CN107786537A - A kind of lonely page implantation attack detection method based on internet intersection search - Google Patents
A kind of lonely page implantation attack detection method based on internet intersection search Download PDFInfo
- Publication number
- CN107786537A CN107786537A CN201710845948.0A CN201710845948A CN107786537A CN 107786537 A CN107786537 A CN 107786537A CN 201710845948 A CN201710845948 A CN 201710845948A CN 107786537 A CN107786537 A CN 107786537A
- Authority
- CN
- China
- Prior art keywords
- page
- link
- website
- lonely
- illegal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/955—Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
- G06F16/9558—Details of hyperlinks; Management of linked annotations
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/955—Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
- G06F16/9566—URL specific, e.g. using aliases, detecting broken or misspelled links
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Technology Law (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The present invention relates to information security technology, it is desirable to provide a kind of lonely page implantation attack detection method based on internet intersection search.Lonely page implantation attack detection method of this kind based on internet intersection search includes step:Website on internet is organized into website storehouse, dark chain and keyword retrieval are carried out to the homepage of each website;For the higher website of suspicious degree, the Risk Chain in its risk link module is tapped into row and parsed one by one;The source page illegally linked and the sensing page are combined analysis, further confirm that the possibility illegally distorted or be implanted into;WEB systems where the page pointed to from illegal link are found out and confirm it is lonely page.The present invention confirms that illegal module, illegal link, the probability of illegal contents are alterables, can learnt;The present invention is more accurate than single content from overall multiple angle analysis, more credible.
Description
Technical field
The present invention is on field of information security technology, more particularly to a kind of lonely page implantation based on internet intersection search
Attack detection method.
Background technology
It is born from first website in the world at the beginning of the nineties in last century, WEB is removed from office website along with Internet technology always
Newly continue and be developed so far.Most important of which one-shot change, be WEB1.0 Web site of the times informant's one-way provide
Content (static website), to the extensive use of dynamic website.With being surging forward for BBS forums, the arrival in WEB2.0 epoch, net
Also with the lifting of the importance of user, various web technologies, database technology and WEB container techniques also develop fast page interactivity
Speed.But technology is double-edged sword, while Consumer's Experience is lifted, the input of user is also a uncontrollable factor, respectively
The security that kind injection, attack directly results in WEB websites declines.Even some hackers are directly obtained by web front-end
System Privileges, to being modified and destroying from the background, its illegal purpose is reached with this.These behavior expressions are visible in domestic consumer
It is formal, exactly distort, extension horse, implantation dark chain and lonely page etc..
This kind of attack of lonely page is implanted into, due to its particularity, the typically no link from our station is pointed to, and we are difficult from our station
Directly find out.The method that may be used at present has:A kind of method is in the operating system installed by entering WEB websites, directly
Local file directory is scanned, the means such as historical record, system journal record operation, hair are added by sensitive text analyzing, the page
Existing lonely page;Another method is by way of internet content search engine input instruction, plus particular keywords, manually
Search.
But above two method has its limitation:
The shortcomings that first method have it is following some:1st, login system one by one, can not in high volume be checked;2nd, without user name
Password cannot be introduced into system, otherwise can only internally install local client in advance.On the one hand the installation amount of client is increased,
On the other hand locally-installed application, it is impossible to do not have any influence on system.3rd, page addition historical record, system operatio note
Record daily record etc. may be erased, and so search to get up to have no main threads completely.
Second method also has following defect:Although the 1, search engine is presented the lonely chain being implanted completely,
But these information are buried in a large amount of non-network safety-related information completely, are not automated mode and are extracted;2nd, search
The excessive content of rope engine cache, without selectivity, the update cycle is elongated to cause promptness to decline.In addition, both have one
The defects of individual common, is, when being scanned for using sensitive information text, requires very high to the hit rate of keyword, can not ensure it
Validity.Two kinds of detection methods above, it can serve as the evidence means of the present invention.
The content of the invention
It is a primary object of the present invention to overcome deficiency of the prior art, there is provided a kind of it can be found that lonely page implantation attack
Method.In order to solve the above technical problems, the solution of the present invention is:
A kind of lonely page implantation attack detection method based on internet intersection search is provided, specifically includes following step:
(1) website on internet is organized into website storehouse, dark chain and keyword inspection is carried out to the homepage of each website
Rope;Specifically include following sub-steps:
Step A:The website that domain name website and IP on internet add port is subjected to pooled classification, takes union into website storehouse
(being continuously increased perfect), website stock puts the URL used in web portal;
Step B:Initial analysis is carried out to the website in website storehouse, different to URL really same website (including exist and jump
Turn, different-format;To the url1 that redirects being present, obtaining the url2 after redirecting and associating url1 to url2, repeatedly redirect by
Final URL is defined, and url3 is got after such as being redirected twice;All URL, i.e. url1, url2, url3 are marked
For that should be analyzed;Only mark to different-format be domain name and length it is most short should to analyze, as url4 is
http://www.aaa.com, url5 http://www.aaa.com/index.html, url6 http://
204.205.206.207:7788, they are actually pointed to the same page of same website, then should select url4 on principle
Labeled as that should be analyzed, other URL will be associated with url4, and without analysis), inaccessible is (to inaccessible
URL be labeled as temporary transient inaccessible, intermittent detection is carried out within a period of time by program;As url7 revert to it is addressable
State, then it is labeled as being analyzed;Limit, for example still can not access as url8 exceedes a period of time for one day, then carry out
Delete) situation pre-processed, obtain and be able to access that the website URL of homepage;
Step C:Using dark chain structure characteristic analysis method, (specific format is searched in the analysis of Website page code static text
The method of dark chain, the method that the mode of js scripts searches generation text hidden link after execution js scripts is dynamically rendered, reads figure
Piece word simultaneously determines whether the method that may have access to link, reads the method that Quick Response Code is converted to Text Link), homepage is carried out
Context resolution;If exist in website naked eyes not detectable link (by code Stealth Modus, beyond screen height or width,
The same background color of text color, it is embedded into picture or flash file, the mode for being converted into Quick Response Code, reaches meat when website user browses
The invisible, unobvious of eye, the purpose that website webmaster can not visually have found), but the link of this form can be searched engine receipts
During record, then there is the risk attacked by dark chain in the website;
(using the keyword dictionary, in particular to self-defined keyword set to shoot straight, had solid using keyword dictionary
Determine the upper limit, be defaulted as 500 words;It is the link with sensitive information according to keyword lookup, and by checking, feeds back the keyword
It is effectively caused risk to be present in the link of hit;The keyword dictionary regularly updates, and eliminates the word that hit rate declines, supplement hit
The high word entrance of rate), homepage content is analyzed;If link characters include at least one of which keyword, the website
In the presence of the risk for being implanted sensitive information;
To the website of any kind risk be present, (i.e. presence is implanted sensitive letter by the website of dark chain risk of attacks and presence
The website of ceases wind danger), risk link module therein is extracted;Risk link module refers to link comprising one or more risk
Label model (be typically<div>、<table>、<td>、<li>The text of label, and website A will not be write because of this section of text
It is judged as risk link being present by program in the page, writes in the B pages of website and become devoid of risk link);
(2) for the higher website of suspicious degree, i.e., the net at least one risk link module of presence that step C is selected
Stand, the Risk Chain in its risk link module is tapped into row parses one by one, obtains the content that the page is pointed in link, and link is referred to
To webpage carry out content analysis;Specifically include following sub-steps:
Step D:Link in the risk link module of the suspicious higher website of degree is extracted one by one, link is obtained and points to
The content of the page;
Step E:Text analyzing is carried out to the content for pointing to the page, judges whether that sensitive text (shoots straight
Keyword) and illegal domain name (content i.e. pointed by the domain name is it is determined that be malice, illegal, and be published in internet
Above, it is stored in the blacklist of security firm);
If in the presence of sensitive text or illegal domain name, the judgement sensing page is linked as illegally linking, and extraction should
Illegal link, jump to step G execution;
If in the absence of sensitive text and illegal domain name, continue step F processing;
Step F:Picture be present when pointing in the page, then to point to the page present in picture, carry out similarity mode (and
Existing similarity mode refers to the similarity degree by the pictures of image similarity Algorithm Analysis two, and this method comes with largely
The calculated value of sensitization picture), OCR Text regions (character and graphic on picture is translated into computer literal with character identifying method
Word);If the calculated value that picture on the page is pointed in similarity mode Algorithm Analysis is 1, being linked as the judgement sensing page is non-
Method links, and extracts the illegal link and preserves;If the text information of OCR Text regions extraction includes keyword, judge to point to
The page is linked as illegally linking, and extracts the illegal link and preserves;Other situations then judge to point to the link of the page not
It is illegally to link;
Picture is not present in the page when pointing to, then is directly entered step G execution;
Step G:Circulation performs step D, step E, step F, until completing all in risk link module illegally to link
Extraction;
(3) the source page illegally linked and the sensing page are combined analysis, further confirm that and illegally distorted or planted
The possibility entered;The source page and link are subjected to corresponding preservation;Specifically include following sub-steps:
Step H:By the invalid information in the page of source, and the invalid information in directional information, it is combined weighting and judges,
When probability-weighted reaches default threshold value, then it is assumed that be somebody's turn to do " the source page-sensing page " and illegally link to setting up;
Step I:Repeat all illegal links pair of step H acquisitions;With the quantity of finally illegal link pair, (pass through
Algorithm) recalculate the probable value α that the source page is illegally distorted or is implanted into;With specific " the source page-sensing page " illegally link pair,
(passing through algorithm), which is recalculated, illegally to be linked to the probability β of invalid information be present;When probability α, β exceed respective default threshold value
When, it is determined that the link of invalid information is generated by URL link between multiple pages;
So far, this method completes the relation that " more than 1 pair " is filtered out from the countless page link relations in internet:" 1 " is
Refer to and find out and determine that includes the source page illegally linked, this source page is the homepage of some websites;" more " are to find out
And multiple pages by illegally linking to sensing are determined, these point to the homepage that the page is probably website, it is also possible to should
Method finally needs " the lonely page " looked for;Lonely page refers to, issues all pages in the WEB systems (website) of the page, none bag
Containing the link for pointing to the page, the page (the not entrance including website that can only could be accessed by inputting the complete URL in website
That is website homepage), or link clicks on other Website pages are implanted to by hacker and accessed;This method passes through latter
Approach, machine selects these lonely pages with invalid information from magnanimity source web page;
(4) the WEB systems (website) where the page pointed to from illegal link are found out and confirm it is lonely page;Specifically include down
State sub-step;
Step J:Find out doubtful lonely page, i.e., non-our station, (non-website is first for the page that includes pointed by the link in path
Page, illegally linked as website www.aaa.com is present, by illegally linking to pointing to the multiple page (a) http://
www.aaa.com/test.htmlA=1;(b)http://www.bbb.com/;(c)http://www.bbb.com/
test.htmlB=2;Then doubtful lonely page can only be (c);Because being exactly the our station page, even the illegal page, still (a)
Because same web-site includes the link for pointing to the page, the definition of lonely page is not met;(b) be website entrance i.e. homepage,
Do not meet the definition of lonely page), and the link of lonely page can only be absolute URL (address of the resource i.e. on internet);
Step K:The analysis of all webpages is carried out to website where doubtful lonely page, extracts the link of this all website, and will
Relative URL changes into absolute URL (i.e. relative to the address of some absolute URL address), and carries out re-scheduling;
Step L:URL after re-scheduling and doubtful lonely page URL are compared one by one;
As do not matched, then it is real lonely page to confirm the doubtful lonely page, and the website is implanted into by lonely page and attacked;
If matched, illustrate doubtful lonely page be common illegal link (illegal link but be not the situation of lonely page,
It is the useful auxiliary product of this method, it is most likely that be the webpage being tampered, the probability itself invaded is very big);
(5) confirm illegally to be linked as after lonely page, storing the lonely page link, (hacker can be implanted to lonely page multiple invaded
And in the website distorted;There is the lonely page link, then have been described above page quilt in source in step I in any website, any page
100%) the illegal probable value α for distorting or being implanted into is;Jump to step C to repeat, attack is implanted into by lonely page to search other
Website.
The operation principle of the present invention:By detecting the illegal link label module in each website homepage in website storehouse in real time,
The original page of illegalities consolidation for pointing to web page contents is linked in the presence of the judgement illegally linked by analyzing, and is intersected based on internet
Relation searches our station orphan's page, according to be judged as the link of lonely page as input condition evidence other systems exist the link be by
Caused by being invaded, being distorted.
Compared with prior art, the beneficial effects of the invention are as follows:
The present invention need not enter local system, can carry out large batch of analysis and research independent of retrieval local file, right
System without influence, to system account independent of.
The present invention is based on relation, and B is looked for from A, rather than directly looks for A from A, and B is looked for from B;The present invention relies on similar mutual
Network search engine pattern but be not relying on, also more targetedly, lightweight.
The present invention is for illegal link pair, moreover it is possible to by illegal link module, intersection search contact further increase or
Reduce it and be judged as illegal probability, reach us and effectively identify the probability of lonely page implantation attack, contribute to us faster more accurate
Ground finds the WEB websites encroached on.
The present invention confirms that illegal module, illegal link, the probability of illegal contents are alterables, can learnt;The present invention from
Overall multiple angle analysis are more accurate than single content, more credible.
Lonely page link is counter can to push away the system invaded and distorted, and its accuracy is high.
Brief description of the drawings
Fig. 1 is the operating diagram of the present invention.
Fig. 2 is the workflow diagram of the present invention.
Embodiment
It is computer technology in information the present invention relates to sensitive information retrieval and identification technique firstly the need of explanation
A kind of application of security technology area.In the implementation process of the present invention, the application of multiple software function modules can be related to.Shen
Ask someone to think, it is existing combining such as after application documents, accurate understanding realization principle and goal of the invention of the invention is read over
In the case of having known technology, those skilled in the art can use the software programming technical ability of its grasp to realize the present invention completely.
Aforementioned software functional module includes but is not limited to:Website Usability judges, website redirects identification, dark chain module obtains, keyword
Storehouse automatically seniority among brothers and sisters delete, website storehouse pooled classification, the definition of " illegal link to " and storage etc., all the present patent application files refer to
Category this category, applicant will not enumerate.
The present invention is described in further detail with embodiment below in conjunction with the accompanying drawings:
A kind of lonely page implantation attack detection method based on internet intersection search as shown in Figure 1, is specifically included following
Step:
(1) by detecting the illegal link label module in each website homepage in website storehouse in real time:Judge that website may have access to
State;Analyzing web site homepage content;Illegal link label module is searched according to feature.
(2) the original page of illegalities consolidation for pointing to web page contents is linked in the presence of the judgement illegally linked by analyzing:Obtain
A link in negated method link label module;Analyze the link and point to and whether there is illegal contents;If it is confirmed that in pointing to
Appearance is illegal, then further consolidates the illegalities probability of illegal link module, there is provided it is illegally to link that other links, which are probably,
Probability.
(3) page that our station is illegal lonely page is searched based on internet cross reference, i.e., the page link is in web system
It is not present in the page that can be crawled.
(4) link be present as input condition evidence other systems according to the link for being judged as lonely page is to be invaded to distort
Cause:The link text for pointing to lonely page, search whether exist in other Website pages;The website linked in the presence of the lonely page,
The probability distorted by invasion greatly promotes.
The present invention is more fully understood in the professional and technical personnel that the following examples can make this professional, but not with any side
The formula limitation present invention.
As shown in Fig. 2 to carry out the detection of lonely page implantation attack, following step is specifically included:
Step A:First have to arrange the website storehouse of certain scale quantity, website radix is bigger, then the probability pinpointed the problems is got over
Greatly;And website storehouse website entries may gradually increase it is perfect.
Step B:Keyword sensitivity text message detection means is added to find illegal link module by dark chain detection means.
Step C:Analyze one by one, the page of sensing then preserves the relation pair, such as " http there is also invalid information://
www.aaa.com->http://www.bbb.com/c/d/index.html”。
Step D:Verify http://www.bbb.com/c/d/index.html is in WEB systems http://
It is lonely page on www.bbb.com, i.e., the page is pointed in any link of no any page.
Step E:With http://www.bbb.com/c/d/index.html is as input condition, the net in the storehouse of website
Searched in homepage of standing, the connection be present there may exist intrusion risk.
Finally it should be noted that listed above is only specific embodiment of the invention.It is clear that the invention is not restricted to
Above example, there can also be many variations.One of ordinary skill in the art can directly lead from present disclosure
All deformations for going out or associating, are considered as protection scope of the present invention.
Claims (1)
1. a kind of lonely page implantation attack detection method based on internet intersection search, it is characterised in that specifically include following steps
Suddenly:
(1) website on internet is organized into website storehouse, dark chain and keyword retrieval is carried out to the homepage of each website;Tool
Body includes following sub-steps:
Step A:The website that domain name website and IP on internet add port is subjected to pooled classification, takes union into website storehouse, website
Stock puts the URL used in web portal;
Step B:Initial analysis is carried out to the website in website storehouse, different to URL is really same website, the situation of inaccessible
Pre-processed, obtain the website URL for being able to access that homepage;
Step C:Using dark chain structure characteristic analysis method, Context resolution is carried out to homepage;If naked eyes in website be present can not send out
Existing link, but when the link of this form can be searched engine and include, then there is the risk attacked by dark chain in the website;
Using keyword dictionary, homepage content is analyzed;, should if link characters include at least one of which keyword
The risk for being implanted sensitive information be present in website;
To the website of any kind risk be present, risk link module therein is extracted;Risk link module refers to include one
Bar or the label model of a plurality of risk link;
(2) for the higher website of suspicious degree, i.e., the website at least one risk link module of presence that step C is selected will
Risk Chain in its risk link module taps into row and parsed one by one, obtains the content that the page is pointed in link, and link is pointed to
Webpage carries out content analysis;Specifically include following sub-steps:
Step D:Link in the risk link module of the suspicious higher website of degree is extracted one by one, link is obtained and points to the page
Content;
Step E:Text analyzing is carried out to the content for pointing to the page, judges whether sensitive text and illegal domain name;
If in the presence of sensitive text or illegal domain name, the judgement sensing page is linked as illegally linking, and it is illegal to extract this
Link, jump to step G execution;
If in the absence of sensitive text and illegal domain name, continue step F processing;
Step F:Picture be present when pointing in the page, then to pointing to picture present in the page, carry out similarity mode, OCR texts
Word identifies;If the calculated value that picture on the page is pointed in similarity mode Algorithm Analysis is 1, judge to point to being linked as the page
Illegal link, extracts the illegal link and preserves;If the text information of OCR Text regions extraction includes keyword, judgement refers to
It is linked as illegally linking to the page, extracts the illegal link and preserve;Other situations then judge to point to the link of the page
It is not illegally to link;
Picture is not present in the page when pointing to, then is directly entered step G execution;
Step G:Circulation performs step D, step E, step F, until completing all extractions illegally linked in risk link module;
(3) the source page illegally linked and the sensing page are combined analysis, further confirm that what is illegally distorted or be implanted into
Possibility;The source page and link are subjected to corresponding preservation;Specifically include following sub-steps:
Step H:By the invalid information in the page of source, and the invalid information in directional information, it is combined weighting and judges, when adds
Power probability reaches default threshold value, then it is assumed that is somebody's turn to do " the source page-sensing page " and illegally links to setting up;
Step I:Repeat all illegal links pair of step H acquisitions;With the quantity of finally illegal link pair, source is recalculated
The probable value α that the page is illegally distorted or is implanted into;With specific " the source page-sensing page " illegally link pair, illegal chain is recalculated
Connect to the probability β of invalid information be present;When probability α, β exceed respective default threshold value, it is determined that between multiple pages
The link of invalid information is generated by URL link;
(4) the WEB systems where the page pointed to from illegal link are found out and confirm it is lonely page;Specifically include following sub-steps;
Step J:Find out doubtful lonely page, i.e., non-our station, comprising the page pointed by the link in path, and the link of lonely page can only
It is absolute URL;
Step K:The analysis of all webpages is carried out to website where doubtful lonely page, extracts the link of this all website, and will be relative
URL changes into absolute URL, and carries out re-scheduling;
Step L:URL after re-scheduling and doubtful lonely page URL are compared one by one;
As do not matched, then it is real lonely page to confirm the doubtful lonely page, and the website is implanted into by lonely page and attacked;
If matched, it is common illegal link to illustrate doubtful lonely page;
(5) confirm illegally to be linked as after lonely page, store the lonely page link;Step C is jumped to repeat, with search other by
The website of lonely page implantation attack.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710845948.0A CN107786537B (en) | 2017-09-19 | 2017-09-19 | Isolated page implantation attack detection method based on Internet cross search |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710845948.0A CN107786537B (en) | 2017-09-19 | 2017-09-19 | Isolated page implantation attack detection method based on Internet cross search |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107786537A true CN107786537A (en) | 2018-03-09 |
CN107786537B CN107786537B (en) | 2020-04-07 |
Family
ID=61437609
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710845948.0A Active CN107786537B (en) | 2017-09-19 | 2017-09-19 | Isolated page implantation attack detection method based on Internet cross search |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107786537B (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110309667A (en) * | 2019-04-16 | 2019-10-08 | 网宿科技股份有限公司 | A kind of dark chain detection method in website and device |
CN111460442A (en) * | 2020-04-24 | 2020-07-28 | 怀化学院 | Attack detection method based on Internet cross search defects |
CN111814643A (en) * | 2020-06-30 | 2020-10-23 | 杭州科度科技有限公司 | Black and gray URL (Uniform resource locator) identification method and device, electronic equipment and medium |
CN112039885A (en) * | 2020-08-31 | 2020-12-04 | 绿盟科技集团股份有限公司 | Website risk assessment method and device |
CN112199573A (en) * | 2020-08-05 | 2021-01-08 | 宝付网络科技(上海)有限公司 | Active detection method and system for illegal transaction |
CN112347327A (en) * | 2020-10-22 | 2021-02-09 | 杭州安恒信息技术股份有限公司 | Website detection method and device, readable storage medium and computer equipment |
CN112487321A (en) * | 2020-12-08 | 2021-03-12 | 北京天融信网络安全技术有限公司 | Detection method, detection device, storage medium and electronic equipment |
CN115033819A (en) * | 2022-04-26 | 2022-09-09 | 广东希尔文化传媒投资股份有限公司 | Internet risk monitoring method and system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102571783A (en) * | 2011-12-29 | 2012-07-11 | 北京神州绿盟信息安全科技股份有限公司 | Phishing website detection method, device and system as well as website |
WO2012166440A2 (en) * | 2011-05-27 | 2012-12-06 | Alibaba Group Holding Limited | External link processing |
CN104077353A (en) * | 2011-12-30 | 2014-10-01 | 北京奇虎科技有限公司 | Method and device for detecting hacking links |
CN104378389A (en) * | 2014-12-12 | 2015-02-25 | 北京奇虎科技有限公司 | Website security detecting method and device |
-
2017
- 2017-09-19 CN CN201710845948.0A patent/CN107786537B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2012166440A2 (en) * | 2011-05-27 | 2012-12-06 | Alibaba Group Holding Limited | External link processing |
CN102571783A (en) * | 2011-12-29 | 2012-07-11 | 北京神州绿盟信息安全科技股份有限公司 | Phishing website detection method, device and system as well as website |
CN104077353A (en) * | 2011-12-30 | 2014-10-01 | 北京奇虎科技有限公司 | Method and device for detecting hacking links |
CN104378389A (en) * | 2014-12-12 | 2015-02-25 | 北京奇虎科技有限公司 | Website security detecting method and device |
Non-Patent Citations (1)
Title |
---|
吉向东: "基于Crawler技术的超链接测试系统", 《信息技术》 * |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110309667A (en) * | 2019-04-16 | 2019-10-08 | 网宿科技股份有限公司 | A kind of dark chain detection method in website and device |
CN110309667B (en) * | 2019-04-16 | 2022-08-30 | 网宿科技股份有限公司 | Website hidden link detection method and device |
CN111460442A (en) * | 2020-04-24 | 2020-07-28 | 怀化学院 | Attack detection method based on Internet cross search defects |
CN111814643A (en) * | 2020-06-30 | 2020-10-23 | 杭州科度科技有限公司 | Black and gray URL (Uniform resource locator) identification method and device, electronic equipment and medium |
CN112199573A (en) * | 2020-08-05 | 2021-01-08 | 宝付网络科技(上海)有限公司 | Active detection method and system for illegal transaction |
CN112199573B (en) * | 2020-08-05 | 2023-12-08 | 宝付网络科技(上海)有限公司 | Illegal transaction active detection method and system |
CN112039885A (en) * | 2020-08-31 | 2020-12-04 | 绿盟科技集团股份有限公司 | Website risk assessment method and device |
CN112039885B (en) * | 2020-08-31 | 2022-09-02 | 绿盟科技集团股份有限公司 | Website risk assessment method and device |
CN112347327A (en) * | 2020-10-22 | 2021-02-09 | 杭州安恒信息技术股份有限公司 | Website detection method and device, readable storage medium and computer equipment |
CN112347327B (en) * | 2020-10-22 | 2024-03-19 | 杭州安恒信息技术股份有限公司 | Website detection method and device, readable storage medium and computer equipment |
CN112487321A (en) * | 2020-12-08 | 2021-03-12 | 北京天融信网络安全技术有限公司 | Detection method, detection device, storage medium and electronic equipment |
CN115033819A (en) * | 2022-04-26 | 2022-09-09 | 广东希尔文化传媒投资股份有限公司 | Internet risk monitoring method and system |
Also Published As
Publication number | Publication date |
---|---|
CN107786537B (en) | 2020-04-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107786537A (en) | A kind of lonely page implantation attack detection method based on internet intersection search | |
CN103559235B (en) | A kind of online social networks malicious web pages detection recognition methods | |
CN102436563B (en) | Method and device for detecting page tampering | |
AU2004255005B2 (en) | Method and system for augmenting web content | |
CN110537180B (en) | System and method for tagging elements in internet content within a direct browser | |
CN102446255B (en) | Method and device for detecting page tamper | |
US20150295942A1 (en) | Method and server for performing cloud detection for malicious information | |
CN108566399B (en) | Phishing website identification method and system | |
CN105184159A (en) | Web page falsification identification method and apparatus | |
CN102591965B (en) | Method and device for detecting black chain | |
CN101490685A (en) | A method for increasing the security level of a user machine browsing web pages | |
CN104156490A (en) | Method and device for detecting suspicious fishing webpage based on character recognition | |
CN102523130B (en) | Bad webpage detection method and device | |
CN108038173B (en) | Webpage classification method and system and webpage classification equipment | |
CN105975523A (en) | Hidden hyperlink detection method based on stack | |
JP6936459B1 (en) | Trademark use detection device, trademark use detection method and trademark use detection program | |
CN102682097A (en) | Method and equipment for detecting secrete links in web page | |
Haruta et al. | Visual similarity-based phishing detection scheme using image and CSS with target website finder | |
Deshpande et al. | Detection of phishing websites using Machine Learning | |
CN104239582A (en) | Method and device for identifying phishing webpage based on feature vector model | |
CN110474889A (en) | One kind being based on the recognition methods of web graph target fishing website and device | |
WO2020211130A1 (en) | Hidden link detection method and apparatus for website | |
CN107506649A (en) | A kind of leak detection method of html web page, device and electronic equipment | |
CN104036190A (en) | Method and device for detecting page tampering | |
CN106446123A (en) | Webpage verification code element identification method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: 310051 No. 188 Lianhui Street, Xixing Street, Binjiang District, Hangzhou City, Zhejiang Province Applicant after: Hangzhou Annan information technology Limited by Share Ltd Address before: Zhejiang Zhongcai Building No. 68 Binjiang District road Hangzhou City, Zhejiang Province, the 310051 and 15 layer Applicant before: Dbappsecurity Co.,ltd. |
|
GR01 | Patent grant | ||
GR01 | Patent grant |