CN111339532A - Malicious website interception method - Google Patents
Malicious website interception method Download PDFInfo
- Publication number
- CN111339532A CN111339532A CN202010205420.9A CN202010205420A CN111339532A CN 111339532 A CN111339532 A CN 111339532A CN 202010205420 A CN202010205420 A CN 202010205420A CN 111339532 A CN111339532 A CN 111339532A
- Authority
- CN
- China
- Prior art keywords
- website
- malicious
- database
- malicious website
- detected
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
Abstract
The invention discloses a malicious website intercepting method, which comprises the following steps: step 1, a server collects malicious websites and establishes a malicious website database; step 2, carrying out data analysis on the webpage in the database, and constructing an interception rule; step 3, extracting data of the website to be detected; step 4, analyzing the extracted website data according to the interception rule; and 5, if the website is judged to be a malicious website, carrying out window prompt, adding the website information into a malicious website database, and if the website is judged to be a normal website, normally accessing. The method has strong pertinence by establishing the database and establishing the interception rule, can actively update the database, and can efficiently detect and intercept the malicious website.
Description
Technical Field
The invention relates to the field of computer security, in particular to a malicious website intercepting method.
Background
With the rapid development of the internet, the internet information under the big data age grows exponentially, and a large amount of information resources are shared through network services. The web browsing is one of the network services with the highest utilization rate at present, and also becomes a main channel for lawless persons to carry out malicious attack activities, wherein the gambling and pornographic websites have wide spread range and large influence range, and pose serious threats to information security. In the present technology, malicious websites are narrowly defined as gambling and pornography-like websites, and malicious information indicates gambling and pornography-related contents appearing in the malicious websites. In the past, the attacking method of a malicious website is relatively direct, a user is possibly threatened only when accessing the website, at present, an attacker hijacks some regular websites to transmit malicious information, and attacks the accessing user of the website by using script bugs of a legal website, even a trusted website can be subjected to malicious attacks, and if partial contents of a webpage are falsified into gambling information or jump to a designated malicious website, leakage of property and personal information of the user is caused, so that the information security threat caused by the leakage is more serious, and the information security of the user cannot be guaranteed.
The traditional malicious website detection method comprises the following steps: the detection is usually carried out by artificially discovering malicious websites or malicious code marks in website source codes, and the detection is simple to implement, but depends too much on manual feature screening, and the detection efficiency and accuracy are not high. Nowadays, malicious website detection usually utilizes methods such as feature analysis and statistics to discover malicious information in a website by constructing text features and feature analysis. In addition, a real page can be simulated in the virtual machine by means of a virtual machine technology, and malicious information detection based on behaviors is realized. The methods can effectively detect the malicious website, improve the safety of the user for accessing the webpage to a certain extent, but have lower efficiency compared with the traditional method. In addition, a novel malicious website can avoid network supervision by disguising a source code, and the malicious code and text content are hidden by using a technical means, so that a detector is difficult to find, and the existing detection method cannot meet the new safety requirement of a user for accessing a webpage.
Disclosure of Invention
Aiming at the problem of malicious website interception, the invention overcomes the defects of the existing corresponding method, and provides a malicious website interception method.
The technical scheme adopted by the invention is as follows.
A malicious website interception method comprises the following steps.
Step 1, a server collects malicious websites and establishes a malicious website database.
And 2, carrying out data analysis on the webpage in the database, and constructing an interception rule.
And 3, extracting the data of the website to be detected.
And 4, analyzing the extracted website data according to the interception rule.
And 5, taking corresponding measures according to the judgment result.
Further, in the step 2, data analysis is performed on the web pages in the database, and the constructed interception rule includes the following two points.
1) And matching the IP address of the website to be detected with the IP address library in the malicious website database one by one, wherein if the matching is successful, the website to be detected is a known malicious website.
2) The preset sensitive words include, but are not limited to, "gambling," "macadamia," "av cinema," "adult pornography," etc., and if the website data includes these sensitive words, the website is determined to be a malicious website.
Further, in step 3, data of the website to be detected, including a website title, a website IP address, a website text, a website picture, and the like, is extracted.
Further, in step 5, after the malicious website is determined, window prompt is performed, and the website information is added to the malicious website database, and if the malicious website is determined to be a normal website, normal access is performed.
