CN113067820A - Method, device and equipment for early warning abnormal webpage and/or APP - Google Patents
Method, device and equipment for early warning abnormal webpage and/or APP Download PDFInfo
- Publication number
- CN113067820A CN113067820A CN202110296918.5A CN202110296918A CN113067820A CN 113067820 A CN113067820 A CN 113067820A CN 202110296918 A CN202110296918 A CN 202110296918A CN 113067820 A CN113067820 A CN 113067820A
- Authority
- CN
- China
- Prior art keywords
- fraud
- app
- data
- webpage
- early warning
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Abstract
The invention discloses a method, a device and equipment for early warning abnormal webpages and/or APPs, wherein the method comprises the following steps: obtaining a large amount of phishing case data, generating and storing fraud network characteristics corresponding to phishing according to the phishing case data; acquiring network characteristics of a webpage and/or an APP regularly; analyzing and comparing the network characteristics with prestored fraud network characteristics, and judging whether fraud risks exist in the webpage and/or the APP; and if the webpage and/or the APP are detected to have fraud risks, executing early warning operation. The embodiment of the invention can realize the collection of newly registered domain names, distributed APP and other resources from the Internet, and the characteristic comparison is carried out through the report information, the known fraud information and the like, so that potential high-risk sources are found in time, and related units are helped to monitor, early warn and block in time; through a large amount of data analysis, fraud sources can be effectively reduced, and the common people property is lost.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a method, a device and equipment for early warning abnormal webpages and/or APPs.
Background
In recent years, various phishing and highly-simulated websites and APPs are flooded on the network, and these illegal webpages and APPs usually carry out phishing activities by using well-designed false and virus software or webpages to serve as credible brands of financial platforms, tax platforms, social security platforms, internet banks, online shopping software, credit card companies and the like which are well known by the public, so as to steal the property information of the cheater, such as important information of credit card numbers, bank card accounts, identity card numbers, mobile phone bank verification codes and the like.
Due to the convenience of the network, under the driving of high profit, various normal or non-normal platforms do not carry out risk identification on illegal websites and APPs, and common people lack corresponding safety consciousness, so that criminal parties can be provided with opportunity. And official application stores and the like of various domestic mobile phone manufacturers may not perform security detection on related APP information, and also do not relate other wind control data, so that the situation that the related APP information is off shelf and shielded can be achieved only after a problem occurs.
Accordingly, the prior art is yet to be improved and developed.
Disclosure of Invention
In view of the defects of the prior art, the present invention aims to provide a method, an apparatus, and a device for early warning an abnormal webpage and/or APP, and aims to solve the technical problem that an illegal website and an illegal APP cannot be identified and early warned in the prior art.
The technical scheme of the invention is as follows:
a method for early warning abnormal web pages and/or APPs, the method comprising:
obtaining a large amount of phishing case data, generating and storing fraud network characteristics corresponding to phishing according to the phishing case data;
acquiring network characteristics of a webpage and/or an APP regularly;
analyzing and comparing the network characteristics with prestored fraud network characteristics, and judging whether fraud risks exist in the webpage and/or the APP;
and if the webpage and/or the APP are detected to have fraud risks, executing early warning operation.
Further, the acquiring a large amount of phishing case data, generating and storing fraud network characteristics corresponding to phishing according to the phishing case data, comprises:
acquiring a large amount of phishing case data, and extracting fraud keywords according to the phishing case data;
and training the fraud keywords according to a machine learning algorithm, generating and storing fraud network characteristics.
Further preferably, the acquiring of the large amount of phishing case data comprises:
and analyzing the open source information and the report information to obtain a large amount of phishing case data.
Further preferably, the acquiring a large amount of phishing case data comprises:
acquiring a large amount of fraud webpage data and/or a large amount of fraud APP data;
the fraud webpage data comprises registration data, distribution data, opening data, fraud process data and report data of the fraud webpage;
the fraud APP data includes development data, distribution data, installation data, fraud implementation process data, and reporting data of the fraud APP.
Preferably, the training the fraud keywords according to the machine learning algorithm, generating and storing fraud network characteristics, further comprises:
and identifying suspected fraud types, fraud risk levels and potential suspect characteristics according to the fraud network characteristics.
Further, if it is detected that the webpage and/or the APP has a fraud risk, performing an early warning operation, including:
and if the webpage and/or the APP are detected to have fraud risks, acquiring fraud risk levels, and executing corresponding early warning operation according to the fraud risk levels.
Further, the executing the corresponding early warning operation according to the fraud risk level includes:
and if the fraud risk level is the highest level, controlling to delete the corresponding APP or forbidding to access the corresponding webpage.
Another embodiment of the present invention provides an apparatus for performing an early warning on an abnormal webpage and/or APP, the apparatus including:
a fraud data acquisition module, configured to acquire a large amount of phishing case data, generate and store fraud network characteristics corresponding to phishing according to the phishing case data;
the network characteristic acquisition module is used for periodically acquiring network characteristics of the webpage and/or the APP;
the analysis and judgment module is used for analyzing and comparing the network characteristics with prestored fraud network characteristics and judging whether fraud risks exist in the webpage and/or the APP;
and the early warning module is used for executing early warning operation if the webpage and/or the APP are detected to have fraud risks.
Another embodiment of the present invention provides an apparatus for performing early warning on an abnormal webpage and/or APP, the apparatus including at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the above-described method of pre-warning for anomalous web pages and/or APPs.
Yet another embodiment of the present invention provides a non-transitory computer-readable storage medium storing computer-executable instructions that, when executed by one or more processors, cause the one or more processors to perform the above-mentioned method of pre-warning an abnormal web page and/or APP.
Has the advantages that: the embodiment of the invention can realize the collection of newly registered domain names, distributed APP and other resources from the Internet channel, and the characteristic comparison is carried out through the report information, the known fraud information and the like, so that potential high-risk sources are found in time, and related units are helped to monitor, early warn and block in time; in the future, by analyzing a large amount of data, fraud sources can be effectively reduced, and the properties of the general public are lost.
Drawings
The invention will be further described with reference to the accompanying drawings and examples, in which:
FIG. 1 is a flowchart illustrating a method for early warning an abnormal webpage and/or APP according to a preferred embodiment of the present invention;
FIG. 2 is a functional block diagram of an apparatus for early warning an abnormal webpage and/or APP according to an embodiment of the present invention;
fig. 3 is a schematic diagram of a hardware structure of an apparatus for early warning an abnormal web page and/or APP according to a preferred embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and effects of the present invention clearer and clearer, the present invention is described in further detail below. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Embodiments of the present invention will be described below with reference to the accompanying drawings.
Referring to fig. 1, fig. 1 is a flowchart illustrating a method for early warning an abnormal webpage and/or APP according to a preferred embodiment of the present invention. As shown in fig. 1, it includes the steps of:
s100, acquiring a large amount of phishing case data, generating and storing fraud network characteristics corresponding to phishing according to the phishing case data;
s200, regularly acquiring network characteristics of a webpage and/or an APP;
step S300, analyzing and comparing the network characteristics with the prestored fraud network characteristics, judging whether a fraud risk exists in the webpage and/or the APP, if so, executing step S400, otherwise, executing step S500;
s400, executing early warning operation;
and step S500, starting the webpage and/or APP according to the user instruction.
In specific implementation, the embodiment of the invention processes and analyzes the existing phishing case data to obtain the corresponding phishing network characteristics. Monitoring the webpage and the APP regularly to obtain the network characteristics of the webpage and/or the APP; the webpage is a newly registered new domain name, the APP is a newly online APP on an open APP distribution platform, the network characteristics and the prestored fraud network characteristics are analyzed and compared, if the crossed network characteristics exist, the current webpage or the APP is judged to be abnormal, a certain fraud risk exists, and early warning operation is executed. If the crossed network characteristics do not exist, judging that the current webpage and/or APP are not abnormal, and normally starting the webpage and/or APP according to the user instruction.
In some other embodiments, corresponding APPs may be periodically collected for a public APP distribution platform, and local fingerprint features such as package names, certificates, domain names, server IPs are extracted in a manual analysis and automatic analysis manner to determine whether the APPs are at risk.
And the back end regularly monitors the new domain names registered on the Internet, synchronously introduces a third party OSINT, and screens and stores the domain names according to different risk levels.
The technical scheme aims to collect newly registered domain names, distributed APP and other resources from an internet channel, compare characteristics through report information, known fraud information and the like, discover potential high-risk sources in time, and help related units to monitor, early warn and block in time. In the future, by analyzing a large amount of data, fraud sources can be effectively reduced, and the properties of the general public are lost.
Further, acquiring a large amount of phishing case data, generating and storing fraud network characteristics corresponding to phishing according to the phishing case data, comprising:
acquiring a large amount of phishing case data, and extracting fraud keywords according to the phishing case data;
and training the fraud keywords according to a machine learning algorithm, generating and storing fraud network characteristics.
During specific implementation, a large amount of phishing case data are obtained, phishing keywords are extracted according to the phishing case data, massive APP and Url are processed and analyzed through machine learning algorithms such as a neural network algorithm and a manual detection mode, correlation attributes of the APP and Url are analyzed to be marked, and cross comparison correlation is conducted through OSINT (open source information) and report information.
Due to the fact that illegal APP and Url need to have data interaction, corresponding backgrounds are determined. The analysis and processing of the associated information of the APP and Url can solve most of APP 'shell changing' (icon changing, pkg package name changing and the like) behaviors and improve the current situation only aiming at the APP and Url. Furthermore, reliability of analysis can be confirmed by associating open source information, case information and the like, so that accurate early warning or off-shelf operation is achieved.
Further, acquiring a large amount of phishing case data includes:
and analyzing the open source information and the report information to obtain a large amount of phishing case data.
In specific implementation, a third party OSINT is introduced, resources such as dai lychanges, Zoomeye, Censys and shodan are collected to be used as sources of open source information, and meanwhile, a large amount of phishing case data are obtained through case report information generated by case report of a victim.
Further, acquiring a large amount of phishing case data includes:
acquiring a large amount of fraud webpage data and/or a large amount of fraud APP data;
the fraud webpage data comprises registration data, distribution data, opening data, fraud process data and report data of the fraud webpage;
the fraud APP data includes development data, distribution data, installation data, fraud implementation process data, and reporting data of the fraud APP.
In specific implementation, the webpage is recorded as URL, and when a suspect uses suspicious APP or Url to cheat, there are several main links of development/registration, distribution, owner installation/opening, fraud implementation and final case reporting, and each link is monitored. The suspicious APP comprises development data, distribution data, installation data, fraud implementation process data and report data of the APP. The method for collecting fraud APP data comprises the following steps: and classifying, collecting, warehousing and summarizing the APP and Url related to the case reporting information. According to the method, each link is monitored, multiple risk levels with different dimensions are utilized for correlation analysis, and suspected high-risk and suspicious APP and Url are screened out.
Suspect Url includes Url's registration data, distribution data, opening data, fraud procedure data, and reporting data.
Further, training the fraud keywords according to a machine learning algorithm, generating and storing fraud network characteristics, further comprising:
and identifying suspected fraud types, fraud risk levels and potential suspect characteristics according to the fraud network characteristics.
In specific implementation, code analysis is carried out on APP collected by the internet, whether high similarity exists between certain code segments and known suspicious APP is judged, validity and availability detection is carried out according to associated fraud network characteristics, and then characteristic comparison is carried out on the fraud network characteristics and common or case-involved APPs and Url;
after all information is sorted and displayed by the server, suspected fraud types, risk levels, potential suspect characteristics and the like can be distinguished more efficiently, and relevant units can effectively block and hit key objects according to self conditions and technical means.
Further, if it is detected that the webpage and/or the APP has a fraud risk, performing an early warning operation, including:
and if the webpage and/or the APP are detected to have fraud risks, acquiring fraud risk levels, and executing corresponding early warning operation according to the fraud risk levels.
