CN113923193B - Network domain name association method and device, storage medium and electronic equipment - Google Patents

Network domain name association method and device, storage medium and electronic equipment Download PDF

Info

Publication number
CN113923193B
CN113923193B CN202111254047.7A CN202111254047A CN113923193B CN 113923193 B CN113923193 B CN 113923193B CN 202111254047 A CN202111254047 A CN 202111254047A CN 113923193 B CN113923193 B CN 113923193B
Authority
CN
China
Prior art keywords
network
domain name
anonymous
webpage
matching
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111254047.7A
Other languages
Chinese (zh)
Other versions
CN113923193A (en
Inventor
陈凯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Knownsec Information Technology Co Ltd
Original Assignee
Beijing Knownsec Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Knownsec Information Technology Co Ltd filed Critical Beijing Knownsec Information Technology Co Ltd
Priority to CN202111254047.7A priority Critical patent/CN113923193B/en
Publication of CN113923193A publication Critical patent/CN113923193A/en
Application granted granted Critical
Publication of CN113923193B publication Critical patent/CN113923193B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application provides a network domain name association method, a device, a storage medium and electronic equipment, wherein anonymous network characteristic information is used as input of a network space radar system to obtain suspected matched clear network domain names; the anonymous network characteristic information is characteristic information in an anonymous network webpage corresponding to the anonymous network domain name; and determining the open net matching domain name of the anonymous network domain name according to the anonymous network webpage and the open net webpage suspected to be matched with the open net domain name. After the suspected matching open net domain name is obtained, matching or screening is further carried out through the content in the anonymous network webpage and the open net webpage of the suspected matching open net domain name, so that non-matching domain names in the suspected matching open net domain name are screened out, the open net matching domain name of the anonymous network domain name is further determined, and accuracy of determining the open net matching domain name of the anonymous network domain name is guaranteed. The tracking and positioning of the anonymous network are enhanced by the explicit network matching domain name, and more information contained in the anonymous network domain name is acquired.

Description

Network domain name association method and device, storage medium and electronic equipment
Technical Field
The present application relates to the field of internet, and in particular, to a network domain name association method, a device, a storage medium, and an electronic apparatus.
Background
Anonymous networks (Dark Web) exist in Dark networks, overlay networks, and require special software, special authorization, or special settings on a computer to access. The anonymous network is especially an anonymous network mainly comprising an onion network (The Second Generation Onion Router, TOR for short), and has the greatest characteristic that data transmission is generally anonymous, so that the anonymity of users and website servers can be fully ensured. Because the anonymous network needs to be accessed through a specific technology or communication protocol, corresponding to the content of the public network, and the encrypted currency enables anonymous transfer, serious threats are caused to aspects of information security, property security and the like aiming at illegal transactions in the anonymous network market, a network domain name association method or system is needed for enhancing tracking and positioning of the TOR anonymous network and acquiring more information contained in the anonymous network domain name.
Disclosure of Invention
The application aims to provide a network domain name association method, a network domain name association device, a storage medium and electronic equipment, so as to at least partially solve the problems.
In order to achieve the above object, the technical scheme adopted by the embodiment of the application is as follows:
in a first aspect, an embodiment of the present application provides a network domain name association method, where the method includes:
taking the anonymous network characteristic information as the input of a network space radar system to obtain a suspected matched clear network domain name;
the anonymous network characteristic information is characteristic information in an anonymous network webpage corresponding to the anonymous network domain name;
and determining the open net matching domain name of the anonymous network domain name according to the anonymous network webpage and the open net webpage suspected to be matched with the open net domain name.
In a second aspect, an embodiment of the present application provides a network domain name association apparatus, where the apparatus includes:
the preprocessing unit is used for taking the anonymous network characteristic information as the input of the network space radar system so as to obtain a suspected matched clear network domain name;
the anonymous network characteristic information is characteristic information in an anonymous network webpage corresponding to the anonymous network domain name;
and the matching unit is used for determining the open net matching domain name of the anonymous network domain name according to the anonymous network webpage and the open net webpage suspected to be matched with the open net domain name.
