CN102957693B - Fishing website determination methods and device - Google Patents
Fishing website determination methods and device Download PDFInfo
- Publication number
- CN102957693B CN102957693B CN201210413393.XA CN201210413393A CN102957693B CN 102957693 B CN102957693 B CN 102957693B CN 201210413393 A CN201210413393 A CN 201210413393A CN 102957693 B CN102957693 B CN 102957693B
- Authority
- CN
- China
- Prior art keywords
- website
- grey
- client
- fishing
- domain name
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 230000001143 conditioned effect Effects 0.000 claims abstract description 11
- 238000004519 manufacturing process Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 230000002155 anti-virotic effect Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 241001236644 Lavinia Species 0.000 description 1
- 241000700605 Viruses Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 150000001875 compounds Chemical class 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a kind of fishing website determination methods and device, wherein, this device comprises: the grey website judge module being positioned at server, for judging whether the targeted website of client-access is grey website; Be positioned at the fishing website judge module of client, for obtaining the browsing information of grey website in local client, and it is pre-conditioned to judge whether browsing information meets; Be positioned at the first determination module of client, for being judged to be non-fishing website and allowing the described grey website of access; Being positioned at the second determination module of client, for obtaining the domain name characteristic information of grey website, when domain name characteristic information meets presetting rule, being then judged to be fishing website and grey website described in denied access.The present invention, in order to can not determine that when server the website of client-access is no for fishing website, or during service end fault, can intercept the fishing website of up-to-date generation in the client very first time, tackle most fishing website, to ensure network security.
Description
Technical field
The present invention relates to technical field of network security, be specifically related to a kind of fishing website determination methods, and, a kind of fishing website judgment means.
Background technology
Fishing website generally has these features: 1, carry out deceive users with get the winning number in a bond (qq prize-winning, microblogging are got the winning number in a bond, pounded golden egg, Avenue of Stars etc.); 2, deceive users is carried out with low price (plane ticket, Taobao's commodity); 3, cost of manufacture is low.Fishing website can batch making, and uses free second level domain, and compare making and the propagation of virus, the cost of fishing website is negligible.4, consequence is serious.The fishing website commodity (such as plane ticket, slr camera etc.) that mostly deceive users purchasing price is higher, and Alipay and the bank account of user are stolen in some Fishing net standing-meeting, can cause very large loss to user.
The recognition technology of existing fishing website, main method has: 1, carry out string matching to webpage key content.Such as to detect in webpage title and keywords whether containing ' Taobao ', ' get the winning number in a bond ' etc. printed words.2, image recognition.Some fishing website is counterfeit brand official website, and the page looks the same with official website.Such as counterfeit airline and Taobao.3, domain-name information.The domain name registration time that fishing website uses is general relatively newer, and usually uses free second level domain.Above several method can integrate identification fishing website, finally forms blacklist.Except blacklist, in order to not report by mistake, also have a white list mechanism, visit capacity is large, and the website once reported by mistake adds white list.
Existing antivirus software all carries out in service end the identification of fishing website: when a client-access website, and antivirus software sends a request to service end simultaneously, and whether inquire about this website is fishing website.If fishing website, tackle exactly, if not just letting pass.Such technical scheme has two obvious shortcomings: one is the new fishing website service end not record produced, and the result of client query is all unknown; Two be when service end to be beset by technical hitches etc. cause query time longer time, also may occur failing to report.For interception fishing website, first shortcoming is difficult to avoid, because the cost of manufacture of fishing website is very low, often adopt free second level domain, just discard original domain name after cheating several user, the domain name of just going application one new again after the contents such as amendment title, continues to swindle.
One of problem in the urgent need to address of the present invention is, a kind of method and the device that judge fishing website are proposed, in order to can not determine that when server the website of client-access is no for fishing website, or during service end fault, the fishing website of up-to-date generation can be intercepted in the client very first time, tackle most fishing website, to ensure network security.
Summary of the invention
In view of the above problems, the present invention is proposed to provide a kind of overcoming the problems referred to above or a kind of fishing website determination methods solved the problem at least in part and corresponding fishing website judgment means.
According to one aspect of the present invention, provide a kind of fishing website determination methods, comprising:
Server judges whether the targeted website of client-access is grey website, and described grey website is the website not in default blacklist and white list;
Client obtains the browsing information of described grey website in local client, and it is pre-conditioned to judge whether described browsing information meets;
If so, be then judged to be non-fishing website and allow the described grey website of access;
If not, then client obtains the domain name characteristic information of described grey website, when domain name characteristic information meets presetting rule, is then judged to be fishing website and grey website described in denied access.
Alternatively, described server comprises the blacklist storing known fishing website and the white list storing known non-fishing website, and described server judges that whether the targeted website of client-access is that the step of grey website comprises:
Client-access targeted website, and send to server the request whether described targeted website of inquiry is fishing website;
Server receives described request, checks described targeted website whether in blacklist or white list, if targeted website neither at blacklist also not in white list, then judge that targeted website is as grey website.
Alternatively, described browsing information comprises pageview and browsing time, describedly judges whether browsing information meets pre-conditioned step and be:
Judge that whether described pageview is higher than predetermined threshold value, and the described browsing time is whether in the time range preset.
Alternatively, the domain name characteristic information of described grey website comprises IP address, domain name and website name, and described client obtains the domain name characteristic information of described grey website, when domain name characteristic information meets presetting rule, is then judged to be that the step of fishing website is:
When the IP address of described grey website is external IP, and described grey website have employed preset suspicious domain name, and, when the website name of grey website comprises preset responsive vocabulary, be judged to be fishing website.
Alternatively, described method also comprises:
The IP address meeting grey website when the domain name characteristic information of described grey website is external IP, or grey website have employed preset suspicious domain name, or the website name of grey website is when comprising in preset responsive vocabulary any two, then generate the information that targeted website is doubtful fishing website.
Alternatively, described method also comprises:
Client is allowed or grey website described in denied access, or generation targeted website is the result generation daily record of the information of doubtful fishing website and returns to server.
Alternatively, described server is enterprise intranet control server, and described client is corporate intranet client.
According to a further aspect in the invention, provide a kind of fishing website judgment means, comprising:
Be positioned at the grey website judge module of server, for judging whether the targeted website of client-access is grey website, and described grey website is the website not in default blacklist and white list;
Be positioned at the fishing website judge module of client, for obtaining the browsing information of described grey website in local client, and it is pre-conditioned to judge whether described browsing information meets;
Be positioned at the first determination module of client, for being judged to be non-fishing website and allowing the described grey website of access;
Being positioned at the second determination module of client, for obtaining the domain name characteristic information of described grey website, when domain name characteristic information meets presetting rule, being then judged to be fishing website and grey website described in denied access.
Alternatively, described server comprises the blacklist storing known fishing website and the white list storing known non-fishing website, and described grey website judge module comprises:
Be positioned at the access submodule of client, for access destination website, and send to server the request whether described targeted website of inquiry is fishing website;
Being positioned at the judgement submodule of server, for receiving described request, checking described targeted website whether in blacklist or white list, if targeted website neither at blacklist also not in white list, then judge that targeted website is as grey website.
Alternatively, described fishing website judge module is:
Browsing information judge module, for judging that whether described pageview is higher than predetermined threshold value, and whether the described browsing time is in the time range preset.
Alternatively, the domain name characteristic information of described grey website comprises IP address, domain name and website name, and described second determination module is:
Domain name characteristic information judge module be external IP for the IP address when described grey website, and described grey website have employed preset suspicious domain name, and, when the website name of grey website comprises preset responsive vocabulary, be judged to be fishing website.
Alternatively, described device also comprises:
Doubtful fishing website information module, the IP address that domain name characteristic information for working as described grey website meets grey website is external IP, or grey website have employed preset suspicious domain name, or the website name of grey website is when comprising in preset responsive vocabulary any two, then generate the information that targeted website is doubtful fishing website.
Alternatively, described device also comprises:
Result returns module, and for client being allowed or grey website described in denied access, or generation targeted website is the result generation daily record of the information of doubtful fishing website and returns to server.
A kind ofly judge that the method for fishing website and device can determine whether fishing website by client according to of the present invention, solve when server can not determine that the website of client-access is no for fishing website thus, or during service end fault, achieve and can intercept the fishing website of up-to-date generation in the client very first time, tackle most fishing website, ensure the beneficial effect of network security.
Above-mentioned explanation is only the general introduction of technical solution of the present invention, in order to technological means of the present invention can be better understood, and can be implemented according to the content of specification, and can become apparent, below especially exemplified by the specific embodiment of the present invention to allow above and other objects of the present invention, feature and advantage.
Accompanying drawing explanation
By reading hereafter detailed description of the preferred embodiment, various other advantage and benefit will become cheer and bright for those of ordinary skill in the art.Accompanying drawing only for illustrating the object of preferred implementation, and does not think limitation of the present invention.And in whole accompanying drawing, represent identical parts by identical reference symbol.In the accompanying drawings:
Fig. 1 shows the flow chart of steps of fishing website determination methods embodiment according to an embodiment of the invention;
Fig. 2 shows the structured flowchart of fishing website judgment means embodiment according to an embodiment of the invention.
Embodiment
Below with reference to accompanying drawings exemplary embodiment of the present disclosure is described in more detail.Although show exemplary embodiment of the present disclosure in accompanying drawing, however should be appreciated that can realize the disclosure in a variety of manners and not should limit by the embodiment set forth here.On the contrary, provide these embodiments to be in order to more thoroughly the disclosure can be understood, and complete for the scope of the present disclosure can be conveyed to those skilled in the art.
One of core idea of the embodiment of the present invention is, when server can not determine that the website of client-access is no for fishing website, or during service end fault, contrast with the browsing information in local client according to the browsing information of user and the domain name characteristic information of website, whether the grey website of comprehensive descision is fishing website.
With reference to Fig. 1, show the flow chart of steps of fishing website determination methods embodiment according to an embodiment of the invention, specifically can comprise the following steps:
Step 101, server judges whether the targeted website of client-access is grey website, and described grey website is the website not in default blacklist and white list;
In specific implementation, can arrange the blacklist storing known fishing website and the white list storing known non-fishing website in the server, in one preferred embodiment of the invention, described step 101 specifically can comprise following sub-step:
Sub-step S 11, client-access targeted website, and send to server the request whether described targeted website of inquiry is fishing website;
Sub-step S12, server receives described request, checks described targeted website whether in blacklist or white list, if targeted website neither at blacklist also not in white list, then judge that targeted website is as grey website.
In practice, when client-access targeted website, simultaneously can send to service end the request whether described targeted website of inquiry is fishing website, after server receives inquiry request, check whether described targeted website is stored in blacklist or white list, if targeted website neither at blacklist also not in white list, then judge that targeted website is as grey website.Service end will be judged to be that the result of grey website is back to client, then the heuristic judgement of client terminal start-up.
Step 102, client obtains the browsing information of described grey website in local client, and it is pre-conditioned to judge whether described browsing information meets;
As a kind of example of embodiment of the present invention embody rule, described browsing information can comprise pageview and browsing time, and described step 102 can comprise the steps:
Judge that whether described pageview is higher than predetermined threshold value, and the described browsing time is whether in the time range preset.
In specific implementation, can at the main API of client configuration two, one is the API imported into by the URL of targeted website, can pass through browser or fail-safe software, when user accesses unknown object website, call this API; Second is the API inquired about, and whether can import targeted website into inquire about is fishing website.When the heuristic judgement of client terminal start-up, call the API imported into by targeted website URL, by the host of grey website, IP, website name, pageview, the browsing time is recorded in data buffer storage, and sorts according to pageview.As a kind of example, the algorithm of sequence can be LRU (Least Recently Used), and the host of the grey website of often access recently can be saved.When the website of user's access is grey website, call the API of inquiry, then the pageview data of client to sequence are inquired about, if find that there is record, and pageview is higher than preset threshold value, just judge it is white website, then client allows this website of access.The data of all grey websites all put into data buffer storage, and are sorted by LRU website, can remove for not having accessed website in preset time from data buffer storage.Judge that the preset threshold value of fishing website can adjust according to the statistics of service end, scope is probably more than 10.
Step 103, is if so, then judged to be non-fishing website and allows the described grey website of access;
When the grey website of user's access is judged to be non-fishing website, then client allows the described grey website of access.
Step 104, if not, then client obtains the domain name characteristic information of described grey website, when domain name characteristic information meets presetting rule, is then judged to be fishing website and grey website described in denied access.
In one preferred embodiment of the invention, the domain name characteristic information of described grey website comprises IP address, domain name and website name, and described step 104 can be following steps:
When the IP address of described grey website is external IP, and described grey website have employed preset suspicious domain name, and, when the website name of grey website comprises preset responsive vocabulary, be judged to be fishing website.
In specific implementation, when user accesses grey website, client is inquired about the pageview sorted in data buffer storage, if find that there is the record of grey website, but pageview is lower than preset threshold value, or there is no the record of grey website, will according to the IP address of grey website be whether external IP, host whether use high-risk second level domain and website name whether to comprise preset sensitive word whether remit comprehensive descision be fishing website.
If the IP address of grey website is external IP, and website have employed preset suspicious domain name (such as tk, co.cc etc., can regularly upgrade from service end), and website name contains preset responsive vocabulary (such as Taobao, telephone expenses, prize drawing, lottery ticket etc., can regularly upgrade from service end), just think that grey website is fishing website.When the grey website of user's access is judged to be fishing website, then grey website described in client denied access.
In one preferred embodiment of the invention, can also comprise the steps:
The IP address meeting grey website when the domain name characteristic information of described grey website is external IP, or grey website have employed preset suspicious domain name, or the website name of grey website is when comprising in preset responsive vocabulary any two, then generate the information that targeted website is doubtful fishing website.
If the IP address of grey website is external IP, or website adopts preset suspicious domain name, or website name contains preset responsive vocabulary, doubtful fishing website is pointed out in the meeting meeting the grey website of above two conditions, this way is to reduce wrong report, because in practice, because some little websites can use free second level domain to build service, this three rules all may be hit.
In specific implementation, client can be allowed or grey website described in denied access, or generation targeted website is the result generation daily record of the information of doubtful fishing website and returns to server.Client is tackled for fishing website, just allows to continue access if not fishing website.Client allows or grey website described in denied access, or to generate targeted website be that the result of the information of doubtful fishing website can generate daily record and return to server.If wherein have wrong report, white list can be added from service end.
In one preferred embodiment of the invention, described server can be enterprise intranet control server, and described client can be corporate intranet client.As a kind of example of embody rule, the embodiment of the present invention can be applied in the fishing website identification of corporate intranet, to strengthen the fail safe of enterprise network.Specifically, in the application of corporate intranet, the embodiment of the present invention can comprise the steps:
Step S1, enterprise intranet control server judges whether the targeted website of corporate intranet client-access is grey website, and described grey website is the website not in default blacklist and white list;
Step S2, corporate intranet client obtains the browsing information of described grey website in local manufacturing enterprises Intranet client client, and it is pre-conditioned to judge whether described browsing information meets;
Step S3, is if so, then judged to be non-fishing website;
Step S4, if not, then corporate intranet client obtains the domain name characteristic information of described grey website, when domain name characteristic information meets presetting rule, is then judged to be fishing website.
For above-mentioned example, due to the embodiment of the method basic simlarity of its Fig. 1, therefore not detailed part in the description of this example, see the related description in embodiment of the method, just can not repeat at this.
It should be noted that, for embodiment of the method, in order to simple description, therefore it is all expressed as a series of combination of actions, but those skilled in the art should know, the present invention is not by the restriction of described sequence of movement, because according to the present invention, some step can adopt other orders or carry out simultaneously.Secondly, those skilled in the art also should know, the embodiment described in specification all belongs to preferred embodiment, and involved action and module might not be that the present invention is necessary.
With reference to Fig. 2, show the structured flowchart of fishing website judgment means embodiment according to an embodiment of the invention, specifically can comprise with lower module:
Be positioned at the grey website judge module 201 of client, for judging whether the targeted website of client-access is grey website, and described grey website is the website not in default blacklist and white list;
In one preferred embodiment of the invention, described server comprises the blacklist storing known fishing website and the white list storing known non-fishing website, and described grey website judge module 201 can comprise following submodule:
Be positioned at the access submodule of client, for access destination website, and send to server the request whether described targeted website of inquiry is fishing website;
Being positioned at the judgement submodule of server, for receiving described request, checking described targeted website whether in blacklist or white list, if targeted website neither at blacklist also not in white list, then judge that targeted website is as grey website.
Be positioned at the fishing website judge module 202 of client, for obtaining the browsing information of described grey website in local client, and it is pre-conditioned to judge whether described browsing information meets;
In one preferred embodiment of the invention, described fishing website judge module 202 can be:
Browsing information judge module, for judging that whether described pageview is higher than predetermined threshold value, and whether the described browsing time is in the time range preset.
Be positioned at the first determination module 203 of client, for being judged to be non-fishing website and allowing the described grey website of access;
Being positioned at the second determination module 204 of client, for obtaining the domain name characteristic information of described grey website, when domain name characteristic information meets presetting rule, being then judged to be fishing website and grey website described in denied access.
In one preferred embodiment of the invention, the domain name characteristic information of described grey website comprises IP address, domain name and website name, and described second determination module 204 can be:
Domain name characteristic information judge module is external IP for the IP address when described grey website, and, described grey website have employed preset suspicious domain name, and, when the website name of grey website comprises preset responsive vocabulary, be judged to be fishing website and grey website described in denied access.
In one preferred embodiment of the invention, described device also comprises:
Doubtful fishing website information module, the IP address that domain name characteristic information for working as described grey website meets grey website is external IP, or grey website have employed preset suspicious domain name, or the website name of grey website is when comprising in preset responsive vocabulary any two, then generate the information that targeted website is doubtful fishing website.
Result returns module, and for client being allowed or grey website described in denied access, or generation targeted website is the result generation daily record of the information of doubtful fishing website and returns to server.
For the device embodiment of Fig. 2, due to the embodiment of the method basic simlarity of itself and Fig. 1, thus describe fairly simple, relevant part illustrates see the part of embodiment of the method.
In one preferred embodiment of the invention, described server can be enterprise intranet control server, and described client can be corporate intranet client.As a kind of example of embody rule, the embodiment of the present invention also can be applied in the fishing website identification of corporate intranet, to strengthen the fail safe of enterprise network.Specifically, in the applied environment of corporate intranet, the embodiment of the present invention can comprise as lower module:
Be positioned at the grey website judge module of enterprise intranet control server, for judging whether the targeted website of corporate intranet client-access is grey website, and described grey website is the website not in default blacklist and white list;
Be positioned at the fishing website judge module of corporate intranet client, for obtaining the browsing information of described grey website in local manufacturing enterprises Intranet client, and it is pre-conditioned to judge whether described browsing information meets;
Be positioned at the first determination module of corporate intranet client, for being judged to be non-fishing website and allowing the described grey website of access;
Being positioned at the second determination module of corporate intranet client, for obtaining the domain name characteristic information of described grey website, when domain name characteristic information meets presetting rule, being then judged to be fishing website and grey website described in denied access.
For above-mentioned example, wherein describe not detailed part, see the related description in embodiment of the method, just can not repeat at this.
Intrinsic not relevant to any certain computer, virtual system or miscellaneous equipment with display at this algorithm provided.Various general-purpose system also can with use based on together with this teaching.According to description above, the structure constructed required by this type systematic is apparent.In addition, the present invention is not also for any certain programmed language.It should be understood that and various programming language can be utilized to realize content of the present invention described here, and the description done language-specific is above to disclose preferred forms of the present invention.
In specification provided herein, describe a large amount of detail.But can understand, embodiments of the invention can be put into practice when not having these details.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, be to be understood that, in order to simplify the disclosure and to help to understand in each inventive aspect one or more, in the description above to exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or the description to it sometimes.But, the method for the disclosure should be construed to the following intention of reflection: namely the present invention for required protection requires feature more more than the feature clearly recorded in each claim.Or rather, as claims below reflect, all features of disclosed single embodiment before inventive aspect is to be less than.Therefore, the claims following embodiment are incorporated to this embodiment thus clearly, and wherein each claim itself is as independent embodiment of the present invention.
Those skilled in the art are appreciated that and adaptively can change the module in the equipment in embodiment and they are arranged in one or more equipment different from this embodiment.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and multiple submodule or subelement or sub-component can be put them in addition.Except at least some in such feature and/or process or unit be mutually repel except, any combination can be adopted to combine all processes of all features disclosed in this specification (comprising adjoint claim, summary and accompanying drawing) and so disclosed any method or equipment or unit.Unless expressly stated otherwise, each feature disclosed in this specification (comprising adjoint claim, summary and accompanying drawing) can by providing identical, alternative features that is equivalent or similar object replaces.
In addition, those skilled in the art can understand, although embodiments more described herein to comprise in other embodiment some included feature instead of further feature, the combination of the feature of different embodiment means and to be within scope of the present invention and to form different embodiments.Such as, in the following claims, the one of any of embodiment required for protection can use with arbitrary compound mode.
All parts embodiment of the present invention with hardware implementing, or can realize with the software module run on one or more processor, or realizes with their combination.It will be understood by those of skill in the art that the some or all functions that microprocessor or digital signal processor (DSP) can be used in practice to realize according to the some or all parts in the fishing website judgment means of the embodiment of the present invention.The present invention can also be embodied as part or all equipment for performing method as described herein or device program (such as, computer program and computer program).Realizing program of the present invention and can store on a computer-readable medium like this, or the form of one or more signal can be had.Such signal can be downloaded from internet website and obtain, or provides on carrier signal, or provides with any other form.
The present invention will be described instead of limit the invention to it should be noted above-described embodiment, and those skilled in the art can design alternative embodiment when not departing from the scope of claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and does not arrange element in the claims or step.Word "a" or "an" before being positioned at element is not got rid of and be there is multiple such element.The present invention can by means of including the hardware of some different elements and realizing by means of the computer of suitably programming.In the unit claim listing some devices, several in these devices can be carry out imbody by same hardware branch.Word first, second and third-class use do not represent any order.Can be title by these word explanations.
Claims (11)
1. a fishing website determination methods, comprising:
Server judges whether the targeted website of client-access is grey website, and described grey website is the website not in default blacklist and white list; Server will be judged to be that the result of grey website is back to client;
Client obtains the browsing information of described grey website in local client, and it is pre-conditioned to judge whether described browsing information meets; Wherein, described browsing information comprises pageview and browsing time;
If so, be then judged to be non-fishing website and allow the described grey website of access;
If not, then client obtains the domain name characteristic information of described grey website, when domain name characteristic information meets presetting rule, is then judged to be fishing website and grey website described in denied access;
Describedly judge whether browsing information meets pre-conditioned step and be:
Judge that whether described pageview is higher than predetermined threshold value, and the described browsing time is whether in the time range preset.
2. the method for claim 1, described server comprises the blacklist storing known fishing website and the white list storing known non-fishing website, and described server judges that whether the targeted website of client-access is that the step of grey website comprises:
Client-access targeted website, and send to server the request whether described targeted website of inquiry is fishing website;
Server receives described request, checks described targeted website whether in blacklist or white list, if targeted website neither at blacklist also not in white list, then judge that targeted website is as grey website.
3. the method for claim 1, the domain name characteristic information of described grey website comprises IP address, domain name and website name, and described client obtains the domain name characteristic information of described grey website, when domain name characteristic information meets presetting rule, be then judged to be that the step of fishing website is:
When the IP address of described grey website is external IP, and described grey website have employed preset suspicious domain name, and, when the website name of grey website comprises preset responsive vocabulary, be judged to be fishing website.
4. method as claimed in claim 3, also comprises:
The IP address meeting grey website when the domain name characteristic information of described grey website is external IP, or grey website have employed preset suspicious domain name, or the website name of grey website is when comprising in preset responsive vocabulary any two, then generate the information that targeted website is doubtful fishing website.
5. the method according to any one of Claims 1-4, also comprises:
Client is allowed or grey website described in denied access, or generation targeted website is the result generation daily record of the information of doubtful fishing website and returns to server.
6. the method for claim 1, described server is enterprise intranet control server, and described client is corporate intranet client.
7. a fishing website judgment means, comprising:
Be positioned at the grey website judge module of server, for judging whether the targeted website of client-access is grey website, and described grey website is the website not in default blacklist and white list, will be judged to be that the result of grey website is back to client;
Be positioned at the fishing website judge module of client, for obtaining the browsing information of described grey website in local client, and it is pre-conditioned to judge whether described browsing information meets; Wherein, described browsing information comprises pageview and browsing time;
Be positioned at the first determination module of client, for being judged to be non-fishing website and allowing the described grey website of access;
Being positioned at the second determination module of client, for obtaining the domain name characteristic information of described grey website, when domain name characteristic information meets presetting rule, being then judged to be fishing website and grey website described in denied access;
Described fishing website judge module is:
Browsing information judge module, for judging that whether described pageview is higher than predetermined threshold value, and whether the described browsing time is in the time range preset.
8. device as claimed in claim 7, described server comprises the blacklist storing known fishing website and the white list storing known non-fishing website, and described grey website judge module comprises:
Be positioned at the access submodule of client, for access destination website, and send to server the request whether described targeted website of inquiry is fishing website;
The server being positioned at server judges submodule, for receiving described request, checks described targeted website whether in blacklist or white list, if targeted website neither at blacklist also not in white list, then judge that targeted website is as grey website.
9. device as claimed in claim 7, the domain name characteristic information of described grey website comprises IP address, domain name and website name, and described second determination module is:
Domain name characteristic information judge module be external IP for the IP address when described grey website, and described grey website have employed preset suspicious domain name, and, when the website name of grey website comprises preset responsive vocabulary, be judged to be fishing website.
10. device as claimed in claim 9, also comprises:
Doubtful fishing website information module, the IP address that domain name characteristic information for working as described grey website meets grey website is external IP, or grey website have employed preset suspicious domain name, or the website name of grey website is when comprising in preset responsive vocabulary any two, then generate the information that targeted website is doubtful fishing website.
11. devices according to any one of claim 7 to 10, also comprise:
Result returns module, and for client being allowed or grey website described in denied access, or generation targeted website is the result generation daily record of the information of doubtful fishing website and returns to server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210413393.XA CN102957693B (en) | 2012-10-25 | 2012-10-25 | Fishing website determination methods and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210413393.XA CN102957693B (en) | 2012-10-25 | 2012-10-25 | Fishing website determination methods and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102957693A CN102957693A (en) | 2013-03-06 |
| CN102957693B true CN102957693B (en) | 2015-09-30 |
Family
ID=47765918
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210413393.XA Active CN102957693B (en) | 2012-10-25 | 2012-10-25 | Fishing website determination methods and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102957693B (en) |
Families Citing this family (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102957694B (en) * | 2012-10-25 | 2016-08-31 | 北京奇虎科技有限公司 | A kind of method and device judging fishing website |
| CN104052722A (en) * | 2013-03-15 | 2014-09-17 | 腾讯科技(深圳)有限公司 | Web address security detection method, apparatus and system |
| CN103281312B (en) * | 2013-05-10 | 2016-02-17 | 金硕澳门离岸商业服务有限公司 | Information filtering method |
| CN104219200B (en) * | 2013-05-30 | 2017-10-17 | 杭州迪普科技股份有限公司 | A kind of apparatus and method for taking precautions against DNS cache attack |
| CN104283840B (en) * | 2013-07-02 | 2019-02-26 | 深圳市腾讯计算机系统有限公司 | Improve method, client and the system of network-access security |
| CN104219670B (en) * | 2014-09-03 | 2018-06-08 | 珠海市君天电子科技有限公司 | Identify method, client and the system of falseness wifi |
| EP3125147B1 (en) * | 2015-07-27 | 2020-06-03 | Swisscom AG | System and method for identifying a phishing website |
| KR102482114B1 (en) * | 2015-12-31 | 2022-12-29 | 삼성전자주식회사 | Method of performing secured communication, system on chip performing the same and mobile system including the same |
| CN106713266B (en) * | 2016-11-14 | 2020-09-04 | 腾讯科技(深圳)有限公司 | Method, device, terminal and system for preventing information leakage |
| CN107360197B (en) * | 2017-09-08 | 2020-12-25 | 杭州安恒信息技术股份有限公司 | DNS log-based phishing analysis method and device |
| CN107659564B (en) * | 2017-09-15 | 2020-07-31 | 广州唯品会研究院有限公司 | Method for actively detecting phishing website and electronic equipment |
| CN115883220A (en) * | 2022-12-05 | 2023-03-31 | 深圳安巽科技有限公司 | Website security access method, system and storage medium based on router |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102546618A (en) * | 2011-12-29 | 2012-07-04 | 北京神州绿盟信息安全科技股份有限公司 | Method, device, system and website for detecting fishing website |
| CN102638448A (en) * | 2012-02-27 | 2012-08-15 | 珠海市君天电子科技有限公司 | Method for judging phishing websites based on non-content analysis |
| CN102647408A (en) * | 2012-02-27 | 2012-08-22 | 珠海市君天电子科技有限公司 | Method for judging phishing website based on content analysis |
| CN102957694A (en) * | 2012-10-25 | 2013-03-06 | 北京奇虎科技有限公司 | Method and device for judging phishing websites |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101483515B (en) * | 2009-02-26 | 2011-02-02 | 杭州华三通信技术有限公司 | DHCP attack guarding method and customer terminal equipment |
| CN102724186B (en) * | 2012-06-06 | 2015-10-21 | 珠海市君天电子科技有限公司 | Phishing website detection system and detection method |
| CN102710645B (en) * | 2012-06-06 | 2015-10-21 | 珠海市君天电子科技有限公司 | Phishing website detection method and detection system thereof |
-
2012
- 2012-10-25 CN CN201210413393.XA patent/CN102957693B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102546618A (en) * | 2011-12-29 | 2012-07-04 | 北京神州绿盟信息安全科技股份有限公司 | Method, device, system and website for detecting fishing website |
| CN102638448A (en) * | 2012-02-27 | 2012-08-15 | 珠海市君天电子科技有限公司 | Method for judging phishing websites based on non-content analysis |
| CN102647408A (en) * | 2012-02-27 | 2012-08-22 | 珠海市君天电子科技有限公司 | Method for judging phishing website based on content analysis |
| CN102957694A (en) * | 2012-10-25 | 2013-03-06 | 北京奇虎科技有限公司 | Method and device for judging phishing websites |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102957693A (en) | 2013-03-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102957693B (en) | Fishing website determination methods and device | |
| CN102957694B (en) | A kind of method and device judging fishing website | |
| CN103744802B (en) | Method and device for identifying SQL injection attacks | |
| US8438386B2 (en) | System and method for developing a risk profile for an internet service | |
| US8578481B2 (en) | Method and system for determining a probability of entry of a counterfeit domain in a browser | |
| US9723018B2 (en) | System and method of analyzing web content | |
| US8819817B2 (en) | Methods and apparatus for blocking usage tracking | |
| CN101341717B (en) | Method for evaluating and accessing a network address | |
| CN103152354B (en) | To method, system and client device that dangerous website is pointed out | |
| CN102932356B (en) | Malice network address hold-up interception method and device in multi-core browser | |
| US7860971B2 (en) | Anti-spam tool for browser | |
| US20230040895A1 (en) | System and method for developing a risk profile for an internet service | |
| CN103491543A (en) | Method for detecting malicious websites through wireless terminal, and wireless terminal | |
| CN101490685A (en) | A method for increasing the security level of a user machine browsing web pages | |
| US20180131708A1 (en) | Identifying Fraudulent and Malicious Websites, Domain and Sub-domain Names | |
| WO2009094086A2 (en) | A feedback augmented object reputation service | |
| CN103152355A (en) | Method and system for promoting dangerous website and client device | |
| CN103986731A (en) | Method and device for detecting phishing web pages through picture matching | |
| CN105550596A (en) | Access processing method and apparatus | |
| CN102970282A (en) | Website security detection system | |
| CN102938766A (en) | Vicious website prompt method and device | |
| CN105337776B (en) | Method and device for generating website fingerprint and electronic equipment | |
| CN104375935B (en) | The test method and device of SQL injection attack | |
| JP2007156690A (en) | Method for taking countermeasure to fishing fraud, terminal, server and program | |
| CN108183902A (en) | A kind of recognition methods of malicious websites and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20161207 Address after: 100015 Chaoyang District Road, Jiuxianqiao, No. 10, building No. 3, floor 15, floor 17, 1701-26, Patentee after: BEIJING QI'ANXIN SCIENCE & TECHNOLOGY CO., LTD. Address before: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park) Patentee before: Beijing Qihu Technology Co., Ltd. Patentee before: Qizhi Software (Beijing) Co., Ltd. |
|
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Patentee after: Qianxin Technology Group Co., Ltd. Address before: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Patentee before: BEIJING QI'ANXIN SCIENCE & TECHNOLOGY CO., LTD. |