CN107786537A - A kind of lonely page implantation attack detection method based on internet intersection search - Google Patents

A kind of lonely page implantation attack detection method based on internet intersection search Download PDF

Info

Publication number
CN107786537A
CN107786537A CN201710845948.0A CN201710845948A CN107786537A CN 107786537 A CN107786537 A CN 107786537A CN 201710845948 A CN201710845948 A CN 201710845948A CN 107786537 A CN107786537 A CN 107786537A
Authority
CN
China
Prior art keywords
page
link
website
lonely
illegal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710845948.0A
Other languages
Chinese (zh)
Other versions
CN107786537B (en
Inventor
王方军
范渊
黄进
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
DBAPPSecurity Co Ltd
Original Assignee
DBAPPSecurity Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by DBAPPSecurity Co Ltd filed Critical DBAPPSecurity Co Ltd
Priority to CN201710845948.0A priority Critical patent/CN107786537B/en
Publication of CN107786537A publication Critical patent/CN107786537A/en
Application granted granted Critical
Publication of CN107786537B publication Critical patent/CN107786537B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/955Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
    • G06F16/9558Details of hyperlinks; Management of linked annotations
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/955Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
    • G06F16/9566URL specific, e.g. using aliases, detecting broken or misspelled links
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Technology Law (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The present invention relates to information security technology, it is desirable to provide a kind of lonely page implantation attack detection method based on internet intersection search.Lonely page implantation attack detection method of this kind based on internet intersection search includes step:Website on internet is organized into website storehouse, dark chain and keyword retrieval are carried out to the homepage of each website;For the higher website of suspicious degree, the Risk Chain in its risk link module is tapped into row and parsed one by one;The source page illegally linked and the sensing page are combined analysis, further confirm that the possibility illegally distorted or be implanted into;WEB systems where the page pointed to from illegal link are found out and confirm it is lonely page.The present invention confirms that illegal module, illegal link, the probability of illegal contents are alterables, can learnt;The present invention is more accurate than single content from overall multiple angle analysis, more credible.

Description

A kind of lonely page implantation attack detection method based on internet intersection search
Technical field
The present invention is on field of information security technology, more particularly to a kind of lonely page implantation based on internet intersection search Attack detection method.
Background technology
It is born from first website in the world at the beginning of the nineties in last century, WEB is removed from office website along with Internet technology always Newly continue and be developed so far.Most important of which one-shot change, be WEB1.0 Web site of the times informant's one-way provide Content (static website), to the extensive use of dynamic website.With being surging forward for BBS forums, the arrival in WEB2.0 epoch, net Also with the lifting of the importance of user, various web technologies, database technology and WEB container techniques also develop fast page interactivity Speed.But technology is double-edged sword, while Consumer's Experience is lifted, the input of user is also a uncontrollable factor, respectively The security that kind injection, attack directly results in WEB websites declines.Even some hackers are directly obtained by web front-end System Privileges, to being modified and destroying from the background, its illegal purpose is reached with this.These behavior expressions are visible in domestic consumer It is formal, exactly distort, extension horse, implantation dark chain and lonely page etc..
This kind of attack of lonely page is implanted into, due to its particularity, the typically no link from our station is pointed to, and we are difficult from our station Directly find out.The method that may be used at present has:A kind of method is in the operating system installed by entering WEB websites, directly Local file directory is scanned, the means such as historical record, system journal record operation, hair are added by sensitive text analyzing, the page Existing lonely page;Another method is by way of internet content search engine input instruction, plus particular keywords, manually Search.
But above two method has its limitation:
The shortcomings that first method have it is following some:1st, login system one by one, can not in high volume be checked;2nd, without user name Password cannot be introduced into system, otherwise can only internally install local client in advance.On the one hand the installation amount of client is increased, On the other hand locally-installed application, it is impossible to do not have any influence on system.3rd, page addition historical record, system operatio note Record daily record etc. may be erased, and so search to get up to have no main threads completely.
Second method also has following defect:Although the 1, search engine is presented the lonely chain being implanted completely, But these information are buried in a large amount of non-network safety-related information completely, are not automated mode and are extracted;2nd, search The excessive content of rope engine cache, without selectivity, the update cycle is elongated to cause promptness to decline.In addition, both have one The defects of individual common, is, when being scanned for using sensitive information text, requires very high to the hit rate of keyword, can not ensure it Validity.Two kinds of detection methods above, it can serve as the evidence means of the present invention.
The content of the invention
It is a primary object of the present invention to overcome deficiency of the prior art, there is provided a kind of it can be found that lonely page implantation attack Method.In order to solve the above technical problems, the solution of the present invention is:
A kind of lonely page implantation attack detection method based on internet intersection search is provided, specifically includes following step:
(1) website on internet is organized into website storehouse, dark chain and keyword inspection is carried out to the homepage of each website Rope;Specifically include following sub-steps:
Step A:The website that domain name website and IP on internet add port is subjected to pooled classification, takes union into website storehouse (being continuously increased perfect), website stock puts the URL used in web portal;
Step B:Initial analysis is carried out to the website in website storehouse, different to URL really same website (including exist and jump Turn, different-format;To the url1 that redirects being present, obtaining the url2 after redirecting and associating url1 to url2, repeatedly redirect by Final URL is defined, and url3 is got after such as being redirected twice;All URL, i.e. url1, url2, url3 are marked For that should be analyzed;Only mark to different-format be domain name and length it is most short should to analyze, as url4 is http://www.aaa.com, url5 http://www.aaa.com/index.html, url6 http:// 204.205.206.207:7788, they are actually pointed to the same page of same website, then should select url4 on principle Labeled as that should be analyzed, other URL will be associated with url4, and without analysis), inaccessible is (to inaccessible URL be labeled as temporary transient inaccessible, intermittent detection is carried out within a period of time by program;As url7 revert to it is addressable State, then it is labeled as being analyzed;Limit, for example still can not access as url8 exceedes a period of time for one day, then carry out Delete) situation pre-processed, obtain and be able to access that the website URL of homepage;
Step C:Using dark chain structure characteristic analysis method, (specific format is searched in the analysis of Website page code static text The method of dark chain, the method that the mode of js scripts searches generation text hidden link after execution js scripts is dynamically rendered, reads figure Piece word simultaneously determines whether the method that may have access to link, reads the method that Quick Response Code is converted to Text Link), homepage is carried out Context resolution;If exist in website naked eyes not detectable link (by code Stealth Modus, beyond screen height or width, The same background color of text color, it is embedded into picture or flash file, the mode for being converted into Quick Response Code, reaches meat when website user browses The invisible, unobvious of eye, the purpose that website webmaster can not visually have found), but the link of this form can be searched engine receipts During record, then there is the risk attacked by dark chain in the website;
(using the keyword dictionary, in particular to self-defined keyword set to shoot straight, had solid using keyword dictionary Determine the upper limit, be defaulted as 500 words;It is the link with sensitive information according to keyword lookup, and by checking, feeds back the keyword It is effectively caused risk to be present in the link of hit;The keyword dictionary regularly updates, and eliminates the word that hit rate declines, supplement hit The high word entrance of rate), homepage content is analyzed;If link characters include at least one of which keyword, the website In the presence of the risk for being implanted sensitive information;
To the website of any kind risk be present, (i.e. presence is implanted sensitive letter by the website of dark chain risk of attacks and presence The website of ceases wind danger), risk link module therein is extracted;Risk link module refers to link comprising one or more risk Label model (be typically<div>、<table>、<td>、<li>The text of label, and website A will not be write because of this section of text It is judged as risk link being present by program in the page, writes in the B pages of website and become devoid of risk link);
(2) for the higher website of suspicious degree, i.e., the net at least one risk link module of presence that step C is selected Stand, the Risk Chain in its risk link module is tapped into row parses one by one, obtains the content that the page is pointed in link, and link is referred to To webpage carry out content analysis;Specifically include following sub-steps:
Step D:Link in the risk link module of the suspicious higher website of degree is extracted one by one, link is obtained and points to The content of the page;
Step E:Text analyzing is carried out to the content for pointing to the page, judges whether that sensitive text (shoots straight Keyword) and illegal domain name (content i.e. pointed by the domain name is it is determined that be malice, illegal, and be published in internet Above, it is stored in the blacklist of security firm);
If in the presence of sensitive text or illegal domain name, the judgement sensing page is linked as illegally linking, and extraction should Illegal link, jump to step G execution;
If in the absence of sensitive text and illegal domain name, continue step F processing;
Step F:Picture be present when pointing in the page, then to point to the page present in picture, carry out similarity mode (and Existing similarity mode refers to the similarity degree by the pictures of image similarity Algorithm Analysis two, and this method comes with largely The calculated value of sensitization picture), OCR Text regions (character and graphic on picture is translated into computer literal with character identifying method Word);If the calculated value that picture on the page is pointed in similarity mode Algorithm Analysis is 1, being linked as the judgement sensing page is non- Method links, and extracts the illegal link and preserves;If the text information of OCR Text regions extraction includes keyword, judge to point to The page is linked as illegally linking, and extracts the illegal link and preserves;Other situations then judge to point to the link of the page not It is illegally to link;
Picture is not present in the page when pointing to, then is directly entered step G execution;
Step G:Circulation performs step D, step E, step F, until completing all in risk link module illegally to link Extraction;
(3) the source page illegally linked and the sensing page are combined analysis, further confirm that and illegally distorted or planted The possibility entered;The source page and link are subjected to corresponding preservation;Specifically include following sub-steps:
Step H:By the invalid information in the page of source, and the invalid information in directional information, it is combined weighting and judges, When probability-weighted reaches default threshold value, then it is assumed that be somebody's turn to do " the source page-sensing page " and illegally link to setting up;
Step I:Repeat all illegal links pair of step H acquisitions;With the quantity of finally illegal link pair, (pass through Algorithm) recalculate the probable value α that the source page is illegally distorted or is implanted into;With specific " the source page-sensing page " illegally link pair, (passing through algorithm), which is recalculated, illegally to be linked to the probability β of invalid information be present;When probability α, β exceed respective default threshold value When, it is determined that the link of invalid information is generated by URL link between multiple pages;
So far, this method completes the relation that " more than 1 pair " is filtered out from the countless page link relations in internet:" 1 " is Refer to and find out and determine that includes the source page illegally linked, this source page is the homepage of some websites;" more " are to find out And multiple pages by illegally linking to sensing are determined, these point to the homepage that the page is probably website, it is also possible to should Method finally needs " the lonely page " looked for;Lonely page refers to, issues all pages in the WEB systems (website) of the page, none bag Containing the link for pointing to the page, the page (the not entrance including website that can only could be accessed by inputting the complete URL in website That is website homepage), or link clicks on other Website pages are implanted to by hacker and accessed;This method passes through latter Approach, machine selects these lonely pages with invalid information from magnanimity source web page;
(4) the WEB systems (website) where the page pointed to from illegal link are found out and confirm it is lonely page;Specifically include down State sub-step;
Step J:Find out doubtful lonely page, i.e., non-our station, (non-website is first for the page that includes pointed by the link in path Page, illegally linked as website www.aaa.com is present, by illegally linking to pointing to the multiple page (a) http:// www.aaa.com/test.htmlA=1;(b)http://www.bbb.com/;(c)http://www.bbb.com/ test.htmlB=2;Then doubtful lonely page can only be (c);Because being exactly the our station page, even the illegal page, still (a) Because same web-site includes the link for pointing to the page, the definition of lonely page is not met;(b) be website entrance i.e. homepage, Do not meet the definition of lonely page), and the link of lonely page can only be absolute URL (address of the resource i.e. on internet);
Step K:The analysis of all webpages is carried out to website where doubtful lonely page, extracts the link of this all website, and will Relative URL changes into absolute URL (i.e. relative to the address of some absolute URL address), and carries out re-scheduling;
Step L:URL after re-scheduling and doubtful lonely page URL are compared one by one;
As do not matched, then it is real lonely page to confirm the doubtful lonely page, and the website is implanted into by lonely page and attacked;
If matched, illustrate doubtful lonely page be common illegal link (illegal link but be not the situation of lonely page, It is the useful auxiliary product of this method, it is most likely that be the webpage being tampered, the probability itself invaded is very big);
(5) confirm illegally to be linked as after lonely page, storing the lonely page link, (hacker can be implanted to lonely page multiple invaded And in the website distorted;There is the lonely page link, then have been described above page quilt in source in step I in any website, any page 100%) the illegal probable value α for distorting or being implanted into is;Jump to step C to repeat, attack is implanted into by lonely page to search other Website.
The operation principle of the present invention:By detecting the illegal link label module in each website homepage in website storehouse in real time, The original page of illegalities consolidation for pointing to web page contents is linked in the presence of the judgement illegally linked by analyzing, and is intersected based on internet Relation searches our station orphan's page, according to be judged as the link of lonely page as input condition evidence other systems exist the link be by Caused by being invaded, being distorted.
Compared with prior art, the beneficial effects of the invention are as follows:
The present invention need not enter local system, can carry out large batch of analysis and research independent of retrieval local file, right System without influence, to system account independent of.
The present invention is based on relation, and B is looked for from A, rather than directly looks for A from A, and B is looked for from B;The present invention relies on similar mutual Network search engine pattern but be not relying on, also more targetedly, lightweight.
The present invention is for illegal link pair, moreover it is possible to by illegal link module, intersection search contact further increase or Reduce it and be judged as illegal probability, reach us and effectively identify the probability of lonely page implantation attack, contribute to us faster more accurate Ground finds the WEB websites encroached on.
The present invention confirms that illegal module, illegal link, the probability of illegal contents are alterables, can learnt;The present invention from Overall multiple angle analysis are more accurate than single content, more credible.
Lonely page link is counter can to push away the system invaded and distorted, and its accuracy is high.
Brief description of the drawings
Fig. 1 is the operating diagram of the present invention.
Fig. 2 is the workflow diagram of the present invention.
Embodiment
It is computer technology in information the present invention relates to sensitive information retrieval and identification technique firstly the need of explanation A kind of application of security technology area.In the implementation process of the present invention, the application of multiple software function modules can be related to.Shen Ask someone to think, it is existing combining such as after application documents, accurate understanding realization principle and goal of the invention of the invention is read over In the case of having known technology, those skilled in the art can use the software programming technical ability of its grasp to realize the present invention completely. Aforementioned software functional module includes but is not limited to:Website Usability judges, website redirects identification, dark chain module obtains, keyword Storehouse automatically seniority among brothers and sisters delete, website storehouse pooled classification, the definition of " illegal link to " and storage etc., all the present patent application files refer to Category this category, applicant will not enumerate.
The present invention is described in further detail with embodiment below in conjunction with the accompanying drawings:
A kind of lonely page implantation attack detection method based on internet intersection search as shown in Figure 1, is specifically included following Step:
(1) by detecting the illegal link label module in each website homepage in website storehouse in real time:Judge that website may have access to State;Analyzing web site homepage content;Illegal link label module is searched according to feature.
(2) the original page of illegalities consolidation for pointing to web page contents is linked in the presence of the judgement illegally linked by analyzing:Obtain A link in negated method link label module;Analyze the link and point to and whether there is illegal contents;If it is confirmed that in pointing to Appearance is illegal, then further consolidates the illegalities probability of illegal link module, there is provided it is illegally to link that other links, which are probably, Probability.
(3) page that our station is illegal lonely page is searched based on internet cross reference, i.e., the page link is in web system It is not present in the page that can be crawled.
(4) link be present as input condition evidence other systems according to the link for being judged as lonely page is to be invaded to distort Cause:The link text for pointing to lonely page, search whether exist in other Website pages;The website linked in the presence of the lonely page, The probability distorted by invasion greatly promotes.
The present invention is more fully understood in the professional and technical personnel that the following examples can make this professional, but not with any side The formula limitation present invention.
As shown in Fig. 2 to carry out the detection of lonely page implantation attack, following step is specifically included:
Step A:First have to arrange the website storehouse of certain scale quantity, website radix is bigger, then the probability pinpointed the problems is got over Greatly;And website storehouse website entries may gradually increase it is perfect.
Step B:Keyword sensitivity text message detection means is added to find illegal link module by dark chain detection means.
Step C:Analyze one by one, the page of sensing then preserves the relation pair, such as " http there is also invalid information:// www.aaa.com->http://www.bbb.com/c/d/index.html”。
Step D:Verify http://www.bbb.com/c/d/index.html is in WEB systems http:// It is lonely page on www.bbb.com, i.e., the page is pointed in any link of no any page.
Step E:With http://www.bbb.com/c/d/index.html is as input condition, the net in the storehouse of website Searched in homepage of standing, the connection be present there may exist intrusion risk.
Finally it should be noted that listed above is only specific embodiment of the invention.It is clear that the invention is not restricted to Above example, there can also be many variations.One of ordinary skill in the art can directly lead from present disclosure All deformations for going out or associating, are considered as protection scope of the present invention.

Claims (1)

1. a kind of lonely page implantation attack detection method based on internet intersection search, it is characterised in that specifically include following steps Suddenly:
(1) website on internet is organized into website storehouse, dark chain and keyword retrieval is carried out to the homepage of each website;Tool Body includes following sub-steps:
Step A:The website that domain name website and IP on internet add port is subjected to pooled classification, takes union into website storehouse, website Stock puts the URL used in web portal;
Step B:Initial analysis is carried out to the website in website storehouse, different to URL is really same website, the situation of inaccessible Pre-processed, obtain the website URL for being able to access that homepage;
Step C:Using dark chain structure characteristic analysis method, Context resolution is carried out to homepage;If naked eyes in website be present can not send out Existing link, but when the link of this form can be searched engine and include, then there is the risk attacked by dark chain in the website;
Using keyword dictionary, homepage content is analyzed;, should if link characters include at least one of which keyword The risk for being implanted sensitive information be present in website;
To the website of any kind risk be present, risk link module therein is extracted;Risk link module refers to include one Bar or the label model of a plurality of risk link;
(2) for the higher website of suspicious degree, i.e., the website at least one risk link module of presence that step C is selected will Risk Chain in its risk link module taps into row and parsed one by one, obtains the content that the page is pointed in link, and link is pointed to Webpage carries out content analysis;Specifically include following sub-steps:
Step D:Link in the risk link module of the suspicious higher website of degree is extracted one by one, link is obtained and points to the page Content;
Step E:Text analyzing is carried out to the content for pointing to the page, judges whether sensitive text and illegal domain name;
If in the presence of sensitive text or illegal domain name, the judgement sensing page is linked as illegally linking, and it is illegal to extract this Link, jump to step G execution;
If in the absence of sensitive text and illegal domain name, continue step F processing;
Step F:Picture be present when pointing in the page, then to pointing to picture present in the page, carry out similarity mode, OCR texts Word identifies;If the calculated value that picture on the page is pointed in similarity mode Algorithm Analysis is 1, judge to point to being linked as the page Illegal link, extracts the illegal link and preserves;If the text information of OCR Text regions extraction includes keyword, judgement refers to It is linked as illegally linking to the page, extracts the illegal link and preserve;Other situations then judge to point to the link of the page It is not illegally to link;
Picture is not present in the page when pointing to, then is directly entered step G execution;
Step G:Circulation performs step D, step E, step F, until completing all extractions illegally linked in risk link module;
(3) the source page illegally linked and the sensing page are combined analysis, further confirm that what is illegally distorted or be implanted into Possibility;The source page and link are subjected to corresponding preservation;Specifically include following sub-steps:
Step H:By the invalid information in the page of source, and the invalid information in directional information, it is combined weighting and judges, when adds Power probability reaches default threshold value, then it is assumed that is somebody's turn to do " the source page-sensing page " and illegally links to setting up;
Step I:Repeat all illegal links pair of step H acquisitions;With the quantity of finally illegal link pair, source is recalculated The probable value α that the page is illegally distorted or is implanted into;With specific " the source page-sensing page " illegally link pair, illegal chain is recalculated Connect to the probability β of invalid information be present;When probability α, β exceed respective default threshold value, it is determined that between multiple pages The link of invalid information is generated by URL link;
(4) the WEB systems where the page pointed to from illegal link are found out and confirm it is lonely page;Specifically include following sub-steps;
Step J:Find out doubtful lonely page, i.e., non-our station, comprising the page pointed by the link in path, and the link of lonely page can only It is absolute URL;
Step K:The analysis of all webpages is carried out to website where doubtful lonely page, extracts the link of this all website, and will be relative URL changes into absolute URL, and carries out re-scheduling;
Step L:URL after re-scheduling and doubtful lonely page URL are compared one by one;
As do not matched, then it is real lonely page to confirm the doubtful lonely page, and the website is implanted into by lonely page and attacked;
If matched, it is common illegal link to illustrate doubtful lonely page;
(5) confirm illegally to be linked as after lonely page, store the lonely page link;Step C is jumped to repeat, with search other by The website of lonely page implantation attack.
CN201710845948.0A 2017-09-19 2017-09-19 Isolated page implantation attack detection method based on Internet cross search Active CN107786537B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710845948.0A CN107786537B (en) 2017-09-19 2017-09-19 Isolated page implantation attack detection method based on Internet cross search

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710845948.0A CN107786537B (en) 2017-09-19 2017-09-19 Isolated page implantation attack detection method based on Internet cross search

Publications (2)

Publication Number Publication Date
CN107786537A true CN107786537A (en) 2018-03-09
CN107786537B CN107786537B (en) 2020-04-07

Family

ID=61437609

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710845948.0A Active CN107786537B (en) 2017-09-19 2017-09-19 Isolated page implantation attack detection method based on Internet cross search

Country Status (1)

Country Link
CN (1) CN107786537B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110309667A (en) * 2019-04-16 2019-10-08 网宿科技股份有限公司 A kind of dark chain detection method in website and device
CN111460442A (en) * 2020-04-24 2020-07-28 怀化学院 Attack detection method based on Internet cross search defects
CN111814643A (en) * 2020-06-30 2020-10-23 杭州科度科技有限公司 Black and gray URL (Uniform resource locator) identification method and device, electronic equipment and medium
CN112039885A (en) * 2020-08-31 2020-12-04 绿盟科技集团股份有限公司 Website risk assessment method and device
CN112199573A (en) * 2020-08-05 2021-01-08 宝付网络科技(上海)有限公司 Active detection method and system for illegal transaction
CN112347327A (en) * 2020-10-22 2021-02-09 杭州安恒信息技术股份有限公司 Website detection method and device, readable storage medium and computer equipment
CN112487321A (en) * 2020-12-08 2021-03-12 北京天融信网络安全技术有限公司 Detection method, detection device, storage medium and electronic equipment
CN115033819A (en) * 2022-04-26 2022-09-09 广东希尔文化传媒投资股份有限公司 Internet risk monitoring method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102571783A (en) * 2011-12-29 2012-07-11 北京神州绿盟信息安全科技股份有限公司 Phishing website detection method, device and system as well as website
WO2012166440A2 (en) * 2011-05-27 2012-12-06 Alibaba Group Holding Limited External link processing
CN104077353A (en) * 2011-12-30 2014-10-01 北京奇虎科技有限公司 Method and device for detecting hacking links
CN104378389A (en) * 2014-12-12 2015-02-25 北京奇虎科技有限公司 Website security detecting method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012166440A2 (en) * 2011-05-27 2012-12-06 Alibaba Group Holding Limited External link processing
CN102571783A (en) * 2011-12-29 2012-07-11 北京神州绿盟信息安全科技股份有限公司 Phishing website detection method, device and system as well as website
CN104077353A (en) * 2011-12-30 2014-10-01 北京奇虎科技有限公司 Method and device for detecting hacking links
CN104378389A (en) * 2014-12-12 2015-02-25 北京奇虎科技有限公司 Website security detecting method and device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
吉向东: "基于Crawler技术的超链接测试系统", 《信息技术》 *

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110309667A (en) * 2019-04-16 2019-10-08 网宿科技股份有限公司 A kind of dark chain detection method in website and device
CN110309667B (en) * 2019-04-16 2022-08-30 网宿科技股份有限公司 Website hidden link detection method and device
CN111460442A (en) * 2020-04-24 2020-07-28 怀化学院 Attack detection method based on Internet cross search defects
CN111814643A (en) * 2020-06-30 2020-10-23 杭州科度科技有限公司 Black and gray URL (Uniform resource locator) identification method and device, electronic equipment and medium
CN112199573A (en) * 2020-08-05 2021-01-08 宝付网络科技(上海)有限公司 Active detection method and system for illegal transaction
CN112199573B (en) * 2020-08-05 2023-12-08 宝付网络科技(上海)有限公司 Illegal transaction active detection method and system
CN112039885A (en) * 2020-08-31 2020-12-04 绿盟科技集团股份有限公司 Website risk assessment method and device
CN112039885B (en) * 2020-08-31 2022-09-02 绿盟科技集团股份有限公司 Website risk assessment method and device
CN112347327A (en) * 2020-10-22 2021-02-09 杭州安恒信息技术股份有限公司 Website detection method and device, readable storage medium and computer equipment
CN112347327B (en) * 2020-10-22 2024-03-19 杭州安恒信息技术股份有限公司 Website detection method and device, readable storage medium and computer equipment
CN112487321A (en) * 2020-12-08 2021-03-12 北京天融信网络安全技术有限公司 Detection method, detection device, storage medium and electronic equipment
CN115033819A (en) * 2022-04-26 2022-09-09 广东希尔文化传媒投资股份有限公司 Internet risk monitoring method and system

Also Published As

Publication number Publication date
CN107786537B (en) 2020-04-07

Similar Documents

Publication Publication Date Title
CN107786537A (en) A kind of lonely page implantation attack detection method based on internet intersection search
CN103559235B (en) A kind of online social networks malicious web pages detection recognition methods
CN102436563B (en) Method and device for detecting page tampering
AU2004255005B2 (en) Method and system for augmenting web content
CN110537180B (en) System and method for tagging elements in internet content within a direct browser
CN102446255B (en) Method and device for detecting page tamper
US20150295942A1 (en) Method and server for performing cloud detection for malicious information
CN108566399B (en) Phishing website identification method and system
CN105184159A (en) Web page falsification identification method and apparatus
CN102591965B (en) Method and device for detecting black chain
CN101490685A (en) A method for increasing the security level of a user machine browsing web pages
CN104156490A (en) Method and device for detecting suspicious fishing webpage based on character recognition
CN102523130B (en) Bad webpage detection method and device
CN108038173B (en) Webpage classification method and system and webpage classification equipment
CN105975523A (en) Hidden hyperlink detection method based on stack
JP6936459B1 (en) Trademark use detection device, trademark use detection method and trademark use detection program
CN102682097A (en) Method and equipment for detecting secrete links in web page
Haruta et al. Visual similarity-based phishing detection scheme using image and CSS with target website finder
Deshpande et al. Detection of phishing websites using Machine Learning
CN104239582A (en) Method and device for identifying phishing webpage based on feature vector model
CN110474889A (en) One kind being based on the recognition methods of web graph target fishing website and device
WO2020211130A1 (en) Hidden link detection method and apparatus for website
CN107506649A (en) A kind of leak detection method of html web page, device and electronic equipment
CN104036190A (en) Method and device for detecting page tampering
CN106446123A (en) Webpage verification code element identification method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 310051 No. 188 Lianhui Street, Xixing Street, Binjiang District, Hangzhou City, Zhejiang Province

Applicant after: Hangzhou Annan information technology Limited by Share Ltd

Address before: Zhejiang Zhongcai Building No. 68 Binjiang District road Hangzhou City, Zhejiang Province, the 310051 and 15 layer

Applicant before: Dbappsecurity Co.,ltd.

GR01 Patent grant
GR01 Patent grant