CN109522504A - A method of counterfeit website is differentiated based on threat information - Google Patents
A method of counterfeit website is differentiated based on threat information Download PDFInfo
- Publication number
- CN109522504A CN109522504A CN201811211754.6A CN201811211754A CN109522504A CN 109522504 A CN109522504 A CN 109522504A CN 201811211754 A CN201811211754 A CN 201811211754A CN 109522504 A CN109522504 A CN 109522504A
- Authority
- CN
- China
- Prior art keywords
- website
- site
- sites
- counterfeit
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 15
- 238000004458 analytical method Methods 0.000 claims abstract description 29
- 238000010219 correlation analysis Methods 0.000 claims description 7
- 230000008520 organization Effects 0.000 claims description 3
- 238000001514 detection method Methods 0.000 abstract description 6
- 238000005516 engineering process Methods 0.000 abstract description 3
- 230000002159 abnormal effect Effects 0.000 abstract 1
- 238000012098 association analyses Methods 0.000 description 3
- 230000005856 abnormality Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000000644 propagated effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2119—Authenticating web pages, e.g. with suspicious links
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present invention relates to network security technologies, it is desirable to provide a method of counterfeit website is differentiated based on threat information.The following steps are included: the domain-name information library in information bank and the content in web page library will be threatened to carry out similarity-rough set;The main body of putting on record of each website in analyzing web site group matches ICP unit of putting on record;Abnormal website is such as not detected, further matches registrant's information, analysis website arrangement address ip;Analyze page feature;It is in threatening information bank that the information of the website is tagged after judging the doubtful degree of counterfeit website of website, it is labeled as counterfeit website.The present invention can effectively using with the industries such as government, education, public institution, carry out the detection and discovery of counterfeit website.Counterfeit website is found in time, reduces the influence of flame, and the popularization of underground industrial chain is truncated, enhances the public trust of public unit.
Description
Technical Field
The invention relates to a network security technology, in particular to a method for judging counterfeit websites based on threat information.
Background
The counterfeiting website is mainly a method adopted by hacker organizations for economic benefit, and a large amount of third-party links and contents are actually implanted into the website by counterfeiting website pages which are seemingly completely normal and compliant, and the contents mostly relate to inappropriate profit businesses such as lotteries, pornography, games and the like. The problem of a large number of counterfeit sites exists in the domestic internet website scene, and the sites actually spread underground grey industry promotion in pages by counterfeiting unit sites (often government units, public institutions, education institutions and the like) with high public confidence, so that the detection mechanism can be hidden to obtain benefits for a long time. The harm caused by the problem is misleading the ordinary internet surfing people to visit the false counterfeit websites, possibly causing false information, spreading contents such as lottery, pornography and the like, avoiding the review of a supervision institution, and enabling the underground industrial chain to continue to develop and seriously endanger social security.
The existing counterfeit website identification methods mostly adopt similarity judgment of URL addresses, and counterfeit websites are identified by schemes of eliminating URL interference characters, similar deformation and the like. And matching the logo, the brand and the like of the commercial site, and judging the counterfeit of the commercial site. At present, the identification technology of counterfeit websites mainly finds counterfeit websites according to the judgment of URL similarity. However, because a large number of websites are counterfeited at present and users are not cheated by URL similar addresses any more, the real addresses can not be seen by the users by adding hyperlinks in mails and pages. In addition, as the number of web sites increases, a large number of similar sites are present. Therefore, the false alarm rate and the false alarm rate generated by the method are high.
Disclosure of Invention
The technical problem to be solved by the invention is to overcome the defects in the prior art and provide a method for judging counterfeit websites based on threat information.