In a third aspect, an embodiment of the present application provides a storage medium having stored thereon a computer program which, when executed by a processor, implements the method described above.
In a fourth aspect, an embodiment of the present application provides an electronic device, including: a processor and a memory for storing one or more programs; the above-described method is implemented when the one or more programs are executed by the processor.
Compared with the prior art, the network domain name association method, the device, the storage medium and the electronic equipment provided by the embodiment of the application take anonymous network characteristic information as the input of the network space radar system to obtain suspected matched clear network domain names; the anonymous network characteristic information is characteristic information in an anonymous network webpage corresponding to the anonymous network domain name; and determining the open net matching domain name of the anonymous network domain name according to the anonymous network webpage and the open net webpage suspected to be matched with the open net domain name. After the suspected matching open net domain name is obtained, matching or screening is further carried out through the content in the anonymous network webpage and the open net webpage of the suspected matching open net domain name, so that non-matching domain names in the suspected matching open net domain name are screened out, the open net matching domain name of the anonymous network domain name is further determined, and accuracy of determining the open net matching domain name of the anonymous network domain name is guaranteed. After the association of the anonymous network domain name and the open network matching domain name is completed, the tracking and positioning of the anonymous network are enhanced through the open network matching domain name, and more information contained in the anonymous network domain name is acquired.
In order to make the above objects, features and advantages of the present application more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic structural diagram of an electronic device according to an embodiment of the present application;
fig. 2 is a flow chart of a network domain name association method according to an embodiment of the present application;
FIG. 3 is a schematic diagram of the substeps of S104 according to the embodiment of the application;
FIG. 4 is a schematic diagram of one of the substeps of S104 according to the embodiment of the application;
fig. 5 is a schematic flow chart of a network domain name association method according to an embodiment of the present application;
fig. 6 is a schematic diagram of a unit of a network domain name association device according to an embodiment of the present application.
In the figure: 10-a processor; 11-memory; 12-bus; 13-a communication interface; 201-a preprocessing unit; 202-matching unit.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments of the present application. The components of the embodiments of the present application generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the application, as presented in the figures, is not intended to limit the scope of the application, as claimed, but is merely representative of selected embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only to distinguish the description, and are not to be construed as indicating or implying relative importance.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In the description of the present application, it should be noted that, directions or positional relationships indicated by terms such as "upper", "lower", "inner", "outer", etc., are directions or positional relationships based on those shown in the drawings, or those conventionally put in use in the application, are merely for convenience of description and simplification of the description, and do not indicate or imply that the apparatus or elements referred to must have a specific orientation, be constructed and operated in a specific orientation, and thus should not be construed as limiting the present application.
In the description of the present application, it should also be noted that, unless explicitly specified and limited otherwise, the terms "disposed", "connected" and "connected" are to be construed broadly, and may be, for example, fixedly connected, detachably connected or integrally connected; can be mechanically or electrically connected; can be directly connected or indirectly connected through an intermediate medium, and can be communication between two elements. The specific meaning of the above terms in the present application will be understood in specific cases by those of ordinary skill in the art.
Some embodiments of the present application are described in detail below with reference to the accompanying drawings. The following embodiments and features of the embodiments may be combined with each other without conflict.
The embodiment of the application provides electronic equipment which can be server equipment or computer equipment. Referring to fig. 1, a schematic structure of an electronic device is shown. The electronic device comprises a processor 10, a memory 11, a bus 12. The processor 10 and the memory 11 are connected by a bus 12, the processor 10 being adapted to execute executable modules, such as computer programs, stored in the memory 11.
The processor 10 may be an integrated circuit chip with signal processing capabilities. In implementation, the steps of the network domain name association method may be performed by integrated logic circuitry of hardware or instructions in software form in the processor 10. The processor 10 may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU for short), a network processor (Network Processor, NP for short), etc.; but also digital signal processors (Digital Signal Processor, DSP for short), application specific integrated circuits (Application Specific Integrated Circuit, ASIC for short), field-programmable gate arrays (Field-Programmable Gate Array, FPGA for short) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components.
The memory 11 may comprise a high-speed random access memory (RAM: random Access Memory) and may also comprise a non-volatile memory (non-volatile memory), such as at least one disk memory.
Bus 12 may be a ISA (Industry Standard Architecture) bus, PCI (Peripheral Component Interconnect) bus, EISA (Extended Industry Standard Architecture) bus, or the like. Only one double-headed arrow is shown in fig. 1, but not only one bus 12 or one type of bus 12.
The memory 11 is used for storing programs, such as programs corresponding to the network domain name associating means. The network domain name association means comprise at least one software function module which may be stored in the memory 11 in the form of software or firmware (firmware) or cured in the Operating System (OS) of the electronic device. The processor 10, upon receiving the execution instruction, executes the program to implement the network domain name association method.
Possibly, the electronic device provided by the embodiment of the application further comprises a communication interface 13. The communication interface 13 is connected to the processor 10 via a bus. The electronic device may communicate with other terminals, such as other servers, via the communication interface 13.
It should be understood that the structure shown in fig. 1 is a schematic structural diagram of only a portion of an electronic device, which may also include more or fewer components than shown in fig. 1, or have a different configuration than shown in fig. 1. The components shown in fig. 1 may be implemented in hardware, software, or a combination thereof.
The network domain name association method provided by the embodiment of the application can be applied to the electronic device shown in fig. 1, and is particularly applicable to the flow, please refer to fig. 2, and the network domain name association method includes: s103 and S104.
S103, using the anonymous network characteristic information as the input of the network space radar system to obtain suspected matched bright network domain names.
The anonymous network characteristic information is characteristic information in an anonymous network webpage corresponding to the anonymous network domain name.
Alternatively, the anonymous network may be a dark network. Darknet (Dark Web) is Web content that exists on a darknet, overlay network, and is accessible only by special software, special authorization, or special settings for a computer. In contrast, the Surface Web (Surface Web) refers to a network that can be retrieved by a general search engine, accounting for about 4% of the entire internet, such as hundred degrees, google, microblogging, and the like.
The network space radar system, called ZoomEye for short, is an efficient privately-owned network space mapping system, can rapidly provide comprehensive network space asset detection and accurate vulnerability mapping, and performs visual display and centralized output on data, thereby providing decision basis and data support for clients to perform network space asset safety supervision and management and establish an active defense attack system. The cyber-space radar system provides fast and accurate concurrent cyber-space asset discovery based on the exclusive mapping engine of zoomeye.
Optionally, the number of suspected matching bright net domain names is N, where N is a positive integer greater than or equal to 0.
S104, determining the open net matching domain name of the anonymous network domain name according to the anonymous network webpage and the open net webpage suspected to be matched with the open net domain name.
Optionally, TOR (The Second Generation Onion Router) is also called Onion network, which is software for anonymous communication, the name is derived from The acronym of The original software project name "The on Router", the Tor network is composed of more than seven thousand relay nodes, each relay node is provided by global volunteers for free, and The purpose of hiding The real address of The user and avoiding network monitoring and flow analysis is achieved through The relay of The relay nodes layer by layer. The anonymous network domain name may be a TOR domain name.
Optionally, after the suspected matching open network domain name is obtained, matching or screening is further performed through the anonymous network webpage and contents in the open network webpage of the suspected matching open network domain name, so that non-matching domain names in the suspected matching open network domain name are screened out, the open network matching domain name of the anonymous network domain name is further determined, and accuracy of determining the open network matching domain name of the anonymous network domain name is guaranteed. After the association of the anonymous network domain name and the open network matching domain name is completed, the tracking and positioning of the anonymous network are enhanced through the open network matching domain name, and more information contained in the anonymous network domain name is acquired.
In summary, the embodiment of the application provides a network domain name association method, which uses anonymous network feature information as input of a network space radar system to obtain suspected matched clear network domain names; the anonymous network characteristic information is characteristic information in an anonymous network webpage corresponding to the anonymous network domain name; and determining the open net matching domain name of the anonymous network domain name according to the anonymous network webpage and the open net webpage suspected to be matched with the open net domain name. After the suspected matching open net domain name is obtained, matching or screening is further carried out through the content in the anonymous network webpage and the open net webpage of the suspected matching open net domain name, so that non-matching domain names in the suspected matching open net domain name are screened out, the open net matching domain name of the anonymous network domain name is further determined, and accuracy of determining the open net matching domain name of the anonymous network domain name is guaranteed. After the association of the anonymous network domain name and the open network matching domain name is completed, the tracking and positioning of the anonymous network are enhanced through the open network matching domain name, and more information contained in the anonymous network domain name is acquired.
On the basis of fig. 2, for the content in S104, the embodiment of the present application further provides a possible implementation manner, please refer to fig. 3, S104 includes: s104-1, S104-2, S104-5 to S104-7.
S104-1, judging whether the title of the anonymous network webpage is the same as the title of the Ming network webpage. If yes, executing S104-2; if not, S104-7 is performed.
If the title of the anonymous web page is different from the title of the open web page, the two are not matched, and the suspected matching open web domain name corresponding to the open web page cannot be determined as the open web matching domain name of the anonymous web domain name, at this time, S104-7 is executed, and skipping is performed. Otherwise, if the title of the anonymous web page is the same as the title of the Ming' S web page, it is indicated that the two may match, and further verification is required, i.e., S104-2 is performed.
S104-2, judging whether the site icon of the anonymous network webpage is the same as the site icon of the Ming network webpage. If yes, executing S104-5; if not, S104-7 is performed.
If the site icon of the anonymous network webpage is different from the site icon of the open network webpage, the two are not matched, and the suspected matched open network domain name corresponding to the open network webpage cannot be determined to be the open network matched domain name of the anonymous network domain name, and at this time, S104-7 is executed, and skipping is performed. Otherwise, if the site icon of the anonymous web page is the same as the site icon of the Ming Net web page, it is indicated that the two are possibly matched, and further verification is required, that is, S104-5 is performed.
S104-5, judging whether the response content similarity of the anonymous network webpage and the Ming network webpage is larger than a matching threshold value. If yes, executing S104-6; if not, S104-7 is performed.
If the similarity of the response contents of the anonymous network webpage and the open network webpage is smaller than or equal to the matching threshold value, the two are not matched, the suspected matching open network domain name corresponding to the open network webpage cannot be determined to be the open network matching domain name of the anonymous network domain name, and at the moment, S104-7 is executed, and skipping is performed. Otherwise, if the similarity of the response contents of the anonymous web page and the Ming web page is greater than the matching threshold, the matching is performed, and S104-6 is executed.
Alternatively, the matching threshold may be preset by a worker.
S104-6, determining the suspected matched open network domain name corresponding to the open network webpage as the open network matched domain name of the anonymous network domain name.
S104-7, skipping.
It should be noted that the embodiment of the present application is not limited to the execution sequence of S104-1 and S104-2, and the sequence in fig. 3 is just one possible implementation, and alternatively, S104-1 and S104-2 may be executed synchronously, or S104-1 is executed after S104-2.
On the basis of fig. 3, regarding how to obtain the similarity of the response contents, the embodiment of the present application further provides a possible implementation manner, please refer to fig. 4, and S104 further includes S104-3 and S104-4.
S104-3, obtaining anonymous network keywords and explicit gateway keywords.
The anonymous network keywords are keywords in response contents of the anonymous network webpage, and the open network keywords are keywords in response contents of the open network webpage.
S104-4, obtaining the similarity of response contents according to the anonymous network keywords and the clear network keywords.
Optionally, using a difference calculation auxiliary tool Difflib (standard library module of python, which is used for comparing differences between texts and supports outputting HTML documents with relatively strong readability), anonymous network keywords and explicit gateway keywords are compared, so as to obtain response content similarity. It will be appreciated that the higher the value of the similarity of the response content, the higher the corresponding degree of matching.
On the basis of fig. 2, the embodiment of the present application further provides a possible implementation manner for how to obtain the anonymous network feature information, please refer to fig. 5, and the network domain name association method further includes S101 and S102.
S101, taking the anonymous network domain name as input of an anonymous network access browser to acquire a corresponding anonymous network webpage.
Alternatively, the anonymous web access Browser may be a Tor Browser, a Browser dedicated to accessing a dark web. The Torr Browser initiates the Torr process in the background and connects the network through it. Once the program is disconnected, the Torr Browser automatically deletes privacy sensitive data, such as cookies and browsing history.
Optionally, after the anonymous network domain name is used as an input of the anonymous network access browser, the electronic device requests data from a corresponding server and receives an anonymous network webpage fed back by the corresponding server.
S102, extracting feature information in the anonymous network webpage as anonymous network feature information.
Optionally, the anonymous network characteristic information of the anonymous network webpage is extracted in a regular matching or XPath grammar mode. The anonymous network characteristic information includes one or more of a title, a description, a site icon (favicon. Ico), a web page language, and a response text keyword.
The description may include the purpose of the web page and the operator of the web page; the site icons are icons corresponding to the web pages; icons corresponding to different websites are different, and webpages under the same website can have the same icon; the web page language is a type of natural language, such as chinese, japanese, or english.
Based on fig. 2, regarding how to save the matching relationship of the anonymous network domain name, the embodiment of the present application further provides a possible implementation, please continue to refer to fig. 5, and the network domain name association further includes S105.
And S105, storing the matching relation corresponding to the anonymous network domain name into a target database.
Wherein the matching relationship comprises an anonymous network domain name and all public network matching domain names.
Optionally, the target database is MySQ, which is a relational database management system. MySQL is one of the most popular relational database management systems, and in terms of WEB applications, mySQL is one of the best RDBMS (Relational Database Management System ) application software.
Optionally, a domain name data set is provided in the target database, and the domain name data set is stored in the MySQL database in units of anonymous network domain names (for example, tor domain names).
In one possible implementation, the matching relationship further includes web page information for each bright net matching domain name.
Optionally, obtaining the corresponding web page information in the open web through the zooeye high-level search grammar, and generating the structured JSON data according to the predefined rule by the web page information in the open web page, wherein the method comprises the following steps:
key with a key Description of the application
ip IP address
app Application name
version Application version
device Device type
port Port number
city City name
country Country name
service Service name
banner Response header and response body content
time Time of generation
JSON data is JavaScript Object Notation, JS object numbered musical notation, and is a lightweight data exchange format. Based on a subset of ECMAScript (js specification formulated by the european computer institute), data is stored and represented in a text format that is completely independent of the programming language. The compact and clear hierarchical structure makes JSON an ideal data exchange language. Is easy to read and write by people, is easy to analyze and generate by machines, and effectively improves the network transmission efficiency.
According to the embodiment of the application, the dark network domain name is taken as a target, and the bright network information with higher comprehensive correlation degree is acquired, retrieved, information association analysis and positioned, so that effective help is provided for tracing network security events, illegal selling of loopholes, privacy and other data in the dark network are hit, and the supervision of the dark network is enhanced.
In the present application, access to and utilization of the darknet is made with legal authorization.
Referring to fig. 6, fig. 6 is a schematic diagram illustrating an embodiment of a network domain name associating device according to the present application, and the network domain name associating device is optionally applied to the electronic device described above.
The network domain name associating means comprises a preprocessing unit 201 and a matching unit 202.
The preprocessing unit 201 is configured to take the anonymous network characteristic information as an input of the network space radar system, so as to obtain a suspected matching clear network domain name.
The anonymous network characteristic information is characteristic information in an anonymous network webpage corresponding to the anonymous network domain name.
The matching unit 202 is configured to determine an open net matching domain name of the anonymous network domain name according to the anonymous network webpage and the open net webpage suspected of matching the open net domain name.
In one possible implementation manner, the matching unit 202 is further configured to determine whether the similarity of the response contents of the anonymous network webpage and the Ming Net webpage is greater than a matching threshold when the title of the anonymous network webpage is the same as the title of the Ming Net webpage and the site icon of the anonymous network webpage is the same as the site icon of the Ming Net webpage; if so, the suspected matched open network domain name corresponding to the open network webpage is determined to be the open network matched domain name of the anonymous network domain name.