In specific implementation, if the fraud risk of the webpage and/or the APP is detected, the fraud risk level is obtained. For example, some OSINTs have specialized tags such as: fishing, fraud, black grey production, etc. The 'fishing', 'fraud' and the like which are obviously illegal domain names are listed as high-risk; the domain names of 'black grey products', 'suspected to be invaded' and the like are listed as medium dangers; the "suspect" domain name is listed as low risk. Corresponding early warning operation can be executed according to different risk levels.
Further, executing corresponding early warning operation according to the fraud risk level, including:
and if the fraud risk level is the highest level, controlling to delete the corresponding APP or forbidding to access the corresponding webpage.
In specific implementation, taking fraud risk as an example of high risk, if the fraud risk corresponds to the APP, the corresponding APP is controlled to be deleted, and if the webpage has high risk, the corresponding webpage is closed, and access is prohibited.
It should be noted that, a certain order does not necessarily exist between the above steps, and those skilled in the art can understand, according to the description of the embodiments of the present invention, that in different embodiments, the above steps may have different execution orders, that is, may be executed in parallel, may also be executed interchangeably, and the like.
Another embodiment of the present invention provides an apparatus for performing an early warning on an abnormal web page and/or APP, as shown in fig. 2, the apparatus 1 includes:
a fraud data obtaining module 11, configured to obtain a large amount of phishing case data, generate fraud network characteristics corresponding to phishing according to the phishing case data, and store the fraud network characteristics;
a network feature obtaining module 12, configured to periodically obtain network features of a webpage and/or an APP;
the analyzing and judging module 13 is configured to analyze and compare the network characteristics with the fraud network characteristics stored in advance, and judge whether a fraud risk exists in the webpage and/or the APP;
and the early warning module 14 is configured to perform an early warning operation if a fraud risk of the webpage and/or the APP is detected.
The specific implementation is shown in the method embodiment, and is not described herein again.
Another embodiment of the present invention provides an apparatus for performing an early warning on an abnormal web page and/or APP, as shown in fig. 3, the apparatus 10 includes:
one or more processors 110 and a memory 120, where one processor 110 is illustrated in fig. 3, the processor 110 and the memory 120 may be connected by a bus or other means, and the connection by the bus is illustrated in fig. 3.
The memory 120 is used as a non-volatile computer-readable storage medium, and may be used to store a non-volatile software program, a non-volatile computer-executable program, and a module, such as program instructions corresponding to the method for performing an early warning on an abnormal webpage and/or APP in the embodiment of the present invention. The processor 110 executes various functional applications and data processing of the device 10 by executing the nonvolatile software program, instructions and units stored in the memory 120, that is, implements the method for performing early warning on abnormal web pages and/or APPs in the above method embodiments.
The memory 120 may include a storage program area and a storage data area, wherein the storage program area may store an application program required for operating the device, at least one function; the storage data area may store data created according to the use of the device 10, and the like. Further, the memory 120 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some embodiments, memory 120 optionally includes memory located remotely from processor 110, which may be connected to device 10 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
One or more units are stored in the memory 120, and when executed by the one or more processors 110, perform the method for warning abnormal webpages and/or APPs in any of the above-described method embodiments, for example, perform the above-described method steps S100 to S500 in fig. 1.
Embodiments of the present invention provide a non-transitory computer-readable storage medium storing computer-executable instructions for execution by one or more processors, for example, to perform method steps S100-S500 of fig. 1 described above.
By way of example, non-volatile storage media can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), electrically erasable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM), which acts as external cache memory. By way of illustration and not limitation, RAM is available in many forms such as Synchronous RAM (SRAM), dynamic RAM, (DRAM), Synchronous DRAM (SDRAM), double data rate SDRAM (DDR SDRAM), Enhanced SDRAM (ESDRAM), Synchl ink DRAM (SLDRAM), and Direct Rambus RAM (DRRAM). The disclosed memory components or memory of the operating environment described herein are intended to comprise one or more of these and/or any other suitable types of memory.
Another embodiment of the present invention provides a computer program product comprising a computer program stored on a non-volatile computer-readable storage medium, the computer program comprising program instructions which, when executed by a processor, cause the processor to perform the method of pre-warning an abnormal web page and/or APP of the above method embodiment. For example, the method steps S100 to S500 in fig. 1 described above are performed.
The above-described embodiments are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the embodiment.
Through the above description of the embodiments, those skilled in the art will clearly understand that the embodiments may be implemented by software plus a general hardware platform, and may also be implemented by hardware. Based on such understanding, the above technical solutions essentially or contributing to the related art can be embodied in the form of a software product, which can be stored in a computer-readable storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and includes several instructions for enabling a computer device (which can be a personal computer, a server, or a network device, etc.) to execute the methods of the various embodiments or some parts of the embodiments.
Conditional language such as "can," "might," or "may" is generally intended to convey that a particular embodiment can include (yet other embodiments do not include) particular features, elements, and/or operations, among others, unless specifically stated otherwise or otherwise understood within the context as used. Thus, such conditional language is also generally intended to imply that features, elements, and/or operations are in any way required for one or more embodiments or that one or more embodiments must include logic for deciding, with or without input or prompting, whether such features, elements, and/or operations are included or are to be performed in any particular embodiment.
What has been described herein in the specification and drawings includes examples of methods and apparatus capable of providing early warning of anomalous web pages and/or APPs. It will, of course, not be possible to describe every conceivable combination of components and/or methodologies for purposes of describing the various features of the disclosure, but it can be appreciated that many further combinations and permutations of the disclosed features are possible. It is therefore evident that various modifications can be made to the disclosure without departing from the scope or spirit thereof. In addition, or in the alternative, other embodiments of the disclosure may be apparent from consideration of the specification and drawings and from practice of the disclosure as presented herein. It is intended that the examples set forth in this specification and the drawings be considered in all respects as illustrative and not restrictive. Although specific terms are employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.
Claims (10)
1. A method for early warning abnormal web pages and/or APPs is characterized by comprising the following steps:
obtaining a large amount of phishing case data, generating and storing fraud network characteristics corresponding to phishing according to the phishing case data;
acquiring network characteristics of a webpage and/or an APP regularly;
analyzing and comparing the network characteristics with prestored fraud network characteristics, and judging whether fraud risks exist in the webpage and/or the APP;
and if the webpage and/or the APP are detected to have fraud risks, executing early warning operation.
2. The method for early warning of abnormal webpages and/or APP according to claim 1, wherein said acquiring a large amount of phishing case data, generating phishing corresponding fraud networking features according to phishing case data and storing, comprises:
acquiring a large amount of phishing case data, and extracting fraud keywords according to the phishing case data;
and training the fraud keywords according to a machine learning algorithm, generating and storing fraud network characteristics.
3. The method for warning abnormal webpages and/or APPs according to claim 2, wherein said acquiring a large amount of phishing case data comprises:
and analyzing the open source information and the report information to obtain a large amount of phishing case data.
4. The method for warning abnormal webpages and/or APP according to claim 3, wherein said obtaining a large amount of phishing case data comprises:
acquiring a large amount of fraud webpage data and/or a large amount of fraud APP data;
the fraud webpage data comprises registration data, distribution data, opening data, fraud process data and report data of the fraud webpage;
the fraud APP data includes development data, distribution data, installation data, fraud implementation process data, and reporting data of the fraud APP.
5. The method for early warning of abnormal webpages and/or APPs according to claim 4, wherein said training of fraud keywords according to a machine learning algorithm, generating and storing fraud network characteristics further comprises:
and identifying suspected fraud types, fraud risk levels and potential suspect characteristics according to the fraud network characteristics.
6. The method for early warning abnormal webpages and/or APPs according to claim 5, wherein if the webpage and/or APP with fraud risk is detected, the early warning operation is performed, comprising:
and if the webpage and/or the APP are detected to have fraud risks, acquiring fraud risk levels, and executing corresponding early warning operation according to the fraud risk levels.
7. The method for early warning of abnormal webpages and/or APPs according to claim 6, wherein the performing of corresponding early warning operations according to fraud risk levels comprises:
and if the fraud risk level is the highest level, controlling to delete the corresponding APP or forbidding to access the corresponding webpage.
8. An apparatus for early warning of abnormal web pages and/or APPs, the apparatus comprising:
a fraud data acquisition module, configured to acquire a large amount of phishing case data, generate and store fraud network characteristics corresponding to phishing according to the phishing case data;
the network characteristic acquisition module is used for periodically acquiring network characteristics of the webpage and/or the APP;
the analysis and judgment module is used for analyzing and comparing the network characteristics with prestored fraud network characteristics and judging whether fraud risks exist in the webpage and/or the APP;
and the early warning module is used for executing early warning operation if the webpage and/or the APP are detected to have fraud risks.
9. An apparatus for early warning of abnormal web pages and/or APPs, the apparatus comprising at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of pre-warning of anomalous web pages and/or APPs of any of claims 1-7.
10. A non-transitory computer-readable storage medium storing computer-executable instructions that, when executed by one or more processors, cause the one or more processors to perform the method of pre-warning against abnormal web pages and/or APPs of any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110296918.5A CN113067820A (en) | 2021-03-19 | 2021-03-19 | Method, device and equipment for early warning abnormal webpage and/or APP |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110296918.5A CN113067820A (en) | 2021-03-19 | 2021-03-19 | Method, device and equipment for early warning abnormal webpage and/or APP |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113067820A true CN113067820A (en) | 2021-07-02 |
Family
ID=76562451
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110296918.5A Pending CN113067820A (en) | 2021-03-19 | 2021-03-19 | Method, device and equipment for early warning abnormal webpage and/or APP |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113067820A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113890866A (en) * | 2021-09-26 | 2022-01-04 | 恒安嘉新(北京)科技股份公司 | Illegal application software identification method, device, medium and electronic equipment |
| CN113923011A (en) * | 2021-09-30 | 2022-01-11 | 北京恒安嘉新安全技术有限公司 | Phishing early warning method and device, computer equipment and storage medium |
| CN113918949A (en) * | 2021-12-13 | 2022-01-11 | 北京赋乐科技有限公司 | Recognition method of fraud APP based on multi-mode fusion |
| CN114020985A (en) * | 2021-11-10 | 2022-02-08 | 深圳安巽科技有限公司 | Fraud countercheck interception method, system and storage medium |
| CN113779481B (en) * | 2021-09-26 | 2024-04-09 | 恒安嘉新(北京)科技股份公司 | Method, device, equipment and storage medium for identifying fraud websites |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105338001A (en) * | 2015-12-04 | 2016-02-17 | 北京奇虎科技有限公司 | Method and device for recognizing phishing website |
| CN106453061A (en) * | 2016-11-22 | 2017-02-22 | 北京锐安科技有限公司 | Method and system for recognizing internet fraud behavior |
| CN107122987A (en) * | 2017-06-20 | 2017-09-01 | 深圳安巽科技有限公司 | A kind of early warning system and method for order for arrest swindle |
| CN107342987A (en) * | 2017-06-20 | 2017-11-10 | 深圳安巽科技有限公司 | A kind of anti-telecommunication fraud system of network |
| CN108449319A (en) * | 2018-02-09 | 2018-08-24 | 秦玉海 | A kind of method and device of identification swindle website and the evidence obtaining of long-range wooden horse |
| CN111222131A (en) * | 2020-01-07 | 2020-06-02 | 上海欣方智能系统有限公司 | Internet fraud APK (android Package) identification method |
-
2021
- 2021-03-19 CN CN202110296918.5A patent/CN113067820A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105338001A (en) * | 2015-12-04 | 2016-02-17 | 北京奇虎科技有限公司 | Method and device for recognizing phishing website |
| CN106453061A (en) * | 2016-11-22 | 2017-02-22 | 北京锐安科技有限公司 | Method and system for recognizing internet fraud behavior |
| CN107122987A (en) * | 2017-06-20 | 2017-09-01 | 深圳安巽科技有限公司 | A kind of early warning system and method for order for arrest swindle |
| CN107342987A (en) * | 2017-06-20 | 2017-11-10 | 深圳安巽科技有限公司 | A kind of anti-telecommunication fraud system of network |
| CN108449319A (en) * | 2018-02-09 | 2018-08-24 | 秦玉海 | A kind of method and device of identification swindle website and the evidence obtaining of long-range wooden horse |
| CN111222131A (en) * | 2020-01-07 | 2020-06-02 | 上海欣方智能系统有限公司 | Internet fraud APK (android Package) identification method |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113890866A (en) * | 2021-09-26 | 2022-01-04 | 恒安嘉新(北京)科技股份公司 | Illegal application software identification method, device, medium and electronic equipment |
| CN113890866B (en) * | 2021-09-26 | 2024-03-12 | 恒安嘉新(北京)科技股份公司 | Illegal application software identification method, device, medium and electronic equipment |
| CN113779481B (en) * | 2021-09-26 | 2024-04-09 | 恒安嘉新(北京)科技股份公司 | Method, device, equipment and storage medium for identifying fraud websites |
| CN113923011A (en) * | 2021-09-30 | 2022-01-11 | 北京恒安嘉新安全技术有限公司 | Phishing early warning method and device, computer equipment and storage medium |
| CN113923011B (en) * | 2021-09-30 | 2023-10-17 | 北京恒安嘉新安全技术有限公司 | Phishing early warning method, device, computer equipment and storage medium |
| CN114020985A (en) * | 2021-11-10 | 2022-02-08 | 深圳安巽科技有限公司 | Fraud countercheck interception method, system and storage medium |
| CN114020985B (en) * | 2021-11-10 | 2022-10-14 | 深圳安巽科技有限公司 | Fraud countercheck interception method, system and storage medium |
| CN113918949A (en) * | 2021-12-13 | 2022-01-11 | 北京赋乐科技有限公司 | Recognition method of fraud APP based on multi-mode fusion |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113067820A (en) | Method, device and equipment for early warning abnormal webpage and/or APP | |
| CN107391569B (en) | Data type identification, model training and risk identification method, device and equipment | |
| CN109858737B (en) | Grading model adjustment method and device based on model deployment and computer equipment | |
| CN110493181B (en) | User behavior detection method and device, computer equipment and storage medium | |
| CN110489415B (en) | Data updating method and related equipment | |
| US20120324582A1 (en) | Service system that diagnoses the vulnerability of a web service in real time mode and provides the result information thereof | |
| CN105516113A (en) | System and method for automated phishing detection rule evolution | |
| EP3373626A1 (en) | Method and device for use in risk management of application information | |
| CN107888571A (en) | A kind of various dimensions webshell intrusion detection methods and detecting system based on HTTP daily records | |
| CN102932348A (en) | Real-time detection method and system of phishing website | |
| CN107016298B (en) | Webpage tampering monitoring method and device | |
| CN112685774B (en) | Payment data processing method based on big data and block chain finance and cloud server | |
| CN110162958B (en) | Method, apparatus and recording medium for calculating comprehensive credit score of device | |
| CN105303442A (en) | Online bank account number detection method and apparatus | |
| CN110598397A (en) | Deep learning-based Unix system user malicious operation detection method | |
| CN115688107B (en) | Fraud-related APP detection system and method | |
| US11436322B2 (en) | Vehicle unauthorized access countermeasure taking apparatus and vehicle unauthorized access countermeasure taking method | |
| KR102143510B1 (en) | Risk management system for information cecurity | |
| CN115238275B (en) | Lesu software detection method and system based on security situation awareness | |
| CN113225343B (en) | Risk website identification method and system based on identity characteristic information | |
| CN115455386A (en) | Operation behavior identification method and device | |
| Njoku et al. | URL Based Phishing Website Detection Using Machine Learning. | |
| Shah et al. | Chrome Extension for Detecting Phishing Websites | |
| CN115859292B (en) | Fraud-related APP detection system, fraud-related APP judgment method and storage medium | |
| CN117436820B (en) | Control method and system based on artificial intelligence |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210702 |
|
| RJ01 | Rejection of invention patent application after publication |