CN110784462B - Three-layer phishing website detection system based on hybrid method - Google Patents

Three-layer phishing website detection system based on hybrid method Download PDF

Info

Publication number
CN110784462B
CN110784462B CN201911013051.7A CN201911013051A CN110784462B CN 110784462 B CN110784462 B CN 110784462B CN 201911013051 A CN201911013051 A CN 201911013051A CN 110784462 B CN110784462 B CN 110784462B
Authority
CN
China
Prior art keywords
layer
website
detection
phishing
favicon
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911013051.7A
Other languages
Chinese (zh)
Other versions
CN110784462A (en
Inventor
谷勇浩
高翊睿
李良训
黄泽祺
王翼翡
郭振洋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Posts and Telecommunications
Original Assignee
Beijing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Posts and Telecommunications filed Critical Beijing University of Posts and Telecommunications
Priority to CN201911013051.7A priority Critical patent/CN110784462B/en
Publication of CN110784462A publication Critical patent/CN110784462A/en
Application granted granted Critical
Publication of CN110784462B publication Critical patent/CN110784462B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/953Querying, e.g. by the use of web search engines
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/955Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
    • G06F16/9566URL specific, e.g. using aliases, detecting broken or misspelled links
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/241Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
    • G06F18/2411Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches based on the proximity to a decision surface, e.g. support vector machines
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Evolutionary Computation (AREA)
  • Signal Processing (AREA)
  • Artificial Intelligence (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Computational Linguistics (AREA)
  • Software Systems (AREA)
  • Mathematical Physics (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Biology (AREA)
  • Molecular Biology (AREA)
  • General Health & Medical Sciences (AREA)
  • Biophysics (AREA)
  • Biomedical Technology (AREA)
  • Health & Medical Sciences (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses a three-layer phishing website detection system based on a hybrid method, which comprises three layers: the system comprises a first black and white list layer, a form filtering layer, a second favicon detection layer and a third machine learning detection layer; known phishing websites can be found in time by the first black and white list and the form filtering layer, and the detection cost is reduced. The second favicon detection layer can identify the real identity of the website through favicon so as to detect the phishing website, the speed is high, and too many resources are not required to be consumed. The third machine learning detection layer can accurately identify the websites which are judged to be suspicious by the second layer, and a more accurate judgment result is obtained. The detection of three levels not only ensures the accuracy of the identification result, but also can reduce the detection time as much as possible.

Description

Three-layer phishing website detection system based on hybrid method
Technical Field
The invention relates to a website detection system, in particular to a three-layer phishing website detection system based on a hybrid method.
Background
Phishing is a fraudulent act for spoofing users over the internet, and attackers who launch phishing attacks are often referred to as phishers. The definition of phishing by the international Anti-phishing working Group (APWG) is that phishing is a network attack mode, and social engineering and technical means are utilized to steal personal identity data and financial account certificates of consumers. Phishing attacks that employ social engineering means typically send fraudulent emails, short messages, etc. to users, enticing users to reveal credential information (e.g., username, password) or download malicious software. The attack of the technical means is to directly plant malicious software (such as man-in-the-browser attack) on the PC, and to directly steal the credential information by adopting some technical means, such as intercepting the user name and password of the user by using the system, misleading the user to access a forged website, and the like.
Since Phishing seriously affects the interests of netizens and the reputation of the internet, the international Anti-Phishing Working Group (APWG, Anti-Phishing Working Group) shall approve the requirements of various non-profit organizations and industries in 2003, establishes a database based on the URL of a Phishing website and distributes the data regularly so as to make various industries refer to. According to APWG trend reports; phishing attacks have developed rapidly in recent years. In the report of the phishing activity trend in the quarter of 2018Q1, the total number of phishing detected in the first quarter of 2018 is 263,538. This is a 46% increase over 180,577 observed in 2017Q4, which also far exceeds 190,942 in the third quarter of 2017.
The increasing rampant phishing causes the threats of economic loss, identity fraud and the like to internet users. Therefore, effectively detecting phishing and making the processing is of great significance to network security.
Phishing detection technology identifies phishing attacks by utilizing certain characteristics of the phishing attacks, and therefore attack and prevention of the phishing attacks are achieved. With the continuous expansion of phishing, the research on the related phishing detection technology is also deepened, from the early blacklist technology to the prediction realized by using heuristic rules and machine learning, in recent years, with the development of deep learning theory, the neural network detection technology based on image recognition and rules is also continuously applied to the detection of phishing.
The conventional patent CN106357682A, "a phishing website detection method", proposes a method for extracting characters from favicon to compare with black and white lists. The process flow is shown in figure 1, and the patent has the following disadvantages: the method needs to maintain a database and update frequently to ensure timeliness. The detection fails when there is no text in the logo.
The prior patent CN104166725A "a phishing website detection method" proposes a phishing website detection scheme. In the scheme, a feature vector based on visual content corresponding to a webpage to be detected is established; comparing the feature vector with the feature vectors in a preset feature vector set; and judging whether the webpage to be detected is a phishing website or not according to the comparison result. The detection process is shown in fig. 2: the shortcoming of this patent: 1. the webpage to be detected is blocked, and characteristics such as blocking positions and the like are selected, and the characteristics will fail after the phishers finely adjust the webpage structure. 2. Selecting features such as a DOM tree will be disabled when the phisher uses the picture instead of the text.
The technical problem to be solved by the invention is how to detect the phishing website in a large number of webpages so as to ensure the safety of website information.
Disclosure of Invention
The invention aims to provide a three-layer phishing website detection system based on a mixing method, so as to solve the problems in the background technology.
In order to achieve the purpose, the invention provides the following technical scheme: the three-layer phishing website detection system based on the hybrid method comprises three layers: the system comprises a first black and white list layer, a form filtering layer, a second favicon detection layer and a third machine learning detection layer;
1. the first black and white list filtering layer: constructing a black-and-white list directly through the existing Google API phishing website black list and Alexa website TOP 250;
a login form filter which classifies websites which do not submit forms for login into ordinary websites, and since the purpose is to detect phishing websites, pages which do not submit forms obviously do not have phishing attributes;
through the two filters, if the website is not filtered, the following process is carried out, and the filtered website directly returns a result, so that the response of most common websites can be improved;
when the website to be detected is matched in the black list or the white list, returning a detection result, when the website to be detected is not matched in the black list or the white list, outputting the website to be detected as a legal website if the website to be detected is filtered by the form filter, otherwise, entering the next-layer detection;
2. the second layer is a favicon detection layer, the second layer acquires the identity of the webpage by using favicon, and compared with other visual features of the webpage, the favicon can identify the identity of the webpage better; and the method adopts Google Search to Search favicon, thereby avoiding the consumption of a large amount of computing and storage resources caused by self-maintenance of a database, and the flow is as follows:
2-1, favicon extraction process: obtaining favicon corresponding to the webpage through the corresponding website;
2-2, identity authentication process: the process is completed by utilizing Google image search and a Google picture library, the filtered favicon is subjected to Google search, related URLs are analyzed in returned matching contents, two webpage matching results and one picture matching result are returned in the part, and the webpage matching results only need to be retrieved;
then, in a detection stage, extracting data of four features from a returned result, counting the occurrence times of a secondary domain name of a detected website in the four features, performing linear weighted normalization on the secondary domain name by using a trained GMM (Gaussian mixture model) to obtain a normalized matching score S, classifying [0, S1 ] into a phishing class according to a dual-threshold strategy, classifying (S2, 1) into a legal webpage class, and meanwhile, judging the webpage in an interval of [ S1, S2] into a suspicious class;
and returning results of the second layer, directly returning detection results to websites judged to be legal or phishing, and putting websites classified into suspicious categories into the next layer for detection.
3. A third machine learning detection layer, wherein the third layer classifies websites which do not obtain results in the second layer by using a machine learning method, firstly extracts the characteristics of the webpages to be detected, and then classifies the webpages in the trained Self-Structuring NN;
3-1, selecting the characteristics of the third layer;
selecting characteristics of a UCI data set, wherein the characteristics have strong representativeness and basically comprise most characteristic consideration dimensions in the existing research;
and returning the result of the third layer, namely returning the classification result of the Self-Structuring NN, namely phishing or legal.
Compared with the prior art, the invention has the beneficial effects that: (1) known phishing websites can be found in time by the first black and white list and the form filtering layer, and the detection cost is reduced.
(2) The second favicon detection layer can identify the real identity of the website through favicon so as to detect the phishing website, the speed is high, and too many resources are not required to be consumed.
(3) The third machine learning detection layer can accurately identify the websites which are judged to be suspicious by the second layer, and a more accurate judgment result is obtained.
(4) The detection of three levels not only ensures the accuracy of the identification result, but also can reduce the detection time as much as possible.
Drawings
FIG. 1 is a flowchart of a prior art I operation;
FIG. 2 is a flowchart illustrating a second prior art in the background art;
fig. 3 is a schematic diagram of the system workflow structure of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 3, the three-layer phishing website detection system based on the hybrid method is composed of three layers: the system comprises a first black and white list layer, a form filtering layer, a second favicon detection layer and a third machine learning detection layer;
1. the first black and white list filtering layer: constructing a black-and-white list directly through the existing Google API phishing website black list and Alexa website TOP 250;
a login form filter which classifies websites which do not submit forms for login into ordinary websites, and since the purpose is to detect phishing websites, pages which do not submit forms obviously do not have phishing attributes;
through the two filters, if the website is not filtered, the following process is carried out, and the filtered website directly returns a result, so that the response of most common websites can be improved;
and when the website to be detected is matched in the black list or the white list, returning a detection result, and when the website to be detected is not matched in the black list or the white list, outputting the website to be detected as a legal website if the website to be detected is filtered by the form filter, otherwise, entering the next detection layer.
2. The second layer is a favicon detection layer, the second layer acquires the identity of the webpage by using favicon, and compared with other visual features of the webpage, the favicon can identify the identity of the webpage better; and the method adopts Google Search to Search favicon, thereby avoiding the consumption of a large amount of computing and storage resources caused by self-maintenance of a database, and the flow is as follows:
2-1, favicon extraction process:
the simplified processing procedure is adopted here, and favicon corresponding to the web page can be obtained through the following addresses:
TABLE 1 manner of obtaining favicon
Method HTML Codes
A www.domain.com/favicon.ico
B <link rel=“shortcut icon”href=“/favicon.ico”/>
C <link rel=“icon”href=“/favicon.ico”/>
D <link rel=“apple-touch-icon”href=“images/favicon.ico”/>
2-2, identity authentication process:
the process is completed by utilizing Google image search and a Google picture library, the filtered favicon is subjected to Google search, related URLs are analyzed in returned matching contents, two webpage matching results and one picture matching result are returned in the part, and the webpage matching results only need to be retrieved;
then, in a detection stage, extracting data of four features from a returned result, counting the occurrence times of a secondary domain name of a detected website in the four features, performing linear weighted normalization on the secondary domain name by using a trained GMM (Gaussian mixture model) to obtain a normalized matching score S, classifying [0, S1 ] into a phishing class according to a dual-threshold strategy, classifying (S2, 1) into a legal webpage class, and meanwhile, judging the webpage in an interval of [ S1, S2] into a suspicious class;
and returning results of the second layer, directly returning detection results to websites judged to be legal or phishing, and putting websites classified into suspicious categories into the next layer for detection.
3. A third machine learning detection layer, wherein the third layer classifies websites which do not obtain results in the second layer by using a machine learning method, firstly extracts 22 characteristics of the to-be-detected webpages, and then puts the to-be-detected webpages into a trained Self-Structuring NN for classification;
3-1, selecting the characteristics of the third layer;
22 characteristics of the UCI data set are selected, and the 22 characteristics have strong representativeness and basically comprise most characteristic consideration dimensions in the existing research.
TABLE 2 feature selection
Figure BDA0002244777300000051
Figure BDA0002244777300000061
And returning the result of the third layer, namely returning the classification result of the Self-Structuring NN, namely phishing or legal.
4. Results of the experiment
4.1, testing time consumption, wherein in a training stage, a second favicon detection layer uses statistical data of 132 Alexa legal websites and 91 phistank phishing websites and puts the statistical data into a GMM for training; the third machine learning detection layer uses 30 financial phishing websites, 7044 phishtank phishing websites and 4442 Alexa legal websites to put into Self-structuringNN for training.
In the testing stage, the websites which cannot be determined by the upper layer enter the lower layer for detection by using the URLs of 500 Alexa legal websites and 500 phistank phishing websites. According to the experiment, 1000 websites were detected in the first layer, 796 websites were detected in the second layer, and 239 websites were detected in the third layer.
The time consumption of the three layers is mainly influenced by the network speed, the first layer needs to request HTML of a page when detecting whether the page contains a form, the second layer needs to acquire favicon of a webpage and uses a search API of Google, the third layer needs to acquire HTML of the webpage, the state of each port needs to be tested when checking whether an illegal port is used, and a whois API needs to be accessed to acquire webpage registration information and the like. The local processing is not very time consuming.
TABLE 3 time consuming statistics of layers
Figure BDA0002244777300000062
Figure BDA0002244777300000071
4.2, Performance testing
Model performance was evaluated using the following criteria, False Negative Rate (FNR): the proportion of the erroneously predicted positive samples to the total positive samples, i.e., the false alarm rate.
False Positive Rate (FPR): the proportion of the negative samples which are mispredicted to the total negative samples is the rate of missing report.
Recall (R): the proportion of positive samples that are correctly predicted to the total positive samples, i.e., the recall ratio.
Accuracy (acc): the ratio of the samples predicted to be correct to the total samples, i.e. the accuracy.
The calculation formula of each index is as follows:
Figure BDA0002244777300000072
Figure BDA0002244777300000073
Figure BDA0002244777300000074
Figure BDA0002244777300000075
the test is carried out by adopting 500 Alexa legal websites and 500 phistank phishing websites, and the test results are as follows:
TABLE 4 results of the experiment
FNR FPR R ACC
1.60% 3.40% 98.40% 97.50%
The detection of three levels not only ensures the accuracy of the identification result, but also can reduce the detection time as much as possible.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (1)

1. Three-layer phishing website detection system based on mixing method is characterized in that: the detection system consists of three layers: the system comprises a first black and white list layer, a form filtering layer, a second favicon detection layer and a third machine learning detection layer;
(1) and a first black and white list filter layer: constructing a black-and-white list directly through the existing Google API phishing website black list and Alexa website TOP 250;
a login form filter which classifies websites which do not submit forms for login into ordinary websites, and since the purpose is to detect phishing websites, pages which do not submit forms obviously do not have phishing attributes;
through the two filters, if the website is not filtered, the following process is carried out, and the filtered website directly returns a result, so that the response of most common websites can be improved;
when the website to be detected is matched in the black list or the white list, returning a detection result, when the website to be detected is not matched in the black list or the white list, outputting the website to be detected as a legal website if the website to be detected is filtered by the form filter, otherwise, entering the next-layer detection;
(2) the second layer uses favicon to obtain the identity of the webpage, and compared with other visual characteristics of the webpage, the favicon can identify the identity of the webpage better; and the method adopts Google Search to Search favicon, thereby avoiding the consumption of a large amount of computing and storage resources caused by self-maintenance of a database, and the flow is as follows:
(2-1), favicon extraction process: obtaining favicon corresponding to the webpage through the corresponding website;
(2-2) identity authentication process: the process is completed by utilizing Google image search and a Google picture library, the filtered favicon is subjected to Google search, related URLs are analyzed in returned matching contents, two webpage matching results and one picture matching result are returned in the part, and the webpage matching results only need to be retrieved;
then, in a detection stage, extracting data of four features from a returned result, counting the occurrence times of a secondary domain name of a detected website in the four features, performing linear weighted normalization on the secondary domain name by using a trained GMM (Gaussian mixture model) to obtain a normalized matching score S, classifying [0, S1 ] into a phishing class according to a dual-threshold strategy, classifying (S2, 1) into a legal webpage class, and meanwhile, judging the webpage in an interval of [ S1, S2] into a suspicious class;
the returned result of the second layer directly returns the detection result to the website judged to be legal or phishing, and the website classified into suspicious categories is put into the next layer for detection;
(3) the third layer classifies websites which do not obtain results in the second layer by using a machine learning method, firstly extracts the characteristics of the webpages to be detected, and then puts the webpages into a trained Self-Structuring NN for classification;
(3-1) selecting characteristics of a third layer;
selecting characteristics of a UCI data set, wherein the characteristics have strong representativeness and basically comprise most characteristic consideration dimensions in the existing research;
and returning the result of the third layer, namely returning the classification result of the Self-Structuring NN, namely phishing or legal.
CN201911013051.7A 2019-10-23 2019-10-23 Three-layer phishing website detection system based on hybrid method Active CN110784462B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911013051.7A CN110784462B (en) 2019-10-23 2019-10-23 Three-layer phishing website detection system based on hybrid method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911013051.7A CN110784462B (en) 2019-10-23 2019-10-23 Three-layer phishing website detection system based on hybrid method

Publications (2)

Publication Number Publication Date
CN110784462A CN110784462A (en) 2020-02-11
CN110784462B true CN110784462B (en) 2020-11-03

Family

ID=69386596

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911013051.7A Active CN110784462B (en) 2019-10-23 2019-10-23 Three-layer phishing website detection system based on hybrid method

Country Status (1)

Country Link
CN (1) CN110784462B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112104765A (en) * 2020-11-20 2020-12-18 武汉绿色网络信息服务有限责任公司 Illegal website detection method and device
US11470044B1 (en) * 2021-12-08 2022-10-11 Uab 360 It System and method for multi-layered rule learning in URL filtering
CN114285627B (en) * 2021-12-21 2023-12-22 安天科技集团股份有限公司 Flow detection method and device, electronic equipment and computer readable storage medium
CN114070653B (en) * 2022-01-14 2022-06-24 浙江大学 Hybrid phishing website detection method and device, electronic equipment and storage medium
CN114978624B (en) * 2022-05-09 2023-11-03 深圳大学 Phishing webpage detection method, device, equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101714272A (en) * 2009-11-19 2010-05-26 北京邮电大学 Method for protecting number and password of bank card from stealing by phishing website
CN103379110A (en) * 2012-04-21 2013-10-30 中南林业科技大学 Active anti-phishing defensive system
CN103379111A (en) * 2012-04-21 2013-10-30 中南林业科技大学 Intelligent anti-phishing defensive system
CN104077396A (en) * 2014-07-01 2014-10-01 清华大学深圳研究生院 Method and device for detecting phishing website
US9240991B2 (en) * 2012-12-13 2016-01-19 Sap Se Anti-phishing system for cross-domain web browser single sign-on

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104899508B (en) * 2015-06-17 2018-12-07 中国互联网络信息中心 A kind of multistage detection method for phishing site and system
CN105978850A (en) * 2016-04-08 2016-09-28 中国南方电网有限责任公司 Detection system and detection method for counterfeit website based on graph matching
US10581910B2 (en) * 2017-12-01 2020-03-03 KnowBe4, Inc. Systems and methods for AIDA based A/B testing
CN108566399B (en) * 2018-04-23 2020-11-03 中国互联网络信息中心 Phishing website identification method and system
CN109510815B (en) * 2018-10-19 2022-01-25 杭州安恒信息技术股份有限公司 Multi-level phishing website detection method and system based on supervised learning

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101714272A (en) * 2009-11-19 2010-05-26 北京邮电大学 Method for protecting number and password of bank card from stealing by phishing website
CN103379110A (en) * 2012-04-21 2013-10-30 中南林业科技大学 Active anti-phishing defensive system
CN103379111A (en) * 2012-04-21 2013-10-30 中南林业科技大学 Intelligent anti-phishing defensive system
US9240991B2 (en) * 2012-12-13 2016-01-19 Sap Se Anti-phishing system for cross-domain web browser single sign-on
CN104077396A (en) * 2014-07-01 2014-10-01 清华大学深圳研究生院 Method and device for detecting phishing website

Also Published As

Publication number Publication date
CN110784462A (en) 2020-02-11

Similar Documents

Publication Publication Date Title
CN110784462B (en) Three-layer phishing website detection system based on hybrid method
US11310268B2 (en) Systems and methods using computer vision and machine learning for detection of malicious actions
CN104077396B (en) Method and device for detecting phishing website
Chiew et al. Utilisation of website logo for phishing detection
Ramesh et al. An efficacious method for detecting phishing webpages through target domain identification
Rao et al. Phishshield: a desktop application to detect phishing webpages through heuristic approach
Goga et al. The doppelgänger bot attack: Exploring identity impersonation in online social networks
Rao et al. A computer vision technique to detect phishing attacks
CN109922065B (en) Quick identification method for malicious website
CN104217160A (en) Method and system for detecting Chinese phishing website
Liu et al. An efficient multistage phishing website detection model based on the CASE feature framework: Aiming at the real web environment
Rahim et al. Detecting the Phishing Attack Using Collaborative Approach and Secure Login through Dynamic Virtual Passwords.
CN107256357A (en) The detection of Android malicious application based on deep learning and analysis method
CN105119909A (en) Fake website detection method and fake website detection system based on page visual similarity
US20220030029A1 (en) Phishing Protection Methods and Systems
CN110138758A (en) Mistake based on domain name vocabulary plants domain name detection method
Li et al. Detection method of phishing email based on persuasion principle
Al-Otaibi et al. A study on social engineering attacks: Phishing attack
Aravindhan et al. Certain investigation on web application security: Phishing detection and phishing target discovery
Da Silva et al. Piracema. io: A rules-based tree model for phishing prediction
Zhu et al. An effective neural network phishing detection model based on optimal feature selection
Abdulrahaman et al. Phishing attack detection based on random forest with wrapper feature selection method
Jeeva et al. Phishing URL detection-based feature selection to classifiers
CN105653941A (en) Heuristic detection method and system for phishing website
Zaman et al. Phishing website detection using effective classifiers and feature selection techniques

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant