CN110784462A - Three-layer phishing website detection system based on hybrid method - Google Patents
Three-layer phishing website detection system based on hybrid method Download PDFInfo
- Publication number
- CN110784462A CN110784462A CN201911013051.7A CN201911013051A CN110784462A CN 110784462 A CN110784462 A CN 110784462A CN 201911013051 A CN201911013051 A CN 201911013051A CN 110784462 A CN110784462 A CN 110784462A
- Authority
- CN
- China
- Prior art keywords
- layer
- website
- detection
- phishing
- favicon
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 61
- 238000010801 machine learning Methods 0.000 claims abstract description 13
- 238000001914 filtration Methods 0.000 claims abstract description 8
- 238000000034 method Methods 0.000 claims description 12
- 230000000875 corresponding Effects 0.000 claims description 6
- 230000000007 visual effect Effects 0.000 claims description 4
- 239000000284 extract Substances 0.000 claims description 3
- 238000000605 extraction Methods 0.000 claims description 3
- 239000000203 mixture Substances 0.000 claims description 3
- 238000010606 normalization Methods 0.000 claims description 3
- 230000004044 response Effects 0.000 claims description 3
- 230000000694 effects Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000000903 blocking Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006011 modification reaction Methods 0.000 description 1
- 230000001537 neural Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/953—Querying, e.g. by the use of web search engines
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/955—Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
- G06F16/9566—URL specific, e.g. using aliases, detecting broken or misspelled links
-
- G06F18/2411—
-
- G06N3/045—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Abstract
The invention discloses a three-layer phishing website detection system based on a hybrid method, which comprises three layers: the system comprises a first black and white list layer, a form filtering layer, a second favicon detection layer and a third machine learning detection layer; known phishing websites can be found in time by the first black and white list and the form filtering layer, and the detection cost is reduced. The second favicon detection layer can identify the real identity of the website through favicon so as to detect the phishing website, the speed is high, and too many resources are not required to be consumed. The third machine learning detection layer can accurately identify the websites which are judged to be suspicious by the second layer, and a more accurate judgment result is obtained. The detection of three levels not only ensures the accuracy of the identification result, but also can reduce the detection time as much as possible.
Description
Technical Field
The invention relates to a website detection system, in particular to a three-layer phishing website detection system based on a hybrid method.
Background
Phishing is a fraudulent act for spoofing users over the internet, and attackers who launch phishing attacks are often referred to as phishers. The definition of phishing by the international Anti-phishing working Group (APWG) is that phishing is a network attack mode, and social engineering and technical means are utilized to steal personal identity data and financial account certificates of consumers. Phishing attacks that employ social engineering means typically send fraudulent emails, short messages, etc. to users, enticing users to reveal credential information (e.g., username, password) or download malicious software. The attack of the technical means is to directly plant malicious software (such as man-in-the-browser attack) on the PC, and to directly steal the credential information by adopting some technical means, such as intercepting the user name and password of the user by using the system, misleading the user to access a forged website, and the like.
Since Phishing seriously affects the interests of netizens and the reputation of the internet, the international Anti-Phishing Working Group (APWG, Anti-Phishing Working Group) shall approve the requirements of various non-profit organizations and industries in 2003, establishes a database based on the URL of a Phishing website and distributes the data regularly so as to make various industries refer to. According to APWG trend reports; phishing attacks have developed rapidly in recent years. In the report of the phishing activity trend in the quarter of 2018Q1, the total number of phishing detected in the first quarter of 2018 is 263,538. This is a 46% increase over 180,577 observed in 2017Q4, which also far exceeds 190,942 in the third quarter of 2017.
The increasing rampant phishing causes the threats of economic loss, identity fraud and the like to internet users. Therefore, effectively detecting phishing and making the processing is of great significance to network security.
Phishing detection technology identifies phishing attacks by utilizing certain characteristics of the phishing attacks, and therefore attack and prevention of the phishing attacks are achieved. With the continuous expansion of phishing, the research on the related phishing detection technology is also deepened, from the early blacklist technology to the prediction realized by using heuristic rules and machine learning, in recent years, with the development of deep learning theory, the neural network detection technology based on image recognition and rules is also continuously applied to the detection of phishing.
The conventional patent CN106357682A, "a phishing website detection method", proposes a method for extracting characters from favicon to compare with black and white lists. The process flow is shown in figure 1, and the patent has the following disadvantages: the method needs to maintain a database and update frequently to ensure timeliness. The detection fails when there is no text in the logo.
The prior patent CN104166725A "a phishing website detection method" proposes a phishing website detection scheme. In the scheme, a feature vector based on visual content corresponding to a webpage to be detected is established; comparing the feature vector with the feature vectors in a preset feature vector set; and judging whether the webpage to be detected is a phishing website or not according to the comparison result. The detection process is shown in fig. 2: the shortcoming of this patent: 1. the webpage to be detected is blocked, and characteristics such as blocking positions and the like are selected, and the characteristics will fail after the phishers finely adjust the webpage structure. 2. Selecting features such as a DOM tree will be disabled when the phisher uses the picture instead of the text.
The technical problem to be solved by the invention is how to detect the phishing website in a large number of webpages so as to ensure the safety of website information.
Disclosure of Invention
The invention aims to provide a three-layer phishing website detection system based on a mixing method, so as to solve the problems in the background technology.
In order to achieve the purpose, the invention provides the following technical scheme: the three-layer phishing website detection system based on the hybrid method comprises three layers: the system comprises a first black and white list layer, a form filtering layer, a second favicon detection layer and a third machine learning detection layer;
1. the first black and white list filtering layer: constructing a black-and-white list directly through the existing Google API phishing website black list and Alexa website TOP 250;
a login form filter which classifies websites which do not submit forms for login into ordinary websites, and since the purpose is to detect phishing websites, pages which do not submit forms obviously do not have phishing attributes;
through the two filters, if the website is not filtered, the following process is carried out, and the filtered website directly returns a result, so that the response of most common websites can be improved;
when the website to be detected is matched in the black list or the white list, returning a detection result, when the website to be detected is not matched in the black list or the white list, outputting the website to be detected as a legal website if the website to be detected is filtered by the form filter, otherwise, entering the next-layer detection;
2. the second layer is a favicon detection layer, the second layer acquires the identity of the webpage by using favicon, and compared with other visual features of the webpage, the favicon can identify the identity of the webpage better; and the method adopts Google Search to Search favicon, thereby avoiding the consumption of a large amount of computing and storage resources caused by self-maintenance of a database, and the flow is as follows:
2-1, favicon extraction process: obtaining favicon corresponding to the webpage through the corresponding website;
2-2, identity authentication process: the process is completed by utilizing Google image search and a Google picture library, the filtered favicon is subjected to Google search, related URLs are analyzed in returned matching contents, two webpage matching results and one picture matching result are returned in the part, and the webpage matching results only need to be retrieved;
then, in a detection stage, extracting data of four features from a returned result, counting the occurrence times of a secondary domain name of a detected website in the four features, performing linear weighted normalization on the secondary domain name by using a trained GMM (Gaussian mixture model) to obtain a normalized matching score S, classifying [0, S1 ] into a phishing class according to a dual-threshold strategy, classifying (S2, 1) into a legal webpage class, and meanwhile, judging the webpage in an interval of [ S1, S2] into a suspicious class;
and returning results of the second layer, directly returning detection results to websites judged to be legal or phishing, and putting websites classified into suspicious categories into the next layer for detection.
3. A third machine learning detection layer, wherein the third layer classifies websites which do not obtain results in the second layer by using a machine learning method, firstly extracts the characteristics of the webpages to be detected, and then classifies the webpages in the trained Self-Structuring NN;
3-1, selecting the characteristics of the third layer;
selecting characteristics of a UCI data set, wherein the characteristics have strong representativeness and basically comprise most characteristic consideration dimensions in the existing research;
and returning the result of the third layer, namely returning the classification result of the Self-Structuring NN, namely phishing or legal.