In order to solve the technical problems, the invention adopts the following solution:
the method for judging the counterfeit website based on the threat information comprises the following steps:
(1) comparing the similarity of the domain name information base in the threat information base with the content in the webpage base;
(1.1) analyzing the content in a website home page < title > < meta > in a domain name information base, and identifying by adopting a semantic analysis algorithm; extracting a website group with the similarity higher than a preset threshold value for further analysis; or,
(1.2) designating a target site, extracting the content in < title > < meta > of the site, and searching a website group with similarity higher than a preset threshold in a domain name information base for further analysis;
(2) analyzing an inventory subject (ICPD) of each site in a website group, and matching ICP inventory units of the ICPD;
(2.1) confirming whether the station is already put on record; if the record is not recorded, the malicious site is recorded;
(2.2) confirming the attribute of the site filing unit, and if the site filing unit belongs to a government organization or a public institution, excluding the suspect counterfeit;
(2.3) analyzing individuals and enterprises in the filing unit, and if the individuals and the enterprises are marked as suspicious units in the threat information library, recording the suspicious units in the filing site;
(2.4) performing correlation analysis on other sites of the record unit, and if other malicious website records exist, recording the record unit into a suspicious site;
(3) for the sites where no abnormality is detected by the filing unit, the registrant information is matched in a way of performing association analysis (REGD) on the registrant information:
(3.1) reexamining historical registration sites of the website registrars through the site registrars, and if the associated sites have malicious website records, logging in to register suspicious sites;
(3.2) reexamining the historical registration sites of the website registration mailbox, and if the associated sites have malicious website records, logging in and registering suspicious sites;
(4) analyzing (IPD) the address IP deployed by the site;
(4.1) if the deployment site of the site is overseas or in the Australian harbor region and is different from the record site and the site of the website record unit, recording the deployment suspicious site;
(4.2) carrying out reverse check on the sites from the deployed IP, and if the suspicious sites exist, counting the deployed suspicious sites;
(5) analysis of page features (PGD):
(5.1) in all links of the page, if the proportion of the bad links exceeds a preset value, counting malicious counterfeit sites;
(5.2) in all links of the page, if the proportion of the links pointing to the same external domain name address exceeds a preset value, the links are counted as malicious counterfeit sites;
(5.3) in the page content, if the keywords and the link content of the potential or displayed preset sensitive content exist, the page content is counted into a malicious counterfeit site;
(6) judging the suspected degree of the counterfeit site of the site:
and (5) according to the analysis results of the steps (2) to (5), performing comprehensive analysis on whether the site belongs to counterfeit by adopting the following weighting algorithm:
ε=α×ICPD+β×REGD+γ×IPD+δ×PGD
the ICPD, the REGD, the IPD and the PGD are taken as values of [0, 1], 1 is taken when the matching or analysis result is negative, the coefficients α, β, gamma and delta are respectively taken as values of 0.2, 0.2, 0.3 and 0.3, and the counterfeiting site is judged when the comprehensive score epsilon is more than 0.5 point;
(7) after the website is judged to be a counterfeit website, the record unit, the registrant, the registered mailbox information and the website address of the website are marked in the threat information library and marked as the counterfeit website (after multiple analyses, a large number of labels are formed in the threat information library, so that the subsequent association analysis is facilitated, the association judgment capability based on the threat information is enhanced, the dependence on the webpage characteristic analysis judgment is reduced, and the detection efficiency is greatly improved).
In the invention, the sensitive content in the step (5.3) refers to webpage content related to lotteries, medical advertisements, pornography and games.
Description of the inventive principles:
the threat intelligence in the invention is as follows: a large amount of network security data are obtained through collection or sharing, and the threat degree is analyzed to form analyzed information which can be analyzed and read by equipment and researchers. The threat intelligence library is used for centralizing and sharing data of network threat information, such as a leak library, a fingerprint library, an IP reputation library, a website reputation library and the like. The threat intelligence library exists in a large amount in the field of network security and has a production trend.
The method analyzes the mass data of the internet mass domain names and the site information data collected in the threat information library, analyzes and associates the data of the domain names, the pages, the record subjects, the registration information, the resolution addresses and the like of the sites, finds out the counterfeit sites in the data, and marks the counterfeit sites, thereby facilitating the subsequent detection. Wherein the threat intelligence repository is not obtained in this patent, the present invention can utilize existing threat intelligence repository data.
Compared with the prior art, the invention has the technical effects that:
the innovation of the invention is that:
1. adopting threat intelligence data, namely sites, record units, registrars and other factors to carry out correlation analysis, rather than only carrying out detection analysis on the content of the sites;
2. according to the method, early-stage rapid correlation analysis is carried out through threat information, counterfeit sites can be identified more rapidly, and finally content characteristic judgment is carried out, so that timeliness and accuracy are improved;
3. after the counterfeit websites are found, the website data in the threat information library can be labeled, so that the follow-up analysis is facilitated, and the follow-up finding timeliness is improved;
the invention can be effectively applied to industries such as government, education, public institution and the like to detect and discover counterfeit sites. The websites of the public units are high in reliability, so that the public and the search engine can trust, the content can deceive the search engine of the common user domain, the probability that the propagation bad information is found is reduced, but the games and lotteries propagated in the websites have bad influence on the society and seriously influence the public reliability of the public unit. After the method is practically applied, site monitoring can be carried out, such counterfeit websites can be found in time, the influence of bad information is reduced, the popularization of the underground industrial chain is cut off, and the public credibility of public units is enhanced.
Drawings
FIG. 1 is a flow chart of an implementation of the present invention.
Detailed Description
The following detailed description of embodiments of the invention refers to the accompanying drawings.
The method for judging counterfeit websites based on threat information comprises the following steps:
(1) comparing the similarity of the domain name information base in the threat information base with the content in the webpage base;
(1.1) analyzing the content in a website home page < title > < meta > in a domain name information base, and identifying by adopting a semantic analysis algorithm; extracting a website group with the similarity higher than a preset threshold value for further analysis; or,
(1.2) designating a target site, extracting the content in < title > < meta > of the site, and searching a website group with similarity higher than a preset threshold in a domain name information base for further analysis;
(2) analyzing the main filing bodies of all the sites in the website group, and matching ICP filing units of the main filing bodies;
(2.1) confirming whether the station is already put on record; if the record is not recorded, the malicious site is recorded;
(2.2) confirming the attribute of the site filing unit, and if the site filing unit belongs to a government organization or a public institution, excluding the suspect counterfeit;
(2.3) analyzing individuals and enterprises in the filing unit, and if the individuals and the enterprises are marked as suspicious units in the threat information library, recording the suspicious units in the filing site;
(2.4) performing correlation analysis on other sites of the record unit, and if other malicious website records exist, recording the record unit into a suspicious site;
(3) for the sites where no exception is detected by the record unit, the registrant information is matched in a way of performing correlation analysis on the registrant information:
(3.1) reexamining historical registration sites of the website registrars through the site registrars, and if the associated sites have malicious website records, logging in to register suspicious sites;
(3.2) reexamining the historical registration sites of the website registration mailbox, and if the associated sites have malicious website records, logging in and registering suspicious sites;
(5) analyzing the IP of the site deployment address;
(4.1) if the deployment site of the site is overseas or in the Australian harbor region and is different from the record site and the site of the website record unit, recording the deployment suspicious site;
(4.2) carrying out reverse check on the sites from the deployed IP, and if the suspicious sites exist, counting the deployed suspicious sites;
(5) analyzing the page characteristics:
(5.1) in all links of the page, if the proportion of the bad links exceeds a preset value, counting malicious counterfeit sites;
(5.2) in all links of the page, if the proportion of the links pointing to the same external domain name address exceeds a preset value, the links are counted as malicious counterfeit sites;
(5.3) in the page content, if the keywords and link content of the potential or displayed preset sensitive content (such as webpage content related to lotteries, medical advertisements, pornography and games) exist, the page content is added into a malicious counterfeit site;
(6) judging the suspected degree of the counterfeit site of the site:
and (5) according to the analysis results of the steps (2) to (5), performing comprehensive analysis on whether the site belongs to counterfeit by adopting the following weighting algorithm:
ε=α×ICPD+β×REGD+γ×IPD+δ×PGD
the ICPD, the REGD, the IPD and the PGD are taken as values of [0, 1], 1 is taken when the matching or analysis result is negative, the coefficients α, β, gamma and delta are respectively taken as values of 0.2, 0.2, 0.3 and 0.3, and the counterfeiting site is judged when the comprehensive score epsilon is more than 0.5 point;
(7) after the website is judged to be a counterfeit website, the record unit, the registrant, the registered mailbox information and the website address of the website are marked in the threat information library and marked as the counterfeit website (after multiple analyses, a large number of labels are formed in the threat information library, so that the subsequent association analysis is facilitated, the association judgment capability based on the threat information is enhanced, the dependence on the webpage characteristic analysis judgment is reduced, and the detection efficiency is greatly improved).
The following illustrates a specific implementation of the present invention by an example of site analysis:
1. a site whose website title matches the official website of the national society department is found in the threat intelligence library, a target site is found, and analysis is started.
The basic information after analysis is as follows:
website address:www.28issa-china.org.cn
title: ministry of human resources and social security of the people's republic of China
2. And analyzing the ICP record information of the website and finding that no record exists.
3. Analyzing the whois owner information of the website:
the website registrant cg7899999@ gmail in the threat intelligence repository is extracted and found other sites under the registration mailbox, as well as 368 illegal (fake) sites and some illegal registered government sites.
Thus crediting the website to the suspect website.
3. Analyzing the deployment site of the website: and (4) IP deployment: us-los angeles 155.94.161.219; and when the system is deployed overseas, the suspicious site is counted.
4. And analyzing the page content in the website to find the content of the lottery sub-page.
The ICPD, REGD, IPD and PGD of the website are all suspicious states, and are calculated as follows:
ε=α×ICPD+β×REGD+γ×IPD+δ×PGD=0.2+0.2+0.3+0.3=1
it was found that a final score of 1, much greater than 0.5, was a highly confident phishing website.
Claims (2)
1. A method for judging counterfeit websites based on threat information is characterized by comprising the following steps:
(1) comparing the similarity of the domain name information base in the threat information base with the content in the webpage base;
(1.1) analyzing the content in a website home page < title > < meta > in a domain name information base, and identifying by adopting a semantic analysis algorithm; extracting a website group with the similarity higher than a preset threshold value for further analysis; or,
(1.2) designating a target site, extracting the content in < title > < meta > of the site, and searching a website group with similarity higher than a preset threshold in a domain name information base for further analysis;
(2) analyzing the main filing bodies of all the sites in the website group, and matching ICP filing units of the main filing bodies;
(2.1) confirming whether the station is already put on record; if the record is not recorded, the malicious site is recorded;
(2.2) confirming the attribute of the site filing unit, and if the site filing unit belongs to a government organization or a public institution, excluding the suspect counterfeit;
(2.3) analyzing individuals and enterprises in the filing unit, and if the individuals and the enterprises are marked as suspicious units in the threat information library, recording the suspicious units in the filing site;
(2.4) performing correlation analysis on other sites of the record unit, and if other malicious website records exist, recording the record unit into a suspicious site;
(3) for the sites where no exception is detected by the record unit, the registrant information is matched in a way of performing correlation analysis on the registrant information:
(3.1) reexamining historical registration sites of the website registrars through the site registrars, and if the associated sites have malicious website records, logging in to register suspicious sites;
(3.2) reexamining the historical registration sites of the website registration mailbox, and if the associated sites have malicious website records, logging in and registering suspicious sites;
(4) analyzing the IP of the site deployment address;
(4.1) if the deployment site of the site is overseas or in the Australian harbor region and is different from the record site and the site of the website record unit, recording the deployment suspicious site;
(4.2) carrying out reverse check on the sites from the deployed IP, and if the suspicious sites exist, counting the deployed suspicious sites;
(5) analyzing the page characteristics:
(5.1) in all links of the page, if the proportion of the bad links exceeds a preset value, counting malicious counterfeit sites;
(5.2) in all links of the page, if the proportion of the links pointing to the same external domain name address exceeds a preset value, the links are counted as malicious counterfeit sites;
(5.3) in the page content, if the keywords and the link content of the potential or displayed preset sensitive content exist, the page content is counted into a malicious counterfeit site;
(6) judging the suspected degree of the counterfeit site of the site:
and (5) according to the analysis results of the steps (2) to (5), performing comprehensive analysis on whether the site belongs to counterfeit by adopting the following weighting algorithm:
ε=α×ICPD+β×REGD+γ×IPD+δ×PGD
the ICPD, the REGD, the IPD and the PGD are taken as values of [0, 1], 1 is taken when the matching or analysis result is negative, the coefficients α, β, gamma and delta are respectively taken as values of 0.2, 0.2, 0.3 and 0.3, and the counterfeiting site is judged when the comprehensive score epsilon is more than 0.5 point;
(7) after the website is judged to be a counterfeit website, the record unit, the registrant, the registered mailbox information and the website address of the website are marked in the threat information library and marked as the counterfeit website.
2. The method according to claim 1, characterized in that the sensitive content in step (5.3) refers to web page content related to lotteries, medical advertisements, pornography and games.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811211754.6A CN109522504A (en) | 2018-10-18 | 2018-10-18 | A method of counterfeit website is differentiated based on threat information |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811211754.6A CN109522504A (en) | 2018-10-18 | 2018-10-18 | A method of counterfeit website is differentiated based on threat information |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109522504A true CN109522504A (en) | 2019-03-26 |
Family
ID=65770175
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811211754.6A Pending CN109522504A (en) | 2018-10-18 | 2018-10-18 | A method of counterfeit website is differentiated based on threat information |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109522504A (en) |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110245986A (en) * | 2019-06-14 | 2019-09-17 | 哈尔滨工业大学(威海) | A method of obtaining internet financial advertising body release |
CN110247916A (en) * | 2019-06-20 | 2019-09-17 | 四川长虹电器股份有限公司 | Malice domain name detection method |
CN110855716A (en) * | 2019-11-29 | 2020-02-28 | 北京邮电大学 | Self-adaptive security threat analysis method and system for counterfeit domain names |
CN111600842A (en) * | 2020-04-17 | 2020-08-28 | 国网浙江省电力有限公司电力科学研究院 | Internet of things terminal security control method and system for credible threat information |
CN111901329A (en) * | 2020-07-22 | 2020-11-06 | 浙江军盾信息科技有限公司 | Method and device for identifying network security event |
CN112104656A (en) * | 2020-09-16 | 2020-12-18 | 杭州安恒信息安全技术有限公司 | Network threat data acquisition method, device, equipment and medium |
CN113360895A (en) * | 2021-06-02 | 2021-09-07 | 北京百度网讯科技有限公司 | Station group detection method and device and electronic equipment |
CN113536086A (en) * | 2021-06-30 | 2021-10-22 | 北京百度网讯科技有限公司 | Model training method, account scoring method, device, equipment, medium and product |
CN113656671A (en) * | 2021-06-16 | 2021-11-16 | 北京百度网讯科技有限公司 | Model training method, link scoring method, device, equipment, medium and product |
CN113726826A (en) * | 2021-11-04 | 2021-11-30 | 北京微步在线科技有限公司 | Threat information generation method and device |
CN113783855A (en) * | 2021-08-30 | 2021-12-10 | 北京百度网讯科技有限公司 | Site evaluation method, site evaluation device, electronic apparatus, storage medium, and program product |
CN113779478A (en) * | 2021-09-15 | 2021-12-10 | 哈尔滨工业大学(威海) | Abnormal ICP filing website detection method based on multivariate features |
CN114866295A (en) * | 2022-04-20 | 2022-08-05 | 哈尔滨工业大学(威海) | Method for constructing bad site service IP pool and acquiring and analyzing IP main body attribute data |
CN115001734A (en) * | 2022-04-17 | 2022-09-02 | 广西电网有限责任公司电力科学研究院 | IP back-check system and method for power network safety monitoring |
CN117439821A (en) * | 2023-12-20 | 2024-01-23 | 成都无糖信息技术有限公司 | Website judgment method and system based on data fusion and multi-factor decision method |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106411879A (en) * | 2016-09-23 | 2017-02-15 | 北京网康科技有限公司 | Software identification feature acquisition method and apparatus |
CN107454076A (en) * | 2017-08-01 | 2017-12-08 | 北京亚鸿世纪科技发展有限公司 | A kind of website portrait method |
CN107566376A (en) * | 2017-09-11 | 2018-01-09 | 中国信息安全测评中心 | One kind threatens information generation method, apparatus and system |
CN107819783A (en) * | 2017-11-27 | 2018-03-20 | 深信服科技股份有限公司 | A kind of network security detection method and system based on threat information |
US10051010B2 (en) * | 2014-06-11 | 2018-08-14 | Accenture Global Services Limited | Method and system for automated incident response |
-
2018
- 2018-10-18 CN CN201811211754.6A patent/CN109522504A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10051010B2 (en) * | 2014-06-11 | 2018-08-14 | Accenture Global Services Limited | Method and system for automated incident response |
CN106411879A (en) * | 2016-09-23 | 2017-02-15 | 北京网康科技有限公司 | Software identification feature acquisition method and apparatus |
CN107454076A (en) * | 2017-08-01 | 2017-12-08 | 北京亚鸿世纪科技发展有限公司 | A kind of website portrait method |
CN107566376A (en) * | 2017-09-11 | 2018-01-09 | 中国信息安全测评中心 | One kind threatens information generation method, apparatus and system |
CN107819783A (en) * | 2017-11-27 | 2018-03-20 | 深信服科技股份有限公司 | A kind of network security detection method and system based on threat information |
Cited By (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110245986A (en) * | 2019-06-14 | 2019-09-17 | 哈尔滨工业大学(威海) | A method of obtaining internet financial advertising body release |
CN110247916A (en) * | 2019-06-20 | 2019-09-17 | 四川长虹电器股份有限公司 | Malice domain name detection method |
CN110247916B (en) * | 2019-06-20 | 2021-07-27 | 四川长虹电器股份有限公司 | Malicious domain name detection method |
CN110855716A (en) * | 2019-11-29 | 2020-02-28 | 北京邮电大学 | Self-adaptive security threat analysis method and system for counterfeit domain names |
CN110855716B (en) * | 2019-11-29 | 2020-11-06 | 北京邮电大学 | Self-adaptive security threat analysis method and system for counterfeit domain names |
CN111600842A (en) * | 2020-04-17 | 2020-08-28 | 国网浙江省电力有限公司电力科学研究院 | Internet of things terminal security control method and system for credible threat information |
CN111600842B (en) * | 2020-04-17 | 2022-05-17 | 国网浙江省电力有限公司电力科学研究院 | Internet of things terminal security control method and system for credible threat information |
CN111901329A (en) * | 2020-07-22 | 2020-11-06 | 浙江军盾信息科技有限公司 | Method and device for identifying network security event |
CN112104656A (en) * | 2020-09-16 | 2020-12-18 | 杭州安恒信息安全技术有限公司 | Network threat data acquisition method, device, equipment and medium |
CN113360895B (en) * | 2021-06-02 | 2023-07-25 | 北京百度网讯科技有限公司 | Station group detection method and device and electronic equipment |
CN113360895A (en) * | 2021-06-02 | 2021-09-07 | 北京百度网讯科技有限公司 | Station group detection method and device and electronic equipment |
CN113656671B (en) * | 2021-06-16 | 2024-05-24 | 北京百度网讯科技有限公司 | Model training method, link scoring method, device, equipment, medium and product |
CN113656671A (en) * | 2021-06-16 | 2021-11-16 | 北京百度网讯科技有限公司 | Model training method, link scoring method, device, equipment, medium and product |
CN113536086B (en) * | 2021-06-30 | 2023-07-14 | 北京百度网讯科技有限公司 | Model training method, account scoring method, device, equipment, medium and product |
CN113536086A (en) * | 2021-06-30 | 2021-10-22 | 北京百度网讯科技有限公司 | Model training method, account scoring method, device, equipment, medium and product |
WO2023029486A1 (en) * | 2021-08-30 | 2023-03-09 | 北京百度网讯科技有限公司 | Site evaluation method and apparatus, and electronic device, storage medium and program product |
CN113783855A (en) * | 2021-08-30 | 2021-12-10 | 北京百度网讯科技有限公司 | Site evaluation method, site evaluation device, electronic apparatus, storage medium, and program product |
CN113779478A (en) * | 2021-09-15 | 2021-12-10 | 哈尔滨工业大学(威海) | Abnormal ICP filing website detection method based on multivariate features |
CN113726826A (en) * | 2021-11-04 | 2021-11-30 | 北京微步在线科技有限公司 | Threat information generation method and device |
CN115001734A (en) * | 2022-04-17 | 2022-09-02 | 广西电网有限责任公司电力科学研究院 | IP back-check system and method for power network safety monitoring |
CN115001734B (en) * | 2022-04-17 | 2024-03-22 | 广西电网有限责任公司电力科学研究院 | IP (Internet protocol) reverse check system and method for power network safety monitoring |
CN114866295A (en) * | 2022-04-20 | 2022-08-05 | 哈尔滨工业大学(威海) | Method for constructing bad site service IP pool and acquiring and analyzing IP main body attribute data |
CN114866295B (en) * | 2022-04-20 | 2023-07-25 | 哈尔滨工业大学(威海) | Bad site service IP pool construction and IP main body attribute data acquisition and analysis method |
CN117439821A (en) * | 2023-12-20 | 2024-01-23 | 成都无糖信息技术有限公司 | Website judgment method and system based on data fusion and multi-factor decision method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109522504A (en) | A method of counterfeit website is differentiated based on threat information | |
US9276956B2 (en) | Method for detecting phishing website without depending on samples | |
Ahmed et al. | Real time detection of phishing websites | |
Pan et al. | Anomaly based web phishing page detection | |
Das Guptta et al. | Modeling hybrid feature-based phishing websites detection using machine learning techniques | |
US7451487B2 (en) | Fraudulent message detection | |
Hara et al. | Visual similarity-based phishing detection without victim site information | |
Singh et al. | Phishing detection from URLs using deep learning approach | |
US20090328208A1 (en) | Method and apparatus for preventing phishing attacks | |
Tan et al. | Phishing website detection using URL-assisted brand name weighting system | |
CN109922065B (en) | Quick identification method for malicious website | |
CN102546641B (en) | Method and system for carrying out accurate risk detection in application security system | |
Deshpande et al. | Detection of phishing websites using Machine Learning | |
Liu et al. | An efficient multistage phishing website detection model based on the CASE feature framework: Aiming at the real web environment | |
CN112804210B (en) | Data association method and device, electronic equipment and computer-readable storage medium | |
Yearwood et al. | Profiling phishing emails based on hyperlink information | |
CN110572359A (en) | Phishing webpage detection method based on machine learning | |
Ramesh et al. | Identification of phishing webpages and its target domains by analyzing the feign relationship | |
Korkmaz et al. | A hybrid phishing detection system using deep learning-based URL and content analysis | |
Roopak et al. | On effectiveness of source code and SSL based features for phishing website detection | |
Noh et al. | Phishing Website Detection Using Random Forest and Support Vector Machine: A Comparison | |
US11496510B1 (en) | Fully automated target identification of a phishing web site | |
Glăvan et al. | Detection of phishing attacks using the anti-phishing framework | |
Lee et al. | Users' behavioral prediction for phishing detection | |
Swarnalatha et al. | Real-time threat intelligence-block phising attacks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190326 |