fishing website and denied access.
In a preferred embodiment of the present invention, the domain name characteristic information of described grey website comprises the IP address, domain name and website name, and described step 104 can be following steps:
When the IP address of described grey website is external IP, and the suspicious domain name that presets has been adopted in described grey website, and, when the website name of grey website comprises the responsive vocabulary that presets, be judged to be fishing website.
In specific implementation, when the user accesses grey website, client is inquired about the pageview that sorts in the data buffer memory, if find to have the record of grey website, but pageview is lower than preset threshold value, whether the record that does not perhaps have grey website will be external IP according to the IP address of grey website, and whether whether host use high-risk second level domain and website name to comprise to preset sensitive word to remit and comprehensively determine whether fishing website.
If the IP address of grey website is external IP, and the website has adopted the suspicious domain name that presets (such as tk, co.cc etc., can regularly upgrade from service end), and the website name contains the responsive vocabulary that presets (such as Taobao, telephone expenses, prize drawing, lottery ticket etc., can regularly upgrade from service end), just think that grey website is fishing website.When the grey website of user access is judged to be fishing website, the described grey website of client denied access then.
In a preferred embodiment of the present invention, can also comprise the steps:
The IP address that meets grey website when the domain name characteristic information of described grey website is external IP, or the suspicious domain name that presets has been adopted in grey website, or the website name of grey website then generates the information that the targeted website is doubtful fishing website when comprising in the responsive vocabulary that presets any two.
If the IP address of grey website is external IP, or the suspicious domain name that presets is adopted in the website, or the website name contains the responsive vocabulary that presets, doubtful fishing website is pointed out in the meeting that meets the grey website of above two conditions, this way is for false alarm reduction, because in practice, because some little websites can use free second level domain to build service, may all hit this three rules.
In specific implementation, client can be allowed or the described grey website of denied access, or to generate the targeted website be that the result of the information of doubtful fishing website generates daily record and returns to server.Client is tackled for fishing website, just allows to continue access if not fishing website.Client allows or the described grey website of denied access, or to generate the targeted website be that the result of the information of doubtful fishing website can generate daily record and return to server.If wrong report is wherein arranged, can add white list from service end.
In a preferred embodiment of the present invention, described server can be the corporate intranet Control Server, and described client can be the corporate intranet client.As a kind of example of concrete application, the embodiment of the invention can be used in the fishing website identification of corporate intranet, to strengthen the fail safe of enterprise network.Particularly, in the application of corporate intranet, the embodiment of the invention can comprise the steps:
Step S1, corporate intranet Control Server judge whether the targeted website of corporate intranet client-access is grey website, and described grey website is the website in default blacklist and white list not;
Step S2, the corporate intranet client is obtained the browsing information of described grey website in local manufacturing enterprises Intranet client client, and it is pre-conditioned to judge whether described browsing information satisfies;
Step S3 is if then be judged to be non-fishing website;
Step S4, if not, then the corporate intranet client is obtained the domain name characteristic information of described grey website, when the domain name characteristic information meets presetting rule, then is judged to be fishing website.
For above-mentioned example, because the embodiment of the method basic simlarity of its Fig. 1, so not detailed part in the description of this example can referring to the related description in the embodiment of the method, just not given unnecessary details at this.
Need to prove, for embodiment of the method, for simple description, so it all is expressed as a series of combination of actions, but those skilled in the art should know, the present invention is not subjected to the restriction of described sequence of movement, because according to the present invention, some step can adopt other orders or carry out simultaneously.Secondly, those skilled in the art also should know, the embodiment described in the specification all belongs to preferred embodiment, and related action and module might not be that the present invention is necessary.
With reference to Fig. 2, show the according to an embodiment of the invention structured flowchart of fishing website judgment means embodiment, specifically can comprise with lower module:
Be positioned at the grey website judge module 201 of client, be used for judging whether the targeted website of client-access is grey website, described grey website is the website in presetting blacklist and white list not;
In a preferred embodiment of the present invention, comprise the blacklist of storing known fishing website and the white list of storing known non-fishing website in the described server, described grey website judge module 201 can comprise following submodule:
Be positioned at the access submodule of client, be used for the access destination website, and send to server whether the described targeted website of inquiry is the request of fishing website;
Be positioned at the judgement submodule of server, be used for receive described request, check described targeted website whether in blacklist or white list, if the targeted website neither at blacklist also not in white list, judge that then the targeted website is grey website.
