CN105138907B - A kind of active probe is attacked the method and system of website - Google Patents
A kind of active probe is attacked the method and system of website Download PDFInfo
- Publication number
- CN105138907B CN105138907B CN201510435009.XA CN201510435009A CN105138907B CN 105138907 B CN105138907 B CN 105138907B CN 201510435009 A CN201510435009 A CN 201510435009A CN 105138907 B CN105138907 B CN 105138907B
- Authority
- CN
- China
- Prior art keywords
- website
- information
- url
- attack
- source code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention provides a kind of active probe by the method and system of attack website, which comprises (1) obtains site information to be detected and generate the assignment file for needing to detect;(2) corresponding detection micro engine is sent by the assignment file to detect;(3) safety detection is carried out to each website in the assignment file and generates destination file;(4) obtain and parse the destination file, obtain result information, if having website by attack information if to administrator alarm.Whether the present invention detects website by the attack of various websites by detection micro engine, and uses polling mechanism, and modules run simultaneously, whole system can be made to have very big handling capacity, can detecte large batch of website.
Description
Technical field
The present invention relates to a kind of detections by the method and system of attack website, and in particular to a kind of active probe is by attack net
The method and system stood.
Background technique
In internet very flourishing today more and more units and enterprise externally released news by internet, and most
Common mode is by the website WEB.All information can be almost put on the website WEB and externally be issued, it is seen that the website pair WEB
The important value of enterprise and unit.Just because of there is very important value in the website WEB in Internet era, so also becoming hacker
The primary goal of attack.Hacker obtains number one by the website of attack enterprise and unit, and government website is most held among these
Vulnerable to hacker attack, attacking government website can make attacker obtain more interests.So the detection to government website becomes
Must be particularly important, once discovery can immediately repair website by attack.The whole nation government website quantity be one very
Huge number, the ability that must have very high efficiency and very high accuracy processing data to the detection of government website are wanted
Greatly, the technology and methods of requirement be can satisfy currently not yet.For this case invention active probe by the skill of attack website
Art.The means quickly positioned are provided for network security management and the information security monitoring of national Internet, are relevant functional departments
Decision basis is provided.
Website is under attack to be divided into following components:
Homepage attack attacker can leave a trace in the website homepage attacked or replace with original website homepage certainly
Own webpage, this part of attacker be often in order to outwardly shine oneself technical strength and attack the website of government unit.It can
The a kind of by section of oneself can be only proved for them, but causes great shadow for whole attacked government website
It rings.
The webpage of oneself is put under other paths of WEB server by entrainment attack attacker, and ordinary user accesses this net
All are acted normally when standing.Webpage left by attacker can just be seen by only inputting correct path, the attack of this part
Person is often the website in order to realize oneself using WEB server.
Some links with commercial street can be added in webpage source code by dark chain attack attacker, pass through some technology hands
Section (setting tag attributes, js) is linked at these after browser rendering in the no longer page to show.It cannot be seen for visitor
To these links, it can be found that these links are to improve these dark linked websites of chain in search engine for search engine
In ranking, to realize the commercial object of oneself.
SEO attack attacker can detect the User-Agent field value in the information of http protocol head.According to User-
Agent field value difference returns to different webpages.It is general to access webpage under attack by inputting the address URL in a browser
Normal webpage can be returned to, if abnormal webpage will be returned to by accessing website under attack by search engine.
Other attack methods attacker can will change the title of website homepage to reach some purposes, DOM tree structure,
Pictures location, content of text etc..
Summary of the invention
In order to overcome the above-mentioned deficiencies of the prior art, the present invention provides a kind of detect by the method and system of attack website.
Whether the present invention detects website by the attack of various websites by detection micro engine.
In order to achieve the above-mentioned object of the invention, the present invention adopts the following technical scheme that:
A kind of method that active probe is attacked website, the method includes the steps as follows:
(1) it obtains site information to be detected and generates the assignment file for needing to detect;
(2) corresponding detection micro engine is sent by the assignment file to detect;
(3) the detection micro engine receives and parses the assignment file, obtains website URL, downloads and feature detects net
Page source code generates warning message, and if there is feature corresponding with the detection micro engine with json format write-in result text
Part;
(4) obtain and parse the destination file, obtain result information, if having website by attack information if to administrator report
It is alert.
