CN109522504A - A method of counterfeit website is differentiated based on threat information - Google Patents
A method of counterfeit website is differentiated based on threat information Download PDFInfo
- Publication number
- CN109522504A CN109522504A CN201811211754.6A CN201811211754A CN109522504A CN 109522504 A CN109522504 A CN 109522504A CN 201811211754 A CN201811211754 A CN 201811211754A CN 109522504 A CN109522504 A CN 109522504A
- Authority
- CN
- China
- Prior art keywords
- website
- record
- counterfeit
- information
- putting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2119—Authenticating web pages, e.g. with suspicious links
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present invention relates to network security technologies, it is desirable to provide a method of counterfeit website is differentiated based on threat information.The following steps are included: the domain-name information library in information bank and the content in web page library will be threatened to carry out similarity-rough set;The main body of putting on record of each website in analyzing web site group matches ICP unit of putting on record;Abnormal website is such as not detected, further matches registrant's information, analysis website arrangement address ip;Analyze page feature;It is in threatening information bank that the information of the website is tagged after judging the doubtful degree of counterfeit website of website, it is labeled as counterfeit website.The present invention can effectively using with the industries such as government, education, public institution, carry out the detection and discovery of counterfeit website.Counterfeit website is found in time, reduces the influence of flame, and the popularization of underground industrial chain is truncated, enhances the public trust of public unit.
Description
Technical field
It is the present invention relates to network security technology, in particular to a kind of based on the method for threatening information to differentiate counterfeit website.
Background technique
Counterfeit website is mainly a kind of gimmick for organizing to use for economic interests due to hacker, has been seemed by counterfeit
The site page of full normal occlusion rule, it is practical to be implanted into a large amount of third party's link and content in website, content be related to mostly lottery industry,
The improper profit business such as pornographic, game.There are problems that a large amount of counterfeit websites, this kind of website in domestic internet site scene
It is practical in the page by the higher unit website of counterfeit public trust (often government unit, public institution, educational institutions etc.)
It propagates underground grey industry to promote, the discovery of testing agency is hidden with this, speculate so as to hide for a long time.The problem is not understood
Certainly bring harm is to mislead common net user to access false counterfeit website, it is possible to bring deceptive information, propagate lottery industry, pornographic
Etc. contents and hide regulatory agency examination, allow underground industrial chain continue development seriously endanger social safety.
Current existing counterfeit website identification method mostly uses greatly the similarity of the address URL to judge, by URL noise word
The schemes such as symbol removal and Variations similar, identification personation website.And logo, the brand etc. of commerce site are matched, judge
Commerce site is counterfeit.At present to the identification technology of counterfeit website, mainly basis finds counterfeit station to the judgement of URL similarity
Point.But due to current a large amount of counterfeit websites and no longer by the similar address user cheating of URL, often through in mail, the page
The form of hyperlink is added, true address can not be seen by the user.In addition, there is a large amount of phase since Websites quantity increases
Like website.So the rate of false alarm and rate of failing to report that this method generates are all higher.
Summary of the invention
The technical problem to be solved by the present invention is to be overcome deficiency in the prior art, provide one kind and sentenced based on threat information
The method of not counterfeit website.
In order to solve the above technical problems, the solution that the present invention uses is:
It provides a kind of based on the method for threatening information to differentiate counterfeit website, comprising the following steps:
(1) the domain-name information library in information bank and the content in web page library will be threatened to carry out similarity-rough set;
(1.1) content in the website homepage page<title><meta>in domain name information bank is analyzed, using language
Adopted parser is identified;The website group that similarity is higher than preset threshold is extracted, for analyzing in next step;Alternatively,
(1.2) targeted sites are specified, the content in<title><meta>of the website is extracted, is looked into domain-name information library
The website group that similarity in contrast is higher than preset threshold is found, for analyzing in next step;
(2) in analyzing web site group each website main body of putting on record (ICPD), its ICP unit of putting on record is matched;
(2.1) whether confirmation website has been put on record;If not putting on record, it is included in malicious site;
(2.2) confirmation website is put on record the attribute of unit, such as belongs to government bodies or public institution, then excludes counterfeit suspicious;
(2.3) in unit of putting on record individual and enterprise analyze, as threaten information bank in be marked as it is suspicious
Unit is then included in suspicious website of putting on record;
(2.4) analysis is associated to other websites for unit of putting on record, such as there are other malicious websites record, be then included in standby
The suspicious website of case;
(3) abnormal website unit of putting on record is not detected, by the way of being associated analysis to registrant's information
(REGD), registrant's information is matched:
(3.1) its history registry website is looked by the way that site registration people is counter, being such as associated with website once had malicious websites record, then counted
Enter and registers suspicious website;
(3.2) its history registry website is looked by the way that site registration mailbox is counter, being such as associated with website once had malicious websites record, then
It is included in the suspicious website of registration;
(4) (IPD) is analyzed to the address ip of website arrangement;
(4.1) if the arrangement place of website is overseas or Hongkong and Macro Tai Area, and with put place on record and website is put on record unit
Location is different, then is included in the suspicious website of arrangement;
(4.2) website is looked into from the IP of arrangement is counter, such as there is suspicious website, be then included in the suspicious website of arrangement;
(5) (PGD) is analyzed to page feature:
(5.1) in whole links of the page, such as accounting of bad chain is more than preset value, then is included in the counterfeit website of malice;
(5.2) in whole links of the page, the accounting for being such as directed toward the link of external same domain name addresses is more than preset value,
Then it is included in the counterfeit website of malice;
(5.3) in content of pages, such as there is the keyword and linked contents of potential or display default sensitive content, then
It is included in the counterfeit website of malice;
(6) the doubtful degree of counterfeit website of website is judged:
Whether the analysis according to step (2) to (5) is as a result, belong to counterfeit integrate to website using following weighting algorithms
Analysis:
ε=α × ICPD+ β × REGD+ γ × IPD+ δ × PGD
Wherein, ICPD, which refers to, puts ICP that unit carries out matched result, REGD refers to and matches to registrant's information on record
Result, IPD refer to that the result analyzed website arrangement address ip, PGD refer to the result analyzed page feature;
The value of ICPD, REGD, IPD, PGD are [0,1], take 1 when matching or analysis result is negative;Factor alpha, the value of β, γ, δ
Respectively 0.2,0.2,0.3,0.3, when comprehensive score ε is at 0.5 point or more, it is judged as counterfeit website;
(7) after being judged as counterfeit website, by the unit of putting on record of the website, registrant, registration postal in threatening information bank
Case information, station address are tagged, (after multiple analysis, threaten in information bank and are formed greatly labeled as counterfeit website
The label of amount facilitates subsequent association analysis, can enhance based on the association judgement for threatening information, and reduces to web page characteristics
The dependence of analytical judgment greatly improves detection efficiency with this).
In the present invention, the sensitive content in the step (5.3) refers to lottery industry, Medical Advertisement, pornographic and game
Web page contents.
Inventive principle description:
Heretofore described threat information refers to: obtaining a large amount of network security data by acquiring or sharing, and right
Threat degree is analyzed, and information after analysis is formed, and is analyzed and is read for equipment, researcher.Information bank is threatened to refer to net
Network threat information is carried out in data set and is shared, such as vulnerability database, fingerprint base, IP prestige library, website prestige library etc..Threaten information
Library largely exists in network safety filed, and has commercialization trend.
The present invention analyzes the internet mass domain name and site information data mass data for threatening and acquiring in information bank, passes through
The data such as the domain name of website, the page, theme of putting on record, registration information, parsing address are analyzed and are associated with, are found out therein
Counterfeit website, and mark, facilitate subsequent detection.Wherein threatening the acquisition of information bank, the present invention can not in this patent
Utilize existing threat information bank data.