Be positioned at the fishing website judge module 202 of client, be used for obtaining described grey website at the browsing information of local client, and it be pre-conditioned to judge whether described browsing information satisfies;
In a preferred embodiment of the present invention, described fishing website judge module 202 can for:
The browsing information judge module is used for judging whether described pageview is higher than predetermined threshold value, and whether the described browsing time is in default time range.
Be positioned at the first determination module 203 of client, be used for being judged to be non-fishing website and allow the described grey website of access;
Be positioned at the second determination module 204 of client, be used for obtaining the domain name characteristic information of described grey website, when the domain name characteristic information meets presetting rule, then be judged to be the described grey website of fishing website and denied access.
In a preferred embodiment of the present invention, the domain name characteristic information of described grey website comprises the IP address, domain name and website name, described the second determination module 204 can for:
Domain name characteristic information judge module, the IP address that is used for when described grey website is external IP, and, the suspicious domain name that presets has been adopted in described grey website, and, when the website name of grey website comprises the responsive vocabulary that presets, be judged to be the described grey website of fishing website and denied access.
In a preferred embodiment of the present invention, described device also comprises:
Doubtful fishing website information module, the IP address that meets grey website for the domain name characteristic information when described grey website is external IP, or the suspicious domain name that presets has been adopted in grey website, or the website name of grey website then generates the information that the targeted website is doubtful fishing website when comprising in the responsive vocabulary that presets any two.
Result is returned module, be used for client is allowed or the described grey website of denied access, or to generate the targeted website is that the result of the information of doubtful fishing website generates daily record and returns to server.
For the device embodiment of Fig. 2 because itself and the embodiment of the method basic simlarity of Fig. 1, so describe fairly simple, relevant part gets final product referring to the part explanation of embodiment of the method.
In a preferred embodiment of the present invention, described server can be the corporate intranet Control Server, and described client can be the corporate intranet client.As a kind of example of concrete application, the embodiment of the invention also can be used in the fishing website identification of corporate intranet, to strengthen the fail safe of enterprise network.Particularly, in the applied environment of corporate intranet, the embodiment of the invention can comprise such as lower module:
Be positioned at the grey website judge module of corporate intranet Control Server, be used for judging whether the targeted website of corporate intranet client-access is grey website, described grey website is the website in presetting blacklist and white list not;
Be positioned at the fishing website judge module of corporate intranet client, be used for obtaining described grey website at the browsing information of local manufacturing enterprises Intranet client, and it be pre-conditioned to judge whether described browsing information satisfies;
Be positioned at the first determination module of corporate intranet client, be used for being judged to be non-fishing website and allow the described grey website of access;
Be positioned at the second determination module of corporate intranet client, be used for obtaining the domain name characteristic information of described grey website, when the domain name characteristic information meets presetting rule, then be judged to be the described grey website of fishing website and denied access.
For above-mentioned example, not detailed part is wherein described, can referring to the related description in the embodiment of the method, just not give unnecessary details at this.
Intrinsic not relevant with any certain computer, virtual system or miscellaneous equipment with demonstration at this algorithm that provides.Various general-purpose systems also can be with using based on the teaching at this.According to top description, it is apparent constructing the desired structure of this type systematic.In addition, the present invention is not also for any certain programmed language.Should be understood that and to utilize various programming languages to realize content of the present invention described here, and the top description that language-specific is done is in order to disclose preferred forms of the present invention.
In the specification that provides herein, a large amount of details have been described.Yet, can understand, embodiments of the invention can be put into practice in the situation of these details not having.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, be to be understood that, in order to simplify the disclosure and to help to understand one or more in each inventive aspect, in the description to exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or the description to it sometimes in the above.Yet the method for the disclosure should be construed to the following intention of reflection: namely the present invention for required protection requires the more feature of feature clearly put down in writing than institute in each claim.Or rather, as following claims reflected, inventive aspect was to be less than all features of the disclosed single embodiment in front.Therefore, follow claims of embodiment and incorporate clearly thus this embodiment into, wherein each claim itself is as independent embodiment of the present invention.
Those skilled in the art are appreciated that and can adaptively change and they are arranged in one or more equipment different from this embodiment the module in the equipment among the embodiment.Can be combined into a module or unit or assembly to the module among the embodiment or unit or assembly, and can be divided into a plurality of submodules or subelement or sub-component to them in addition.In such feature and/or process or unit at least some are mutually repelling, and can adopt any combination to disclosed all features in this specification (comprising claim, summary and the accompanying drawing followed) and so all processes or the unit of disclosed any method or equipment make up.Unless in addition clearly statement, disclosed each feature can be by providing identical, being equal to or the alternative features of similar purpose replaces in this specification (comprising claim, summary and the accompanying drawing followed).
In addition, those skilled in the art can understand, although embodiment more described herein comprise some feature rather than further feature included among other embodiment, the combination of the feature of different embodiment means and is within the scope of the present invention and forms different embodiment.For example, in the following claims, the one of any of embodiment required for protection can be used with compound mode arbitrarily.
All parts embodiment of the present invention can realize with hardware, perhaps realizes with the software module of moving at one or more processor, and perhaps the combination with them realizes.It will be understood by those of skill in the art that and to use in practice microprocessor or digital signal processor (DSP) to realize according to some or all some or repertoire of parts in the fishing website judgment means of the embodiment of the invention.The present invention can also be embodied as be used to part or all equipment or the device program (for example, computer program and computer program) of carrying out method as described herein.Such realization program of the present invention can be stored on the computer-readable medium, perhaps can have the form of one or more signal.Such signal can be downloaded from internet website and obtain, and perhaps provides at carrier signal, perhaps provides with any other form.
It should be noted above-described embodiment the present invention will be described rather than limit the invention, and those skilled in the art can design alternative embodiment in the situation of the scope that does not break away from claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and is not listed in element or step in the claim.Being positioned at word " " before the element or " one " does not get rid of and has a plurality of such elements.The present invention can realize by means of the hardware that includes some different elements and by means of the computer of suitably programming.In having enumerated the unit claim of some devices, several in these devices can be to come imbody by same hardware branch.The use of word first, second and C grade does not represent any order.Can be title with these word explanations.
Claims (13)
1. fishing website determination methods comprises:
Server judges whether the targeted website of client-access is grey website, and described grey website is the website in default blacklist and white list not;
Client is obtained the browsing information of described grey website in local client, and it is pre-conditioned to judge whether described browsing information satisfies;
If then be judged to be non-fishing website and allow the described grey website of access;
If not, then client is obtained the domain name characteristic information of described grey website, when the domain name characteristic information meets presetting rule, then is judged to be the described grey website of fishing website and denied access.
2. the method for claim 1 comprises the blacklist of storing known fishing website and the white list of storing known non-fishing website in the described server, and described server judges that whether the targeted website of client-access is that the step of grey website comprises:
The client-access targeted website, and send to server whether the described targeted website of inquiry is the request of fishing website;
Server receives described request, checks described targeted website whether in blacklist or white list, if the targeted website neither at blacklist also not in white list, judge that then the targeted website is grey website.
3. method as claimed in claim 1 or 2, described browsing information comprises pageview and browsing time, describedly judges whether browsing information satisfies pre-conditioned step and be:
Judge whether described pageview is higher than predetermined threshold value, and the described browsing time is whether in default time range.
4. the method for claim 1, the domain name characteristic information of described grey website comprises the IP address, and domain name and website name, described client are obtained the domain name characteristic information of described grey website, when the domain name characteristic information met presetting rule, the step that then is judged to be fishing website was:
When the IP address of described grey website is external IP, and the suspicious domain name that presets has been adopted in described grey website, and, when the website name of grey website comprises the responsive vocabulary that presets, be judged to be fishing website.
5. method as claimed in claim 4 also comprises:
The IP address that meets grey website when the domain name characteristic information of described grey website is external IP, or the suspicious domain name that presets has been adopted in grey website, or the website name of grey website then generates the information that the targeted website is doubtful fishing website when comprising in the responsive vocabulary that presets any two.
6. such as each described method in the claim 1 to 5, also comprise:
Client is allowed or the described grey website of denied access, or to generate the targeted website be that the result of the information of doubtful fishing website generates daily record and returns to server.