Preferably, in the step (1), the site information to be detected is obtained by website crawler, is included the following steps:
Step 1-1, the URL of the website to be detected is put into task queue;
Step 1-2, it takes out URL and acquires webpage source code, extract top-level domain URL in the webpage source code and website
Other essential informations carry out deduplication operation to the top-level domain URL, the top-level domain URL after duplicate removal are put into task queue,
Other essential informations are stored in database;
Step 1-3, judge task queue whether be it is empty, if it is empty then exit the program, otherwise repeatedly step 1-2.
Preferably, the step (2) includes the following steps:
Step 2-1, website URL to be detected and characteristic key words are obtained from database;
Step 2-2, assignment file is written into json format in website URL and characteristic key words, the assignment file is sent out
Give the detection micro engine;
Step 2-3, more new database, the site marker position that will test are set as 1, and expression had detected.
Preferably, the detection micro engine includes that homepage attack detecting micro engine, entrainment attack detecting micro engine, dark chain are attacked
Hit detection micro engine, SEO attack detecting micro engine and integrated computer detection micro engine.
Preferably, the homepage attack detecting micro engine treatment process is as follows:
Step 3-1, the assignment file is parsed, website URL information is obtained;
Step 3-2, pass through website URL download site homepage source code;
Step 3-3, it is matched with characteristic key words and the website homepage source code, if there is Keywords matching, illustrates net
It stands and is attacked by homepage, site information is saved in destination file with json format.
Preferably, the entrainment attack detecting micro engine treatment process is as follows:
Step 4-1, the assignment file is parsed, website URL information is obtained, website URL and entrainment path are assembled into newly
URL;
Step 4-2, web page source code is downloaded by URL after assembly;
Step 4-3, it is matched with characteristic key words and web page source code, if there is Keywords matching, illustrates that website is entrained
Site information, is saved in destination file by attack with json format.
Preferably, the dark chain attack detecting micro engine treatment process is as follows:
Step 5-1, the assignment file is parsed, website URL information is obtained;
Step 5-2, pass through website URL download site homepage source code;
Step 5-3, A, DIV and the MARQUEE label in website homepage source code are extracted, judges that tag attributes determine mark
Whether being linked on the page in label be visible;
Step 5-4, characteristic key words matching is carried out to the sightless link of the page and illustrates net if there is Keywords matching
It stands and is attacked by dark chain, information preservation by site information and is attacked into destination file with json format.
Preferably, the SEO attack detecting micro engine treatment process is as follows:
Step 6-1, the assignment file is parsed, website URL information is obtained;
Step 6-2, pass through website URL download site homepage source code;
Step 6-3, common User-Agent value and search engine User-Agent value are set and acquire website homepage respectively
Source code illustrates that website is attacked if collection result twice is inconsistent, is protected site information and attack information with json format
It is stored in destination file.
Preferably, the integrated computer detection micro engine treatment process is as follows:
Step 7-1, the assignment file is parsed, website URL information is obtained;
Step 7-2, pass through website URL download site homepage source code;
Step 7-3, title, DOM structure, content of text and the pictorial information in website homepage source code are extracted twice, it will
The information that front and back is extracted twice is compared, if discovery comparison result have greatly it is not identical if illustrate that website is attacked
It hits, information preservation by site information and is attacked into destination file with json format.
Preferably, the system that a kind of active probe is attacked website, the system comprises:
Task generation module, for obtaining the essential information for carrying out detection website;
Website detection module, for carrying out safety detection to each website in assignment file and generating result information;
Result treatment module is used for processing result information.
Preferably, the website detection module includes:
Homepage attack detecting micro engine, for whether detecting website by homepage attack;
Attack detecting micro engine is carried secretly, for whether detecting website by entrainment attack;
Dark chain attack detecting micro engine, for whether detecting website by the attack of dark chain;
SEO attack detecting micro engine, for whether detecting website by SEO attack;
Integrated computer detects micro engine, for detecting title, DOM structure, pictorial information and the content of text of website homepage
Whether it is modified.