Compared with prior art, the solution have the advantages that:
Innovation of the invention is:
1, using threat information data, that is, website, unit of putting on record, registrant etc. because usually doing association analysis, rather than only to station
The content of point itself is tested and analyzed;
2, the present invention can faster identify counterfeit website, most by threatening information to carry out the analysis of quick association early period
Judged again by content characteristic afterwards, it is so as to improve timeliness and accurately fixed;
3, after this hair has now found that counterfeit website, label label can be carried out to the station data threatened in information bank, helped
In subsequent analysis, subsequent discovery timeliness is improved;
The present invention can effectively using with the industries such as government, education, public institution, carry out the detection and discovery of counterfeit website.
Due to a high credibility, public and search engine all can more trust for the website of these public units, thus content can cheat it is general
General family domain search engine is reduced with this due to propagating the probability that is found of flame, but the trip propagated in this kind of website
Play, lottery industry can generate adverse effect to society, also the public trust very serious for affecting our unit.The present invention is actually answering
With rear, website monitoring can be carried out, finds this kind of counterfeit website in time, reduce the influence of flame, truncation underground industrial chain
It promotes, enhances the public trust of public unit.
Detailed description of the invention
Fig. 1 is the flow chart of realization process of the present invention.
Specific embodiment
With reference to the accompanying drawing, specific embodiments of the present invention will be described in detail.
Based on the method for threatening information to differentiate counterfeit website in the present invention, comprising the following steps:
(1) the domain-name information library in information bank and the content in web page library will be threatened to carry out similarity-rough set;
(1.1) content in the website homepage page<title><meta>in domain name information bank is analyzed, using language
Adopted parser is identified;The website group that similarity is higher than preset threshold is extracted, for analyzing in next step;Alternatively,
(1.2) targeted sites are specified, the content in<title><meta>of the website is extracted, is looked into domain-name information library
The website group that similarity in contrast is higher than preset threshold is found, for analyzing in next step;
(2) in analyzing web site group each website main body of putting on record, its ICP unit of putting on record is matched;
(2.1) whether confirmation website has been put on record;If not putting on record, it is included in malicious site;
(2.2) confirmation website is put on record the attribute of unit, such as belongs to government bodies or public institution, then excludes counterfeit suspicious;
(2.3) in unit of putting on record individual and enterprise analyze, as threaten information bank in be marked as it is suspicious
Unit is then included in suspicious website of putting on record;
(2.4) analysis is associated to other websites for unit of putting on record, such as there are other malicious websites record, be then included in standby
The suspicious website of case;
(3) abnormal website unit of putting on record is not detected, by the way of being associated analysis to registrant's information,
Registrant's information is matched:
(3.1) its history registry website is looked by the way that site registration people is counter, being such as associated with website once had malicious websites record, then counted
Enter and registers suspicious website;
(3.2) its history registry website is looked by the way that site registration mailbox is counter, being such as associated with website once had malicious websites record, then
It is included in the suspicious website of registration;
(5) website arrangement address ip is analyzed;
(4.1) if the arrangement place of website is overseas or Hongkong and Macro Tai Area, and with put place on record and website is put on record unit
Location is different, then is included in the suspicious website of arrangement;
(4.2) website is looked into from the IP of arrangement is counter, such as there is suspicious website, be then included in the suspicious website of arrangement;
(5) page feature is analyzed:
(5.1) in whole links of the page, such as accounting of bad chain is more than preset value, then is included in the counterfeit website of malice;
(5.2) in whole links of the page, the accounting for being such as directed toward the link of external same domain name addresses is more than preset value,
Then it is included in the counterfeit website of malice;
(5.3) in content of pages, such as exist it is potential or display default sensitive content (be such as related to lottery industry, Medical Advertisement,
Pornographic and game web page contents) keyword and linked contents, then be included in maliciously counterfeit website;
(6) the doubtful degree of counterfeit website of website is judged:
Whether the analysis according to step (2) to (5) is as a result, belong to counterfeit integrate to website using following weighting algorithms
Analysis:
ε=α × ICPD+ β × REGD+ γ × IPD+ δ × PGD
Wherein, ICPD, which refers to, puts ICP that unit carries out matched result, REGD refers to and matches to registrant's information on record
Result, IPD refer to that the result analyzed website arrangement address ip, PGD refer to the result analyzed page feature;
The value of ICPD, REGD, IPD, PGD are [0,1], take 1 when matching or analysis result is negative;Factor alpha, the value of β, γ, δ
Respectively 0.2,0.2,0.3,0.3, when comprehensive score ε is at 0.5 point or more, it is judged as counterfeit website;
(7) after being judged as counterfeit website, by the unit of putting on record of the website, registrant, registration postal in threatening information bank
Case information, station address are tagged, (after multiple analysis, threaten in information bank and are formed greatly labeled as counterfeit website
The label of amount facilitates subsequent association analysis, can enhance based on the association judgement for threatening information, and reduces to web page characteristics
The dependence of analytical judgment greatly improves detection efficiency with this).
In the following, passing through the example of a site analysis, specific implementation of the present invention is illustrated:
1, a site title and portion, household society, the state consistent website in official website are found in threatening information bank, find Target Station
Point starts to analyze.
Essential information is as follows after parsing:
Network address:www.28issa-china.org.cn
Title: Department of Human Resources and Social Security, the People's Republic of China (PRC)
2, the ICP record information of the website is analyzed, discovery nothing is put on record.
3, the whois owner information of the website is analyzed:
It extracts and threatens website registrant cg7899999@gmail in information bank, find other stations under the registration mailbox
Point, there are also 368 illegal (forgery) websites, and the governmental site that part is illegally registered.
Therefore the website is included in the suspected site.
3, the arrangement place of the website: arrangement IP: the U.S.-Los Angeles 155.94.161.219 is analyzed;Arrangement in overseas, then
It is included in suspicious website.
4, the content of pages in the website is analyzed, discovery has lottery industry subpage frame content.
The ICPD of the website, REGD, IPD, PGD are suspicious state, as follows by calculating:
ε=α × ICPD+ β × REGD+ γ × IPD+ δ × PGD=0.2+0.2+0.3+0.3=1
It was found that final score 1, is much larger than 0.5, it is the high counterfeit website firmly believed.
Claims (2)
1. a kind of based on the method for threatening information to differentiate counterfeit website, which comprises the following steps:
(1) the domain-name information library in information bank and the content in web page library will be threatened to carry out similarity-rough set;
(1.1) content in the website homepage page<title><meta>in domain name information bank is analyzed, using semanteme point
Analysis algorithm is identified;The website group that similarity is higher than preset threshold is extracted, for analyzing in next step;Alternatively,
(1.2) targeted sites are specified, the content in<title><meta>of the website is extracted, is found in domain-name information library
Similarity is higher than the website group of preset threshold in contrast, for analyzing in next step;
(2) in analyzing web site group each website main body of putting on record, its ICP unit of putting on record is matched;
(2.1) whether confirmation website has been put on record;If not putting on record, it is included in malicious site;
(2.2) confirmation website is put on record the attribute of unit, such as belongs to government bodies or public institution, then excludes counterfeit suspicious;
(2.3) in unit of putting on record individual and enterprise analyze, as threaten information bank in be marked as suspicious unit,
Then it is included in suspicious website of putting on record;
(2.4) analysis is associated to other websites for unit of putting on record, such as there are other malicious websites record, is then included in that put on record can
Doubt website;
(3) abnormal website unit of putting on record is not detected, by the way of being associated analysis to registrant's information, to note
Volume people's information matches:
(3.1) its history registry website is looked by the way that site registration people is counter, being such as associated with website once had malicious websites record, then was included in note
The suspicious website of volume;
(3.2) its history registry website is looked by the way that site registration mailbox is counter, being such as associated with website once had malicious websites record, then was included in
Register suspicious website;
(4) website arrangement address ip is analyzed;
(4.1) if the arrangement place of website is overseas or Hongkong and Macro Tai Area, and with put place on record and website is put on record where unit
Ground is different, then is included in the suspicious website of arrangement;
(4.2) website is looked into from the IP of arrangement is counter, such as there is suspicious website, be then included in the suspicious website of arrangement;
(5) page feature is analyzed:
(5.1) in whole links of the page, such as accounting of bad chain is more than preset value, then is included in the counterfeit website of malice;
(5.2) in whole links of the page, the accounting for being such as directed toward the link of external same domain name addresses is more than preset value, then counts
Enter the counterfeit website of malice;
(5.3) in content of pages, such as there is the keyword and linked contents of potential or display default sensitive content, be then included in
Maliciously counterfeit website;
(6) the doubtful degree of counterfeit website of website is judged:
Analysis according to step (2) to (5) using following weighting algorithms as a result, divided whether website belongs to the counterfeit synthesis that carries out
Analysis:
ε=α × ICPD+ β × REGD+ γ × IPD+ δ × PGD
Wherein, ICPD, which refers to, puts ICP that unit carries out matched result, REGD refers to and carries out matched knot to registrant's information on record
Fruit, IPD refer to that the result analyzed website arrangement address ip, PGD refer to the result analyzed page feature;
The value of ICPD, REGD, IPD, PGD are [0,1], take 1 when matching or analysis result is negative;Factor alpha, the value of β, γ, δ
Respectively 0.2,0.2,0.3,0.3, when comprehensive score ε is at 0.5 point or more, it is judged as counterfeit website;
(7) after being judged as counterfeit website, the unit of putting on record of the website, registrant, registration mailbox are believed in threatening information bank
Breath, station address are tagged, are labeled as counterfeit website.
2. the method according to claim 1, wherein the sensitive content in the step (5.3) refers to win
Coloured silk, Medical Advertisement, pornographic and the web page contents of game.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811211754.6A CN109522504A (en) | 2018-10-18 | 2018-10-18 | A method of counterfeit website is differentiated based on threat information |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811211754.6A CN109522504A (en) | 2018-10-18 | 2018-10-18 | A method of counterfeit website is differentiated based on threat information |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109522504A true CN109522504A (en) | 2019-03-26 |
Family
ID=65770175
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811211754.6A Pending CN109522504A (en) | 2018-10-18 | 2018-10-18 | A method of counterfeit website is differentiated based on threat information |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109522504A (en) |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110245986A (en) * | 2019-06-14 | 2019-09-17 | 哈尔滨工业大学(威海) | A method of obtaining internet financial advertising body release |
CN110247916A (en) * | 2019-06-20 | 2019-09-17 | 四川长虹电器股份有限公司 | Malice domain name detection method |
CN110855716A (en) * | 2019-11-29 | 2020-02-28 | 北京邮电大学 | Self-adaptive security threat analysis method and system for counterfeit domain names |
CN111600842A (en) * | 2020-04-17 | 2020-08-28 | 国网浙江省电力有限公司电力科学研究院 | Internet of things terminal security control method and system for credible threat information |
CN111901329A (en) * | 2020-07-22 | 2020-11-06 | 浙江军盾信息科技有限公司 | Method and device for identifying network security event |
CN112104656A (en) * | 2020-09-16 | 2020-12-18 | 杭州安恒信息安全技术有限公司 | Network threat data acquisition method, device, equipment and medium |
CN113360895A (en) * | 2021-06-02 | 2021-09-07 | 北京百度网讯科技有限公司 | Station group detection method and device and electronic equipment |
CN113536086A (en) * | 2021-06-30 | 2021-10-22 | 北京百度网讯科技有限公司 | Model training method, account scoring method, device, equipment, medium and product |
CN113656671A (en) * | 2021-06-16 | 2021-11-16 | 北京百度网讯科技有限公司 | Model training method, link scoring method, device, equipment, medium and product |
CN113726826A (en) * | 2021-11-04 | 2021-11-30 | 北京微步在线科技有限公司 | Threat information generation method and device |
CN113779478A (en) * | 2021-09-15 | 2021-12-10 | 哈尔滨工业大学(威海) | Abnormal ICP filing website detection method based on multivariate features |
CN113783855A (en) * | 2021-08-30 | 2021-12-10 | 北京百度网讯科技有限公司 | Site evaluation method, site evaluation device, electronic apparatus, storage medium, and program product |
CN114866295A (en) * | 2022-04-20 | 2022-08-05 | 哈尔滨工业大学(威海) | Method for constructing bad site service IP pool and acquiring and analyzing IP main body attribute data |
CN115001734A (en) * | 2022-04-17 | 2022-09-02 | 广西电网有限责任公司电力科学研究院 | IP back-check system and method for power network safety monitoring |
CN117439821A (en) * | 2023-12-20 | 2024-01-23 | 成都无糖信息技术有限公司 | Website judgment method and system based on data fusion and multi-factor decision method |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106411879A (en) * | 2016-09-23 | 2017-02-15 | 北京网康科技有限公司 | Software identification feature acquisition method and apparatus |
CN107454076A (en) * | 2017-08-01 | 2017-12-08 | 北京亚鸿世纪科技发展有限公司 | A kind of website portrait method |
CN107566376A (en) * | 2017-09-11 | 2018-01-09 | 中国信息安全测评中心 | One kind threatens information generation method, apparatus and system |
CN107819783A (en) * | 2017-11-27 | 2018-03-20 | 深信服科技股份有限公司 | A kind of network security detection method and system based on threat information |
US10051010B2 (en) * | 2014-06-11 | 2018-08-14 | Accenture Global Services Limited | Method and system for automated incident response |
-
2018
- 2018-10-18 CN CN201811211754.6A patent/CN109522504A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10051010B2 (en) * | 2014-06-11 | 2018-08-14 | Accenture Global Services Limited | Method and system for automated incident response |
CN106411879A (en) * | 2016-09-23 | 2017-02-15 | 北京网康科技有限公司 | Software identification feature acquisition method and apparatus |
CN107454076A (en) * | 2017-08-01 | 2017-12-08 | 北京亚鸿世纪科技发展有限公司 | A kind of website portrait method |
CN107566376A (en) * | 2017-09-11 | 2018-01-09 | 中国信息安全测评中心 | One kind threatens information generation method, apparatus and system |
CN107819783A (en) * | 2017-11-27 | 2018-03-20 | 深信服科技股份有限公司 | A kind of network security detection method and system based on threat information |
Cited By (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110245986A (en) * | 2019-06-14 | 2019-09-17 | 哈尔滨工业大学(威海) | A method of obtaining internet financial advertising body release |
CN110247916A (en) * | 2019-06-20 | 2019-09-17 | 四川长虹电器股份有限公司 | Malice domain name detection method |
CN110247916B (en) * | 2019-06-20 | 2021-07-27 | 四川长虹电器股份有限公司 | Malicious domain name detection method |
CN110855716A (en) * | 2019-11-29 | 2020-02-28 | 北京邮电大学 | Self-adaptive security threat analysis method and system for counterfeit domain names |
CN110855716B (en) * | 2019-11-29 | 2020-11-06 | 北京邮电大学 | Self-adaptive security threat analysis method and system for counterfeit domain names |
CN111600842A (en) * | 2020-04-17 | 2020-08-28 | 国网浙江省电力有限公司电力科学研究院 | Internet of things terminal security control method and system for credible threat information |
CN111600842B (en) * | 2020-04-17 | 2022-05-17 | 国网浙江省电力有限公司电力科学研究院 | Internet of things terminal security control method and system for credible threat information |
CN111901329A (en) * | 2020-07-22 | 2020-11-06 | 浙江军盾信息科技有限公司 | Method and device for identifying network security event |
CN112104656A (en) * | 2020-09-16 | 2020-12-18 | 杭州安恒信息安全技术有限公司 | Network threat data acquisition method, device, equipment and medium |
CN113360895B (en) * | 2021-06-02 | 2023-07-25 | 北京百度网讯科技有限公司 | Station group detection method and device and electronic equipment |
CN113360895A (en) * | 2021-06-02 | 2021-09-07 | 北京百度网讯科技有限公司 | Station group detection method and device and electronic equipment |
CN113656671B (en) * | 2021-06-16 | 2024-05-24 | 北京百度网讯科技有限公司 | Model training method, link scoring method, device, equipment, medium and product |
CN113656671A (en) * | 2021-06-16 | 2021-11-16 | 北京百度网讯科技有限公司 | Model training method, link scoring method, device, equipment, medium and product |
CN113536086B (en) * | 2021-06-30 | 2023-07-14 | 北京百度网讯科技有限公司 | Model training method, account scoring method, device, equipment, medium and product |
CN113536086A (en) * | 2021-06-30 | 2021-10-22 | 北京百度网讯科技有限公司 | Model training method, account scoring method, device, equipment, medium and product |
CN113783855A (en) * | 2021-08-30 | 2021-12-10 | 北京百度网讯科技有限公司 | Site evaluation method, site evaluation device, electronic apparatus, storage medium, and program product |
WO2023029486A1 (en) * | 2021-08-30 | 2023-03-09 | 北京百度网讯科技有限公司 | Site evaluation method and apparatus, and electronic device, storage medium and program product |
CN113779478A (en) * | 2021-09-15 | 2021-12-10 | 哈尔滨工业大学(威海) | Abnormal ICP filing website detection method based on multivariate features |
CN113726826A (en) * | 2021-11-04 | 2021-11-30 | 北京微步在线科技有限公司 | Threat information generation method and device |
CN115001734A (en) * | 2022-04-17 | 2022-09-02 | 广西电网有限责任公司电力科学研究院 | IP back-check system and method for power network safety monitoring |
CN115001734B (en) * | 2022-04-17 | 2024-03-22 | 广西电网有限责任公司电力科学研究院 | IP (Internet protocol) reverse check system and method for power network safety monitoring |
CN114866295A (en) * | 2022-04-20 | 2022-08-05 | 哈尔滨工业大学(威海) | Method for constructing bad site service IP pool and acquiring and analyzing IP main body attribute data |
CN114866295B (en) * | 2022-04-20 | 2023-07-25 | 哈尔滨工业大学(威海) | Bad site service IP pool construction and IP main body attribute data acquisition and analysis method |
CN117439821A (en) * | 2023-12-20 | 2024-01-23 | 成都无糖信息技术有限公司 | Website judgment method and system based on data fusion and multi-factor decision method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109522504A (en) | A method of counterfeit website is differentiated based on threat information | |
US10880330B2 (en) | Systems and methods for detection of infected websites | |
US9276956B2 (en) | Method for detecting phishing website without depending on samples | |
Gowtham et al. | A comprehensive and efficacious architecture for detecting phishing webpages | |
Ramesh et al. | An efficacious method for detecting phishing webpages through target domain identification | |
Hara et al. | Visual similarity-based phishing detection without victim site information | |
CN104954372B (en) | A kind of evidence obtaining of fishing website and verification method and system | |
CN104899508B (en) | A kind of multistage detection method for phishing site and system | |
Yang et al. | How to learn klingon without a dictionary: Detection and measurement of black keywords used by the underground economy | |
CN105718577B (en) | Method and system for automatically detecting phishing aiming at newly added domain name | |
Liao et al. | Seeking nonsense, looking for trouble: Efficient promotional-infection detection through semantic inconsistency search | |
CN104077396A (en) | Method and device for detecting phishing website | |
Das Guptta et al. | Modeling hybrid feature-based phishing websites detection using machine learning techniques | |
WO2014063520A1 (en) | Method and apparatus for determining phishing website | |
Jain et al. | Phishskape: A content based approach to escape phishing attacks | |
CN106789939A (en) | A kind of detection method for phishing site and device | |
CN108092963A (en) | Web page identification method, device, computer equipment and storage medium | |
CN110572359A (en) | Phishing webpage detection method based on machine learning | |
Liu et al. | An efficient multistage phishing website detection model based on the CASE feature framework: Aiming at the real web environment | |
Deshpande et al. | Detection of phishing websites using Machine Learning | |
CN110138758A (en) | Mistake based on domain name vocabulary plants domain name detection method | |
Ramesh et al. | Identification of phishing webpages and its target domains by analyzing the feign relationship | |
Geng et al. | RRPhish: Anti-phishing via mining brand resources request | |
CN112804210A (en) | Data association method and device, electronic equipment and computer-readable storage medium | |
Chen et al. | Online deception investigation: Content analysis and cross-cultural comparison |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190326 |