CN109522504A - A method of counterfeit website is differentiated based on threat information - Google Patents

A method of counterfeit website is differentiated based on threat information Download PDF

Info

Publication number
CN109522504A
CN109522504A CN201811211754.6A CN201811211754A CN109522504A CN 109522504 A CN109522504 A CN 109522504A CN 201811211754 A CN201811211754 A CN 201811211754A CN 109522504 A CN109522504 A CN 109522504A
Authority
CN
China
Prior art keywords
website
record
counterfeit
information
putting
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811211754.6A
Other languages
Chinese (zh)
Inventor
金丽慧
范渊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Dbappsecurity Technology Co Ltd
Original Assignee
Hangzhou Dbappsecurity Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Dbappsecurity Technology Co Ltd filed Critical Hangzhou Dbappsecurity Technology Co Ltd
Priority to CN201811211754.6A priority Critical patent/CN109522504A/en
Publication of CN109522504A publication Critical patent/CN109522504A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2119Authenticating web pages, e.g. with suspicious links

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present invention relates to network security technologies, it is desirable to provide a method of counterfeit website is differentiated based on threat information.The following steps are included: the domain-name information library in information bank and the content in web page library will be threatened to carry out similarity-rough set;The main body of putting on record of each website in analyzing web site group matches ICP unit of putting on record;Abnormal website is such as not detected, further matches registrant's information, analysis website arrangement address ip;Analyze page feature;It is in threatening information bank that the information of the website is tagged after judging the doubtful degree of counterfeit website of website, it is labeled as counterfeit website.The present invention can effectively using with the industries such as government, education, public institution, carry out the detection and discovery of counterfeit website.Counterfeit website is found in time, reduces the influence of flame, and the popularization of underground industrial chain is truncated, enhances the public trust of public unit.

Description

A method of counterfeit website is differentiated based on threat information
Technical field
It is the present invention relates to network security technology, in particular to a kind of based on the method for threatening information to differentiate counterfeit website.
Background technique
Counterfeit website is mainly a kind of gimmick for organizing to use for economic interests due to hacker, has been seemed by counterfeit The site page of full normal occlusion rule, it is practical to be implanted into a large amount of third party's link and content in website, content be related to mostly lottery industry, The improper profit business such as pornographic, game.There are problems that a large amount of counterfeit websites, this kind of website in domestic internet site scene It is practical in the page by the higher unit website of counterfeit public trust (often government unit, public institution, educational institutions etc.) It propagates underground grey industry to promote, the discovery of testing agency is hidden with this, speculate so as to hide for a long time.The problem is not understood Certainly bring harm is to mislead common net user to access false counterfeit website, it is possible to bring deceptive information, propagate lottery industry, pornographic Etc. contents and hide regulatory agency examination, allow underground industrial chain continue development seriously endanger social safety.
Current existing counterfeit website identification method mostly uses greatly the similarity of the address URL to judge, by URL noise word The schemes such as symbol removal and Variations similar, identification personation website.And logo, the brand etc. of commerce site are matched, judge Commerce site is counterfeit.At present to the identification technology of counterfeit website, mainly basis finds counterfeit station to the judgement of URL similarity Point.But due to current a large amount of counterfeit websites and no longer by the similar address user cheating of URL, often through in mail, the page The form of hyperlink is added, true address can not be seen by the user.In addition, there is a large amount of phase since Websites quantity increases Like website.So the rate of false alarm and rate of failing to report that this method generates are all higher.
Summary of the invention
The technical problem to be solved by the present invention is to be overcome deficiency in the prior art, provide one kind and sentenced based on threat information The method of not counterfeit website.
In order to solve the above technical problems, the solution that the present invention uses is:
It provides a kind of based on the method for threatening information to differentiate counterfeit website, comprising the following steps:
(1) the domain-name information library in information bank and the content in web page library will be threatened to carry out similarity-rough set;
(1.1) content in the website homepage page<title><meta>in domain name information bank is analyzed, using language Adopted parser is identified;The website group that similarity is higher than preset threshold is extracted, for analyzing in next step;Alternatively,
(1.2) targeted sites are specified, the content in<title><meta>of the website is extracted, is looked into domain-name information library The website group that similarity in contrast is higher than preset threshold is found, for analyzing in next step;
(2) in analyzing web site group each website main body of putting on record (ICPD), its ICP unit of putting on record is matched;
(2.1) whether confirmation website has been put on record;If not putting on record, it is included in malicious site;
(2.2) confirmation website is put on record the attribute of unit, such as belongs to government bodies or public institution, then excludes counterfeit suspicious;
(2.3) in unit of putting on record individual and enterprise analyze, as threaten information bank in be marked as it is suspicious Unit is then included in suspicious website of putting on record;
(2.4) analysis is associated to other websites for unit of putting on record, such as there are other malicious websites record, be then included in standby The suspicious website of case;
(3) abnormal website unit of putting on record is not detected, by the way of being associated analysis to registrant's information (REGD), registrant's information is matched:
(3.1) its history registry website is looked by the way that site registration people is counter, being such as associated with website once had malicious websites record, then counted Enter and registers suspicious website;
(3.2) its history registry website is looked by the way that site registration mailbox is counter, being such as associated with website once had malicious websites record, then It is included in the suspicious website of registration;
(4) (IPD) is analyzed to the address ip of website arrangement;
(4.1) if the arrangement place of website is overseas or Hongkong and Macro Tai Area, and with put place on record and website is put on record unit Location is different, then is included in the suspicious website of arrangement;
(4.2) website is looked into from the IP of arrangement is counter, such as there is suspicious website, be then included in the suspicious website of arrangement;
(5) (PGD) is analyzed to page feature:
(5.1) in whole links of the page, such as accounting of bad chain is more than preset value, then is included in the counterfeit website of malice;
(5.2) in whole links of the page, the accounting for being such as directed toward the link of external same domain name addresses is more than preset value, Then it is included in the counterfeit website of malice;
(5.3) in content of pages, such as there is the keyword and linked contents of potential or display default sensitive content, then It is included in the counterfeit website of malice;
(6) the doubtful degree of counterfeit website of website is judged:
Whether the analysis according to step (2) to (5) is as a result, belong to counterfeit integrate to website using following weighting algorithms Analysis:
ε=α × ICPD+ β × REGD+ γ × IPD+ δ × PGD
Wherein, ICPD, which refers to, puts ICP that unit carries out matched result, REGD refers to and matches to registrant's information on record Result, IPD refer to that the result analyzed website arrangement address ip, PGD refer to the result analyzed page feature; The value of ICPD, REGD, IPD, PGD are [0,1], take 1 when matching or analysis result is negative;Factor alpha, the value of β, γ, δ Respectively 0.2,0.2,0.3,0.3, when comprehensive score ε is at 0.5 point or more, it is judged as counterfeit website;
(7) after being judged as counterfeit website, by the unit of putting on record of the website, registrant, registration postal in threatening information bank Case information, station address are tagged, (after multiple analysis, threaten in information bank and are formed greatly labeled as counterfeit website The label of amount facilitates subsequent association analysis, can enhance based on the association judgement for threatening information, and reduces to web page characteristics The dependence of analytical judgment greatly improves detection efficiency with this).
In the present invention, the sensitive content in the step (5.3) refers to lottery industry, Medical Advertisement, pornographic and game Web page contents.
Inventive principle description:
Heretofore described threat information refers to: obtaining a large amount of network security data by acquiring or sharing, and right Threat degree is analyzed, and information after analysis is formed, and is analyzed and is read for equipment, researcher.Information bank is threatened to refer to net Network threat information is carried out in data set and is shared, such as vulnerability database, fingerprint base, IP prestige library, website prestige library etc..Threaten information Library largely exists in network safety filed, and has commercialization trend.
The present invention analyzes the internet mass domain name and site information data mass data for threatening and acquiring in information bank, passes through The data such as the domain name of website, the page, theme of putting on record, registration information, parsing address are analyzed and are associated with, are found out therein Counterfeit website, and mark, facilitate subsequent detection.Wherein threatening the acquisition of information bank, the present invention can not in this patent Utilize existing threat information bank data.
Compared with prior art, the solution have the advantages that:
Innovation of the invention is:
1, using threat information data, that is, website, unit of putting on record, registrant etc. because usually doing association analysis, rather than only to station The content of point itself is tested and analyzed;
2, the present invention can faster identify counterfeit website, most by threatening information to carry out the analysis of quick association early period Judged again by content characteristic afterwards, it is so as to improve timeliness and accurately fixed;
3, after this hair has now found that counterfeit website, label label can be carried out to the station data threatened in information bank, helped In subsequent analysis, subsequent discovery timeliness is improved;
The present invention can effectively using with the industries such as government, education, public institution, carry out the detection and discovery of counterfeit website. Due to a high credibility, public and search engine all can more trust for the website of these public units, thus content can cheat it is general General family domain search engine is reduced with this due to propagating the probability that is found of flame, but the trip propagated in this kind of website Play, lottery industry can generate adverse effect to society, also the public trust very serious for affecting our unit.The present invention is actually answering With rear, website monitoring can be carried out, finds this kind of counterfeit website in time, reduce the influence of flame, truncation underground industrial chain It promotes, enhances the public trust of public unit.
Detailed description of the invention
Fig. 1 is the flow chart of realization process of the present invention.
Specific embodiment
With reference to the accompanying drawing, specific embodiments of the present invention will be described in detail.
Based on the method for threatening information to differentiate counterfeit website in the present invention, comprising the following steps:
(1) the domain-name information library in information bank and the content in web page library will be threatened to carry out similarity-rough set;
(1.1) content in the website homepage page<title><meta>in domain name information bank is analyzed, using language Adopted parser is identified;The website group that similarity is higher than preset threshold is extracted, for analyzing in next step;Alternatively,
(1.2) targeted sites are specified, the content in<title><meta>of the website is extracted, is looked into domain-name information library The website group that similarity in contrast is higher than preset threshold is found, for analyzing in next step;
(2) in analyzing web site group each website main body of putting on record, its ICP unit of putting on record is matched;
(2.1) whether confirmation website has been put on record;If not putting on record, it is included in malicious site;
(2.2) confirmation website is put on record the attribute of unit, such as belongs to government bodies or public institution, then excludes counterfeit suspicious;
(2.3) in unit of putting on record individual and enterprise analyze, as threaten information bank in be marked as it is suspicious Unit is then included in suspicious website of putting on record;
(2.4) analysis is associated to other websites for unit of putting on record, such as there are other malicious websites record, be then included in standby The suspicious website of case;
(3) abnormal website unit of putting on record is not detected, by the way of being associated analysis to registrant's information, Registrant's information is matched:
(3.1) its history registry website is looked by the way that site registration people is counter, being such as associated with website once had malicious websites record, then counted Enter and registers suspicious website;
(3.2) its history registry website is looked by the way that site registration mailbox is counter, being such as associated with website once had malicious websites record, then It is included in the suspicious website of registration;
(5) website arrangement address ip is analyzed;
(4.1) if the arrangement place of website is overseas or Hongkong and Macro Tai Area, and with put place on record and website is put on record unit Location is different, then is included in the suspicious website of arrangement;
(4.2) website is looked into from the IP of arrangement is counter, such as there is suspicious website, be then included in the suspicious website of arrangement;
(5) page feature is analyzed:
(5.1) in whole links of the page, such as accounting of bad chain is more than preset value, then is included in the counterfeit website of malice;
(5.2) in whole links of the page, the accounting for being such as directed toward the link of external same domain name addresses is more than preset value, Then it is included in the counterfeit website of malice;
(5.3) in content of pages, such as exist it is potential or display default sensitive content (be such as related to lottery industry, Medical Advertisement, Pornographic and game web page contents) keyword and linked contents, then be included in maliciously counterfeit website;
(6) the doubtful degree of counterfeit website of website is judged:
Whether the analysis according to step (2) to (5) is as a result, belong to counterfeit integrate to website using following weighting algorithms Analysis:
ε=α × ICPD+ β × REGD+ γ × IPD+ δ × PGD
Wherein, ICPD, which refers to, puts ICP that unit carries out matched result, REGD refers to and matches to registrant's information on record Result, IPD refer to that the result analyzed website arrangement address ip, PGD refer to the result analyzed page feature; The value of ICPD, REGD, IPD, PGD are [0,1], take 1 when matching or analysis result is negative;Factor alpha, the value of β, γ, δ Respectively 0.2,0.2,0.3,0.3, when comprehensive score ε is at 0.5 point or more, it is judged as counterfeit website;
(7) after being judged as counterfeit website, by the unit of putting on record of the website, registrant, registration postal in threatening information bank Case information, station address are tagged, (after multiple analysis, threaten in information bank and are formed greatly labeled as counterfeit website The label of amount facilitates subsequent association analysis, can enhance based on the association judgement for threatening information, and reduces to web page characteristics The dependence of analytical judgment greatly improves detection efficiency with this).
In the following, passing through the example of a site analysis, specific implementation of the present invention is illustrated:
1, a site title and portion, household society, the state consistent website in official website are found in threatening information bank, find Target Station Point starts to analyze.
Essential information is as follows after parsing:
Network address:www.28issa-china.org.cn
Title: Department of Human Resources and Social Security, the People's Republic of China (PRC)
2, the ICP record information of the website is analyzed, discovery nothing is put on record.
3, the whois owner information of the website is analyzed:
It extracts and threatens website registrant cg7899999@gmail in information bank, find other stations under the registration mailbox Point, there are also 368 illegal (forgery) websites, and the governmental site that part is illegally registered.
Therefore the website is included in the suspected site.
3, the arrangement place of the website: arrangement IP: the U.S.-Los Angeles 155.94.161.219 is analyzed;Arrangement in overseas, then It is included in suspicious website.
4, the content of pages in the website is analyzed, discovery has lottery industry subpage frame content.
The ICPD of the website, REGD, IPD, PGD are suspicious state, as follows by calculating:
ε=α × ICPD+ β × REGD+ γ × IPD+ δ × PGD=0.2+0.2+0.3+0.3=1
It was found that final score 1, is much larger than 0.5, it is the high counterfeit website firmly believed.

Claims (2)

1. a kind of based on the method for threatening information to differentiate counterfeit website, which comprises the following steps:
(1) the domain-name information library in information bank and the content in web page library will be threatened to carry out similarity-rough set;
(1.1) content in the website homepage page<title><meta>in domain name information bank is analyzed, using semanteme point Analysis algorithm is identified;The website group that similarity is higher than preset threshold is extracted, for analyzing in next step;Alternatively,
(1.2) targeted sites are specified, the content in<title><meta>of the website is extracted, is found in domain-name information library Similarity is higher than the website group of preset threshold in contrast, for analyzing in next step;
(2) in analyzing web site group each website main body of putting on record, its ICP unit of putting on record is matched;
(2.1) whether confirmation website has been put on record;If not putting on record, it is included in malicious site;
(2.2) confirmation website is put on record the attribute of unit, such as belongs to government bodies or public institution, then excludes counterfeit suspicious;
(2.3) in unit of putting on record individual and enterprise analyze, as threaten information bank in be marked as suspicious unit, Then it is included in suspicious website of putting on record;
(2.4) analysis is associated to other websites for unit of putting on record, such as there are other malicious websites record, is then included in that put on record can Doubt website;
(3) abnormal website unit of putting on record is not detected, by the way of being associated analysis to registrant's information, to note Volume people's information matches:
(3.1) its history registry website is looked by the way that site registration people is counter, being such as associated with website once had malicious websites record, then was included in note The suspicious website of volume;
(3.2) its history registry website is looked by the way that site registration mailbox is counter, being such as associated with website once had malicious websites record, then was included in Register suspicious website;
(4) website arrangement address ip is analyzed;
(4.1) if the arrangement place of website is overseas or Hongkong and Macro Tai Area, and with put place on record and website is put on record where unit Ground is different, then is included in the suspicious website of arrangement;
(4.2) website is looked into from the IP of arrangement is counter, such as there is suspicious website, be then included in the suspicious website of arrangement;
(5) page feature is analyzed:
(5.1) in whole links of the page, such as accounting of bad chain is more than preset value, then is included in the counterfeit website of malice;
(5.2) in whole links of the page, the accounting for being such as directed toward the link of external same domain name addresses is more than preset value, then counts Enter the counterfeit website of malice;
(5.3) in content of pages, such as there is the keyword and linked contents of potential or display default sensitive content, be then included in Maliciously counterfeit website;
(6) the doubtful degree of counterfeit website of website is judged:
Analysis according to step (2) to (5) using following weighting algorithms as a result, divided whether website belongs to the counterfeit synthesis that carries out Analysis:
ε=α × ICPD+ β × REGD+ γ × IPD+ δ × PGD
Wherein, ICPD, which refers to, puts ICP that unit carries out matched result, REGD refers to and carries out matched knot to registrant's information on record Fruit, IPD refer to that the result analyzed website arrangement address ip, PGD refer to the result analyzed page feature; The value of ICPD, REGD, IPD, PGD are [0,1], take 1 when matching or analysis result is negative;Factor alpha, the value of β, γ, δ Respectively 0.2,0.2,0.3,0.3, when comprehensive score ε is at 0.5 point or more, it is judged as counterfeit website;
(7) after being judged as counterfeit website, the unit of putting on record of the website, registrant, registration mailbox are believed in threatening information bank Breath, station address are tagged, are labeled as counterfeit website.
2. the method according to claim 1, wherein the sensitive content in the step (5.3) refers to win Coloured silk, Medical Advertisement, pornographic and the web page contents of game.
CN201811211754.6A 2018-10-18 2018-10-18 A method of counterfeit website is differentiated based on threat information Pending CN109522504A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811211754.6A CN109522504A (en) 2018-10-18 2018-10-18 A method of counterfeit website is differentiated based on threat information

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811211754.6A CN109522504A (en) 2018-10-18 2018-10-18 A method of counterfeit website is differentiated based on threat information

Publications (1)

Publication Number Publication Date
CN109522504A true CN109522504A (en) 2019-03-26

Family

ID=65770175

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811211754.6A Pending CN109522504A (en) 2018-10-18 2018-10-18 A method of counterfeit website is differentiated based on threat information

Country Status (1)

Country Link
CN (1) CN109522504A (en)

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110245986A (en) * 2019-06-14 2019-09-17 哈尔滨工业大学(威海) A method of obtaining internet financial advertising body release
CN110247916A (en) * 2019-06-20 2019-09-17 四川长虹电器股份有限公司 Malice domain name detection method
CN110855716A (en) * 2019-11-29 2020-02-28 北京邮电大学 Self-adaptive security threat analysis method and system for counterfeit domain names
CN111600842A (en) * 2020-04-17 2020-08-28 国网浙江省电力有限公司电力科学研究院 Internet of things terminal security control method and system for credible threat information
CN111901329A (en) * 2020-07-22 2020-11-06 浙江军盾信息科技有限公司 Method and device for identifying network security event
CN112104656A (en) * 2020-09-16 2020-12-18 杭州安恒信息安全技术有限公司 Network threat data acquisition method, device, equipment and medium
CN113360895A (en) * 2021-06-02 2021-09-07 北京百度网讯科技有限公司 Station group detection method and device and electronic equipment
CN113536086A (en) * 2021-06-30 2021-10-22 北京百度网讯科技有限公司 Model training method, account scoring method, device, equipment, medium and product
CN113656671A (en) * 2021-06-16 2021-11-16 北京百度网讯科技有限公司 Model training method, link scoring method, device, equipment, medium and product
CN113726826A (en) * 2021-11-04 2021-11-30 北京微步在线科技有限公司 Threat information generation method and device
CN113779478A (en) * 2021-09-15 2021-12-10 哈尔滨工业大学(威海) Abnormal ICP filing website detection method based on multivariate features
CN113783855A (en) * 2021-08-30 2021-12-10 北京百度网讯科技有限公司 Site evaluation method, site evaluation device, electronic apparatus, storage medium, and program product
CN114866295A (en) * 2022-04-20 2022-08-05 哈尔滨工业大学(威海) Method for constructing bad site service IP pool and acquiring and analyzing IP main body attribute data
CN115001734A (en) * 2022-04-17 2022-09-02 广西电网有限责任公司电力科学研究院 IP back-check system and method for power network safety monitoring
CN117439821A (en) * 2023-12-20 2024-01-23 成都无糖信息技术有限公司 Website judgment method and system based on data fusion and multi-factor decision method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106411879A (en) * 2016-09-23 2017-02-15 北京网康科技有限公司 Software identification feature acquisition method and apparatus
CN107454076A (en) * 2017-08-01 2017-12-08 北京亚鸿世纪科技发展有限公司 A kind of website portrait method
CN107566376A (en) * 2017-09-11 2018-01-09 中国信息安全测评中心 One kind threatens information generation method, apparatus and system
CN107819783A (en) * 2017-11-27 2018-03-20 深信服科技股份有限公司 A kind of network security detection method and system based on threat information
US10051010B2 (en) * 2014-06-11 2018-08-14 Accenture Global Services Limited Method and system for automated incident response

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10051010B2 (en) * 2014-06-11 2018-08-14 Accenture Global Services Limited Method and system for automated incident response
CN106411879A (en) * 2016-09-23 2017-02-15 北京网康科技有限公司 Software identification feature acquisition method and apparatus
CN107454076A (en) * 2017-08-01 2017-12-08 北京亚鸿世纪科技发展有限公司 A kind of website portrait method
CN107566376A (en) * 2017-09-11 2018-01-09 中国信息安全测评中心 One kind threatens information generation method, apparatus and system
CN107819783A (en) * 2017-11-27 2018-03-20 深信服科技股份有限公司 A kind of network security detection method and system based on threat information

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110245986A (en) * 2019-06-14 2019-09-17 哈尔滨工业大学(威海) A method of obtaining internet financial advertising body release
CN110247916A (en) * 2019-06-20 2019-09-17 四川长虹电器股份有限公司 Malice domain name detection method
CN110247916B (en) * 2019-06-20 2021-07-27 四川长虹电器股份有限公司 Malicious domain name detection method
CN110855716A (en) * 2019-11-29 2020-02-28 北京邮电大学 Self-adaptive security threat analysis method and system for counterfeit domain names
CN110855716B (en) * 2019-11-29 2020-11-06 北京邮电大学 Self-adaptive security threat analysis method and system for counterfeit domain names
CN111600842A (en) * 2020-04-17 2020-08-28 国网浙江省电力有限公司电力科学研究院 Internet of things terminal security control method and system for credible threat information
CN111600842B (en) * 2020-04-17 2022-05-17 国网浙江省电力有限公司电力科学研究院 Internet of things terminal security control method and system for credible threat information
CN111901329A (en) * 2020-07-22 2020-11-06 浙江军盾信息科技有限公司 Method and device for identifying network security event
CN112104656A (en) * 2020-09-16 2020-12-18 杭州安恒信息安全技术有限公司 Network threat data acquisition method, device, equipment and medium
CN113360895B (en) * 2021-06-02 2023-07-25 北京百度网讯科技有限公司 Station group detection method and device and electronic equipment
CN113360895A (en) * 2021-06-02 2021-09-07 北京百度网讯科技有限公司 Station group detection method and device and electronic equipment
CN113656671B (en) * 2021-06-16 2024-05-24 北京百度网讯科技有限公司 Model training method, link scoring method, device, equipment, medium and product
CN113656671A (en) * 2021-06-16 2021-11-16 北京百度网讯科技有限公司 Model training method, link scoring method, device, equipment, medium and product
CN113536086B (en) * 2021-06-30 2023-07-14 北京百度网讯科技有限公司 Model training method, account scoring method, device, equipment, medium and product
CN113536086A (en) * 2021-06-30 2021-10-22 北京百度网讯科技有限公司 Model training method, account scoring method, device, equipment, medium and product
CN113783855A (en) * 2021-08-30 2021-12-10 北京百度网讯科技有限公司 Site evaluation method, site evaluation device, electronic apparatus, storage medium, and program product
WO2023029486A1 (en) * 2021-08-30 2023-03-09 北京百度网讯科技有限公司 Site evaluation method and apparatus, and electronic device, storage medium and program product
CN113779478A (en) * 2021-09-15 2021-12-10 哈尔滨工业大学(威海) Abnormal ICP filing website detection method based on multivariate features
CN113726826A (en) * 2021-11-04 2021-11-30 北京微步在线科技有限公司 Threat information generation method and device
CN115001734A (en) * 2022-04-17 2022-09-02 广西电网有限责任公司电力科学研究院 IP back-check system and method for power network safety monitoring
CN115001734B (en) * 2022-04-17 2024-03-22 广西电网有限责任公司电力科学研究院 IP (Internet protocol) reverse check system and method for power network safety monitoring
CN114866295A (en) * 2022-04-20 2022-08-05 哈尔滨工业大学(威海) Method for constructing bad site service IP pool and acquiring and analyzing IP main body attribute data
CN114866295B (en) * 2022-04-20 2023-07-25 哈尔滨工业大学(威海) Bad site service IP pool construction and IP main body attribute data acquisition and analysis method
CN117439821A (en) * 2023-12-20 2024-01-23 成都无糖信息技术有限公司 Website judgment method and system based on data fusion and multi-factor decision method

Similar Documents

Publication Publication Date Title
CN109522504A (en) A method of counterfeit website is differentiated based on threat information
US10880330B2 (en) Systems and methods for detection of infected websites
US9276956B2 (en) Method for detecting phishing website without depending on samples
Gowtham et al. A comprehensive and efficacious architecture for detecting phishing webpages
Ramesh et al. An efficacious method for detecting phishing webpages through target domain identification
Hara et al. Visual similarity-based phishing detection without victim site information
CN104954372B (en) A kind of evidence obtaining of fishing website and verification method and system
CN104899508B (en) A kind of multistage detection method for phishing site and system
Yang et al. How to learn klingon without a dictionary: Detection and measurement of black keywords used by the underground economy
CN105718577B (en) Method and system for automatically detecting phishing aiming at newly added domain name
Liao et al. Seeking nonsense, looking for trouble: Efficient promotional-infection detection through semantic inconsistency search
CN104077396A (en) Method and device for detecting phishing website
Das Guptta et al. Modeling hybrid feature-based phishing websites detection using machine learning techniques
WO2014063520A1 (en) Method and apparatus for determining phishing website
Jain et al. Phishskape: A content based approach to escape phishing attacks
CN106789939A (en) A kind of detection method for phishing site and device
CN108092963A (en) Web page identification method, device, computer equipment and storage medium
CN110572359A (en) Phishing webpage detection method based on machine learning
Liu et al. An efficient multistage phishing website detection model based on the CASE feature framework: Aiming at the real web environment
Deshpande et al. Detection of phishing websites using Machine Learning
CN110138758A (en) Mistake based on domain name vocabulary plants domain name detection method
Ramesh et al. Identification of phishing webpages and its target domains by analyzing the feign relationship
Geng et al. RRPhish: Anti-phishing via mining brand resources request
CN112804210A (en) Data association method and device, electronic equipment and computer-readable storage medium
Chen et al. Online deception investigation: Content analysis and cross-cultural comparison

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190326