CN107800686A - A kind of fishing website recognition methods and device - Google Patents
A kind of fishing website recognition methods and device Download PDFInfo
- Publication number
- CN107800686A CN107800686A CN201710873546.1A CN201710873546A CN107800686A CN 107800686 A CN107800686 A CN 107800686A CN 201710873546 A CN201710873546 A CN 201710873546A CN 107800686 A CN107800686 A CN 107800686A
- Authority
- CN
- China
- Prior art keywords
- website
- detected
- websites
- domain name
- resource
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
Abstract
The present invention relates to a kind of fishing website recognition methods and device.This method includes:Detect the resource that other websites whether are embedded in website to be detected;If not being embedded in the resource of other websites, it is non-fishing website to judge website to be detected;Whether if having been inserted into the resource of other websites, judging the domain name of other websites with white list has common factor;If not occuring simultaneously, it is non-fishing website to judge website to be detected;If there is common factor, judge website to be detected for highly doubtful fishing website;Validity decision and domain name credit evaluation are carried out to highly doubtful fishing website, to determine whether website to be detected is fishing website.The present invention, which can make up black list techniques, can not filter the fishing website of the deficiency of emerging fishing website, efficient identification insertion brand website element and resource, the performance of lifting phishing filtering.
Description
Technical field
The invention belongs to information technology, technical field of network security, and in particular to a kind of fishing website recognition methods and dress
Put.
Background technology
Phishing (Phishing) this term results from 1996, it be by go fishing (Fishing) one word develop and
Come.During phishing, attacker is sent to a large number of users, phase using bait (such as Email, SMS)
Treat a few users " rising to the bait ", and then the purpose of " fishing " (privacy information for such as stealing user).International anti-phishing work
Make group (APWG) is to the definition of phishing:Phishing is that one kind steals consumption using social engineering and technological means
The personal identification data of person and the network attack mode of accounts of finance voucher.Phishing attacks using social engineering means are past
Toward being to send duplicity Email seemingly from legal enterprise or mechanism, SMS etc. to user, user is lured to return
Multiple personal sensitive information clicks on the website that the links and accesses of the inside are forged, and then it is (such as user name, close to reveal credential information
Code) or download of malware.The property and personal secrets of phishing serious threat netizen, it has also become current internet maximum
One of potential safety hazard.
Black list techniques are widely used, and are one of main phishing filtering techniques.Such as Google Chrome,
The Google Safe API used in Mozilla Firefox and Apple Safai, it is exactly according to the continuous of Google offers
The blacklist of renewal, by verifying a certain URL whether in blacklist, to judge whether the URL is fishing webpage or malice
Webpage.Black list techniques are easy to use, but the shortcomings that obvious be present:It is for the fishing website incapability being not included in list
Power, it in other words can not filter emerging fishing website.
The content of the invention
The present invention can make up black list techniques in view of the above-mentioned problems, provide a kind of fishing website recognition methods and device
The fishing website of the deficiency of emerging fishing website, efficient identification insertion brand website element and resource, lifting can not be filtered
The performance of phishing filtering.
Data are reported in fishing of the present invention by analyzing PhishTank and Chinese anti-phishing website monitoring, are found most absolutely
Number fishing website is in order to counterfeit more true to nature, often directly uses the resource (Logo, CSS etc.) of brand website;When user passes through
During these fishing websites of browser access, the inquiry request to brand website domain name can be initiated immediately.The present invention is to utilize fishing
The above-mentioned characteristic at fishnet station, data are parsed by analyzing domain name system (DNS), identify these fishing websites.
The technical solution adopted by the present invention is as follows:
A kind of fishing website recognition methods, comprises the following steps:
Detect the resource that other websites whether are embedded in website to be detected;
If not being embedded in the resource of other websites in website to be detected, it is non-fishing website to judge website to be detected;
If having been inserted into the resource of other websites in website to be detected, judge other websites domain name whether with white name
Singly there is common factor;If not occuring simultaneously, it is non-fishing website to judge website to be detected;If there is common factor, judge that website to be detected is
Highly doubtful fishing website;
Validity decision and domain name credit evaluation are carried out to the highly doubtful fishing website, to determine that website to be detected is
No is fishing website.