Compared with prior art, the beneficial effects of the present invention are:
The present invention is attacked by homepage attack detecting engine, detection website either with or without by homepage;Pass through entrainment attack inspection
Engine is surveyed, the entrainment webpage being hidden in WEB server can be found out;By dark chain attack detecting engine, addition can be found out
Dark chain into website source code;By SEO attack detecting engine, it can determine whether website is attacked by SEO.
The present invention uses polling mechanism, and modules run simultaneously, and whole system can be made to have very big handling capacity, can be with
Detect large batch of website.Since detection module can carry out multiple websites using single step parallel detection mode in the same time
Detection.It ensure that the time interval that the same website is detected twice will not be too long, and guarantee that each testing result has very
High accuracy.
Detailed description of the invention
Fig. 1 be in the present invention a kind of active probe by the method flow diagram of attack website,
Fig. 2 be in the present invention a kind of active probe by the system interaction figure of attack website,
Fig. 3 is the method flow diagram for obtaining site information to be detected in the present invention by website crawler,
Fig. 4 is to send the method flow diagram that corresponding detection micro engine detects for assignment file in the present invention,
Fig. 5 is the flow chart that micro engine is detected in the present invention.
Specific embodiment
Active probe proposed by the invention includes but is not limited to such as by the application scenarios of the method and system of attack website
Under several situations:
By the detection of attack website;
Government offices, public institution, the web portal security detection of business unit, to network attack, person is actively discovered;
Collect the attack means with business information (such as: other additions can be determined by the dark chain attack detected
The method of dark chain).
The present invention is described in further detail below in conjunction with the accompanying drawings.
As shown in Figure 1, a kind of active probe, by the method for attack website, the step of this method, is as follows:
Step S101, it obtains site information to be detected and generates the assignment file for needing to detect;
Step S102, corresponding detection micro engine is sent by the assignment file to detect;
Step S103, the described detection micro engine receives and parses the assignment file, obtains website URL, downloads simultaneously feature
Webpage source code is detected, if there is feature corresponding with the detection micro engine, generates warning message, and be written and tie with json format
Fruit file;
Step S104, acquisition and parse the destination file, obtain result information, if having website by attack information if to pipe
Reason person's alarm.
As shown in Fig. 2, the system that a kind of active probe is attacked website, the system comprises:
Task generation module, for obtaining the essential information for carrying out detection website;
Website detection module, for carrying out safety detection to each website in assignment file and generating result information;
Result treatment module is used for processing result information.
Website detection module includes homepage inspection attack micrometer engine, carries attack detecting micro engine secretly, dark chain attack detecting is micro-
Engine, SEO attack detecting micro engine, integrated computer detect micro engine.
As shown in figure 3, in such a way that web crawlers obtains site information to be detected, the specific steps are as follows:
Step S301, the URL of the website to be detected is put into task queue.
Step S302, it takes out URL and acquires webpage source code, extract top-level domain URL and the website in the webpage source code
Other essential informations, to the top-level domain URL carry out deduplication operation, the top-level domain URL after duplicate removal is put into task team
Other essential informations are stored in database by column.
In this step, it is related to three nucleus modules, data downloading, data analysis and data deduplication.
Wherein, data are downloaded, and are downloaded since a top website domain name, are downloaded in Internet according to http protocol
Data in WEB server, obtain web data, and main purpose is to analyze the content in webpage and provide data basis.
Include the following steps:
1) WEB server is connected;
2) HTTP request is sent to WEB server;
3) result that WEB server returns is received;
4) the head information that analysis HTTP is returned;
If 5) return to the data content for successfully so receiving return.
Data analysis analyzes the external linkage for including in source code based on the web data that data are downloaded.
Data deduplication, basic principle are that one character string is calculated as to the number of a DWORD type, root using HASH algorithm
According to the difference of the different instructions character string of numerical value.The external linkage analyzed according to data, domain name is raw using HASH algorithm
At corresponding characteristic value, file is recorded in conjunction with duplicate removal, already present domain name in seed bank is rejected, retains new domain name.
Step S303, judge task queue whether be it is empty, if it is empty then exit the program, otherwise repeatedly step S302.
It is detected as shown in figure 4, sending corresponding detection micro engine for assignment file, the specific steps are as follows:
Step S401, website URL to be detected and characteristic key words are obtained from database;
Step S402, assignment file is written into json format in website URL and characteristic key words, the assignment file is sent out
Give the detection micro engine;
Step S403, more new database, the site marker position that will test are set as 1, and expression had detected.
As shown in figure 5, web portal security detection is related to the safety detection to each attack pattern of each website, often
One attack detecting micro engine logical construction, does not require the detection ordering of same website, and detecting each time all will not be under
One-time detection result impacts.
Wherein, homepage attack detecting micro engine treatment process is as follows:
Step S501, the assignment file is parsed, website URL information is obtained;
Step S502, pass through website URL download site homepage source code;
Step S503, it is matched with characteristic key words and the website homepage source code, if there is Keywords matching, illustrates net
It stands and is attacked by homepage, site information is saved in destination file with json format.
It is as follows to carry attack detecting micro engine treatment process secretly:
Step S601, the assignment file is parsed, website URL information is obtained, website URL and entrainment path are assembled into newly
URL;
Step S602, web page source code is downloaded by URL after assembly;
Step S603, it is matched with characteristic key words and web page source code, if there is Keywords matching, illustrates that website is entrained
Site information, is saved in destination file by attack with json format.
Dark chain attack detecting micro engine treatment process is as follows:
Step S701, the assignment file is parsed, website URL information is obtained;
Step S702, web page source code is downloaded by website URL;
Step S703, A, DIV and the MARQUEE label in web page source code are extracted, judges that tag attributes determine in label
Be linked on the page it is whether visible;
Step S704, characteristic key words matching is carried out to the sightless link of the page and illustrates net if there is Keywords matching
It stands and is attacked by dark chain, information preservation by site information and is attacked into destination file with json format.
SEO attack detecting micro engine treatment process is as follows:
Step S801, the assignment file is parsed, website URL information is obtained;
Step S802, web page source code is downloaded by website URL;
Step S803, common User-Agent value and search engine User-Agent value are set and acquire web page source generation respectively
Code, illustrates that website is attacked if collection result twice is inconsistent, is arrived site information and attack information preservation with json format
In destination file.
It is as follows that integrated computer detects micro engine treatment process:
Step S901, the assignment file is parsed, website URL information is obtained;
Step S902, web page source code is downloaded by website URL;
Step S903, title, DOM structure, content of text and the pictorial information in web page source code are extracted twice, by front and back
The information extracted twice is compared, if discovery comparison result have greatly it is not identical if illustrate that website is under attack, with
Json format is by site information and attack information preservation into destination file.
Finally it should be noted that: the above embodiments are merely illustrative of the technical scheme of the present invention and are not intended to be limiting thereof, to the greatest extent
Invention is explained in detail referring to above-described embodiment for pipe, it should be understood by those ordinary skilled in the art that: still
It can be with modifications or equivalent substitutions are made to specific embodiments of the invention, and without departing from any of spirit and scope of the invention
Modification or equivalent replacement, are intended to be within the scope of the claims of the invention.
Claims (6)
1. a kind of active probe is by the method for attack website, which is characterized in that described method includes following steps:
(1) it obtains site information to be detected and generates the assignment file for needing to detect;
(2) corresponding detection micro engine is sent by the assignment file to detect;
(3) safety detection is carried out to each website in the assignment file and generates destination file;
(4) obtain and parse the destination file, obtain result information, if having website by attack information if to administrator alarm;
In the step (1), the site information to be detected is obtained by website crawler, is included the following steps:
Step 1-1, the URL of the website to be detected is put into task queue;
Step 1-2, it takes out URL and acquires webpage source code, extract other of the top-level domain URL and website in the webpage source code
Essential information carries out deduplication operation to the top-level domain URL, the top-level domain URL after duplicate removal is put into task queue, by it
He is stored in database at essential information;
Step 1-3, judge task queue whether be it is empty, if it is empty then exit the program, otherwise repeatedly step 1-2;
In the step (3), dark chain attack detecting is carried out to each website in the assignment file, is included the following steps:
Step 5-1, the assignment file is parsed, website URL information is obtained;
Step 5-2, web page source code is downloaded by website URL;
Step 5-3, A, DIV and the MARQUEE label in web page source code are extracted, judges that tag attributes determine the chain in label
It connects whether visible on the page;
Step 5-4, to the sightless link of the page carry out characteristic key words matching, if there is Keywords matching, illustrate website by
It is attacked to dark chain, information preservation by site information and is attacked into destination file with json format.
2. method according to claim 1, which is characterized in that the step (2) includes the following steps:
Step 2-1, website URL to be detected and characteristic key words are obtained from database;
Step 2-2, assignment file is written into json format in website URL and characteristic key words, the assignment file is sent to
The detection micro engine;
Step 2-3, more new database, the site marker position that will test are set as 1, and expression had detected.
3. method according to claim 1, which is characterized in that in the step (3), to each net in the assignment file
It stands and carries out homepage attack detecting, include the following steps:
Step 3-1, the assignment file is parsed, website URL information is obtained;
Step 3-2, pass through website URL download site homepage source code;
Step 3-3, it is matched with characteristic key words and the website homepage source code, if there is Keywords matching, illustrates website quilt
Site information, is saved in destination file by homepage attack with json format.
4. method according to claim 1, which is characterized in that in the step (3), to each net in the assignment file
Station carries out entrainment attack detecting, includes the following steps:
Step 4-1, the assignment file is parsed, website URL information is obtained, website URL and entrainment path are assembled into new
URL;
Step 4-2, web page source code is downloaded by URL after assembly;
Step 4-3, it is matched with characteristic key words and web page source code, if there is Keywords matching, illustrates that website is entrained attack,
Site information is saved in destination file with json format.
5. method according to claim 1, which is characterized in that in the step (3), to each net in the assignment file
It stands and carries out SEO attack detecting, include the following steps:
Step 6-1, the assignment file is parsed, website URL information is obtained;
Step 6-2, web page source code is downloaded by website URL;
Step 6-3, common User-Agent value and search engine User-Agent value are set and acquire web page source code respectively, if
Collection result is inconsistent twice, illustrates that website is attacked, with json format that site information and attack information preservation is literary to result
In part.
6. method according to claim 1, which is characterized in that in the step (3), to each net in the assignment file
It stands and carries out integrated computer detection, include the following steps:
Step 7-1, the assignment file is parsed, website URL information is obtained;
Step 7-2, web page source code is downloaded by website URL;
Step 7-3, title, DOM structure, content of text and the pictorial information in web page source code are extracted twice, twice by front and back
The information of extraction is compared, if discovery comparison result have greatly it is not identical if illustrate that website is under attack, with json
Format is by site information and attack information preservation into destination file.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510435009.XA CN105138907B (en) | 2015-07-22 | 2015-07-22 | A kind of active probe is attacked the method and system of website |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510435009.XA CN105138907B (en) | 2015-07-22 | 2015-07-22 | A kind of active probe is attacked the method and system of website |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105138907A CN105138907A (en) | 2015-12-09 |
| CN105138907B true CN105138907B (en) | 2019-04-23 |
Family
ID=54724252
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510435009.XA Expired - Fee Related CN105138907B (en) | 2015-07-22 | 2015-07-22 | A kind of active probe is attacked the method and system of website |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105138907B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108062459B (en) * | 2016-11-09 | 2020-06-05 | 腾讯科技(北京)有限公司 | Method and device for preventing page information from being captured |
| CN108363711B (en) * | 2017-07-04 | 2020-11-13 | 北京安天网络安全技术有限公司 | Method and device for detecting dark chain in webpage |
| CN108429755B (en) * | 2018-03-21 | 2021-02-05 | 深圳天源迪科信息技术股份有限公司 | Dynamic management platform and method for network security basic information |
| CN110309667B (en) * | 2019-04-16 | 2022-08-30 | 网宿科技股份有限公司 | Website hidden link detection method and device |
| CN111143722A (en) * | 2019-12-23 | 2020-05-12 | 杭州安恒信息技术股份有限公司 | Method, device, equipment and medium for detecting webpage hidden link |
| CN111787024B (en) * | 2020-07-20 | 2023-08-01 | 杭州安恒信息安全技术有限公司 | Method for collecting network attack evidence, electronic device and storage medium |
| CN112491817B (en) * | 2020-11-12 | 2023-04-18 | 中国联合网络通信集团有限公司 | Honeypot technology-based tracing method and device and honeypot equipment |
| CN112765601B (en) * | 2021-01-18 | 2023-04-18 | 西安博达软件股份有限公司 | Website homepage structure monitoring method based on cloud |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101820366A (en) * | 2010-01-27 | 2010-09-01 | 南京邮电大学 | Pre-fetching-based phishing web page detection method |
| CN102622435A (en) * | 2012-02-29 | 2012-08-01 | 百度在线网络技术(北京)有限公司 | Method and device for detecting black chain |
| CN103281177A (en) * | 2013-04-10 | 2013-09-04 | 广东电网公司信息中心 | Method and system for detecting hostile attack on Internet information system |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8250657B1 (en) * | 2006-12-29 | 2012-08-21 | Symantec Corporation | Web site hygiene-based computer security |
| CN101692267B (en) * | 2009-09-15 | 2011-09-07 | 北京大学 | Method and system for detecting large-scale malicious web pages |
| CN102111267A (en) * | 2009-12-28 | 2011-06-29 | 北京安码科技有限公司 | Website safety protection method based on digital signature and system adopting same |
-
2015
- 2015-07-22 CN CN201510435009.XA patent/CN105138907B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101820366A (en) * | 2010-01-27 | 2010-09-01 | 南京邮电大学 | Pre-fetching-based phishing web page detection method |
| CN102622435A (en) * | 2012-02-29 | 2012-08-01 | 百度在线网络技术(北京)有限公司 | Method and device for detecting black chain |
| CN103281177A (en) * | 2013-04-10 | 2013-09-04 | 广东电网公司信息中心 | Method and system for detecting hostile attack on Internet information system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105138907A (en) | 2015-12-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105138907B (en) | A kind of active probe is attacked the method and system of website | |
| US10880330B2 (en) | Systems and methods for detection of infected websites | |
| CN103559235B (en) | A kind of online social networks malicious web pages detection recognition methods | |
| CN104125209B (en) | Malice website prompt method and router | |
| Soska et al. | Automatically detecting vulnerable websites before they turn malicious | |
| CN108460278A (en) | A kind of threat information processing method and device | |
| Hara et al. | Visual similarity-based phishing detection without victim site information | |
| CN106685936B (en) | Webpage tampering detection method and device | |
| CN102541937B (en) | Webpage information detection method and system | |
| CN110912889B (en) | Network attack detection system and method based on intelligent threat intelligence | |
| Liao et al. | Seeking nonsense, looking for trouble: Efficient promotional-infection detection through semantic inconsistency search | |
| CN102446255B (en) | Method and device for detecting page tamper | |
| CN103605926A (en) | Webpage tampering detecting method and device | |
| CN104881608A (en) | XSS vulnerability detection method based on simulating browser behavior | |
| CN103544436A (en) | System and method for distinguishing phishing websites | |
| CN103679053B (en) | A kind of detection method of webpage tamper and device | |
| CN104881607A (en) | XSS vulnerability detection method based on simulating browser behavior | |
| CN102436563A (en) | Method and device for detecting page tampering | |
| CN102591965A (en) | Method and device for detecting black chain | |
| CN104036190A (en) | Method and device for detecting page tampering | |
| CN113032655A (en) | Method for extracting and fixing dark network electronic data | |
| CN108874802A (en) | Page detection method and device | |
| Shyni et al. | Phishing detection in websites using parse tree validation | |
| CN108694325A (en) | The condition discriminating apparatus of the discriminating conduct and specified type website of specified type website | |
| CN108280102A (en) | Internet behavior recording method, device and user terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20190423 Termination date: 20200722 |