CN105138907B - A kind of active probe is attacked the method and system of website - Google Patents

A kind of active probe is attacked the method and system of website Download PDF

Info

Publication number
CN105138907B
CN105138907B CN201510435009.XA CN201510435009A CN105138907B CN 105138907 B CN105138907 B CN 105138907B CN 201510435009 A CN201510435009 A CN 201510435009A CN 105138907 B CN105138907 B CN 105138907B
Authority
CN
China
Prior art keywords
website
information
url
attack
source code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201510435009.XA
Other languages
Chinese (zh)
Other versions
CN105138907A (en
Inventor
何世平
胡俊
徐原
高胜
党向磊
徐晓燕
赵慧
陈阳
李世淙
刘婧
赵宸
饶毓
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
National Computer Network and Information Security Management Center
Original Assignee
National Computer Network and Information Security Management Center
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by National Computer Network and Information Security Management Center filed Critical National Computer Network and Information Security Management Center
Priority to CN201510435009.XA priority Critical patent/CN105138907B/en
Publication of CN105138907A publication Critical patent/CN105138907A/en
Application granted granted Critical
Publication of CN105138907B publication Critical patent/CN105138907B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present invention provides a kind of active probe by the method and system of attack website, which comprises (1) obtains site information to be detected and generate the assignment file for needing to detect;(2) corresponding detection micro engine is sent by the assignment file to detect;(3) safety detection is carried out to each website in the assignment file and generates destination file;(4) obtain and parse the destination file, obtain result information, if having website by attack information if to administrator alarm.Whether the present invention detects website by the attack of various websites by detection micro engine, and uses polling mechanism, and modules run simultaneously, whole system can be made to have very big handling capacity, can detecte large batch of website.

Description

A kind of active probe is attacked the method and system of website
Technical field
The present invention relates to a kind of detections by the method and system of attack website, and in particular to a kind of active probe is by attack net The method and system stood.
Background technique
In internet very flourishing today more and more units and enterprise externally released news by internet, and most Common mode is by the website WEB.All information can be almost put on the website WEB and externally be issued, it is seen that the website pair WEB The important value of enterprise and unit.Just because of there is very important value in the website WEB in Internet era, so also becoming hacker The primary goal of attack.Hacker obtains number one by the website of attack enterprise and unit, and government website is most held among these Vulnerable to hacker attack, attacking government website can make attacker obtain more interests.So the detection to government website becomes Must be particularly important, once discovery can immediately repair website by attack.The whole nation government website quantity be one very Huge number, the ability that must have very high efficiency and very high accuracy processing data to the detection of government website are wanted Greatly, the technology and methods of requirement be can satisfy currently not yet.For this case invention active probe by the skill of attack website Art.The means quickly positioned are provided for network security management and the information security monitoring of national Internet, are relevant functional departments Decision basis is provided.
Website is under attack to be divided into following components:
Homepage attack attacker can leave a trace in the website homepage attacked or replace with original website homepage certainly Own webpage, this part of attacker be often in order to outwardly shine oneself technical strength and attack the website of government unit.It can The a kind of by section of oneself can be only proved for them, but causes great shadow for whole attacked government website It rings.
The webpage of oneself is put under other paths of WEB server by entrainment attack attacker, and ordinary user accesses this net All are acted normally when standing.Webpage left by attacker can just be seen by only inputting correct path, the attack of this part Person is often the website in order to realize oneself using WEB server.
Some links with commercial street can be added in webpage source code by dark chain attack attacker, pass through some technology hands Section (setting tag attributes, js) is linked at these after browser rendering in the no longer page to show.It cannot be seen for visitor To these links, it can be found that these links are to improve these dark linked websites of chain in search engine for search engine In ranking, to realize the commercial object of oneself.
SEO attack attacker can detect the User-Agent field value in the information of http protocol head.According to User- Agent field value difference returns to different webpages.It is general to access webpage under attack by inputting the address URL in a browser Normal webpage can be returned to, if abnormal webpage will be returned to by accessing website under attack by search engine.
Other attack methods attacker can will change the title of website homepage to reach some purposes, DOM tree structure, Pictures location, content of text etc..
Summary of the invention
In order to overcome the above-mentioned deficiencies of the prior art, the present invention provides a kind of detect by the method and system of attack website. Whether the present invention detects website by the attack of various websites by detection micro engine.
In order to achieve the above-mentioned object of the invention, the present invention adopts the following technical scheme that:
A kind of method that active probe is attacked website, the method includes the steps as follows:
(1) it obtains site information to be detected and generates the assignment file for needing to detect;
(2) corresponding detection micro engine is sent by the assignment file to detect;
(3) the detection micro engine receives and parses the assignment file, obtains website URL, downloads and feature detects net Page source code generates warning message, and if there is feature corresponding with the detection micro engine with json format write-in result text Part;
(4) obtain and parse the destination file, obtain result information, if having website by attack information if to administrator report It is alert.
Preferably, in the step (1), the site information to be detected is obtained by website crawler, is included the following steps:
Step 1-1, the URL of the website to be detected is put into task queue;
Step 1-2, it takes out URL and acquires webpage source code, extract top-level domain URL in the webpage source code and website Other essential informations carry out deduplication operation to the top-level domain URL, the top-level domain URL after duplicate removal are put into task queue, Other essential informations are stored in database;
Step 1-3, judge task queue whether be it is empty, if it is empty then exit the program, otherwise repeatedly step 1-2.
Preferably, the step (2) includes the following steps:
Step 2-1, website URL to be detected and characteristic key words are obtained from database;
Step 2-2, assignment file is written into json format in website URL and characteristic key words, the assignment file is sent out Give the detection micro engine;
Step 2-3, more new database, the site marker position that will test are set as 1, and expression had detected.
Preferably, the detection micro engine includes that homepage attack detecting micro engine, entrainment attack detecting micro engine, dark chain are attacked Hit detection micro engine, SEO attack detecting micro engine and integrated computer detection micro engine.
Preferably, the homepage attack detecting micro engine treatment process is as follows:
Step 3-1, the assignment file is parsed, website URL information is obtained;
Step 3-2, pass through website URL download site homepage source code;
Step 3-3, it is matched with characteristic key words and the website homepage source code, if there is Keywords matching, illustrates net It stands and is attacked by homepage, site information is saved in destination file with json format.
Preferably, the entrainment attack detecting micro engine treatment process is as follows:
Step 4-1, the assignment file is parsed, website URL information is obtained, website URL and entrainment path are assembled into newly URL;
Step 4-2, web page source code is downloaded by URL after assembly;
Step 4-3, it is matched with characteristic key words and web page source code, if there is Keywords matching, illustrates that website is entrained Site information, is saved in destination file by attack with json format.
Preferably, the dark chain attack detecting micro engine treatment process is as follows:
Step 5-1, the assignment file is parsed, website URL information is obtained;
Step 5-2, pass through website URL download site homepage source code;
Step 5-3, A, DIV and the MARQUEE label in website homepage source code are extracted, judges that tag attributes determine mark Whether being linked on the page in label be visible;
Step 5-4, characteristic key words matching is carried out to the sightless link of the page and illustrates net if there is Keywords matching It stands and is attacked by dark chain, information preservation by site information and is attacked into destination file with json format.
Preferably, the SEO attack detecting micro engine treatment process is as follows:
Step 6-1, the assignment file is parsed, website URL information is obtained;
Step 6-2, pass through website URL download site homepage source code;
Step 6-3, common User-Agent value and search engine User-Agent value are set and acquire website homepage respectively Source code illustrates that website is attacked if collection result twice is inconsistent, is protected site information and attack information with json format It is stored in destination file.
Preferably, the integrated computer detection micro engine treatment process is as follows:
Step 7-1, the assignment file is parsed, website URL information is obtained;
Step 7-2, pass through website URL download site homepage source code;
Step 7-3, title, DOM structure, content of text and the pictorial information in website homepage source code are extracted twice, it will The information that front and back is extracted twice is compared, if discovery comparison result have greatly it is not identical if illustrate that website is attacked It hits, information preservation by site information and is attacked into destination file with json format.
Preferably, the system that a kind of active probe is attacked website, the system comprises:
Task generation module, for obtaining the essential information for carrying out detection website;
Website detection module, for carrying out safety detection to each website in assignment file and generating result information;
Result treatment module is used for processing result information.
Preferably, the website detection module includes:
Homepage attack detecting micro engine, for whether detecting website by homepage attack;
Attack detecting micro engine is carried secretly, for whether detecting website by entrainment attack;
Dark chain attack detecting micro engine, for whether detecting website by the attack of dark chain;
SEO attack detecting micro engine, for whether detecting website by SEO attack;
Integrated computer detects micro engine, for detecting title, DOM structure, pictorial information and the content of text of website homepage Whether it is modified.
Compared with prior art, the beneficial effects of the present invention are:
The present invention is attacked by homepage attack detecting engine, detection website either with or without by homepage;Pass through entrainment attack inspection Engine is surveyed, the entrainment webpage being hidden in WEB server can be found out;By dark chain attack detecting engine, addition can be found out Dark chain into website source code;By SEO attack detecting engine, it can determine whether website is attacked by SEO.
The present invention uses polling mechanism, and modules run simultaneously, and whole system can be made to have very big handling capacity, can be with Detect large batch of website.Since detection module can carry out multiple websites using single step parallel detection mode in the same time Detection.It ensure that the time interval that the same website is detected twice will not be too long, and guarantee that each testing result has very High accuracy.
Detailed description of the invention
Fig. 1 be in the present invention a kind of active probe by the method flow diagram of attack website,
Fig. 2 be in the present invention a kind of active probe by the system interaction figure of attack website,
Fig. 3 is the method flow diagram for obtaining site information to be detected in the present invention by website crawler,
Fig. 4 is to send the method flow diagram that corresponding detection micro engine detects for assignment file in the present invention,
Fig. 5 is the flow chart that micro engine is detected in the present invention.
Specific embodiment
Active probe proposed by the invention includes but is not limited to such as by the application scenarios of the method and system of attack website Under several situations:
By the detection of attack website;
Government offices, public institution, the web portal security detection of business unit, to network attack, person is actively discovered;
Collect the attack means with business information (such as: other additions can be determined by the dark chain attack detected The method of dark chain).
The present invention is described in further detail below in conjunction with the accompanying drawings.
As shown in Figure 1, a kind of active probe, by the method for attack website, the step of this method, is as follows:
Step S101, it obtains site information to be detected and generates the assignment file for needing to detect;
Step S102, corresponding detection micro engine is sent by the assignment file to detect;
Step S103, the described detection micro engine receives and parses the assignment file, obtains website URL, downloads simultaneously feature Webpage source code is detected, if there is feature corresponding with the detection micro engine, generates warning message, and be written and tie with json format Fruit file;
Step S104, acquisition and parse the destination file, obtain result information, if having website by attack information if to pipe Reason person's alarm.
As shown in Fig. 2, the system that a kind of active probe is attacked website, the system comprises:
Task generation module, for obtaining the essential information for carrying out detection website;
Website detection module, for carrying out safety detection to each website in assignment file and generating result information;
Result treatment module is used for processing result information.
Website detection module includes homepage inspection attack micrometer engine, carries attack detecting micro engine secretly, dark chain attack detecting is micro- Engine, SEO attack detecting micro engine, integrated computer detect micro engine.
As shown in figure 3, in such a way that web crawlers obtains site information to be detected, the specific steps are as follows:
Step S301, the URL of the website to be detected is put into task queue.
Step S302, it takes out URL and acquires webpage source code, extract top-level domain URL and the website in the webpage source code Other essential informations, to the top-level domain URL carry out deduplication operation, the top-level domain URL after duplicate removal is put into task team Other essential informations are stored in database by column.
In this step, it is related to three nucleus modules, data downloading, data analysis and data deduplication.
Wherein, data are downloaded, and are downloaded since a top website domain name, are downloaded in Internet according to http protocol Data in WEB server, obtain web data, and main purpose is to analyze the content in webpage and provide data basis.
Include the following steps:
1) WEB server is connected;
2) HTTP request is sent to WEB server;
3) result that WEB server returns is received;
4) the head information that analysis HTTP is returned;
If 5) return to the data content for successfully so receiving return.
Data analysis analyzes the external linkage for including in source code based on the web data that data are downloaded.
Data deduplication, basic principle are that one character string is calculated as to the number of a DWORD type, root using HASH algorithm According to the difference of the different instructions character string of numerical value.The external linkage analyzed according to data, domain name is raw using HASH algorithm At corresponding characteristic value, file is recorded in conjunction with duplicate removal, already present domain name in seed bank is rejected, retains new domain name.
Step S303, judge task queue whether be it is empty, if it is empty then exit the program, otherwise repeatedly step S302.
It is detected as shown in figure 4, sending corresponding detection micro engine for assignment file, the specific steps are as follows:
Step S401, website URL to be detected and characteristic key words are obtained from database;
Step S402, assignment file is written into json format in website URL and characteristic key words, the assignment file is sent out Give the detection micro engine;
Step S403, more new database, the site marker position that will test are set as 1, and expression had detected.
As shown in figure 5, web portal security detection is related to the safety detection to each attack pattern of each website, often One attack detecting micro engine logical construction, does not require the detection ordering of same website, and detecting each time all will not be under One-time detection result impacts.
Wherein, homepage attack detecting micro engine treatment process is as follows:
Step S501, the assignment file is parsed, website URL information is obtained;
Step S502, pass through website URL download site homepage source code;
Step S503, it is matched with characteristic key words and the website homepage source code, if there is Keywords matching, illustrates net It stands and is attacked by homepage, site information is saved in destination file with json format.
It is as follows to carry attack detecting micro engine treatment process secretly:
Step S601, the assignment file is parsed, website URL information is obtained, website URL and entrainment path are assembled into newly URL;
Step S602, web page source code is downloaded by URL after assembly;
Step S603, it is matched with characteristic key words and web page source code, if there is Keywords matching, illustrates that website is entrained Site information, is saved in destination file by attack with json format.
Dark chain attack detecting micro engine treatment process is as follows:
Step S701, the assignment file is parsed, website URL information is obtained;
Step S702, web page source code is downloaded by website URL;
Step S703, A, DIV and the MARQUEE label in web page source code are extracted, judges that tag attributes determine in label Be linked on the page it is whether visible;
Step S704, characteristic key words matching is carried out to the sightless link of the page and illustrates net if there is Keywords matching It stands and is attacked by dark chain, information preservation by site information and is attacked into destination file with json format.
SEO attack detecting micro engine treatment process is as follows:
Step S801, the assignment file is parsed, website URL information is obtained;
Step S802, web page source code is downloaded by website URL;
Step S803, common User-Agent value and search engine User-Agent value are set and acquire web page source generation respectively Code, illustrates that website is attacked if collection result twice is inconsistent, is arrived site information and attack information preservation with json format In destination file.
It is as follows that integrated computer detects micro engine treatment process:
Step S901, the assignment file is parsed, website URL information is obtained;
Step S902, web page source code is downloaded by website URL;
Step S903, title, DOM structure, content of text and the pictorial information in web page source code are extracted twice, by front and back The information extracted twice is compared, if discovery comparison result have greatly it is not identical if illustrate that website is under attack, with Json format is by site information and attack information preservation into destination file.
Finally it should be noted that: the above embodiments are merely illustrative of the technical scheme of the present invention and are not intended to be limiting thereof, to the greatest extent Invention is explained in detail referring to above-described embodiment for pipe, it should be understood by those ordinary skilled in the art that: still It can be with modifications or equivalent substitutions are made to specific embodiments of the invention, and without departing from any of spirit and scope of the invention Modification or equivalent replacement, are intended to be within the scope of the claims of the invention.

Claims (6)

1. a kind of active probe is by the method for attack website, which is characterized in that described method includes following steps:
(1) it obtains site information to be detected and generates the assignment file for needing to detect;
(2) corresponding detection micro engine is sent by the assignment file to detect;
(3) safety detection is carried out to each website in the assignment file and generates destination file;
(4) obtain and parse the destination file, obtain result information, if having website by attack information if to administrator alarm;
In the step (1), the site information to be detected is obtained by website crawler, is included the following steps:
Step 1-1, the URL of the website to be detected is put into task queue;
Step 1-2, it takes out URL and acquires webpage source code, extract other of the top-level domain URL and website in the webpage source code Essential information carries out deduplication operation to the top-level domain URL, the top-level domain URL after duplicate removal is put into task queue, by it He is stored in database at essential information;
Step 1-3, judge task queue whether be it is empty, if it is empty then exit the program, otherwise repeatedly step 1-2;
In the step (3), dark chain attack detecting is carried out to each website in the assignment file, is included the following steps:
Step 5-1, the assignment file is parsed, website URL information is obtained;
Step 5-2, web page source code is downloaded by website URL;
Step 5-3, A, DIV and the MARQUEE label in web page source code are extracted, judges that tag attributes determine the chain in label It connects whether visible on the page;
Step 5-4, to the sightless link of the page carry out characteristic key words matching, if there is Keywords matching, illustrate website by It is attacked to dark chain, information preservation by site information and is attacked into destination file with json format.
2. method according to claim 1, which is characterized in that the step (2) includes the following steps:
Step 2-1, website URL to be detected and characteristic key words are obtained from database;
Step 2-2, assignment file is written into json format in website URL and characteristic key words, the assignment file is sent to The detection micro engine;
Step 2-3, more new database, the site marker position that will test are set as 1, and expression had detected.
3. method according to claim 1, which is characterized in that in the step (3), to each net in the assignment file It stands and carries out homepage attack detecting, include the following steps:
Step 3-1, the assignment file is parsed, website URL information is obtained;
Step 3-2, pass through website URL download site homepage source code;
Step 3-3, it is matched with characteristic key words and the website homepage source code, if there is Keywords matching, illustrates website quilt Site information, is saved in destination file by homepage attack with json format.
4. method according to claim 1, which is characterized in that in the step (3), to each net in the assignment file Station carries out entrainment attack detecting, includes the following steps:
Step 4-1, the assignment file is parsed, website URL information is obtained, website URL and entrainment path are assembled into new URL;
Step 4-2, web page source code is downloaded by URL after assembly;
Step 4-3, it is matched with characteristic key words and web page source code, if there is Keywords matching, illustrates that website is entrained attack, Site information is saved in destination file with json format.
5. method according to claim 1, which is characterized in that in the step (3), to each net in the assignment file It stands and carries out SEO attack detecting, include the following steps:
Step 6-1, the assignment file is parsed, website URL information is obtained;
Step 6-2, web page source code is downloaded by website URL;
Step 6-3, common User-Agent value and search engine User-Agent value are set and acquire web page source code respectively, if Collection result is inconsistent twice, illustrates that website is attacked, with json format that site information and attack information preservation is literary to result In part.
6. method according to claim 1, which is characterized in that in the step (3), to each net in the assignment file It stands and carries out integrated computer detection, include the following steps:
Step 7-1, the assignment file is parsed, website URL information is obtained;
Step 7-2, web page source code is downloaded by website URL;
Step 7-3, title, DOM structure, content of text and the pictorial information in web page source code are extracted twice, twice by front and back The information of extraction is compared, if discovery comparison result have greatly it is not identical if illustrate that website is under attack, with json Format is by site information and attack information preservation into destination file.
CN201510435009.XA 2015-07-22 2015-07-22 A kind of active probe is attacked the method and system of website Expired - Fee Related CN105138907B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510435009.XA CN105138907B (en) 2015-07-22 2015-07-22 A kind of active probe is attacked the method and system of website

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510435009.XA CN105138907B (en) 2015-07-22 2015-07-22 A kind of active probe is attacked the method and system of website

Publications (2)

Publication Number Publication Date
CN105138907A CN105138907A (en) 2015-12-09
CN105138907B true CN105138907B (en) 2019-04-23

Family

ID=54724252

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510435009.XA Expired - Fee Related CN105138907B (en) 2015-07-22 2015-07-22 A kind of active probe is attacked the method and system of website

Country Status (1)

Country Link
CN (1) CN105138907B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108062459B (en) * 2016-11-09 2020-06-05 腾讯科技(北京)有限公司 Method and device for preventing page information from being captured
CN108363711B (en) * 2017-07-04 2020-11-13 北京安天网络安全技术有限公司 Method and device for detecting dark chain in webpage
CN108429755B (en) * 2018-03-21 2021-02-05 深圳天源迪科信息技术股份有限公司 Dynamic management platform and method for network security basic information
CN110309667B (en) * 2019-04-16 2022-08-30 网宿科技股份有限公司 Website hidden link detection method and device
CN111143722A (en) * 2019-12-23 2020-05-12 杭州安恒信息技术股份有限公司 Method, device, equipment and medium for detecting webpage hidden link
CN111787024B (en) * 2020-07-20 2023-08-01 杭州安恒信息安全技术有限公司 Method for collecting network attack evidence, electronic device and storage medium
CN112491817B (en) * 2020-11-12 2023-04-18 中国联合网络通信集团有限公司 Honeypot technology-based tracing method and device and honeypot equipment
CN112765601B (en) * 2021-01-18 2023-04-18 西安博达软件股份有限公司 Website homepage structure monitoring method based on cloud

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101820366A (en) * 2010-01-27 2010-09-01 南京邮电大学 Pre-fetching-based phishing web page detection method
CN102622435A (en) * 2012-02-29 2012-08-01 百度在线网络技术(北京)有限公司 Method and device for detecting black chain
CN103281177A (en) * 2013-04-10 2013-09-04 广东电网公司信息中心 Method and system for detecting hostile attack on Internet information system

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8250657B1 (en) * 2006-12-29 2012-08-21 Symantec Corporation Web site hygiene-based computer security
CN101692267B (en) * 2009-09-15 2011-09-07 北京大学 Method and system for detecting large-scale malicious web pages
CN102111267A (en) * 2009-12-28 2011-06-29 北京安码科技有限公司 Website safety protection method based on digital signature and system adopting same

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101820366A (en) * 2010-01-27 2010-09-01 南京邮电大学 Pre-fetching-based phishing web page detection method
CN102622435A (en) * 2012-02-29 2012-08-01 百度在线网络技术(北京)有限公司 Method and device for detecting black chain
CN103281177A (en) * 2013-04-10 2013-09-04 广东电网公司信息中心 Method and system for detecting hostile attack on Internet information system

Also Published As

Publication number Publication date
CN105138907A (en) 2015-12-09

Similar Documents

Publication Publication Date Title
CN105138907B (en) A kind of active probe is attacked the method and system of website
US10880330B2 (en) Systems and methods for detection of infected websites
CN103559235B (en) A kind of online social networks malicious web pages detection recognition methods
CN104125209B (en) Malice website prompt method and router
Soska et al. Automatically detecting vulnerable websites before they turn malicious
CN108460278A (en) A kind of threat information processing method and device
Hara et al. Visual similarity-based phishing detection without victim site information
CN106685936B (en) Webpage tampering detection method and device
CN102541937B (en) Webpage information detection method and system
CN110912889B (en) Network attack detection system and method based on intelligent threat intelligence
Liao et al. Seeking nonsense, looking for trouble: Efficient promotional-infection detection through semantic inconsistency search
CN102446255B (en) Method and device for detecting page tamper
CN103605926A (en) Webpage tampering detecting method and device
CN104881608A (en) XSS vulnerability detection method based on simulating browser behavior
CN103544436A (en) System and method for distinguishing phishing websites
CN103679053B (en) A kind of detection method of webpage tamper and device
CN104881607A (en) XSS vulnerability detection method based on simulating browser behavior
CN102436563A (en) Method and device for detecting page tampering
CN102591965A (en) Method and device for detecting black chain
CN104036190A (en) Method and device for detecting page tampering
CN113032655A (en) Method for extracting and fixing dark network electronic data
CN108874802A (en) Page detection method and device
Shyni et al. Phishing detection in websites using parse tree validation
CN108694325A (en) The condition discriminating apparatus of the discriminating conduct and specified type website of specified type website
CN108280102A (en) Internet behavior recording method, device and user terminal

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20190423

Termination date: 20200722