Further, before whether the resource of other websites is embedded in detecting website to be detected, website to be detected is judged
Domain name whether in white list, if in white list, it is non-fishing website directly to judge website to be detected.
Further, the link of the resource of other websites whether is embedded in the webpage source code by detecting website to be detected,
Or whether initiate to ask the DNS query of other domain names during detection browser access website to be detected, it is to be checked to judge
Whether the resource of other websites is embedded in survey grid station.
Further, the network behavior of browser is monitored in real time by browser plug-in, it is to be checked to capture browser loading
The Internet resources inquiry request initiated during the page at survey grid station, the domain name inquired about and the domain name of website to be detected are entered
Row compares, so as to judge whether to initiate to ask the DNS query of other domain names.
Further, by building local dns recursion server, and DNS query Request Log is analyzed, judges that browser is visited
Ask the DNS query request whether initiated during website to be detected to other domain names.
Further, cached by disabling computer DNS client, and DNS client is arranged to be used only and built
Local dns recursion server carries out DNS query, to ensure that DNS query Request Log complete documentation browser is loaded into page when institute
The DNS query request of initiation.
Further, a domain name being not present is selected, is recorded to the request of the DNS query of the domain name as DNS query
Separation mark in Request Log between different web pages inquiry request record.
A kind of fishing website identification device, including:
Detection unit, the resource of other websites whether is embedded in website to be detected for detecting;
First identifying unit, during resource for not being embedded in other websites in website to be detected, judge survey grid to be checked
Stand as non-fishing website;
White list comparing unit, for judging in website to be detected whether the domain name of other embedded websites has with white list
Occur simultaneously;
Second identifying unit, for when the domain name of other websites is not occured simultaneously with white list, judging survey grid to be checked
Stand as non-fishing website;And when the domain name of other websites has common factor with white list, judge website to be detected for height
Doubtful fishing website;
Assessment unit, for carrying out validity decision and domain name credit evaluation to the highly doubtful fishing website;
3rd identifying unit, for the result obtained according to the assessment unit, judge whether website to be detected is fishing
Website.
Further, other websites whether are embedded in webpage source code of the detection unit by detecting website to be detected
The link of resource, to judge the resource of other websites whether is embedded in website to be detected;Or the detection unit browses for one
Device plug-in unit, by monitoring the network behavior of browser in real time, capture browser is sent out during being loaded into the page of website to be detected
The Internet resources inquiry request risen, and by the domain name inquired about compared with the domain name of website to be detected, to judge whether to send out
Rise and the DNS query of other domain names is asked, so as to judge the resource of other websites whether is embedded in website to be detected.
Further, the detection unit is local dns recursion server, and it is sentenced by analyzing DNS query Request Log
Whether DNS query request to other domain names is initiated during disconnected browser access website to be detected, so as to judge survey grid to be checked
Whether the resource of other websites is embedded in standing.
Compared with prior art, beneficial effects of the present invention are as follows:
1. be easy to realize by the form of browser plug-in, so as to realize online Real time identification and can be anti-in time by result
Feedback, to user to remind, avoids having dust thrown into the eyes.
2. can be used together with black list techniques, complement one another.Can be before fishing identification be carried out using the present invention, will
URL to be detected domain name is matched with blacklist, if the domain name in blacklist be present, it can be assumed that the URL is fishing, no
Must further it be identified, so as to effectively improve the efficiency of identification.On the other hand, if the match is successful with blacklist, and
It is assert after being identified using the present invention for fishing, its corresponding domain name blacklist can be added, realize the expansion to blacklist
Exhibition.
3. convenient extension.For the fishing of new brand, as long as domain name where brand resource is added to white list.This
The key of invention is to safeguard a white list with completeness and efficiency, compared with blacklist, by legal brand domain name structure
Into white list it is comparatively more stable, safeguard and renewal be also easier to.
4. language is unrelated.All steps of the present invention are not related to the language form of fishing website, can be counterfeit to global brand
It is identified.Therefore, the present invention is not constrained by site language type, and compared with other fishing recognition methods, application is more
To be extensive.
Brief description of the drawings
Fig. 1 is fishing website schematic diagram.
Fig. 2 is the source code fragment sectional drawing of fishing website shown in Fig. 1.
Fig. 3 is the flow chart of fishing website recognition methods in embodiment.
Fig. 4 is the component units schematic diagram of fishing website identification device in embodiment.
Embodiment
Below by specific embodiments and the drawings, the present invention is described in further details.
Phishing is substantially brand counterfeit, and fisherman sends deceptive information by modes such as mail, instant messagings, drawn
User is lured to access the counterfeit website built in advance, to gain the privacy of user and property by cheating.Wherein counterfeit website is as most important
Locality of a crime, it is often visually highly similar to real brands website, taken it seriously with user cheating.Even to this day, website
(particularly famous brand website) has not been simple word and picture, but includes the element and money of a large amount of unique brand styles
Source, including Logo pictures, Favicon pictures, CSS files, JS files etc.;Counterfeit website go fishing to mix the spurious with the genuine, often directly
These resources using brand website are connect, i.e., the link of these embedded resources in webpage source code.Such as:https://
Wvw.paypal-limited.com-webapps-security.com is fishing PayPal (http://
Www.paypal.com website), its effect are as shown in Figure 1.
The login page is almost the same with the login page of paypal official websites, website source code fragment sectional drawing such as Fig. 2
It is shown.Can be seen that the fishing website from the sectional drawing has used paypal Favicon pictures, CSS files and JS files (to note:
PayPal resource is both placed in www.paypalobjects.com).Consequently, it is possible to when user passes through browser access
https:During //wvw.paypal-limited.com-webapps-security.com/, browser can be initiated to domain name first
The inquiry request of " com-webapps-security.com ", it can initiate to look into domain name " paypalobjects.com " immediately
Ask request.The inventive method is exactly this characteristic by fully excavating fishing website, with efficient identification fishing website.
The flow of the fishing website recognition methods of the present invention is as shown in Figure 3.For each network address of user's input, perform
Following processes:
First, according to existing white list storehouse, judge that domain name is whether among white list corresponding to URL to be detected, if
In white list, illustrate the non-fishing websites of the URL, terminate identification process;Otherwise, second step is performed.
2nd, the inquiry request to the Domain is initiated using browser, accesses the server where the Domain, be loaded into page
Face, and judge whether initiate the inquiry request to other domain names (newNomains) in this process, if not having, then it is assumed that should
The non-fishing websites of URL, terminate flow;Conversely, then carry out the identification of next step.
3rd, judge whether to have in newDomains domain name (i.e. whether with white list have common factor) in white list, if not having,
Then think the non-fishing websites of the URL;It is on the contrary then think that the URL is highly doubtful fishing website, further differentiated.
4th, to highly doubtful fishing website, validity decision and domain name credit evaluation is further carried out, finally determines the net
Whether stand is fishing.Validity decision is whether the domain name for judging corresponding brand in the white list that the doubtful fishing website uses closes
Method, domain name credit evaluation are given a mark to domain name, judge whether the website domain name is credible.
Wherein final step, for highly doubtful fishing website, it can further analyze whether the Domain draws in search
Hold up and be indexed, if search engine has index, non-fishing;And the domain name with being matched in white list (whiteDomain)
Whether same people registers, if it is non-fishing;And whether Domain and whiteDomain parsing IP is in an AS
(Autonomous System) domain, if it is non-fishing;The above situation is unsatisfactory for, then regards as going fishing.
Whether the element and money of brand website are embedded in the webpage source code for focusing on confirming URL to be detected of the present invention
The link in source, i.e., the inquiry request to other domain names (newDomains) whether is initiated in the browser access URL.The present invention
Do not limit concrete implementation mode, can be analyzed by content of pages, browser inquiry monitor, recurrence dns resolution analysis etc. it is more
Kind mode is realized, will provide embodiment respectively below.
1. by analyzing webpage source code
Go fishing in counterfeit website most directly embodied using brand website resource be exactly in webpage source code embedded these provide
The link in source.In webpage source code, typically realize that Logo pictures, Favicon are schemed by " href " and " src " the two attributes
The calling of the resources such as piece, CSS files, JS files.
Therefore the webpage source code of the invention by capturing URL to be detected, is analyzed source code, is carried using regular expression
Take and " href ", the value of " src " the two attributes in the code segments of resource such as Logo, Favicon, CSS, JS are called in source code, this
A little values are to call the link of respective resources, and then obtain linking corresponding domain name.Then, the chain of resource will be called in source code
The domain name connect is compared with the domain name of the URL to be detected, if there is a situation where different from URL to be detected domain name, then it is assumed that
The resource of other brand websites is embedded in the URL, that is, concludes brand counterfeit possibility be present.
2. the form (request of capture DNS query) of browser plug-in
Browser is needed under being asked to server end when being loaded into a Webpage for resources such as JS, CSS, Image
Carry, DNS query will be produced during being somebody's turn to do, sends a series of actions such as request, redirection.With reference to Chrome DevTools, can open
A browser plug-in is sent out, monitors the network behavior of browser in real time, is loaded into capturing browser during the URL pages to be detected
The Internet resources inquiry request of initiation, and the inquiry request to these three classifications of JS, CSS, Images is filtered out, by what is inquired about
Domain name judges whether to initiate newDomains inquiry request, that is, determines whether exist compared with URL to be detected domain name
Fishing may.
3. building local dns recursion server, DNS query Request Log is analyzed.
Local dns recursion server is built, and carry out corresponding configuration to record the DNS query request received.
For the DNS query request initiated when ensureing that DNS query Request Log complete documentation browser is loaded into the page, computer is disabled
DNS client is cached, and DNS client is arranged to using only the local dns recursion server progress DNS query built.
In DNS query Request Log, often a record queries time, User IP, the information of three fields of nslookup,
It cannot be distinguished by the recording interval that browser is loaded into the DNS query request initiated during a webpage.Therefore, present invention selection in advance
One domain name being not present, it will be recorded as different web pages inquiry request in daily record to the DNS query of domain name request record
Between separation mark.Before and after a URL to be detected is accessed every time, the selected domain name is conducted interviews, to ensure
When analyzing DNS query Request Log, it can accurately, intactly obtain what webpage to be detected was initiated during loading
DNS query request record.
DNS query Request Log is matched using regular expression, the DNS that the URL pages to be detected are initiated is obtained and looks into
Request record is ask, wherein the first row is recorded as the inquiry of the domain name request record of the URL, and remaining is all that the page invocation includes but not
It is limited to the DNS query record initiated during the resources such as Logo pictures, Favicon pictures, CSS files, JS files, further relatively
Whether the domain name of these correlation inquiries is in white list, to determine whether to exist counterfeit possibility.
Another embodiment of the present invention provides a kind of fishing website identification device, as shown in figure 4, including:
Detection unit, the resource of other websites whether is embedded in website to be detected for detecting;
First identifying unit, during resource for not being embedded in other websites in website to be detected, judge survey grid to be checked
Stand as non-fishing website;
White list comparing unit, for judging in website to be detected whether the domain name of other embedded websites has with white list
Occur simultaneously;
Second identifying unit, for when the domain name of other websites is not occured simultaneously with white list, judging survey grid to be checked
Stand as non-fishing website;And when the domain name of other websites has common factor with white list, judge website to be detected for height
Doubtful fishing website;
Assessment unit, for carrying out validity decision and domain name credit evaluation to the highly doubtful fishing website;
3rd identifying unit, for the result obtained according to the assessment unit, judge whether website to be detected is fishing
Website.
Whether the detection unit is embedded in the chain of the resource of other websites in the webpage source code by detecting website to be detected
Connect, to judge the resource of other websites whether is embedded in website to be detected;Or the detection unit is a browser plug-in,
By monitoring the network behavior of browser, the network that capture browser is initiated during being loaded into the page of website to be detected in real time
Resource inquiry request, and by the domain name inquired about compared with the domain name of website to be detected, to judge whether to initiate to other
The DNS query request of domain name, so as to judge the resource of other websites whether is embedded in website to be detected.
The detection unit can also be the local dns recursion server built, and it is by analyzing DNS query Request Log
Judge whether initiate to ask the DNS query of other domain names during browser access website to be detected, it is to be detected so as to judge
Whether the resource of other websites is embedded in website.
The above embodiments are merely illustrative of the technical solutions of the present invention rather than is limited, the ordinary skill of this area
Technical scheme can be modified by personnel or equivalent substitution, without departing from the spirit and scope of the present invention, this
The protection domain of invention should be to be defined described in claims.
Claims (11)
1. a kind of fishing website recognition methods, it is characterised in that comprise the following steps:
Detect the resource that other websites whether are embedded in website to be detected;
If not being embedded in the resource of other websites in website to be detected, it is non-fishing website to judge website to be detected;
Whether if having been inserted into the resource of other websites in website to be detected, judge the domain name of other websites has with white list
Occur simultaneously;If not occuring simultaneously, it is non-fishing website to judge website to be detected;If there is common factor, judge website to be detected for height
Doubtful fishing website;
Validity decision and domain name credit evaluation are carried out to the highly doubtful fishing website, with determine website to be detected whether be
Fishing website.
2. the method as described in claim 1, it is characterised in that the money of other websites whether is embedded in website to be detected is detected
Before source, judge that the domain name of website to be detected whether in white list, if in white list, directly judges website to be detected
For non-fishing website.
3. method as claimed in claim 1 or 2, it is characterised in that in the webpage source code by detecting website to be detected whether
Whether initiated to other domain names during the link of the resource of embedded other websites, or detection browser access website to be detected
DNS query request, to judge the resource of other websites whether is embedded in website to be detected.
4. method as claimed in claim 3, it is characterised in that by detect webpage source code judge it is whether embedding in website to be detected
Entering the method for the resource of other websites is:The webpage source code of website to be detected is captured, is extracted in source code and adjusted using regular expression
With the value of the two attributes of href, src in the code segment of resource, the link of respective resources is as called, and then obtains linking institute
Corresponding domain name;Then the domain name corresponding to the link of resource will be called in source code compared with the domain name of website to be detected,
If in the presence of the domain name different from the domain name of website to be detected, then it is assumed that embedded in the resource of other websites in website to be detected.
5. method as claimed in claim 3, it is characterised in that monitor the network row of browser in real time by browser plug-in
For to capture the Internet resources inquiry request initiated during browser is loaded into the page of website to be detected, by what is inquired about
Domain name is compared with the domain name of website to be detected, so as to judge whether to initiate to ask the DNS query of other domain names.
6. method as claimed in claim 3, it is characterised in that by building local dns recursion server, and analyze DNS and look into
Request Log is ask, judges whether initiate to ask the DNS query of other domain names during browser access website to be detected.
7. method as claimed in claim 6, it is characterised in that cached by disabling computer DNS client, and DNS is objective
Family end is arranged to that the local dns recursion server progress DNS query built is used only, to ensure that DNS query Request Log is complete
Record browser is loaded into the DNS query request initiated during the page.
8. method as claimed in claim 7, it is characterised in that one domain name being not present of selection, the DNS of the domain name will be looked into
Request record is ask as the separation mark between different web pages inquiry request record in DNS query Request Log.
A kind of 9. fishing website identification device, it is characterised in that including:
Detection unit, the resource of other websites whether is embedded in website to be detected for detecting;
First identifying unit, during resource for not being embedded in other websites in website to be detected, judge that website to be detected is
Non- fishing website;
White list comparing unit, for judging in website to be detected whether the domain name of other embedded websites with white list has friendship
Collection;
Second identifying unit, for when the domain name of other websites is not occured simultaneously with white list, judging that website to be detected is
Non- fishing website;And domain name and the white list in other websites be when having common factor, judge website to be detected to be highly doubtful
Fishing website;
Assessment unit, for carrying out validity decision and domain name credit evaluation to the highly doubtful fishing website;
3rd identifying unit, for the result obtained according to the assessment unit, judge whether website to be detected is fishing website.
10. device as claimed in claim 9, it is characterised in that the detection unit is by detecting the webpage of website to be detected
Whether the link of the resource of other websites is embedded in source code, to judge the resource of other websites whether is embedded in website to be detected;
Or the detection unit is a browser plug-in, by monitoring the network behavior of browser in real time, capture browser, which is loaded into, to be treated
Detect the Internet resources inquiry request initiated during the page of website, and by the domain name inquired about and the domain of website to be detected
Name is compared, to judge whether to initiate to ask the DNS query of other domain names, so as to judge whether be embedded in website to be detected
The resource of other websites.
11. device as claimed in claim 9, it is characterised in that the detection unit is local dns recursion server, and it is logical
Cross analysis DNS query Request Log and judge whether initiate to look into the DNS of other domain names during browser access website to be detected
Request is ask, so as to judge the resource of other websites whether is embedded in website to be detected.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710873546.1A CN107800686B (en) | 2017-09-25 | 2017-09-25 | Phishing website identification method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710873546.1A CN107800686B (en) | 2017-09-25 | 2017-09-25 | Phishing website identification method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107800686A true CN107800686A (en) | 2018-03-13 |
CN107800686B CN107800686B (en) | 2020-06-12 |
Family
ID=61532401
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710873546.1A Active CN107800686B (en) | 2017-09-25 | 2017-09-25 | Phishing website identification method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107800686B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108804919A (en) * | 2018-05-03 | 2018-11-13 | 上海交通大学 | The homologous determination method of malicious code based on deep learning |
CN109670279A (en) * | 2018-11-30 | 2019-04-23 | 成都知道创宇信息技术有限公司 | A kind of method of website flexible configuration webpage insertion permission |
CN111556036A (en) * | 2020-04-20 | 2020-08-18 | 杭州安恒信息技术股份有限公司 | Detection method, device and equipment for phishing attack |
CN113163234A (en) * | 2021-04-02 | 2021-07-23 | 中国科学院信息工程研究所 | Pirate video website detection method and system based on third-party service |
CN113225343A (en) * | 2021-05-10 | 2021-08-06 | 广州掌动智能科技有限公司 | Risk website identification method and system based on identity characteristic information |
CN113556347A (en) * | 2021-07-22 | 2021-10-26 | 深信服科技股份有限公司 | Detection method, device, equipment and storage medium for phishing mails |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102082792A (en) * | 2010-12-31 | 2011-06-01 | 成都市华为赛门铁克科技有限公司 | Phishing webpage detection method and device |
US8079087B1 (en) * | 2005-05-03 | 2011-12-13 | Voltage Security, Inc. | Universal resource locator verification service with cross-branding detection |
CN102902917A (en) * | 2011-07-29 | 2013-01-30 | 国际商业机器公司 | Method and system for preventing phishing attacks |
CN103428186A (en) * | 2012-05-24 | 2013-12-04 | 中国移动通信集团公司 | Method and device for detecting phishing website |
CN103544436A (en) * | 2013-10-12 | 2014-01-29 | 深圳先进技术研究院 | System and method for distinguishing phishing websites |
CN106357682A (en) * | 2016-10-26 | 2017-01-25 | 华中科技大学 | Phishing website detecting method |
-
2017
- 2017-09-25 CN CN201710873546.1A patent/CN107800686B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8079087B1 (en) * | 2005-05-03 | 2011-12-13 | Voltage Security, Inc. | Universal resource locator verification service with cross-branding detection |
CN102082792A (en) * | 2010-12-31 | 2011-06-01 | 成都市华为赛门铁克科技有限公司 | Phishing webpage detection method and device |
CN102902917A (en) * | 2011-07-29 | 2013-01-30 | 国际商业机器公司 | Method and system for preventing phishing attacks |
CN103428186A (en) * | 2012-05-24 | 2013-12-04 | 中国移动通信集团公司 | Method and device for detecting phishing website |
CN103544436A (en) * | 2013-10-12 | 2014-01-29 | 深圳先进技术研究院 | System and method for distinguishing phishing websites |
CN106357682A (en) * | 2016-10-26 | 2017-01-25 | 华中科技大学 | Phishing website detecting method |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108804919A (en) * | 2018-05-03 | 2018-11-13 | 上海交通大学 | The homologous determination method of malicious code based on deep learning |
CN109670279A (en) * | 2018-11-30 | 2019-04-23 | 成都知道创宇信息技术有限公司 | A kind of method of website flexible configuration webpage insertion permission |
CN111556036A (en) * | 2020-04-20 | 2020-08-18 | 杭州安恒信息技术股份有限公司 | Detection method, device and equipment for phishing attack |
CN113163234A (en) * | 2021-04-02 | 2021-07-23 | 中国科学院信息工程研究所 | Pirate video website detection method and system based on third-party service |
CN113163234B (en) * | 2021-04-02 | 2022-10-14 | 中国科学院信息工程研究所 | Pirate video website detection method and system based on third-party service |
CN113225343A (en) * | 2021-05-10 | 2021-08-06 | 广州掌动智能科技有限公司 | Risk website identification method and system based on identity characteristic information |
CN113225343B (en) * | 2021-05-10 | 2022-09-20 | 广州掌动智能科技有限公司 | Risk website identification method and system based on identity characteristic information |
CN113556347A (en) * | 2021-07-22 | 2021-10-26 | 深信服科技股份有限公司 | Detection method, device, equipment and storage medium for phishing mails |
Also Published As
Publication number | Publication date |
---|---|
CN107800686B (en) | 2020-06-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Hong et al. | How you get shot in the back: A systematical study about cryptojacking in the real world | |
CN107800686A (en) | A kind of fishing website recognition methods and device | |
EP3125147B1 (en) | System and method for identifying a phishing website | |
Rao et al. | Phishshield: a desktop application to detect phishing webpages through heuristic approach | |
CN105184159B (en) | The recognition methods of webpage tamper and device | |
CN103559235B (en) | A kind of online social networks malicious web pages detection recognition methods | |
US9055097B1 (en) | Social network scanning | |
CN104899508B (en) | A kind of multistage detection method for phishing site and system | |
CN104580230B (en) | Verification method and device are attacked in website | |
CN106789939A (en) | A kind of detection method for phishing site and device | |
CN105376217B (en) | A kind of malice jumps and the automatic judging method of malice nested class objectionable website | |
CN104135467B (en) | Identify method and the device of malicious websites | |
CN104202291A (en) | Anti-phishing method based on multi-factor comprehensive assessment method | |
CN101714272A (en) | Method for protecting number and password of bank card from stealing by phishing website | |
US20220070215A1 (en) | Method and Apparatus for Evaluating Phishing Sites to Determine Their Level of Danger and Profile Phisher Behavior | |
Zhang et al. | A framework for dark web threat intelligence analysis | |
CN108337269A (en) | A kind of WebShell detection methods | |
CN111541672A (en) | Method and system for detecting security of HTTP (hyper text transport protocol) request | |
Malderle et al. | Gathering and analyzing identity leaks for a proactive warning of affected users | |
Roopak et al. | On effectiveness of source code and SSL based features for phishing website detection | |
CN105653941A (en) | Heuristic detection method and system for phishing website | |
Zeydan et al. | Current state of anti-phishing approaches and revealing competencies | |
CN106850500A (en) | Fishing website processing method and processing device | |
CN113395268A (en) | Online and offline fusion-based web crawler interception method | |
CN112804192A (en) | Method, apparatus, electronic device, program, and medium for monitoring hidden network leakage |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |