CN105491031A - Phishing website identifying method and device - Google Patents
Phishing website identifying method and device Download PDFInfo
- Publication number
- CN105491031A CN105491031A CN201510854764.1A CN201510854764A CN105491031A CN 105491031 A CN105491031 A CN 105491031A CN 201510854764 A CN201510854764 A CN 201510854764A CN 105491031 A CN105491031 A CN 105491031A
- Authority
- CN
- China
- Prior art keywords
- website
- information
- measured
- domain
- benchmark database
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
Abstract
The invention discloses a phishing website identifying method, which comprises the following steps: receiving access requests of all to-be-identified websites, and obtaining domain information, icon information, form names and critical data of the to-be-identified websites; generating a benchmark database according to the domain information, the icon information, the form names and the critical data of common payment websites and financial websites; marking blacklists and whitelists for various information in the benchmark database; and comparing with keywords in the benchmark database according to the obtained keywords in website data, and when website data information in the database are displayed as the blacklists, judging the to-be-identified website as a phishing website. The phishing website identifying method and the phishing website identifying device disclosed by the invention have the following beneficial effects: by comparing the data information of the to-be-identified website with the information in the benchmark database and by judging whether the website is the phishing website according to the marked blacklist information, the problem that the information at a client site is deployed difficultly is solved; and particularly, the identification rate of the phishing website is improved.
Description
Technical field
The present invention relates to a kind of recognition methods and device of fishing website.
Background technology
Fishing website is often referred to disguise oneself as bank and ecommerce, and steal the website of the private information such as account No., password that user submits to, available computer house keeper carries out killing." fishing " is a kind of network fraud behavior, refer to that lawless person utilizes various means, the URL address of counterfeit actual site and content of pages, or utilize the leak on actual site server program in some webpage of website, insert dangerous HTML code, gain user bank or the private data such as credit card account, password by cheating with this.
The frequent appearance of " fishing website ", seriously have impact on the development harm public interest of on-line finance service, ecommerce, affects the confidence of public's applying Internet.Fishing website pretends to become website of bank usually, steals account that visitor submits to and encrypted message brings very large inconvenience to the life of people, the serious threat property safety of people.
For the problem in correlation technique, at present effective solution is not yet proposed.
Summary of the invention
The object of this invention is to provide a kind of recognition methods and device of fishing website, to overcome currently available technology above shortcomings.
The object of the invention is to be achieved through the following technical solutions:
A recognition methods for fishing website, comprises the steps:
Receive the access request of all websites to be measured, and obtain domain-name information, icon information, the form name of website to be measured, and critical data;
According to conventional paying website and financial web site domain-name information, icon information, form name, and critical data generates benchmark database; And the various information in described benchmark database is carried out to the mark of blacklist and white list;
Compare according to the keyword in the website data to be measured obtained and keyword in described benchmark database, when website data information in a database be shown as blacklist time, judge that described website to be identified is as fishing website.
Further: to judge that carrying device website is that fishing website specifically comprises the steps:
Domain-name information in the data of website to be measured and the domain-name information in benchmark database are compared;
When the domain-name information of website to be measured is labeled as blacklist in benchmark database, judge that this website to be measured is fishing website;
Further, the determination methods of fishing website also comprises the steps:
According to common English word, mechanism writes a Chinese character in simplified form and various technical term generates data dictionary, in the domain-name information that can not find described band website to be measured in your benchmark database, utilize c4.5 algorithm that this domain-name information and described data dictionary are carried out similarity analysis, and draw the domain-name information that possibility is counterfeit;
For the domain name that similarity is high, then by icon information, the form name of this website, and the information of critical data and described benchmark database compares, if above-mentioned information is consistent, judges that this website to be measured is as fishing website.
Further, the site information typing benchmark database again of fishing website will be judged as.
A recognition device for fishing website, comprises information acquisition device, benchmark database processing unit and fishing website judgment means; Wherein:
Information acquisition device: for receiving the access request of all websites to be measured, and obtain domain-name information, icon information, the form name of website to be measured, and critical data;
Benchmark database processing unit: for the conventional paying website of basis and financial web site domain-name information, icon information, form name, and critical data generates benchmark database; And the various information in described benchmark database is carried out to the mark of blacklist and white list;
Fishing website judgment means: for comparing according to the keyword in the website data to be measured obtained and the keyword in described benchmark database, when website data information to be measured in a database be shown as blacklist time, judge that described website to be identified is as fishing website.
Beneficial effect of the present invention is: judge your website whether be fishing website by the information in the data message of website to be measured and benchmark database being compared by the black list information of mark, solve the problem that client-side information disposes difficulty, more improve the discrimination of fishing website.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the flow chart of the recognition methods of fishing website according to the embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, the every other embodiment that those of ordinary skill in the art obtain, all belongs to the scope of protection of the invention.
As shown in Figure 1, the recognition methods of a kind of fishing website according to embodiments of the invention, comprises the steps:
Receive the access request of all websites to be measured, and obtain domain-name information, icon information, the form name of website to be measured, and critical data;
According to conventional paying website and financial web site domain-name information, icon information, form name, and critical data generates benchmark database; And the various information in described benchmark database is carried out to the mark of blacklist and white list;
Compare according to the keyword in the website data to be measured obtained and keyword in described benchmark database, when website data information in a database be shown as blacklist time, judge that described website to be identified is as fishing website.
Further, judge that carrying device website is that fishing website specifically comprises the steps:
Domain-name information in the data of website to be measured and the domain-name information in benchmark database are compared;
When the domain-name information of website to be measured is labeled as blacklist in benchmark database, judge that this website to be measured is fishing website;
According to common English word, mechanism writes a Chinese character in simplified form and various technical term generates data dictionary, in the domain-name information that can not find described band website to be measured in your benchmark database, utilize c4.5 algorithm that this domain-name information and described data dictionary are carried out similarity analysis, and draw the domain-name information that possibility is counterfeit;
For the domain name that similarity is high, then by icon information, the form name of this website, and the information of critical data and described benchmark database compares, if above-mentioned information is consistent, judges that this website to be measured is as fishing website.
Wherein, the determination methods of the domain name that similarity is high comprises, and according to minimum editor's algorithm, the domain name that distance is less than three, such as www.boc.cn and www.b0c.cn, these two domain names only have the difference of o and 0, and editing distance is one.
Further, the site information typing benchmark database again of fishing website will be judged as.
A recognition device for fishing website, comprises information acquisition device, benchmark database processing unit and fishing website judgment means; Wherein:
Information acquisition device: for receiving the access request of all websites to be measured, and obtain domain-name information, icon information, the form name of website to be measured, and critical data;
Benchmark database processing unit: for the conventional paying website of basis and financial web site domain-name information, icon information, form name, and critical data generates benchmark database; And the various information in described benchmark database is carried out to the mark of blacklist and white list;
Fishing website judgment means: for comparing according to the keyword in the website data to be measured obtained and the keyword in described benchmark database, when website data information to be measured in a database be shown as blacklist time, judge that described website to be identified is as fishing website.
In sum, by means of technique scheme of the present invention, judge your website whether be fishing website by the information in the data message of website to be measured and benchmark database being compared by the black list information of mark, solve the problem that client-side information disposes difficulty, more improve the discrimination of fishing website.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (5)
1. a recognition methods for fishing website, is characterized in that, comprises the steps:
Receive the access request of all websites to be measured, and obtain domain-name information, icon information, the form name of website to be measured, and critical data;
According to conventional paying website and financial web site domain-name information, icon information, form name, and critical data generates benchmark database; And the various information in described benchmark database is carried out to the mark of blacklist and white list;
Compare according to the keyword in the website data to be measured obtained and keyword in described benchmark database, when website data information to be measured in a database be shown as blacklist time, judge that described website to be identified is as fishing website.
2. the recognition methods of fishing website according to claim 1, is characterized in that: judge that this equipment website is that fishing website specifically comprises the steps:
Domain-name information in the data of website to be measured and the domain-name information in benchmark database are compared;
When the domain-name information of website to be measured is labeled as blacklist in benchmark database, judge that this website to be measured is fishing website.
3. the recognition methods of fishing website according to claim 2, is characterized in that, the determination methods of fishing website also comprises the steps:
According to common English word, mechanism writes a Chinese character in simplified form and various technical term generates data dictionary, in the domain-name information that can not find described survey grid station to be measured in benchmark database, utilize c4.5 algorithm that this domain-name information and described data dictionary are carried out similarity analysis, and draw the domain-name information that possibility is counterfeit;
For the domain name that similarity is high, then by icon information, the form name of this website, and the information of critical data and described benchmark database compares, if above-mentioned information is consistent, judges that this website to be measured is as fishing website.
4. the recognition methods of fishing website according to claim 3, is characterized in that, will be judged as the site information typing benchmark database again of fishing website.
5. a recognition device for fishing website, is characterized in that, comprises information acquisition device, benchmark database processing unit and fishing website judgment means; Wherein:
Information acquisition device: for receiving the access request of all websites to be measured, and obtain domain-name information, icon information, the form name of website to be measured, and critical data;
Benchmark database processing unit: for the conventional paying website of basis and financial web site domain-name information, icon information, form name, and critical data generates benchmark database; And the various information in described benchmark database is carried out to the mark of blacklist and white list;
Fishing website judgment means: for comparing according to the keyword in the website data to be measured obtained and the keyword in described benchmark database, when website data information to be measured in a database be shown as blacklist time, judge that described website to be identified is as fishing website.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510854764.1A CN105491031A (en) | 2015-11-30 | 2015-11-30 | Phishing website identifying method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510854764.1A CN105491031A (en) | 2015-11-30 | 2015-11-30 | Phishing website identifying method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105491031A true CN105491031A (en) | 2016-04-13 |
Family
ID=55677747
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510854764.1A Pending CN105491031A (en) | 2015-11-30 | 2015-11-30 | Phishing website identifying method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105491031A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106888220A (en) * | 2017-04-12 | 2017-06-23 | 恒安嘉新(北京)科技股份公司 | A kind of detection method for phishing site and equipment |
| CN110535806A (en) * | 2018-05-24 | 2019-12-03 | 中国移动通信集团重庆有限公司 | Monitor method, apparatus, equipment and the computer storage medium of abnormal website |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090089859A1 (en) * | 2007-09-28 | 2009-04-02 | Cook Debra L | Method and apparatus for detecting phishing attempts solicited by electronic mail |
| CN102638448A (en) * | 2012-02-27 | 2012-08-15 | 珠海市君天电子科技有限公司 | Method for judging phishing websites based on non-content analysis |
| CN104077396A (en) * | 2014-07-01 | 2014-10-01 | 清华大学深圳研究生院 | Method and device for detecting phishing website |
| CN105491033A (en) * | 2015-11-30 | 2016-04-13 | 睿峰网云(北京)科技股份有限公司 | Phishing website identifying method and device |
-
2015
- 2015-11-30 CN CN201510854764.1A patent/CN105491031A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090089859A1 (en) * | 2007-09-28 | 2009-04-02 | Cook Debra L | Method and apparatus for detecting phishing attempts solicited by electronic mail |
| CN102638448A (en) * | 2012-02-27 | 2012-08-15 | 珠海市君天电子科技有限公司 | Method for judging phishing websites based on non-content analysis |
| CN104077396A (en) * | 2014-07-01 | 2014-10-01 | 清华大学深圳研究生院 | Method and device for detecting phishing website |
| CN105491033A (en) * | 2015-11-30 | 2016-04-13 | 睿峰网云(北京)科技股份有限公司 | Phishing website identifying method and device |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106888220A (en) * | 2017-04-12 | 2017-06-23 | 恒安嘉新(北京)科技股份公司 | A kind of detection method for phishing site and equipment |
| CN110535806A (en) * | 2018-05-24 | 2019-12-03 | 中国移动通信集团重庆有限公司 | Monitor method, apparatus, equipment and the computer storage medium of abnormal website |
| CN110535806B (en) * | 2018-05-24 | 2022-04-01 | 中国移动通信集团重庆有限公司 | Method, device and equipment for monitoring abnormal website and computer storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Jeeva et al. | Intelligent phishing url detection using association rule mining | |
| US20200045067A1 (en) | Dynamic phishing detection methods and apparatus | |
| Blum et al. | Lexical feature based phishing URL detection using online learning | |
| CN106789939B (en) | A kind of detection method for phishing site and device | |
| CN105718577B (en) | Method and system for automatically detecting phishing aiming at newly added domain name | |
| CN105491033A (en) | Phishing website identifying method and device | |
| Suzuki et al. | ShamFinder: An automated framework for detecting IDN homographs | |
| CN105119909B (en) | A kind of counterfeit website detection method and system based on page visual similarity | |
| CN109690547A (en) | For detecting the system and method cheated online | |
| CN102769632A (en) | Method and system for grading detection and prompt of fishing website | |
| CN113098870A (en) | Phishing detection method and device, electronic equipment and storage medium | |
| US20080162449A1 (en) | Dynamic page similarity measurement | |
| WO2017076210A1 (en) | Method and device for use in risk management of application information | |
| CN104954372A (en) | Method and system for performing evidence acquisition and verification on phishing website | |
| CN104504335A (en) | Fishing APP detection method and system based on page feature and URL feature | |
| CN105959330A (en) | False link interception method, device and system | |
| CN103379111A (en) | Intelligent anti-phishing defensive system | |
| US20140230054A1 (en) | System and method for estimating typicality of names and textual data | |
| CN116366338B (en) | Risk website identification method and device, computer equipment and storage medium | |
| CN110474889A (en) | One kind being based on the recognition methods of web graph target fishing website and device | |
| CN106357682A (en) | Phishing website detecting method | |
| CN113779481A (en) | Method, device, equipment and storage medium for identifying fraud websites | |
| CN108270754B (en) | Detection method and device for phishing website | |
| Wen et al. | Detecting malicious websites in depth through analyzing topics and web-pages | |
| CN105491031A (en) | Phishing website identifying method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160413 |
|
| RJ01 | Rejection of invention patent application after publication |