The invention has the beneficial effects that: the database is established and the interception rule is established, so that the pertinence is strong, the database can be actively updated, and the malicious website can be efficiently detected and intercepted.
Drawings
Fig. 1 is a flowchart of a malicious website intercepting method in an embodiment.
Detailed Description
In order to make the aforementioned and other features and advantages of the invention more comprehensible, embodiments accompanied with figures are described in detail below.
Fig. 1 is a flowchart of a malicious website intercepting method according to this embodiment, which includes the following steps.
S1, the server collects the malicious websites and establishes a malicious website database.
And S2, carrying out data analysis on the webpage in the database, and constructing an interception rule.
The following two points are included.
1) And matching the IP address of the website to be detected with the IP address library in the malicious website database one by one, wherein if the matching is successful, the website to be detected is a known malicious website.
2) The preset sensitive words include, but are not limited to, "gambling," "macadamia," "av cinema," "adult pornography," etc., and if the website data includes these sensitive words, the website is determined to be a malicious website.
And S3, extracting the data of the website to be detected, including website titles, website IP addresses, website texts, website pictures and the like.
And S4, analyzing the extracted website data according to the interception rule, comparing the IP address of the website to be detected with the IP address library in the malicious website database one by one, and comparing whether the website data contains preset sensitive words.
And S5, taking corresponding measures according to the judgment result, if the website is judged to be a malicious website, carrying out window prompt, adding the website information into a malicious website database, and if the website is judged to be a normal website, normally accessing.
Although the present invention has been described with reference to a preferred embodiment, it should be understood that various changes, substitutions and alterations can be made herein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (3)
1. A malicious website interception method is characterized by comprising the following steps:
step 1, a server collects malicious websites and establishes a malicious website database;
step 2, carrying out data analysis on the webpage in the database, and constructing an interception rule;
step 3, extracting data of the website to be detected;
step 4, analyzing the extracted website data according to the interception rule;
and 5, taking corresponding measures according to the judgment result.
2. The method for intercepting the malicious website according to claim 1, wherein the step 2 of constructing the interception rule comprises matching the IP address of the website to be detected with an IP address library in a malicious website database one by one, and if the matching is successful, the website to be detected is a known malicious website.
3. The method according to claim 1, wherein in step 5, if it is determined as a malicious website, a window prompt is performed, and the website information is added to a malicious website database, and if it is determined as a normal website, the website is accessed normally.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010205420.9A CN111339532A (en) | 2020-03-23 | 2020-03-23 | Malicious website interception method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010205420.9A CN111339532A (en) | 2020-03-23 | 2020-03-23 | Malicious website interception method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111339532A true CN111339532A (en) | 2020-06-26 |
Family
ID=71186205
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010205420.9A Pending CN111339532A (en) | 2020-03-23 | 2020-03-23 | Malicious website interception method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111339532A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112084503A (en) * | 2020-09-18 | 2020-12-15 | 珠海豹趣科技有限公司 | Interception rule base generation method and device and electronic equipment |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103455758A (en) * | 2013-08-22 | 2013-12-18 | 北京奇虎科技有限公司 | Method and device for identifying malicious website |
CN103634317A (en) * | 2013-11-28 | 2014-03-12 | 北京奇虎科技有限公司 | Method and system of performing safety appraisal on malicious web site information on basis of cloud safety |
CN103632084A (en) * | 2012-08-20 | 2014-03-12 | 百度在线网络技术(北京)有限公司 | Building method for malicious feature data base, malicious object detecting method and device of malicious feature data base |
CN106776946A (en) * | 2016-12-02 | 2017-05-31 | 重庆大学 | A kind of detection method of fraudulent website |
CN107547555A (en) * | 2017-09-11 | 2018-01-05 | 北京匠数科技有限公司 | A kind of web portal security monitoring method and device |
CN108134784A (en) * | 2017-12-19 | 2018-06-08 | 东软集团股份有限公司 | web page classification method and device, storage medium and electronic equipment |
CN108418780A (en) * | 2017-02-10 | 2018-08-17 | 阿里巴巴集团控股有限公司 | Filter method and device, system, the dns server of IP address |
CN109657470A (en) * | 2018-12-27 | 2019-04-19 | 北京天融信网络安全技术有限公司 | Malicious web pages detection model training method, malicious web pages detection method and system |
CN109922065A (en) * | 2019-03-10 | 2019-06-21 | 北京亚鸿世纪科技发展有限公司 | Malicious websites method for quickly identifying |
-
2020
- 2020-03-23 CN CN202010205420.9A patent/CN111339532A/en active Pending
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103632084A (en) * | 2012-08-20 | 2014-03-12 | 百度在线网络技术(北京)有限公司 | Building method for malicious feature data base, malicious object detecting method and device of malicious feature data base |
CN103455758A (en) * | 2013-08-22 | 2013-12-18 | 北京奇虎科技有限公司 | Method and device for identifying malicious website |
CN103634317A (en) * | 2013-11-28 | 2014-03-12 | 北京奇虎科技有限公司 | Method and system of performing safety appraisal on malicious web site information on basis of cloud safety |
CN106776946A (en) * | 2016-12-02 | 2017-05-31 | 重庆大学 | A kind of detection method of fraudulent website |
CN108418780A (en) * | 2017-02-10 | 2018-08-17 | 阿里巴巴集团控股有限公司 | Filter method and device, system, the dns server of IP address |
CN107547555A (en) * | 2017-09-11 | 2018-01-05 | 北京匠数科技有限公司 | A kind of web portal security monitoring method and device |
CN108134784A (en) * | 2017-12-19 | 2018-06-08 | 东软集团股份有限公司 | web page classification method and device, storage medium and electronic equipment |
CN109657470A (en) * | 2018-12-27 | 2019-04-19 | 北京天融信网络安全技术有限公司 | Malicious web pages detection model training method, malicious web pages detection method and system |
CN109922065A (en) * | 2019-03-10 | 2019-06-21 | 北京亚鸿世纪科技发展有限公司 | Malicious websites method for quickly identifying |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112084503A (en) * | 2020-09-18 | 2020-12-15 | 珠海豹趣科技有限公司 | Interception rule base generation method and device and electronic equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Zhang et al. | Crawlphish: Large-scale analysis of client-side cloaking techniques in phishing | |
CN109922052B (en) | Malicious URL detection method combining multiple features | |
Canali et al. | Prophiler: a fast filter for the large-scale detection of malicious web pages | |
US9596255B2 (en) | Honey monkey network exploration | |
Liu et al. | A novel approach for detecting browser-based silent miner | |
CN107612924B (en) | Attacker positioning method and device based on wireless network intrusion | |
Li et al. | Hunting the red fox online: Understanding and detection of mass redirect-script injections | |
KR101070184B1 (en) | System and method for blocking execution of malicious code by automatically crawling and analyzing malicious code through multi-thread site-crawler, and by interworking with network security device | |
KR100848319B1 (en) | Harmful web site filtering method and apparatus using web structural information | |
RU2726032C2 (en) | Systems and methods for detecting malicious programs with a domain generation algorithm (dga) | |
Kim et al. | WebMon: ML-and YARA-based malicious webpage detection | |
CN104378255B (en) | The detection method and device of web malicious users | |
CN107463844B (en) | WEB Trojan horse detection method and system | |
Zhang et al. | An empirical study of web resource manipulation in real-world mobile applications | |
Mishra et al. | Intelligent phishing detection system using similarity matching algorithms | |
Rahman et al. | Analyzing web application vulnerabilities: an empirical study on e-commerce sector in Bangladesh | |
CN111931170A (en) | Website application isolation protection system | |
CN111339532A (en) | Malicious website interception method | |
Orunsolu et al. | An Anti-Phishing Kit Scheme for Secure Web Transactions. | |
Zeng et al. | Hidden path: Understanding the intermediary in malicious redirections | |
KR101388962B1 (en) | A method for quickly checking mass web sites | |
Takata et al. | MineSpider: Extracting hidden URLs behind evasive drive-by download attacks | |
CN112583856A (en) | Phishing website intercepting method | |
Lee et al. | IoT malware static and dynamic analysis system | |
CN111371917A (en) | Domain name detection method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20200626 |
|
WD01 | Invention patent application deemed withdrawn after publication |