7. the method for claim 1, described server is the corporate intranet Control Server, described client is the corporate intranet client.
8. fishing website judgment means comprises:
Be positioned at the grey website judge module of server, be used for judging whether the targeted website of client-access is grey website, described grey website is the website in presetting blacklist and white list not;
Be positioned at the fishing website judge module of client, be used for obtaining described grey website at the browsing information of local client, and it be pre-conditioned to judge whether described browsing information satisfies;
Be positioned at the first determination module of client, be used for being judged to be non-fishing website and allow the described grey website of access;
Be positioned at the second determination module of client, be used for obtaining the domain name characteristic information of described grey website, when the domain name characteristic information meets presetting rule, then be judged to be the described grey website of fishing website and denied access.
9. device as claimed in claim 8 comprises the blacklist of storing known fishing website and the white list of storing known non-fishing website in the described server, and described grey website judge module comprises:
Be positioned at the access submodule of client, be used for the access destination website, and send to server whether the described targeted website of inquiry is the request of fishing website;
The server that is positioned at server is judged submodule, is used for receiving described request, checks described targeted website whether in blacklist or white list, if the targeted website neither at blacklist also not in white list, judge that then the targeted website is grey website.
10. install as claimed in claim 8 or 9, described fishing website judge module is:
The browsing information judge module is used for judging whether described pageview is higher than predetermined threshold value, and whether the described browsing time is in default time range.
11. device as claimed in claim 8, the domain name characteristic information of described grey website comprises the IP address, domain name and website name, and described the second determination module is:
Domain name characteristic information judge module, the IP address that is used for when described grey website is external IP, and the suspicious domain name that presets has been adopted in described grey website, and, when the website name of grey website comprises the responsive vocabulary that presets, be judged to be fishing website.
12. device as claimed in claim 11 also comprises:
Doubtful fishing website information module, the IP address that meets grey website for the domain name characteristic information when described grey website is external IP, or the suspicious domain name that presets has been adopted in grey website, or the website name of grey website then generates the information that the targeted website is doubtful fishing website when comprising in the responsive vocabulary that presets any two.
13. such as each described device in the claim 8 to 12, also comprise:
Result is returned module, be used for client is allowed or the described grey website of denied access, or to generate the targeted website is that the result of the information of doubtful fishing website generates daily record and returns to server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210413393.XA CN102957693B (en) | 2012-10-25 | 2012-10-25 | Fishing website determination methods and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210413393.XA CN102957693B (en) | 2012-10-25 | 2012-10-25 | Fishing website determination methods and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102957693A true CN102957693A (en) | 2013-03-06 |
| CN102957693B CN102957693B (en) | 2015-09-30 |
Family
ID=47765918
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210413393.XA Active CN102957693B (en) | 2012-10-25 | 2012-10-25 | Fishing website determination methods and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102957693B (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103281312A (en) * | 2013-05-10 | 2013-09-04 | 金硕澳门离岸商业服务有限公司 | Information filtering method |
| WO2014063520A1 (en) * | 2012-10-25 | 2014-05-01 | 北京奇虎科技有限公司 | Method and apparatus for determining phishing website |
| CN104052722A (en) * | 2013-03-15 | 2014-09-17 | 腾讯科技(深圳)有限公司 | Web address security detection method, apparatus and system |
| CN104219200A (en) * | 2013-05-30 | 2014-12-17 | 杭州迪普科技有限公司 | Device and method for protection from DNS cache attack |
| CN104219670A (en) * | 2014-09-03 | 2014-12-17 | 珠海市君天电子科技有限公司 | Method and system for identifying false wifi (wireless fidelity), client side and server side |
| CN104283840A (en) * | 2013-07-02 | 2015-01-14 | 深圳市腾讯计算机系统有限公司 | Method, client side and system for improving network access safety |
| CN106713266A (en) * | 2016-11-14 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Method, device, terminal and system for preventing information leakage |
| CN106936810A (en) * | 2015-12-31 | 2017-07-07 | 三星电子株式会社 | Perform method, on-chip system and the mobile system of safe passing |
| CN107360197A (en) * | 2017-09-08 | 2017-11-17 | 杭州安恒信息技术有限公司 | A kind of phishing analysis method and device based on DNS daily records |
| CN107659564A (en) * | 2017-09-15 | 2018-02-02 | 广州唯品会研究院有限公司 | A kind of method and electronic equipment of active detecting fishing website |
| US20200396252A1 (en) * | 2015-07-27 | 2020-12-17 | Swisscom Ag | Systems and methods for identifying phishing websites |
| CN112819434A (en) * | 2021-02-01 | 2021-05-18 | 北京读我网络技术有限公司 | Data content auditing method and device |
| CN115883220A (en) * | 2022-12-05 | 2023-03-31 | 深圳安巽科技有限公司 | Website security access method, system and storage medium based on router |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101483515A (en) * | 2009-02-26 | 2009-07-15 | 杭州华三通信技术有限公司 | DHCP attack guarding method and customer terminal equipment |
| CN102546618A (en) * | 2011-12-29 | 2012-07-04 | 北京神州绿盟信息安全科技股份有限公司 | Method, device, system and website for detecting fishing website |
| CN102638448A (en) * | 2012-02-27 | 2012-08-15 | 珠海市君天电子科技有限公司 | Method for judging phishing websites based on non-content analysis |
| CN102647408A (en) * | 2012-02-27 | 2012-08-22 | 珠海市君天电子科技有限公司 | Method for judging phishing website based on content analysis |
| CN102710645A (en) * | 2012-06-06 | 2012-10-03 | 珠海市君天电子科技有限公司 | Method and system for detecting phishing website |
| CN102724186A (en) * | 2012-06-06 | 2012-10-10 | 珠海市君天电子科技有限公司 | System and method for detecting phishing websites |
| CN102957694A (en) * | 2012-10-25 | 2013-03-06 | 北京奇虎科技有限公司 | Method and device for judging phishing websites |
-
2012
- 2012-10-25 CN CN201210413393.XA patent/CN102957693B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101483515A (en) * | 2009-02-26 | 2009-07-15 | 杭州华三通信技术有限公司 | DHCP attack guarding method and customer terminal equipment |
| CN102546618A (en) * | 2011-12-29 | 2012-07-04 | 北京神州绿盟信息安全科技股份有限公司 | Method, device, system and website for detecting fishing website |
| CN102638448A (en) * | 2012-02-27 | 2012-08-15 | 珠海市君天电子科技有限公司 | Method for judging phishing websites based on non-content analysis |
| CN102647408A (en) * | 2012-02-27 | 2012-08-22 | 珠海市君天电子科技有限公司 | Method for judging phishing website based on content analysis |
| CN102710645A (en) * | 2012-06-06 | 2012-10-03 | 珠海市君天电子科技有限公司 | Method and system for detecting phishing website |
| CN102724186A (en) * | 2012-06-06 | 2012-10-10 | 珠海市君天电子科技有限公司 | System and method for detecting phishing websites |
| CN102957694A (en) * | 2012-10-25 | 2013-03-06 | 北京奇虎科技有限公司 | Method and device for judging phishing websites |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9742774B2 (en) | 2012-10-25 | 2017-08-22 | Beijing Qihoo Technology Company Limited | Method and apparatus for determining phishing website |
| WO2014063520A1 (en) * | 2012-10-25 | 2014-05-01 | 北京奇虎科技有限公司 | Method and apparatus for determining phishing website |
| US10270779B2 (en) | 2012-10-25 | 2019-04-23 | Beijing Qihoo Technology Company Limited | Method and apparatus for determining phishing website |
| CN104052722A (en) * | 2013-03-15 | 2014-09-17 | 腾讯科技(深圳)有限公司 | Web address security detection method, apparatus and system |
| CN103281312A (en) * | 2013-05-10 | 2013-09-04 | 金硕澳门离岸商业服务有限公司 | Information filtering method |
| CN104219200B (en) * | 2013-05-30 | 2017-10-17 | 杭州迪普科技股份有限公司 | A kind of apparatus and method for taking precautions against DNS cache attack |
| CN104219200A (en) * | 2013-05-30 | 2014-12-17 | 杭州迪普科技有限公司 | Device and method for protection from DNS cache attack |
| CN104283840A (en) * | 2013-07-02 | 2015-01-14 | 深圳市腾讯计算机系统有限公司 | Method, client side and system for improving network access safety |
| CN104283840B (en) * | 2013-07-02 | 2019-02-26 | 深圳市腾讯计算机系统有限公司 | Improve method, client and the system of network-access security |