Compared with the prior art, the invention has the beneficial effects that: (1) known phishing websites can be found in time by the first black and white list and the form filtering layer, and the detection cost is reduced.
(2) The second favicon detection layer can identify the real identity of the website through favicon so as to detect the phishing website, the speed is high, and too many resources are not required to be consumed.
(3) The third machine learning detection layer can accurately identify the websites which are judged to be suspicious by the second layer, and a more accurate judgment result is obtained.
(4) The detection of three levels not only ensures the accuracy of the identification result, but also can reduce the detection time as much as possible.
Drawings
FIG. 1 is a flowchart of a prior art I operation;
FIG. 2 is a flowchart illustrating a second prior art in the background art;
fig. 3 is a schematic diagram of the system workflow structure of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 3, the three-layer phishing website detection system based on the hybrid method is composed of three layers: the system comprises a first black and white list layer, a form filtering layer, a second favicon detection layer and a third machine learning detection layer;
1. the first black and white list filtering layer: constructing a black-and-white list directly through the existing Google API phishing website black list and Alexa website TOP 250;
a login form filter which classifies websites which do not submit forms for login into ordinary websites, and since the purpose is to detect phishing websites, pages which do not submit forms obviously do not have phishing attributes;
through the two filters, if the website is not filtered, the following process is carried out, and the filtered website directly returns a result, so that the response of most common websites can be improved;
and when the website to be detected is matched in the black list or the white list, returning a detection result, and when the website to be detected is not matched in the black list or the white list, outputting the website to be detected as a legal website if the website to be detected is filtered by the form filter, otherwise, entering the next detection layer.
2. The second layer is a favicon detection layer, the second layer acquires the identity of the webpage by using favicon, and compared with other visual features of the webpage, the favicon can identify the identity of the webpage better; and the method adopts Google Search to Search favicon, thereby avoiding the consumption of a large amount of computing and storage resources caused by self-maintenance of a database, and the flow is as follows:
2-1, favicon extraction process:
the simplified processing procedure is adopted here, and favicon corresponding to the web page can be obtained through the following addresses:
TABLE 1 manner of obtaining favicon
| Method | HTML Codes |
| A | www.domain.com/favicon.ico |
| B | <link rel=“shortcut icon”href=“/favicon.ico”/> |
| C | <link rel=“icon”href=“/favicon.ico”/> |
| D | <link rel=“apple-touch-icon”href=“images/favicon.ico”/> |
2-2, identity authentication process:
the process is completed by utilizing Google image search and a Google picture library, the filtered favicon is subjected to Google search, related URLs are analyzed in returned matching contents, two webpage matching results and one picture matching result are returned in the part, and the webpage matching results only need to be retrieved;
then, in a detection stage, extracting data of four features from a returned result, counting the occurrence times of a secondary domain name of a detected website in the four features, performing linear weighted normalization on the secondary domain name by using a trained GMM (Gaussian mixture model) to obtain a normalized matching score S, classifying [0, S1 ] into a phishing class according to a dual-threshold strategy, classifying (S2, 1) into a legal webpage class, and meanwhile, judging the webpage in an interval of [ S1, S2] into a suspicious class;
and returning results of the second layer, directly returning detection results to websites judged to be legal or phishing, and putting websites classified into suspicious categories into the next layer for detection.
3. A third machine learning detection layer, wherein the third layer classifies websites which do not obtain results in the second layer by using a machine learning method, firstly extracts 22 characteristics of the to-be-detected webpages, and then puts the to-be-detected webpages into a trained Self-Structuring NN for classification;
3-1, selecting the characteristics of the third layer;
22 characteristics of the UCI data set are selected, and the 22 characteristics have strong representativeness and basically comprise most characteristic consideration dimensions in the existing research.
TABLE 2 feature selection
And returning the result of the third layer, namely returning the classification result of the Self-Structuring NN, namely phishing or legal.
4. Results of the experiment
4.1, testing time consumption, wherein in a training stage, a second favicon detection layer uses statistical data of 132 Alexa legal websites and 91 phistank phishing websites and puts the statistical data into a GMM for training; the third machine learning detection layer uses 30 financial phishing websites, 7044 phishtank phishing websites and 4442 Alexa legal websites to put into Self-structuringNN for training.
In the testing stage, the websites which cannot be determined by the upper layer enter the lower layer for detection by using the URLs of 500 Alexa legal websites and 500 phistank phishing websites. According to the experiment, 1000 websites were detected in the first layer, 796 websites were detected in the second layer, and 239 websites were detected in the third layer.
The time consumption of the three layers is mainly influenced by the network speed, the first layer needs to request HTML of a page when detecting whether the page contains a form, the second layer needs to acquire favicon of a webpage and uses a search API of Google, the third layer needs to acquire HTML of the webpage, the state of each port needs to be tested when checking whether an illegal port is used, and a whois API needs to be accessed to acquire webpage registration information and the like. The local processing is not very time consuming.
TABLE 3 time consuming statistics of layers
4.2, Performance testing
Model performance was evaluated using the following criteria, False Negative Rate (FNR): the proportion of the erroneously predicted positive samples to the total positive samples, i.e., the false alarm rate.
False Positive Rate (FPR): the proportion of the negative samples which are mispredicted to the total negative samples is the rate of missing report.
Recall (R): the proportion of positive samples that are correctly predicted to the total positive samples, i.e., the recall ratio.
Accuracy (acc): the ratio of the samples predicted to be correct to the total samples, i.e. the accuracy.
The calculation formula of each index is as follows:
the test is carried out by adopting 500 Alexa legal websites and 500 phistank phishing websites, and the test results are as follows:
TABLE 4 results of the experiment
| FNR | FPR | R | ACC |
| 1.60% | 3.40% | 98.40% | 97.50% |
The detection of three levels not only ensures the accuracy of the identification result, but also can reduce the detection time as much as possible.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (1)
1. Three-layer phishing website detection system based on mixing method is characterized in that: the detection system consists of three layers: the system comprises a first black and white list layer, a form filtering layer, a second favicon detection layer and a third machine learning detection layer;
(1) and a first black and white list filter layer: constructing a black-and-white list directly through the existing Google API phishing website black list and Alexa website TOP 250;
a login form filter which classifies websites which do not submit forms for login into ordinary websites, and since the purpose is to detect phishing websites, pages which do not submit forms obviously do not have phishing attributes;
through the two filters, if the website is not filtered, the following process is carried out, and the filtered website directly returns a result, so that the response of most common websites can be improved;
when the website to be detected is matched in the black list or the white list, returning a detection result, when the website to be detected is not matched in the black list or the white list, outputting the website to be detected as a legal website if the website to be detected is filtered by the form filter, otherwise, entering the next-layer detection;
(2) the second layer uses favicon to obtain the identity of the webpage, and compared with other visual characteristics of the webpage, the favicon can identify the identity of the webpage better; and the method adopts Google Search to Search favicon, thereby avoiding the consumption of a large amount of computing and storage resources caused by self-maintenance of a database, and the flow is as follows:
(2-1), favicon extraction process: obtaining favicon corresponding to the webpage through the corresponding website;
(2-2) identity authentication process: the process is completed by utilizing Google image search and a Google picture library, the filtered favicon is subjected to Google search, related URLs are analyzed in returned matching contents, two webpage matching results and one picture matching result are returned in the part, and the webpage matching results only need to be retrieved;
then, in a detection stage, extracting data of four features from a returned result, counting the occurrence times of a secondary domain name of a detected website in the four features, performing linear weighted normalization on the secondary domain name by using a trained GMM (Gaussian mixture model) to obtain a normalized matching score S, classifying [0, S1 ] into a phishing class according to a dual-threshold strategy, classifying (S2, 1) into a legal webpage class, and meanwhile, judging the webpage in an interval of [ S1, S2] into a suspicious class;
the returned result of the second layer directly returns the detection result to the website judged to be legal or phishing, and the website classified into suspicious categories is put into the next layer for detection;
(3) the third layer classifies websites which do not obtain results in the second layer by using a machine learning method, firstly extracts the characteristics of the webpages to be detected, and then puts the webpages into a trained Self-Structuring NN for classification;
(3-1) selecting characteristics of a third layer;
selecting characteristics of a UCI data set, wherein the characteristics have strong representativeness and basically comprise most characteristic consideration dimensions in the existing research;
and returning the result of the third layer, namely returning the classification result of the Self-Structuring NN, namely phishing or legal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911013051.7A CN110784462B (en) | 2019-10-23 | 2019-10-23 | Three-layer phishing website detection system based on hybrid method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911013051.7A CN110784462B (en) | 2019-10-23 | 2019-10-23 | Three-layer phishing website detection system based on hybrid method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110784462A true CN110784462A (en) | 2020-02-11 |
| CN110784462B CN110784462B (en) | 2020-11-03 |
Family
ID=69386596
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911013051.7A Active CN110784462B (en) | 2019-10-23 | 2019-10-23 | Three-layer phishing website detection system based on hybrid method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110784462B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112104765A (en) * | 2020-11-20 | 2020-12-18 | 武汉绿色网络信息服务有限责任公司 | Illegal website detection method and device |
| CN114070653A (en) * | 2022-01-14 | 2022-02-18 | 浙江大学 | Hybrid phishing website detection method and device, electronic equipment and storage medium |
| US11470044B1 (en) * | 2021-12-08 | 2022-10-11 | Uab 360 It | System and method for multi-layered rule learning in URL filtering |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101714272A (en) * | 2009-11-19 | 2010-05-26 | 北京邮电大学 | Method for protecting number and password of bank card from stealing by phishing website |
| CN103379111A (en) * | 2012-04-21 | 2013-10-30 | 中南林业科技大学 | Intelligent anti-phishing defensive system |
| CN103379110A (en) * | 2012-04-21 | 2013-10-30 | 中南林业科技大学 | Active anti-phishing defensive system |
| CN104077396A (en) * | 2014-07-01 | 2014-10-01 | 清华大学深圳研究生院 | Method and device for detecting phishing website |
| CN104899508A (en) * | 2015-06-17 | 2015-09-09 | 中国互联网络信息中心 | Multistage phishing website detecting method and system |
| US9240991B2 (en) * | 2012-12-13 | 2016-01-19 | Sap Se | Anti-phishing system for cross-domain web browser single sign-on |
| CN105978850A (en) * | 2016-04-08 | 2016-09-28 | 中国南方电网有限责任公司 | Detection system and detection method for counterfeit website based on graph matching |
| CN108566399A (en) * | 2018-04-23 | 2018-09-21 | 中国互联网络信息中心 | Fishing website recognition methods and system |
| CN109510815A (en) * | 2018-10-19 | 2019-03-22 | 杭州安恒信息技术股份有限公司 | A kind of multistage detection method for phishing site and detection system based on supervised learning |
| US20190173918A1 (en) * | 2017-12-01 | 2019-06-06 | KnowBe4, Inc. | Systems and methods for aida based a/b testing |
-
2019
- 2019-10-23 CN CN201911013051.7A patent/CN110784462B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101714272A (en) * | 2009-11-19 | 2010-05-26 | 北京邮电大学 | Method for protecting number and password of bank card from stealing by phishing website |
| CN103379111A (en) * | 2012-04-21 | 2013-10-30 | 中南林业科技大学 | Intelligent anti-phishing defensive system |
| CN103379110A (en) * | 2012-04-21 | 2013-10-30 | 中南林业科技大学 | Active anti-phishing defensive system |
| US9240991B2 (en) * | 2012-12-13 | 2016-01-19 | Sap Se | Anti-phishing system for cross-domain web browser single sign-on |
| CN104077396A (en) * | 2014-07-01 | 2014-10-01 | 清华大学深圳研究生院 | Method and device for detecting phishing website |
| CN104899508A (en) * | 2015-06-17 | 2015-09-09 | 中国互联网络信息中心 | Multistage phishing website detecting method and system |
| CN105978850A (en) * | 2016-04-08 | 2016-09-28 | 中国南方电网有限责任公司 | Detection system and detection method for counterfeit website based on graph matching |
| US20190173918A1 (en) * | 2017-12-01 | 2019-06-06 | KnowBe4, Inc. | Systems and methods for aida based a/b testing |
| CN108566399A (en) * | 2018-04-23 | 2018-09-21 | 中国互联网络信息中心 | Fishing website recognition methods and system |
| CN109510815A (en) * | 2018-10-19 | 2019-03-22 | 杭州安恒信息技术股份有限公司 | A kind of multistage detection method for phishing site and detection system based on supervised learning |
Non-Patent Citations (1)
| Title |
|---|
| 杨明星: "基于登录页面及Logo图标检测的反钓鱼方案", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112104765A (en) * | 2020-11-20 | 2020-12-18 | 武汉绿色网络信息服务有限责任公司 | Illegal website detection method and device |
| US11470044B1 (en) * | 2021-12-08 | 2022-10-11 | Uab 360 It | System and method for multi-layered rule learning in URL filtering |
| CN114070653A (en) * | 2022-01-14 | 2022-02-18 | 浙江大学 | Hybrid phishing website detection method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110784462B (en) | 2020-11-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110784462B (en) | Three-layer phishing website detection system based on hybrid method | |
| US11310268B2 (en) | Systems and methods using computer vision and machine learning for detection of malicious actions | |
| CN104077396B (en) | Method and device for detecting phishing website | |
| Chiew et al. | Utilisation of website logo for phishing detection | |
| CN104954372B (en) | A kind of evidence obtaining of fishing website and verification method and system | |
| KR101767454B1 (en) | Method and apparatus of fraud detection for analyzing behavior pattern | |
| Rao et al. | Phishshield: a desktop application to detect phishing webpages through heuristic approach | |
| Rao et al. | A computer vision technique to detect phishing attacks | |
| CN104217160A (en) | Method and system for detecting Chinese phishing website | |
| CN102932348A (en) | Real-time detection method and system of phishing website | |
| CN105119909A (en) | Fake website detection method and fake website detection system based on page visual similarity | |
| CN110138758A (en) | Mistake based on domain name vocabulary plants domain name detection method | |
| CN109922065A (en) | Malicious websites method for quickly identifying | |
| Rahim et al. | Detecting the Phishing Attack Using Collaborative Approach and Secure Login through Dynamic Virtual Passwords. | |
| Zhang et al. | Phishing detection method based on borderline-smote deep belief network | |
| US20220030029A1 (en) | Phishing Protection Methods and Systems | |
| Liu et al. | An efficient multistage phishing website detection model based on the CASE feature framework: Aiming at the real web environment | |
| Aravindhan et al. | Certain investigation on web application security: Phishing detection and phishing target discovery | |
| Li et al. | Detection method of phishing email based on persuasion principle | |
| AL-Otaibi et al. | A study on social engineering attacks: phishing attack | |
| Zhu et al. | An effective neural network phishing detection model based on optimal feature selection | |
| CN105653941A (en) | Heuristic detection method and system for phishing website | |
| Mughaid et al. | An intelligent cyber security phishing detection system using deep learning techniques | |
| CN101436210B (en) | Method and system for recognizing counterfeit web page | |
| da Silva et al. | Piracema. io: A rules-based tree model for phishing prediction |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |