CN103379111A - Intelligent anti-phishing defensive system - Google Patents
Intelligent anti-phishing defensive system Download PDFInfo
- Publication number
- CN103379111A CN103379111A CN2012101297567A CN201210129756A CN103379111A CN 103379111 A CN103379111 A CN 103379111A CN 2012101297567 A CN2012101297567 A CN 2012101297567A CN 201210129756 A CN201210129756 A CN 201210129756A CN 103379111 A CN103379111 A CN 103379111A
- Authority
- CN
- China
- Prior art keywords
- phishing
- website
- user
- intelligent
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention relates to an intelligent anti-phishing defensive system. The intelligent anti-phishing defensive system is particularly composed of a user behavior identification module, a phishing website lightweight intelligent detection engine module and an intelligent phishing-processing module. The user behavior identification module is a user behavior identification algorithm based on Bayes. The phishing website lightweight intelligent detection engine module performs rapid detection through four layers including a URL, interactivity, webpage noise and website Logo identification, and comprises a phishing URL online detection algorithm which integrates characteristics of multiple layers, webpage server submitted form identification and filtration based on a DOM tree, a phishing website detection learning algorithm for the webpage noise and a phishing website detection algorithm based on the website Logo identification. According to a browser BHO object standard, a user is alerted to a detected phishing website through a processing mechanism such as a URL address bar or a status bar or other warning marks; if the user ignores an alerting mechanism, a module used for mixing information input by the user for protection provides intelligent and timely anti-phishing defensive service for the network user.
Description
Technical field:
The present invention relates to a kind of phishing intelligence system of defense, a kind of protecting network user's phishing intelligence system of defense.
Background technology:
Phishing (phishing) is based on a kind of attack means of social engineering.It sends the duplicity information that comes from bank or other well-known mechanisms of claiming by spam, instant messenger, SMS or webpage sham publicity, be intended to lure the user to login and seem extremely real fake site, provide a kind of attack pattern of sensitive information (such as user name, password, account ID, ATM PIN code, credit card).
The phishing defence is the countermeasure techniques of phishing, can be divided into server end defence, user side defence and third party's defence.Server end defence refers to web site server end by other technologies, and such as digital watermark, digital finger-print, dynamic security skin (dynamic security skin), double verification protocol etc. prove the authenticity of website identity to the user.User side defence refers at user browser plug-in unit is installed, and detects prompting user or the input of protection user sensitive information etc. behind the fishing webpage.Third party defence comprises the URL blacklist strobe utility, fail-safe software manufacturer defense mechanism, public's protection mechanism of fishing Spam filtering, Third Party Authentication mechanism, browser provider etc.It is target that server end defends to protect the website identity reality, has increased the counterfeit cost of fisherman, produces from source containment fishing website, belongs to Initiative Defense; Both fishing websites of then occurring take defence are as target afterwards, and defense technique falls behind the counterfeit technology of fishing website, belongs to Passive Defence.Though the phishing defence has obtained considerable progress, the Initiative Defense technology exists allows the client user finally judge the website identity reality, and the Passive Defence technology is not installed the defective that plug-in unit just can't be defendd.
Summary of the invention:
For the problems referred to above, the purpose of this invention is to provide a kind of phishing intelligence system of defense, formed by user behavior identification module, fishing website lightweight Intelligent Measurement engine and phishing intelligent processing module, for the network user provides intelligence, timely phishing defence service.
For achieving the above object, the present invention takes following technical scheme:
1, user behavior identification module;
2, fishing website lightweight Intelligent Measurement engine;
3, phishing intelligent processing module;
The present invention is owing to take above technical scheme, and it has the following advantages:
1, based on
The user behavior recognizer of Bayes;
2, the fishing website based on the webpage noise detects learning algorithm;
3, detect learning algorithm based on website Logo identification fishing website.
Embodiment:
(1) user behavior understanding, study and Study of recognition
User behavior is understood and to be comprised that the user behavior formalization is understood and study, user browsing behavior priori probability density distributed data base build and based on
The user behavior identification of Bayes.Adopt investigation on the net questionnaire, manual research questionnaire, send the mode such as mail test at random, obtain in the URL address browse web sites, the access of input information, clickthrough, the user that downloads is normal and the suspicious behavior type of browsing of electronics Email, QQ, shopping website link, adopt similar " behavior of if URL Input Address then normal browsing " rule that the user is browsed capable formalized description, set up the priori probability density regularity of distribution of user browsing behavior, utilize
Bayes sets up the user behavior recognizer, activates when the user may access fishing website and detects engine.
(2) fishing website lightweight Intelligent Measurement engine research
Monthly statistical information by pertinent literature reading and PhishTank and the upper announcement of APAC shows: the phishing attacks number of times comes and go, but target of attack is concentrated, mainly concentrates on the websites such as payment transaction, financial instrument, instant messaging, broadcasting media.According to APAC2011 bulletin in December, the fishing website total amount that relates to Taobao, Tengxun, industrial and commercial bank, Bank of China accounts for 94.39% of whole report amounts.The famous website knowledge base of model is as the Heuristics that detects engine.Comprise in the knowledge base: domain name, IP address, URL, trade (brand) name, copyright information, Logo describe the information that the factor, WHOIS etc. describe identity.The detailed technology route of fishing website lightweight Intelligent Measurement engine research is as follows:
The online fast filtering Mechanism Study of URL adopts white list fast filtering mechanism, to the white list of user add, detects engine and directly ignores detection; Seminar intends adopting the blacklist mechanism of synchronous PhishTank, APWG, Google Safe Browser API, to fishing URL fast filtering, stops user's access.
For the URL that can't judge, adopt the online detection algorithm of fishing URL that merges multilayer feature.This algorithm intends adopting structure, vocabulary, domain name and four layers of feature of server, sets up the learning classification model based on SVM, calculates as the Fast Classification of fishing website URL.
Fishing website interactivity fast filtering Mechanism Study is because the purpose of fishing website is for obtaining user's input information, therefore whether comprise server input list in the analyzing web page, such as form mark, input mark, login logon form, can effectively determine whether fishing website.For the website that does not have server input list, can directly judge not to be fishing website have the website of input list just need to detect from content is similar with vision.Detect for the fishing website interactivity, adopt the identification of web page server submission form and filtration based on dom tree.Utilize the markup language sources program analysis method, make up the webpage dom tree, form, input, login submission form control in the identification dom tree are realized quick fishing webpage classification.
Detect the contents such as navigation bar that learning algorithm research webpage noise refers to that web page template comprises, tissue marker, contact details, advertisement bar based on the fishing website of webpage noise.The webpage noise content comprises the website identity information mostly, and fishing website can be applied mechanically these information of targeted website in order better to confuse the user.Replace the whole content of webpage can realize the website identification with the webpage noise, can reduce again the webpage other guide to the impact of detection algorithm performance and efficient.To the webpage noise, seminar intends adopting n-gram, word frequency vector, the Web information processing technology such as TF-IDF, Shingle that the webpage noise is analyzed, determine the feature mode of webpage noise, make up SVM machine learning and disaggregated model, to judge that the suspected site has used famous website template, but inconsistent again with information in the knowledge base, judge fishing website with this.
The fishing website sorting algorithm research website Logo of website Logo identification is significant point in the webpage, also is user's area-of-interest.Often with website Logo identification website, fishing website also utilizes this characteristics user cheating to the network user.Seminar intends adopting SIFT to analyze famous website Logo characteristics, determine the characterization factor of describing website Logo, frequent counterfeit famous targeted sites Logo carries out modeling to fishing website, to judge that the suspected site has used famous Net station logo, but inconsistent again with information in the knowledge base, judge fishing website with this.
(3) phishing Intelligent treatment mechanism research
Browser BHO interface provides relevant interface specification, for phishing Intelligent treatment fishing website provides interface.Adopt and analyze first the various standards of browser BHO, interface, method, event, common class etc., determine and catch the click of user's mouse, keyboard input behavior, address field and status bar event methods; Input message uses the SHA-1 algorithm to obscure, and realizes phishing Intelligent treatment mechanism by programming.
Claims (4)
1. a phishing intelligence system of defense is characterized in that it is comprised of user behavior identification module, fishing website lightweight Intelligent Measurement engine and phishing intelligent processing module, for the network user provides intelligence, timely phishing defence service.
2. a kind of phishing intelligence system of defense according to claim 1 is characterized in that the user behavior identification module is based on
The user behavior recognizer of Bayes.
3. a kind of phishing intelligence system of defense according to claim 1 is characterized in that fishing website lightweight Intelligent Measurement engine modules is identified four layers by URL, interactivity, webpage noise and website Logo and carried out fast detecting; Comprise the online detection algorithm of fishing URL that merges multilayer feature, detect learning algorithm and based on the fishing website detection algorithm of website Logo identification based on the fishing website of the web page server submission form identification of dom tree and filtration, webpage noise.
4. a kind of phishing intelligence system of defense according to claim 1 is characterized in that, for browser BHO object standard, to detected fishing website, adopts first the treatment mechanism of URL address field, status bar or other warning mark reminding users; When the user ignores caution mechanism, the information of user's input is obscured the module of protection.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012101297567A CN103379111A (en) | 2012-04-21 | 2012-04-21 | Intelligent anti-phishing defensive system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012101297567A CN103379111A (en) | 2012-04-21 | 2012-04-21 | Intelligent anti-phishing defensive system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103379111A true CN103379111A (en) | 2013-10-30 |
Family
ID=49463674
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012101297567A Pending CN103379111A (en) | 2012-04-21 | 2012-04-21 | Intelligent anti-phishing defensive system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103379111A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104715369A (en) * | 2015-04-02 | 2015-06-17 | 江苏金智教育信息技术有限公司 | Anti-phishing third party transaction method, device and system |
| CN104899508A (en) * | 2015-06-17 | 2015-09-09 | 中国互联网络信息中心 | Multistage phishing website detecting method and system |
| CN104901847A (en) * | 2015-05-27 | 2015-09-09 | 国家计算机网络与信息安全管理中心 | Social network zombie account detection method and device |
| CN105956633A (en) * | 2016-06-22 | 2016-09-21 | 北京小米移动软件有限公司 | Search engine category identification method and apparatus |
| CN108965245A (en) * | 2018-05-31 | 2018-12-07 | 国家计算机网络与信息安全管理中心 | Detection method for phishing site and system based on the more disaggregated models of adaptive isomery |
| US10313352B2 (en) | 2016-10-26 | 2019-06-04 | International Business Machines Corporation | Phishing detection with machine learning |
| CN110413908A (en) * | 2018-04-26 | 2019-11-05 | 维布络有限公司 | The method and apparatus classified based on web site contents to uniform resource locator |
| CN110784462A (en) * | 2019-10-23 | 2020-02-11 | 北京邮电大学 | Three-layer phishing website detection system based on hybrid method |
| CN112567710A (en) * | 2018-08-09 | 2021-03-26 | 微软技术许可有限责任公司 | System and method for polluting phishing activity responses |
| CN113806740A (en) * | 2021-09-30 | 2021-12-17 | 上海易念信息科技有限公司 | Fishing simulation test method and system and electronic equipment |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102316099A (en) * | 2011-07-28 | 2012-01-11 | 中国科学院计算机网络信息中心 | Network fishing detection method and apparatus thereof |
-
2012
- 2012-04-21 CN CN2012101297567A patent/CN103379111A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102316099A (en) * | 2011-07-28 | 2012-01-11 | 中国科学院计算机网络信息中心 | Network fishing detection method and apparatus thereof |
Non-Patent Citations (3)
| Title |
|---|
| 李立: "基于贝叶斯网络的主机入侵检测系统研究与设计", 《万方学位论文》 * |
| 黄华军等: "网络钓鱼防御技术研究", 《信息网络安全》 * |
| 黄华军等: "网络钓鱼防御技术研究", 《信息网络安全》, 10 April 2012 (2012-04-10), pages 3 * |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104715369A (en) * | 2015-04-02 | 2015-06-17 | 江苏金智教育信息技术有限公司 | Anti-phishing third party transaction method, device and system |
| CN104715369B (en) * | 2015-04-02 | 2017-11-03 | 江苏金智教育信息股份有限公司 | A kind of methods, devices and systems of the third party transaction of anti-fishing |
| CN104901847A (en) * | 2015-05-27 | 2015-09-09 | 国家计算机网络与信息安全管理中心 | Social network zombie account detection method and device |
| CN104901847B (en) * | 2015-05-27 | 2018-10-30 | 国家计算机网络与信息安全管理中心 | A kind of social networks corpse account detection method and device |
| CN104899508A (en) * | 2015-06-17 | 2015-09-09 | 中国互联网络信息中心 | Multistage phishing website detecting method and system |
| CN104899508B (en) * | 2015-06-17 | 2018-12-07 | 中国互联网络信息中心 | A kind of multistage detection method for phishing site and system |
| CN105956633A (en) * | 2016-06-22 | 2016-09-21 | 北京小米移动软件有限公司 | Search engine category identification method and apparatus |
| US10313352B2 (en) | 2016-10-26 | 2019-06-04 | International Business Machines Corporation | Phishing detection with machine learning |
| CN110413908A (en) * | 2018-04-26 | 2019-11-05 | 维布络有限公司 | The method and apparatus classified based on web site contents to uniform resource locator |
| CN110413908B (en) * | 2018-04-26 | 2023-04-07 | 维布络有限公司 | Method and device for classifying uniform resource locators based on website content |
| CN108965245A (en) * | 2018-05-31 | 2018-12-07 | 国家计算机网络与信息安全管理中心 | Detection method for phishing site and system based on the more disaggregated models of adaptive isomery |
| CN112567710A (en) * | 2018-08-09 | 2021-03-26 | 微软技术许可有限责任公司 | System and method for polluting phishing activity responses |
| CN112567710B (en) * | 2018-08-09 | 2023-08-18 | 微软技术许可有限责任公司 | System and method for contaminating phishing campaign responses |
| CN110784462A (en) * | 2019-10-23 | 2020-02-11 | 北京邮电大学 | Three-layer phishing website detection system based on hybrid method |
| CN110784462B (en) * | 2019-10-23 | 2020-11-03 | 北京邮电大学 | Three-layer phishing website detection system based on hybrid method |
| CN113806740A (en) * | 2021-09-30 | 2021-12-17 | 上海易念信息科技有限公司 | Fishing simulation test method and system and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103379111A (en) | Intelligent anti-phishing defensive system | |
| Jain et al. | A survey of phishing attack techniques, defence mechanisms and open research challenges | |
| US20200042696A1 (en) | Dynamic page similarity measurement | |
| RU2607229C2 (en) | Systems and methods of dynamic indicators aggregation to detect network fraud | |
| Fette et al. | Learning to detect phishing emails | |
| CN103179095B (en) | A kind of method and client terminal device detecting fishing website | |
| CN105119909B (en) | A kind of counterfeit website detection method and system based on page visual similarity | |
| Mishra et al. | SMS phishing and mitigation approaches | |
| CN104982011A (en) | Document classification using multiscale text fingerprints | |
| Wardman et al. | High-performance content-based phishing attack detection | |
| US20220030029A1 (en) | Phishing Protection Methods and Systems | |
| CN110443031A (en) | A kind of two dimensional code Risk Identification Method and system | |
| CN106060038B (en) | Detection method for phishing site based on client-side program behavioural analysis | |
| CN108173814A (en) | Detection method for phishing site, terminal device and storage medium | |
| Rathee et al. | Detection of E-mail phishing attacks–using machine learning and deep learning | |
| Zeydan et al. | Survey of anti-phishing tools with detection capabilities | |
| Razaque et al. | Detection of phishing websites using machine learning | |
| Nivedha et al. | Improving phishing URL detection using fuzzy association mining | |
| Zeydan et al. | Current state of anti-phishing approaches and revealing competencies | |
| CN105653941A (en) | Heuristic detection method and system for phishing website | |
| KR20070067651A (en) | Method on prevention of phishing through analysis of the internet site pattern | |
| Abiodun et al. | Linkcalculator–an efficient link-based phishing detection tool | |
| Balamuralikrishna et al. | Mitigating Online Fraud by Ant phishing Model with URL & Image based Webpage Matching | |
| Arade et al. | Antiphishing model with url & image based webpage matching | |
| Sharathkumar et al. | Phishing site detection using machine learning |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20131030 |