| CN104219670A (en) * | 2014-09-03 | 2014-12-17 | 珠海市君天电子科技有限公司 | Method and system for identifying false wifi (wireless fidelity), client side and server side |
| CN104219670B (en) * | 2014-09-03 | 2018-06-08 | 珠海市君天电子科技有限公司 | Identify method, client and the system of falseness wifi |
| US20200396252A1 (en) * | 2015-07-27 | 2020-12-17 | Swisscom Ag | Systems and methods for identifying phishing websites |
| CN106936810A (en) * | 2015-12-31 | 2017-07-07 | 三星电子株式会社 | Perform method, on-chip system and the mobile system of safe passing |
| CN106713266A (en) * | 2016-11-14 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Method, device, terminal and system for preventing information leakage |
| CN107360197A (en) * | 2017-09-08 | 2017-11-17 | 杭州安恒信息技术有限公司 | A kind of phishing analysis method and device based on DNS daily records |
| CN107360197B (en) * | 2017-09-08 | 2020-12-25 | 杭州安恒信息技术股份有限公司 | DNS log-based phishing analysis method and device |
| CN107659564B (en) * | 2017-09-15 | 2020-07-31 | 广州唯品会研究院有限公司 | Method for actively detecting phishing website and electronic equipment |
| CN107659564A (en) * | 2017-09-15 | 2018-02-02 | 广州唯品会研究院有限公司 | A kind of method and electronic equipment of active detecting fishing website |
| CN112819434A (en) * | 2021-02-01 | 2021-05-18 | 北京读我网络技术有限公司 | Data content auditing method and device |
| CN115883220A (en) * | 2022-12-05 | 2023-03-31 | 深圳安巽科技有限公司 | Website security access method, system and storage medium based on router |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102957693B (en) | 2015-09-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102957694A (en) | Method and device for judging phishing websites | |
| CN102957693B (en) | Fishing website determination methods and device | |
| US11223637B2 (en) | Detecting attacks on web applications using server logs | |
| US8438386B2 (en) | System and method for developing a risk profile for an internet service | |
| AU2012259235B2 (en) | Methods and apparatus for blocking usage tracking | |
| US11196746B2 (en) | Whitelisting of trusted accessors to restricted web pages | |
| CN102930211B (en) | A kind of multi-core browser intercepts method and the multi-core browser of malice network address | |
| US8578481B2 (en) | Method and system for determining a probability of entry of a counterfeit domain in a browser | |
| CN103744802B (en) | Method and device for identifying SQL injection attacks | |
| US8646071B2 (en) | Method and system for validating site data | |
| CN109274632B (en) | Website identification method and device | |
| CN102932356B (en) | Malice network address hold-up interception method and device in multi-core browser | |
| CN103491543A (en) | Method for detecting malicious websites through wireless terminal, and wireless terminal | |
| US20230040895A1 (en) | System and method for developing a risk profile for an internet service | |
| CN103152354B (en) | To method, system and client device that dangerous website is pointed out | |
| CN103605924A (en) | Method and device for preventing malicious program from attacking online payment page | |
| CN103152355A (en) | Method and system for promoting dangerous website and client device | |
| CN103986731A (en) | Method and device for detecting phishing web pages through picture matching | |
| CN104143008A (en) | Method and device for detecting phishing webpage based on picture matching | |
| CN102970282A (en) | Website security detection system | |
| CN105550596A (en) | Access processing method and apparatus | |
| CN108183902A (en) | A kind of recognition methods of malicious websites and device | |
| CN105791293A (en) | Interception method and device of malicious uniform resource locators in multi-core browser | |
| CN103581321A (en) | Creation method and device for refer link, safety detecting method and client side | |
| CN103116725A (en) | Screen locking method, device and browser for webpage |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20161207 Address after: 100015 Chaoyang District Road, Jiuxianqiao, No. 10, building No. 3, floor 15, floor 17, 1701-26, Patentee after: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. Address before: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder |
Address after: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Patentee after: QAX Technology Group Inc. Address before: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Patentee before: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder |