CN110784462B - Three-layer phishing website detection system based on hybrid method - Google Patents
Three-layer phishing website detection system based on hybrid method Download PDFInfo
- Publication number
- CN110784462B CN110784462B CN201911013051.7A CN201911013051A CN110784462B CN 110784462 B CN110784462 B CN 110784462B CN 201911013051 A CN201911013051 A CN 201911013051A CN 110784462 B CN110784462 B CN 110784462B
- Authority
- CN
- China
- Prior art keywords
- layer
- website
- detection
- phishing
- favicon
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/953—Querying, e.g. by the use of web search engines
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/955—Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
- G06F16/9566—URL specific, e.g. using aliases, detecting broken or misspelled links
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
- G06F18/241—Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
- G06F18/2411—Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches based on the proximity to a decision surface, e.g. support vector machines
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Evolutionary Computation (AREA)
- Signal Processing (AREA)
- Artificial Intelligence (AREA)
- Life Sciences & Earth Sciences (AREA)
- Computational Linguistics (AREA)
- Software Systems (AREA)
- Mathematical Physics (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Bioinformatics & Computational Biology (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Evolutionary Biology (AREA)
- Molecular Biology (AREA)
- General Health & Medical Sciences (AREA)
- Biophysics (AREA)
- Biomedical Technology (AREA)
- Health & Medical Sciences (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a three-layer phishing website detection system based on a hybrid method, which comprises three layers: the system comprises a first black and white list layer, a form filtering layer, a second favicon detection layer and a third machine learning detection layer; known phishing websites can be found in time by the first black and white list and the form filtering layer, and the detection cost is reduced. The second favicon detection layer can identify the real identity of the website through favicon so as to detect the phishing website, the speed is high, and too many resources are not required to be consumed. The third machine learning detection layer can accurately identify the websites which are judged to be suspicious by the second layer, and a more accurate judgment result is obtained. The detection of three levels not only ensures the accuracy of the identification result, but also can reduce the detection time as much as possible.
Description
Technical Field
The invention relates to a website detection system, in particular to a three-layer phishing website detection system based on a hybrid method.
Background
Phishing is a fraudulent act for spoofing users over the internet, and attackers who launch phishing attacks are often referred to as phishers. The definition of phishing by the international Anti-phishing working Group (APWG) is that phishing is a network attack mode, and social engineering and technical means are utilized to steal personal identity data and financial account certificates of consumers. Phishing attacks that employ social engineering means typically send fraudulent emails, short messages, etc. to users, enticing users to reveal credential information (e.g., username, password) or download malicious software. The attack of the technical means is to directly plant malicious software (such as man-in-the-browser attack) on the PC, and to directly steal the credential information by adopting some technical means, such as intercepting the user name and password of the user by using the system, misleading the user to access a forged website, and the like.
Since Phishing seriously affects the interests of netizens and the reputation of the internet, the international Anti-Phishing Working Group (APWG, Anti-Phishing Working Group) shall approve the requirements of various non-profit organizations and industries in 2003, establishes a database based on the URL of a Phishing website and distributes the data regularly so as to make various industries refer to. According to APWG trend reports; phishing attacks have developed rapidly in recent years. In the report of the phishing activity trend in the quarter of 2018Q1, the total number of phishing detected in the first quarter of 2018 is 263,538. This is a 46% increase over 180,577 observed in 2017Q4, which also far exceeds 190,942 in the third quarter of 2017.
The increasing rampant phishing causes the threats of economic loss, identity fraud and the like to internet users. Therefore, effectively detecting phishing and making the processing is of great significance to network security.
Phishing detection technology identifies phishing attacks by utilizing certain characteristics of the phishing attacks, and therefore attack and prevention of the phishing attacks are achieved. With the continuous expansion of phishing, the research on the related phishing detection technology is also deepened, from the early blacklist technology to the prediction realized by using heuristic rules and machine learning, in recent years, with the development of deep learning theory, the neural network detection technology based on image recognition and rules is also continuously applied to the detection of phishing.
The conventional patent CN106357682A, "a phishing website detection method", proposes a method for extracting characters from favicon to compare with black and white lists. The process flow is shown in figure 1, and the patent has the following disadvantages: the method needs to maintain a database and update frequently to ensure timeliness. The detection fails when there is no text in the logo.
The prior patent CN104166725A "a phishing website detection method" proposes a phishing website detection scheme. In the scheme, a feature vector based on visual content corresponding to a webpage to be detected is established; comparing the feature vector with the feature vectors in a preset feature vector set; and judging whether the webpage to be detected is a phishing website or not according to the comparison result. The detection process is shown in fig. 2: the shortcoming of this patent: 1. the webpage to be detected is blocked, and characteristics such as blocking positions and the like are selected, and the characteristics will fail after the phishers finely adjust the webpage structure. 2. Selecting features such as a DOM tree will be disabled when the phisher uses the picture instead of the text.
The technical problem to be solved by the invention is how to detect the phishing website in a large number of webpages so as to ensure the safety of website information.
Disclosure of Invention
The invention aims to provide a three-layer phishing website detection system based on a mixing method, so as to solve the problems in the background technology.
In order to achieve the purpose, the invention provides the following technical scheme: the three-layer phishing website detection system based on the hybrid method comprises three layers: the system comprises a first black and white list layer, a form filtering layer, a second favicon detection layer and a third machine learning detection layer;
1. the first black and white list filtering layer: constructing a black-and-white list directly through the existing Google API phishing website black list and Alexa website TOP 250;
a login form filter which classifies websites which do not submit forms for login into ordinary websites, and since the purpose is to detect phishing websites, pages which do not submit forms obviously do not have phishing attributes;
through the two filters, if the website is not filtered, the following process is carried out, and the filtered website directly returns a result, so that the response of most common websites can be improved;
when the website to be detected is matched in the black list or the white list, returning a detection result, when the website to be detected is not matched in the black list or the white list, outputting the website to be detected as a legal website if the website to be detected is filtered by the form filter, otherwise, entering the next-layer detection;
2. the second layer is a favicon detection layer, the second layer acquires the identity of the webpage by using favicon, and compared with other visual features of the webpage, the favicon can identify the identity of the webpage better; and the method adopts Google Search to Search favicon, thereby avoiding the consumption of a large amount of computing and storage resources caused by self-maintenance of a database, and the flow is as follows:
2-1, favicon extraction process: obtaining favicon corresponding to the webpage through the corresponding website;
2-2, identity authentication process: the process is completed by utilizing Google image search and a Google picture library, the filtered favicon is subjected to Google search, related URLs are analyzed in returned matching contents, two webpage matching results and one picture matching result are returned in the part, and the webpage matching results only need to be retrieved;
then, in a detection stage, extracting data of four features from a returned result, counting the occurrence times of a secondary domain name of a detected website in the four features, performing linear weighted normalization on the secondary domain name by using a trained GMM (Gaussian mixture model) to obtain a normalized matching score S, classifying [0, S1 ] into a phishing class according to a dual-threshold strategy, classifying (S2, 1) into a legal webpage class, and meanwhile, judging the webpage in an interval of [ S1, S2] into a suspicious class;
and returning results of the second layer, directly returning detection results to websites judged to be legal or phishing, and putting websites classified into suspicious categories into the next layer for detection.
3. A third machine learning detection layer, wherein the third layer classifies websites which do not obtain results in the second layer by using a machine learning method, firstly extracts the characteristics of the webpages to be detected, and then classifies the webpages in the trained Self-Structuring NN;
3-1, selecting the characteristics of the third layer;
selecting characteristics of a UCI data set, wherein the characteristics have strong representativeness and basically comprise most characteristic consideration dimensions in the existing research;
and returning the result of the third layer, namely returning the classification result of the Self-Structuring NN, namely phishing or legal.
Compared with the prior art, the invention has the beneficial effects that: (1) known phishing websites can be found in time by the first black and white list and the form filtering layer, and the detection cost is reduced.
(2) The second favicon detection layer can identify the real identity of the website through favicon so as to detect the phishing website, the speed is high, and too many resources are not required to be consumed.
(3) The third machine learning detection layer can accurately identify the websites which are judged to be suspicious by the second layer, and a more accurate judgment result is obtained.
(4) The detection of three levels not only ensures the accuracy of the identification result, but also can reduce the detection time as much as possible.
Drawings
FIG. 1 is a flowchart of a prior art I operation;
FIG. 2 is a flowchart illustrating a second prior art in the background art;
fig. 3 is a schematic diagram of the system workflow structure of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 3, the three-layer phishing website detection system based on the hybrid method is composed of three layers: the system comprises a first black and white list layer, a form filtering layer, a second favicon detection layer and a third machine learning detection layer;
1. the first black and white list filtering layer: constructing a black-and-white list directly through the existing Google API phishing website black list and Alexa website TOP 250;
a login form filter which classifies websites which do not submit forms for login into ordinary websites, and since the purpose is to detect phishing websites, pages which do not submit forms obviously do not have phishing attributes;
through the two filters, if the website is not filtered, the following process is carried out, and the filtered website directly returns a result, so that the response of most common websites can be improved;
and when the website to be detected is matched in the black list or the white list, returning a detection result, and when the website to be detected is not matched in the black list or the white list, outputting the website to be detected as a legal website if the website to be detected is filtered by the form filter, otherwise, entering the next detection layer.
2. The second layer is a favicon detection layer, the second layer acquires the identity of the webpage by using favicon, and compared with other visual features of the webpage, the favicon can identify the identity of the webpage better; and the method adopts Google Search to Search favicon, thereby avoiding the consumption of a large amount of computing and storage resources caused by self-maintenance of a database, and the flow is as follows:
2-1, favicon extraction process:
the simplified processing procedure is adopted here, and favicon corresponding to the web page can be obtained through the following addresses:
TABLE 1 manner of obtaining favicon
Method | HTML Codes |
A | www.domain.com/favicon.ico |
B | <link rel=“shortcut icon”href=“/favicon.ico”/> |
C | <link rel=“icon”href=“/favicon.ico”/> |
D | <link rel=“apple-touch-icon”href=“images/favicon.ico”/> |
2-2, identity authentication process:
the process is completed by utilizing Google image search and a Google picture library, the filtered favicon is subjected to Google search, related URLs are analyzed in returned matching contents, two webpage matching results and one picture matching result are returned in the part, and the webpage matching results only need to be retrieved;
then, in a detection stage, extracting data of four features from a returned result, counting the occurrence times of a secondary domain name of a detected website in the four features, performing linear weighted normalization on the secondary domain name by using a trained GMM (Gaussian mixture model) to obtain a normalized matching score S, classifying [0, S1 ] into a phishing class according to a dual-threshold strategy, classifying (S2, 1) into a legal webpage class, and meanwhile, judging the webpage in an interval of [ S1, S2] into a suspicious class;
and returning results of the second layer, directly returning detection results to websites judged to be legal or phishing, and putting websites classified into suspicious categories into the next layer for detection.
3. A third machine learning detection layer, wherein the third layer classifies websites which do not obtain results in the second layer by using a machine learning method, firstly extracts 22 characteristics of the to-be-detected webpages, and then puts the to-be-detected webpages into a trained Self-Structuring NN for classification;
3-1, selecting the characteristics of the third layer;
22 characteristics of the UCI data set are selected, and the 22 characteristics have strong representativeness and basically comprise most characteristic consideration dimensions in the existing research.
TABLE 2 feature selection
And returning the result of the third layer, namely returning the classification result of the Self-Structuring NN, namely phishing or legal.
4. Results of the experiment
4.1, testing time consumption, wherein in a training stage, a second favicon detection layer uses statistical data of 132 Alexa legal websites and 91 phistank phishing websites and puts the statistical data into a GMM for training; the third machine learning detection layer uses 30 financial phishing websites, 7044 phishtank phishing websites and 4442 Alexa legal websites to put into Self-structuringNN for training.
In the testing stage, the websites which cannot be determined by the upper layer enter the lower layer for detection by using the URLs of 500 Alexa legal websites and 500 phistank phishing websites. According to the experiment, 1000 websites were detected in the first layer, 796 websites were detected in the second layer, and 239 websites were detected in the third layer.
The time consumption of the three layers is mainly influenced by the network speed, the first layer needs to request HTML of a page when detecting whether the page contains a form, the second layer needs to acquire favicon of a webpage and uses a search API of Google, the third layer needs to acquire HTML of the webpage, the state of each port needs to be tested when checking whether an illegal port is used, and a whois API needs to be accessed to acquire webpage registration information and the like. The local processing is not very time consuming.
TABLE 3 time consuming statistics of layers
4.2, Performance testing
Model performance was evaluated using the following criteria, False Negative Rate (FNR): the proportion of the erroneously predicted positive samples to the total positive samples, i.e., the false alarm rate.
False Positive Rate (FPR): the proportion of the negative samples which are mispredicted to the total negative samples is the rate of missing report.
Recall (R): the proportion of positive samples that are correctly predicted to the total positive samples, i.e., the recall ratio.
Accuracy (acc): the ratio of the samples predicted to be correct to the total samples, i.e. the accuracy.
The calculation formula of each index is as follows:
the test is carried out by adopting 500 Alexa legal websites and 500 phistank phishing websites, and the test results are as follows:
TABLE 4 results of the experiment
FNR | FPR | R | ACC |
1.60% | 3.40% | 98.40% | 97.50% |
The detection of three levels not only ensures the accuracy of the identification result, but also can reduce the detection time as much as possible.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (1)
1. Three-layer phishing website detection system based on mixing method is characterized in that: the detection system consists of three layers: the system comprises a first black and white list layer, a form filtering layer, a second favicon detection layer and a third machine learning detection layer;
(1) and a first black and white list filter layer: constructing a black-and-white list directly through the existing Google API phishing website black list and Alexa website TOP 250;
a login form filter which classifies websites which do not submit forms for login into ordinary websites, and since the purpose is to detect phishing websites, pages which do not submit forms obviously do not have phishing attributes;
through the two filters, if the website is not filtered, the following process is carried out, and the filtered website directly returns a result, so that the response of most common websites can be improved;
when the website to be detected is matched in the black list or the white list, returning a detection result, when the website to be detected is not matched in the black list or the white list, outputting the website to be detected as a legal website if the website to be detected is filtered by the form filter, otherwise, entering the next-layer detection;
(2) the second layer uses favicon to obtain the identity of the webpage, and compared with other visual characteristics of the webpage, the favicon can identify the identity of the webpage better; and the method adopts Google Search to Search favicon, thereby avoiding the consumption of a large amount of computing and storage resources caused by self-maintenance of a database, and the flow is as follows:
(2-1), favicon extraction process: obtaining favicon corresponding to the webpage through the corresponding website;
(2-2) identity authentication process: the process is completed by utilizing Google image search and a Google picture library, the filtered favicon is subjected to Google search, related URLs are analyzed in returned matching contents, two webpage matching results and one picture matching result are returned in the part, and the webpage matching results only need to be retrieved;
then, in a detection stage, extracting data of four features from a returned result, counting the occurrence times of a secondary domain name of a detected website in the four features, performing linear weighted normalization on the secondary domain name by using a trained GMM (Gaussian mixture model) to obtain a normalized matching score S, classifying [0, S1 ] into a phishing class according to a dual-threshold strategy, classifying (S2, 1) into a legal webpage class, and meanwhile, judging the webpage in an interval of [ S1, S2] into a suspicious class;
the returned result of the second layer directly returns the detection result to the website judged to be legal or phishing, and the website classified into suspicious categories is put into the next layer for detection;
(3) the third layer classifies websites which do not obtain results in the second layer by using a machine learning method, firstly extracts the characteristics of the webpages to be detected, and then puts the webpages into a trained Self-Structuring NN for classification;
(3-1) selecting characteristics of a third layer;
selecting characteristics of a UCI data set, wherein the characteristics have strong representativeness and basically comprise most characteristic consideration dimensions in the existing research;
and returning the result of the third layer, namely returning the classification result of the Self-Structuring NN, namely phishing or legal.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911013051.7A CN110784462B (en) | 2019-10-23 | 2019-10-23 | Three-layer phishing website detection system based on hybrid method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911013051.7A CN110784462B (en) | 2019-10-23 | 2019-10-23 | Three-layer phishing website detection system based on hybrid method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110784462A CN110784462A (en) | 2020-02-11 |
CN110784462B true CN110784462B (en) | 2020-11-03 |
Family
ID=69386596
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911013051.7A Active CN110784462B (en) | 2019-10-23 | 2019-10-23 | Three-layer phishing website detection system based on hybrid method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110784462B (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112104765A (en) * | 2020-11-20 | 2020-12-18 | 武汉绿色网络信息服务有限责任公司 | Illegal website detection method and device |
US11470044B1 (en) * | 2021-12-08 | 2022-10-11 | Uab 360 It | System and method for multi-layered rule learning in URL filtering |
CN114285627B (en) * | 2021-12-21 | 2023-12-22 | 安天科技集团股份有限公司 | Flow detection method and device, electronic equipment and computer readable storage medium |
CN114070653B (en) * | 2022-01-14 | 2022-06-24 | 浙江大学 | Hybrid phishing website detection method and device, electronic equipment and storage medium |
CN114978624B (en) * | 2022-05-09 | 2023-11-03 | 深圳大学 | Phishing webpage detection method, device, equipment and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101714272A (en) * | 2009-11-19 | 2010-05-26 | 北京邮电大学 | Method for protecting number and password of bank card from stealing by phishing website |
CN103379110A (en) * | 2012-04-21 | 2013-10-30 | 中南林业科技大学 | Active anti-phishing defensive system |
CN103379111A (en) * | 2012-04-21 | 2013-10-30 | 中南林业科技大学 | Intelligent anti-phishing defensive system |
CN104077396A (en) * | 2014-07-01 | 2014-10-01 | 清华大学深圳研究生院 | Method and device for detecting phishing website |
US9240991B2 (en) * | 2012-12-13 | 2016-01-19 | Sap Se | Anti-phishing system for cross-domain web browser single sign-on |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104899508B (en) * | 2015-06-17 | 2018-12-07 | 中国互联网络信息中心 | A kind of multistage detection method for phishing site and system |
CN105978850A (en) * | 2016-04-08 | 2016-09-28 | 中国南方电网有限责任公司 | Detection system and detection method for counterfeit website based on graph matching |
US10581910B2 (en) * | 2017-12-01 | 2020-03-03 | KnowBe4, Inc. | Systems and methods for AIDA based A/B testing |
CN108566399B (en) * | 2018-04-23 | 2020-11-03 | 中国互联网络信息中心 | Phishing website identification method and system |
CN109510815B (en) * | 2018-10-19 | 2022-01-25 | 杭州安恒信息技术股份有限公司 | Multi-level phishing website detection method and system based on supervised learning |
-
2019
- 2019-10-23 CN CN201911013051.7A patent/CN110784462B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101714272A (en) * | 2009-11-19 | 2010-05-26 | 北京邮电大学 | Method for protecting number and password of bank card from stealing by phishing website |
CN103379110A (en) * | 2012-04-21 | 2013-10-30 | 中南林业科技大学 | Active anti-phishing defensive system |
CN103379111A (en) * | 2012-04-21 | 2013-10-30 | 中南林业科技大学 | Intelligent anti-phishing defensive system |
US9240991B2 (en) * | 2012-12-13 | 2016-01-19 | Sap Se | Anti-phishing system for cross-domain web browser single sign-on |
CN104077396A (en) * | 2014-07-01 | 2014-10-01 | 清华大学深圳研究生院 | Method and device for detecting phishing website |
Also Published As
Publication number | Publication date |
---|---|
CN110784462A (en) | 2020-02-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110784462B (en) | Three-layer phishing website detection system based on hybrid method | |
US11310268B2 (en) | Systems and methods using computer vision and machine learning for detection of malicious actions | |
CN104077396B (en) | Method and device for detecting phishing website | |
Chiew et al. | Utilisation of website logo for phishing detection | |
Ramesh et al. | An efficacious method for detecting phishing webpages through target domain identification | |
Rao et al. | Phishshield: a desktop application to detect phishing webpages through heuristic approach | |
Goga et al. | The doppelgänger bot attack: Exploring identity impersonation in online social networks | |
Rao et al. | A computer vision technique to detect phishing attacks | |
CN109922065B (en) | Quick identification method for malicious website | |
CN104217160A (en) | Method and system for detecting Chinese phishing website | |
Liu et al. | An efficient multistage phishing website detection model based on the CASE feature framework: Aiming at the real web environment | |
Rahim et al. | Detecting the Phishing Attack Using Collaborative Approach and Secure Login through Dynamic Virtual Passwords. | |
CN107256357A (en) | The detection of Android malicious application based on deep learning and analysis method | |
CN105119909A (en) | Fake website detection method and fake website detection system based on page visual similarity | |
US20220030029A1 (en) | Phishing Protection Methods and Systems | |
CN110138758A (en) | Mistake based on domain name vocabulary plants domain name detection method | |
Li et al. | Detection method of phishing email based on persuasion principle | |
Al-Otaibi et al. | A study on social engineering attacks: Phishing attack | |
Aravindhan et al. | Certain investigation on web application security: Phishing detection and phishing target discovery | |
Da Silva et al. | Piracema. io: A rules-based tree model for phishing prediction | |
Zhu et al. | An effective neural network phishing detection model based on optimal feature selection | |
Abdulrahaman et al. | Phishing attack detection based on random forest with wrapper feature selection method | |
Jeeva et al. | Phishing URL detection-based feature selection to classifiers | |
CN105653941A (en) | Heuristic detection method and system for phishing website | |
Zaman et al. | Phishing website detection using effective classifiers and feature selection techniques |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |