CN102984161A - Identification method and device for reliable website - Google Patents
Identification method and device for reliable website Download PDFInfo
- Publication number
- CN102984161A CN102984161A CN2012105184286A CN201210518428A CN102984161A CN 102984161 A CN102984161 A CN 102984161A CN 2012105184286 A CN2012105184286 A CN 2012105184286A CN 201210518428 A CN201210518428 A CN 201210518428A CN 102984161 A CN102984161 A CN 102984161A
- Authority
- CN
- China
- Prior art keywords
- website
- current site
- download
- credible
- confidence level
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Information Transfer Between Computers (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses an identification method and a device for a reliable website. The identification method for the reliable website comprises the following steps: extracting a download log of a current website within a set time period and statistically calculating the number of samples and users of the current website for download link of download operation performed within the set time period according to a user identification and a download file identification in the download log; obtaining the reliability of the current website according to the number of the samples and the users of the current website and identifying whether the current website is an official website according to the reliability of the current website and the number of the samples. The identification method and the device for the reliable website have the beneficial effect that the official website with higher reliability can be identified to provide the reliable download website for the users with the download demands, so that the risk that the users download to a malicious sample is reduced, and the network security assurance of the users is improved.
Description
Technical field
The present invention relates to network field, relate in particular to a kind of recognition methods and device of credible website.
Background technology
The Internet era most software all by the Internet redistribution, wherein, download website, forum, official website's download link are the important channel of software issue.At present, most of download website, forum all allow the user freely to submit content to.For example, a lot of download websites, forum all provide transmitting assembly, and common website user just can think oneself the software upload issued by these transmitting assemblies, downloads for other users.And the lawless person can utilize this point just, the malice such as transmitted virus, wooden horse, forced bonding plug-in unit sample.This has brought huge network security hidden danger on the one hand, is had the user of download demand to cause very large security risk again on the other hand.
And the software reliability of official website's issue is very high.Therefore, for the user's that ensures the download demand network security, need to identify the download link of the website that all confidence levels are higher in the Internet, download for user security.
Summary of the invention
In view of the above problems, having proposed the present invention overcomes the problems referred to above or solves at least in part or slow down the recognition methods of credible website of the problems referred to above and the recognition device of corresponding credible website in order to provide a kind of.
According to an aspect of the present invention, provide a kind of recognition methods of credible website, having comprised:
Extract the download log of current site in a setting-up time section, according to the user ID in the described download log and download file sign, count current site was carried out the download link of down operation in described setting-up time section sample size and number of users;
The confidence level of obtaining current site according to described sample size and the number of users of current site, and whether identify described current site according to the confidence level of current site and sample size be official website.
According to another aspect of the present invention, provide a kind of recognition device of credible website, having comprised:
Extraction module is used for extracting the download log of current site in a setting-up time section;
Statistical module is used for user ID and download file sign according to the described download log of described extraction module extraction, counts current site was carried out the download link of down operation in described setting-up time section sample size and number of users;
Acquisition module is for the described sample size of the current site that goes out according to described statistical module counts and the confidence level that number of users obtains current site;
Identification module, whether being used for the confidence level of the current site obtained according to described acquisition module and sample size that described statistical module counts goes out, to identify described current site be official website.
Owing to have some compressed packages in the link of download site, might comprise some malicious scripts etc., or the file that is utilized by rogue program etc., and recognition methods and device by credible website of the present invention, can identify the higher official website of confidence level, on the one hand, improve server and collect the efficient of correct credible website, avoid server to download to the file that some are utilized by Malware, provide reliable download site for the user that the download demand is arranged on the one hand in addition, download to the maliciously risk of sample thereby reduced the user, improved user's network security guarantee.
Above-mentioned explanation only is the general introduction of technical solution of the present invention, for can clearer understanding technological means of the present invention, and can be implemented according to the content of specification, and for above and other objects of the present invention, feature and advantage can be become apparent, below especially exemplified by the specific embodiment of the present invention.
Description of drawings
By reading hereinafter detailed description of the preferred embodiment, various other advantage and benefits will become cheer and bright for those of ordinary skills.Accompanying drawing only is used for the purpose of preferred implementation is shown, and does not think limitation of the present invention.And in whole accompanying drawing, represent identical parts with identical reference symbol.In the accompanying drawings:
Fig. 1 has schematically shown the according to an embodiment of the invention recognition methods flow chart of credible website;
Fig. 2 has schematically shown according to an embodiment of the invention another flow chart of the recognition methods of credible website;
Fig. 3 schematically shows except upgrading the schematic flow sheet that sample threshold is carried out the confidence level judgement in the recognition methods of the credible website of another embodiment according to the present invention.
Fig. 4 has schematically shown the according to an embodiment of the invention block diagram of the recognition device of credible website;
Fig. 5 has schematically shown the according to an embodiment of the invention another block diagram of the recognition device of credible website;
Fig. 6 has schematically shown the according to an embodiment of the invention block diagram of the gathering system of credible website.
Embodiment
The invention will be further described below in conjunction with accompanying drawing and concrete execution mode.
The embodiment of the invention can be applied to computer system/server, and it can be with numerous other universal or special computingasystem environment or configuration operation.The example that is suitable for well-known computing system, environment and/or the configuration used with computer system/server includes but not limited to: personal computer system, server computer system, thin client, thick client computer, hand-held or laptop devices, the system based on microprocessor, set-top box, programmable consumer electronics, NetPC Network PC, Xiao type Ji calculate machine Xi Tong ﹑ large computer system and comprise the distributed cloud computing technology environment of above-mentioned any system, etc.
Computer system/server can be described under the general linguistic context of the computer system executable instruction (such as program module) of being carried out by computer system.Usually, program module can comprise routine, program, target program, assembly, logic, data structure etc., and they are carried out specific task or realize specific abstract data type.Computer system/server can be implemented in distributed cloud computing environment, and in the distributed cloud computing environment, task is by carrying out by the teleprocessing equipment of communication network link.In distributed cloud computing environment, program module can be positioned on the Local or Remote computing system storage medium that comprises memory device.
All can produce a large amount of new files every day on the Internet, and wherein major part is new software and upgrade patch bag, and the software that these are new and upgrade patch bag can be collected the file in the white list database of server end.Include in time that these are new software and upgrade patch bag and to enter in the white list database, at first to check the publication channel of these softwares, usually can determine publication channel by the official website of checking these softwares, then these official websites be monitored.
The white list database of server end can also be collected renewal to the white list of legal procedure, specifically can be realized by following mode.
The first mode: by the technical staff periodically by craft, utilize spider or web crawlers and/or user to upload legal procedure is collected; By manual or automatically screen performance of program and or the program behavior and being kept in the described white list of described legal procedure by instrument.
The second mode: according to the legal procedure feature in the existing known white list and corresponding program behavior thereof, unknown program feature and program behavior are analyzed, to upgrade white list.
The system of the credible website of identification of the embodiment of the invention, can be by obtaining the download log of download file, and download log is analyzed, current site extracted in the download log, from current site, confirm official website, take the website and filter out plug-in in the official website and/or private at last.Analyze by the download log to software, can get access to more accurately Download Info.
Fig. 1 has schematically shown the according to an embodiment of the invention recognition methods flow chart of credible website.As shown in Figure 1, in the present embodiment, the identification process of credible website can comprise the steps:
Step S11 extracts the download log of current site in a setting-up time section;
When certain client device in the Internet when certain download site is downloaded some software, can gather the download behavior of client device, and the download behavior of client device is recited as the download log of software.Can record the Download Info of some softwares in this download log, such as the download path of software, the site information that software is downloaded etc. by these Download Infos, can get access to the concrete condition that software is downloaded.
For example, there is the site information of two softwares to be respectively http://www.badiu.com/xxxx and http://www.baidu.com/yyyy in the download log, can from the site information that these two softwares are downloaded, extracts candidate website logo information and be www.baidu.com.Certainly, can also extract by other means website logo information, the present invention is not limited this.Wherein, current site can be download website website or forum website etc.
Generally comprise following information in the download log: the signature of the software that client device is downloaded, client device are downloaded the path of software, the site information of software download and the software document name of download.Certainly, can also comprise some other information in the described download log, such as download time of software etc., the embodiment of the invention to this not in addition restriction ratio as, can also comprise the cryptographic Hash (hash value) of user id, download file, the parent page of download file, the URL(UniformResource Locator of user's download file current page in the download log, URL(uniform resource locator)) etc.The cryptographic Hash of download file is used for the unique identification download file.Cryptographic Hash also can be called the md5 value, if download file is compressed package files, also will comprise the md5 value of the file in the compressed package in the download log.
Step S12 according to the user ID in the download log of step S11 extraction and download file sign, counts current site was carried out the download link of down operation in described setting-up time section sample size and number of users;
Step S13 adds up the sample size of the current site that obtains and the confidence level that number of users obtains current site according to step S12;
In general, fewer from the kind of official website's download file in a setting-up time section, because the renewal speed of the download file that provides in the official website is slower, and version compares less.If each file that same person is downloaded from a website relatively at random, and a lot of clients have all been downloaded same file from this website in the setting-up time section, can judge that then this document is relatively believable, be official website and the website of this document is provided.
Have as can be known above-mentionedly, supposing has m user to download n kind sample from a certain website in a period of time, if the n value is smaller, m is larger, and the n value is just more credible.Based on this, a kind of mode of obtaining the confidence level of current site can be: the confidence level of current site and sample size (obtaining by step S 12) are inversely proportional to, and are directly proportional with number of users (obtaining by step S 12).
In embodiments of the present invention, can calculate confidence level by following formula (1):
W=m/n formula (1)
In the above-mentioned formula (1), W is the confidence level of current site, and m is the number of users that carried out the download link of down operation in the setting-up time section, and n is the sample size that carried out the download link of down operation in the setting-up time section.
Step S14, whether the sample size identification current site of the current site that the confidence level of the current site of obtaining according to step S13 and step S12 statistics obtain is official website.
Suppose to calculate confidence level with above-mentioned formula (1), if the n value less than default sample number threshold value, and W value can judge then that greater than the confidence level threshold value of presetting current site is official website.
Wherein, sample number threshold value and confidence level threshold value can rule of thumb be obtained.Such as, sampling given figure threshold value 〉=6 situation under, the confidence level threshold value 〉=the 85%(accuracy is arranged in 1.5 the download link) all be the official website download link, account for the 75%(recall ratio of whole official website download website).Turn down the sample number threshold value, will reduce accuracy, promote recall ratio; Otherwise, heighten the sample number threshold value, can improve accuracy, reduce recall ratio.Heighten the confidence level threshold value, can promote accuracy, reduce recall ratio.
In other embodiments of the invention, if when judging current site as official website, can also further grasp download link by this official website by step S 14.And, can also further the download link that grasps be saved in the white list.Grasping manipulation can be finished by diverse network reptile business and/or website monitoring business.
May comprise also that plug-in website, private take the third party websites such as website in the official website that can identify by step S14.Consider that plug-in website sample, private take the particularity of website sample, need external linked network station, private to take the website and process separately.Therefore, alternatively, after step S14, can also be further from the official website that identifies, get rid of plug-in website, private takes the website, need to determine credible website.If when judging current site as credible website, can also be further by this credible website crawl download link.And, can also further the download link that grasps be saved in the white list.
Plug-in website and the private removal that takes the website can utilize Bayes classifier to finish.In the embodiment of the invention, utilize Bayes's text classifier that the Word message in the webpage is done characteristic statistics, calculate the probability that given webpage belongs to plug-in official website, if this probable value thinks then that greater than the probability threshold value of setting it is plug-in official website.
Except needs are removed plug-in website, can also remove private take the website concrete grammar can be as follows:
At first, obtain the private reference sample that takes the website, utilize Bayes's text classifier that the web page contents that private takes website reference sample reference sample is carried out the text participle, thereby and take categories of websites in private respectively and add up the word frequency of the phrase of getting and obtain two reference vectors:
V-SOFT={word1_count,word2_count,…,wordn_count}
Secondly, obtain a webpage to be sorted, the content of this webpage to be sorted carried out the text participle, obtain vector:
V-UNKNOWN={word1_count,word2_count,…,wordn_count}
Afterwards, calculate respectively the distance to V-SOFT by V-UNKNOWN, compare with respective threshold according to the above-mentioned distance that obtains, above-mentioned distance is during less than corresponding threshold value, illustrate that then webpage to be sorted takes the classification of website the closer to private, whether private takes the website thereby can differentiate, and is classified in this website to be sorted in this way, certainly the manner private that is not limited only to classify takes the website, can also be used for other websites of classification.
At last, take website, plug-in website by rejecting private in the official website.
The recognition methods of the credible website of the embodiment of the invention, can identify the higher official website of confidence level, thereby for the user that the download demand is arranged provides reliable download site, reduced the user and downloaded to the maliciously risk of sample, improved user's network security guarantee.
Fig. 2 has schematically shown according to an embodiment of the invention another flow chart of the recognition methods of credible website.As shown in Figure 2, the recognition methods of credible website can comprise:
Step S21, determine the address of corresponding log store server according to the url of current site; Usually, when the user carries out the resource downloading operation to current site, the a series of data messages that produce, these information are documented on the log store server with the form of daily record, and the description to associative operations such as resources on date, time, user and the download current site is all being put down in writing in the daily record of every delegation.
Step S22, according to the address of described log store server address, extract the download log of current site in a setting-up time;
In order fast and effeciently to assess the credibility of current site, preferably, process from log store server intercepting part download log, when intercepting, can carry out the division of time period take time point as foundation, extracting in the section sometime is download log in the setting-up time section, in order to analyze fast and effectively.The length of this setting-up time section is not done and is particularly limited, and can arrange according to data operation efficient and the credible reliability of judging.
Step S23, from the download log of extracting, obtain user ID and download file sign;
Because in the download log, mostly all comprising the resource that is downloaded on the user ID (id) of downloading the current site resource and the current site is download file sign (id), can identify on current site by user ID, download the user of resource in the setting-up time section, and can identify the file of being downloaded by the user on the current site by the download file sign.
Step S24, according to the user ID in the setting-up time section of extracting and download file sign, count current site was carried out the download link of down operation in described setting-up time section sample size and number of users;
As previously mentioned, owing to just extracted the download log of setting-up time section content in the present embodiment, therefore, when statistical analysis, correspondingly, only in the setting-up time section, the user ID in the download log and download file sign are carried out, can add up by the registered user name of login and download current site resource, also can add up according to the IP address of anonymous access current site and downloaded resources.
Step S25, be inversely proportional to according to confidence level and the sample size of current site, be directly proportional with number of users, obtain the confidence level of current site;
In embodiments of the present invention, can calculate confidence level by following formula (1):
W=m/n formula (1)
In the above-mentioned formula (1), W is the confidence level of current site, and m is the number of users that carried out the download link of down operation in the setting-up time section, and n is the sample size that carried out the download link of down operation in the setting-up time section.
Intelligible, the embodiment of the invention also can adopt other similar nonlinear confidence level computational methods, obtains the confidence level of current site, does not repeat them here.
Step S26, judge whether confidence level is not less than the confidence level threshold value of setting, if it is execution in step S27; Otherwise, execution in step 29;
Whether step S27, judgement sample quantity are not less than the sample threshold of setting, and if so, then execution in step 30; Otherwise, execution in step 29.
Step 29, judge that current site is unofficial website;
Step 30, judge that current site is official website.
After step S30, can remove and obtain credible website after private in the official website takes the third party websites such as website, plug-in website, and after collecting credible website, can be periodically by craft, utilize spider or web crawlers and/or user to upload the file of credible website is collected; Follow-up by manual or automatically screen performance of program and or the program behavior and be kept at the white list database of the relevant program of file by instrument.
Can further according to the legal procedure feature in the existing known white list and corresponding program behavior thereof, unknown program feature and program behavior be analyzed, to upgrade white list.
Fig. 3 schematically shows except upgrading the schematic flow sheet that sample threshold is carried out the confidence level judgement in the recognition methods of the credible website of another embodiment according to the present invention.As shown in Figure 3, in the present embodiment, from above-mentioned embodiment illustrated in fig. 2ly different be, in order to improve the accuracy rate of credible judgement, prevent that situation about misjudging from occurring, process for the confidence level of the setting-up time section of different durations, meanwhile upgrade sample threshold, it can comprise the steps:
Step S31, in the current setting-up time section, be inversely proportional to according to confidence level and the sample size of current site, be directly proportional with number of users, obtain the confidence level of current setting-up time section content current site;
In embodiments of the present invention, can calculate confidence level by following formula (1):
W=m/n formula (1)
In the above-mentioned formula (1), W is the confidence level of current site, and m is the number of users that carried out the download link of down operation in the setting-up time section, and n is the sample size that carried out the download link of down operation in the setting-up time section.
Intelligible, the embodiment of the invention also can adopt other similar nonlinear confidence level computational methods, obtains the confidence level of current site, does not repeat them here.
Step S32, judge whether the confidence level for corresponding in the current setting-up time section is not less than the confidence level threshold value of setting, if it is execution in step S33; Otherwise, execution in step S34;
Step S33, judge the sample threshold that whether is not less than setting for sample size in the current setting-up time section, if so, execution in step S35 then; Otherwise, execution in step S34.
Step S34, judge that current site is unofficial website;
Step S35, in another setting-up time section, be inversely proportional to according to confidence level and the sample size of current site, be directly proportional with number of users, obtain the confidence level of another setting-up time section content current site, and execution in step S36;
Among the step S35, obtain in another setting-up time section confidence level can referring among above-mentioned Fig. 1 for the computational methods of confidence level in the current slot, do not repeat them here.
Step S36, judge whether the confidence level for corresponding in this another setting-up time section is not less than the confidence level threshold value of setting, if it is execution in step S37; Otherwise, execution in step 34;
Step S37, renewal sample threshold;
Step S38, judge for sample size in this another setting-up time section whether be not less than sample threshold after the renewal, if so, then execution in step 39; Otherwise, execution in step S35.
Step S39, judge that current site is official website.
After step S39, can remove and obtain credible website after private in the official website takes the third party websites such as website, plug-in website, and after collecting credible website, can be periodically by craft, utilize spider or web crawlers and/or user to upload the file of credible website is collected; Follow-up by manual or automatically screen performance of program and or the program behavior and be kept at the white list database of the relevant program of file by instrument.
Can further according to the legal procedure feature in the existing known white list and corresponding program behavior thereof, unknown program feature and program behavior be analyzed, to upgrade white list.
Because this programme can improve the believable probability of source web of the file of collecting, so can improve the efficient of the collection of white list (credible website).
Need to prove that the embodiment with reference to shown in Figure 3 can have in the time of a plurality of settings, and add up respectively the confidence level of a plurality of correspondences, according to the confidence level of these a plurality of correspondences, carry out the credibility of current site and judge that procedure detailed does not repeat them here.
In addition, according to the description among the step S14, turn down the sample number threshold value, will reduce accuracy, promote recall ratio; Otherwise, heighten the sample number threshold value, can improve accuracy, reduce recall ratio.Heighten the confidence level threshold value, can promote accuracy, reduce recall ratio.Therefore, only carry out the judgement of website credibility by upgrading sample threshold in the present embodiment.
Can also carry out the judgement of website credibility by upgrading the confidence level threshold value in another embodiment, not repeat them here.
Fig. 4 has schematically shown the according to an embodiment of the invention block diagram of the recognition device of credible website.As shown in Figure 4, in the present embodiment, the recognition device of credible website can comprise extraction module 41, statistical module 42, acquisition module 43 and identification module 44.Extraction module 41 is used for extracting the download log of current site in a setting-up time section.Statistical module 42 is used for counting current site was carried out the download link of down operation in described setting-up time section sample size and number of users according to the user ID of the described download log of extraction module 41 extractions and download file sign.Acquisition module 43 is for the described sample size of the current site that counts according to statistical module 42 and the confidence level that number of users obtains current site.Whether identification module 44 to identify described current site be official website if being used for the confidence level of the current site obtained according to acquisition module 43 and sample size that statistical module 42 counts.Identification module 44 also is used for obtaining credible website behind the described official website cleaning third party website of identification.
Wherein, identification module 44 can also be used at sample size less than default sample number threshold value, and the confidence level of current site judges that current site is official website during greater than default confidence level threshold value.
In embodiments of the present invention, Fig. 5 has schematically shown the according to an embodiment of the invention another block diagram of the recognition device of credible website.The recognition device of credible website can also comprise handling module 45.Handling module 45 links to each other with identification module 44, is used for when 44 of moulds of identification are judged current site as official website, by described official website crawl download link; Described handling module 45 also is used for when described identification module 44 is judged described current site as credible website, by described credible website crawl download link.Further, the recognition device of credible website can also comprise preservation module 46.Preserve module 46 and link to each other with above-mentioned handling module 45, be used for the download link that handling module 45 grasps is saved in the white list database.
Wherein, the confidence level of current site can be inversely proportional to described sample size, is directly proportional with described number of users.
Wherein, current site can be download website website or forum website etc.
The recognition device of the credible website of the embodiment of the invention, by carrying out the recognition methods of above-mentioned credible website, can identify the higher official website of confidence level, thereby for the user that the download demand is arranged provides reliable download site, reduce the user and downloaded to the maliciously risk of sample, improved user's network security guarantee.
Fig. 6 has schematically shown the according to an embodiment of the invention block diagram of the gathering system of credible website.As shown in Figure 5, in the present embodiment, the gathering system of credible website can comprise: server 51 and authentic specimen database 52.
At server 51, can pass through its CPU or DSP control wired network adapter or wireless network card access current site to extract the download log of current site.
In the present embodiment, the technical description of relevant official website's recognition device and each functional module thereof can referring to above-described embodiment, not repeat them here.
The gathering system of the credible website of the embodiment of the invention, can be by obtaining the download log of download file, and download log analyzed, extract current site in the download log, from current site, confirm official website, at last plug-in in the official website and/or the private third party websites such as website that take are filtered out.Analyze by the download log to software, can get access to more accurately Download Info.
Alleged " embodiment ", " embodiment " or " one or more embodiment " mean herein, and special characteristic, structure or the characteristic described in conjunction with the embodiments comprise at least one embodiment of the present invention.In addition, the word example that note that here " in one embodiment " not necessarily refers to same embodiment entirely.
In the specification that provides herein, a large amount of details have been described.Yet, can understand, embodiments of the invention can be put into practice in the situation of these details not having.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
It should be noted above-described embodiment the present invention will be described rather than limit the invention, and those skilled in the art can design alternative embodiment in the situation of the scope that does not break away from claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and is not listed in element or step in the claim.Being positioned at word " " before the element or " one " does not get rid of and has a plurality of such elements.The present invention can realize by means of the hardware that includes some different elements and by means of the computer of suitably programming.In having enumerated the unit claim of some devices, several in these devices can be to come imbody by same hardware branch.The use of word first, second and C grade does not represent any order.Can be title with these word explanations.
In addition, shall also be noted that the language that uses in this specification mainly selects for purpose readable and instruction, rather than select in order to explain or to limit theme of the present invention.Therefore, in the situation of the scope and spirit that do not depart from appended claims, many modifications and changes all are apparent for those skilled in the art.For scope of the present invention, be illustrative to disclosing of doing of the present invention, and nonrestrictive, scope of the present invention is limited by appended claims.
Claims (12)
1. the recognition methods of a credible website is characterized in that, comprising:
Extract the download log of current site in a setting-up time section, according to the user ID in the described download log and download file sign, count current site was carried out the download link of down operation in described setting-up time section sample size and number of users;
The confidence level of obtaining current site according to described sample size and the number of users of current site, and whether identify described current site according to the confidence level of current site and sample size be official website.
2. the recognition methods of credible website as claimed in claim 1 is characterized in that, also comprises:
If when judging described current site as official website, by described official website crawl download link, the download link that grasps is saved in the white list database.
3. the recognition methods of credible website according to claim 1 is characterized in that, also comprises:
From the described official website of identification, behind the cleaning third party website, obtain credible website.
4. method as claimed in claim 3 is characterized in that, also comprises:
If when judging described current site as credible website, by described credible website crawl download link, the download link that grasps is saved in the white list database.
5. the recognition methods of credible website as claimed in claim 1 is characterized in that, whether be official website, further comprise if identifying described current site according to the confidence level of current site and sample size:
If described sample size is less than default sample number threshold value, and the confidence level of described current site judges then that greater than default confidence level threshold value described current site is official website.
6. the recognition methods of credible website as claimed in claim 1 is characterized in that, the confidence level according to described sample size and the number of users of current site obtains current site further comprises:
The confidence level of described current site and described sample size are inversely proportional to, and are directly proportional with described number of users.
7. the recognition device of a credible website is characterized in that, comprising:
Extraction module is used for extracting the download log of current site in a setting-up time section;
Statistical module is used for user ID and download file sign according to the described download log of described extraction module extraction, counts current site was carried out the download link of down operation in described setting-up time section sample size and number of users;
Acquisition module is for the described sample size of the current site that goes out according to described statistical module counts and the confidence level that number of users obtains current site;
Identification module, whether being used for the confidence level of the current site obtained according to described acquisition module and sample size that described statistical module counts goes out, to identify described current site be official website.
8. the recognition device of credible website as claimed in claim 7 is characterized in that,
Described identification module also is used at described sample size less than default sample number threshold value, and the confidence level of described current site judges that described current site is official website during greater than default confidence level threshold value.
9. the recognition device of credible website as claimed in claim 7 is characterized in that, also comprises:
Handling module links to each other with described identification module, is used for when described identification module is judged described current site as official website, by described official website crawl download link.
10. the recognition device of credible website according to claim 7 is characterized in that,
Described identification module also is used for obtaining credible website behind the described official website cleaning third party website of identification.
11. the recognition device of credible website as claimed in claim 10 is characterized in that,
Described handling module also is used for when described identification module is judged described current site as credible website, by described credible website crawl download link.
12. the recognition device such as claim 9 or 11 described credible websites is characterized in that, also comprises:
Preserve module, link to each other with described handling module, be used for the download link of described handling module crawl is saved in the white list database.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210518428.6A CN102984161B (en) | 2012-12-05 | 2012-12-05 | The recognition methods of a kind of reliable website and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210518428.6A CN102984161B (en) | 2012-12-05 | 2012-12-05 | The recognition methods of a kind of reliable website and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102984161A true CN102984161A (en) | 2013-03-20 |
| CN102984161B CN102984161B (en) | 2016-06-15 |
Family
ID=47857904
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210518428.6A Active CN102984161B (en) | 2012-12-05 | 2012-12-05 | The recognition methods of a kind of reliable website and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102984161B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102984162A (en) * | 2012-12-05 | 2013-03-20 | 北京奇虎科技有限公司 | Identifying method and collecting system for credible websites |
| CN103248707A (en) * | 2013-05-22 | 2013-08-14 | 北京奇虎科技有限公司 | File access method, system and equipment |
| CN104348836A (en) * | 2014-10-31 | 2015-02-11 | 北京奇虎科技有限公司 | Method and client end for loading website information |
| CN105022832A (en) * | 2015-08-07 | 2015-11-04 | 广东欧珀移动通信有限公司 | Method for safely downloading APP (application), mobile terminal and download server |
| CN105897676A (en) * | 2015-12-01 | 2016-08-24 | 乐视网信息技术(北京)股份有限公司 | User resource access behavior processing method and device |
| CN106886534A (en) * | 2015-12-16 | 2017-06-23 | 北京奇虎科技有限公司 | Determine the mode and device of Authoritative Web pages |
| CN107239704A (en) * | 2017-05-24 | 2017-10-10 | 国家计算机网络与信息安全管理中心 | Malicious web pages find method and device |
| CN108038500A (en) * | 2017-12-07 | 2018-05-15 | 东软集团股份有限公司 | Clustering method, device, computer equipment, storage medium and program product |
| CN110321410A (en) * | 2019-06-21 | 2019-10-11 | 东软集团股份有限公司 | Method, apparatus, storage medium and the electronic equipment that log is extracted |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040054898A1 (en) * | 2002-08-28 | 2004-03-18 | International Business Machines Corporation | Authenticating and communicating verifiable authorization between disparate network domains |
| CN101500000A (en) * | 2008-01-30 | 2009-08-05 | 珠海金山软件股份有限公司 | Security evaluation method for Internet website and apparatus thereof |
| CN102333122A (en) * | 2011-09-28 | 2012-01-25 | 奇智软件(北京)有限公司 | Downloaded resource provision method, device and system |
| CN102355469A (en) * | 2011-10-31 | 2012-02-15 | 北龙中网(北京)科技有限责任公司 | Method for displaying credibility certification for website in address bar of browser |
| CN102419808A (en) * | 2011-09-28 | 2012-04-18 | 奇智软件(北京)有限公司 | Method, device and system for detecting safety of download link |
| CN102647408A (en) * | 2012-02-27 | 2012-08-22 | 珠海市君天电子科技有限公司 | Method for judging phishing website based on content analysis |
-
2012
- 2012-12-05 CN CN201210518428.6A patent/CN102984161B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040054898A1 (en) * | 2002-08-28 | 2004-03-18 | International Business Machines Corporation | Authenticating and communicating verifiable authorization between disparate network domains |
| CN101500000A (en) * | 2008-01-30 | 2009-08-05 | 珠海金山软件股份有限公司 | Security evaluation method for Internet website and apparatus thereof |
| CN102333122A (en) * | 2011-09-28 | 2012-01-25 | 奇智软件(北京)有限公司 | Downloaded resource provision method, device and system |
| CN102419808A (en) * | 2011-09-28 | 2012-04-18 | 奇智软件(北京)有限公司 | Method, device and system for detecting safety of download link |
| CN102355469A (en) * | 2011-10-31 | 2012-02-15 | 北龙中网(北京)科技有限责任公司 | Method for displaying credibility certification for website in address bar of browser |
| CN102647408A (en) * | 2012-02-27 | 2012-08-22 | 珠海市君天电子科技有限公司 | Method for judging phishing website based on content analysis |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102984162B (en) * | 2012-12-05 | 2016-05-18 | 北京奇虎科技有限公司 | The recognition methods of credible website and gathering system |
| CN102984162A (en) * | 2012-12-05 | 2013-03-20 | 北京奇虎科技有限公司 | Identifying method and collecting system for credible websites |
| CN103248707A (en) * | 2013-05-22 | 2013-08-14 | 北京奇虎科技有限公司 | File access method, system and equipment |
| CN104348836A (en) * | 2014-10-31 | 2015-02-11 | 北京奇虎科技有限公司 | Method and client end for loading website information |
| CN105022832B (en) * | 2015-08-07 | 2018-11-13 | 广东欧珀移动通信有限公司 | Method, mobile terminal and the download server that APP application securities are downloaded |
| CN105022832A (en) * | 2015-08-07 | 2015-11-04 | 广东欧珀移动通信有限公司 | Method for safely downloading APP (application), mobile terminal and download server |
| CN105897676A (en) * | 2015-12-01 | 2016-08-24 | 乐视网信息技术(北京)股份有限公司 | User resource access behavior processing method and device |
| CN106886534A (en) * | 2015-12-16 | 2017-06-23 | 北京奇虎科技有限公司 | Determine the mode and device of Authoritative Web pages |
| CN107239704A (en) * | 2017-05-24 | 2017-10-10 | 国家计算机网络与信息安全管理中心 | Malicious web pages find method and device |
| CN108038500A (en) * | 2017-12-07 | 2018-05-15 | 东软集团股份有限公司 | Clustering method, device, computer equipment, storage medium and program product |
| CN108038500B (en) * | 2017-12-07 | 2020-07-03 | 东软集团股份有限公司 | Clustering method, apparatus, computer device, storage medium, and program product |
| CN110321410A (en) * | 2019-06-21 | 2019-10-11 | 东软集团股份有限公司 | Method, apparatus, storage medium and the electronic equipment that log is extracted |
| CN110321410B (en) * | 2019-06-21 | 2021-08-06 | 东软集团股份有限公司 | Log extraction method and device, storage medium and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102984161B (en) | 2016-06-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102984161B (en) | The recognition methods of a kind of reliable website and device | |
| US20210258791A1 (en) | Method for http-based access point fingerprint and classification using machine learning | |
| US9954886B2 (en) | Method and apparatus for detecting website security | |
| US9614862B2 (en) | System and method for webpage analysis | |
| CN105138709B (en) | Remote evidence taking system based on physical memory analysis | |
| CN114528457B (en) | Web fingerprint detection method and related equipment | |
| WO2015139507A1 (en) | Method and apparatus for detecting security of a downloaded file | |
| CN109862021B (en) | Method and device for acquiring threat information | |
| EP3101580B1 (en) | Website information extraction device, system, website information extraction method, and website information extraction program | |
| CN111740923A (en) | Method and device for generating application identification rule, electronic equipment and storage medium | |
| CN102984162B (en) | The recognition methods of credible website and gathering system | |
| CN106599075A (en) | Statistical method and device for user behavior data | |
| CN113014549A (en) | HTTP-based malicious traffic classification method and related equipment | |
| CN112565308B (en) | Malicious application detection method, device, equipment and medium based on network traffic | |
| CN113568626A (en) | Dynamic packaging method, application package starting method, device and electronic equipment | |
| CN115033876A (en) | Log processing method, log processing device, computer device and storage medium | |
| EP3722974A1 (en) | Collecting device, collecting method and collecting program | |
| US9584537B2 (en) | System and method for detecting mobile cyber incident | |
| CN116738369A (en) | Traffic data classification method, device, equipment and storage medium | |
| EP3361405B1 (en) | Enhancement of intrusion detection systems | |
| CN106411879B (en) | A kind of acquisition methods and device of software identification feature | |
| CN110413909B (en) | Machine learning-based intelligent identification method for online firmware of large-scale embedded equipment | |
| CN104363256B (en) | A kind of identification and control method, equipment and system of mobile phone viruses | |
| CN114039776A (en) | Method and device for generating flow detection rule, electronic equipment and storage medium | |
| WO2022109240A1 (en) | Classifier generator |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee after: Beijing Qizhi Business Consulting Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220324 Address after: 100016 1773, 15 / F, 17 / F, building 3, No.10, Jiuxianqiao Road, Chaoyang District, Beijing Patentee after: Sanliu0 Digital Security Technology Group Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Beijing Qizhi Business Consulting Co.,Ltd. |
|
| TR01 | Transfer of patent right |