Alternatively, the preprocessing unit may perform S101 to S103 and S105 described above, and the matching unit 202 may perform S104 described above.
It should be noted that, the network domain name association device provided in this embodiment may execute the method flow shown in the method flow embodiment to achieve the corresponding technical effects. For a brief description, reference is made to the corresponding parts of the above embodiments, where this embodiment is not mentioned.
The embodiment of the application also provides a storage medium, which stores computer instructions and programs, and the computer instructions and the programs execute the network domain name association method of the embodiment when being read and executed. The storage medium may include memory, flash memory, registers, combinations thereof, or the like.
The following provides an electronic device, which may be a server device or a computer device, as shown in fig. 1, and may implement the network domain name association method described above; specifically, the electronic device includes: a processor 10, a memory 11, a bus 12. The processor 10 may be a CPU. The memory 11 is configured to store one or more programs that, when executed by the processor 10, perform the network domain name association method of the above-described embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. The apparatus embodiments described above are merely illustrative, for example, of the flowcharts and block diagrams in the figures that illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form a single part, or each module may exist alone, or two or more modules may be integrated to form a single part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The above description is only of the preferred embodiments of the present application and is not intended to limit the present application, but various modifications and variations can be made to the present application by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the protection scope of the present application.
It will be evident to those skilled in the art that the application is not limited to the details of the foregoing illustrative embodiments, and that the present application may be embodied in other specific forms without departing from the spirit or essential characteristics thereof. The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the application being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.

Claims (7)

1. A method for associating network domain names, the method comprising:
taking the anonymous network characteristic information as the input of a network space radar system to obtain a suspected matched clear network domain name;
the anonymous network characteristic information is characteristic information in an anonymous network webpage corresponding to an anonymous network domain name, and the network space radar system is a zooeye and is used for providing network space asset detection and vulnerability mapping;
determining an open net matching domain name of the anonymous network domain name according to the anonymous network webpage and the open net webpage suspected of matching the open net domain name;
the step of determining the public network matching domain name of the anonymous network domain name according to the anonymous network webpage and the public network webpage suspected to match the public network domain name comprises the following steps:
acquiring an anonymous network keyword and an explicit gateway keyword under the condition that the title of the anonymous network webpage is the same as the title of the explicit network webpage and the site icon of the anonymous network webpage is the same as the site icon of the explicit network webpage, wherein the anonymous network keyword is a keyword in response content of the anonymous network webpage and the explicit network keyword is a keyword in response content of the explicit network webpage;
acquiring the response content similarity according to the anonymous network keywords and the open network keywords;
judging whether the response content similarity of the anonymous network webpage and the Ming network webpage is larger than a matching threshold value or not;
and if so, determining the suspected matched open network domain name corresponding to the open network webpage as the open network matched domain name of the anonymous network domain name.
2. The network domain name association method of claim 1, wherein prior to said taking anonymous network characteristic information as input to a network space radar system, the method further comprises:
taking the anonymous network domain name as input of an anonymous network access browser to acquire a corresponding anonymous network webpage;
and extracting the characteristic information in the anonymous network webpage as anonymous network characteristic information.
3. The network domain name association method of claim 1, wherein after determining that the anonymous network domain name matches a domain name from the anonymous network web page and a Ming Net web page suspected of matching a Ming Net domain name, the method further comprises:
and storing the matching relation corresponding to the anonymous network domain name into a target database, wherein the matching relation comprises the anonymous network domain name and all public network matching domain names.
4. The network domain name association method according to claim 3, wherein the matching relationship further comprises web page information of each bright net matching domain name.
5. A network domain name association device, the device comprising:
the preprocessing unit is used for taking the anonymous network characteristic information as the input of the network space radar system so as to obtain a suspected matched clear network domain name;
the anonymous network characteristic information is characteristic information in an anonymous network webpage corresponding to an anonymous network domain name, and the network space radar system is a zooeye and is used for providing network space asset detection and vulnerability mapping;
the matching unit is used for determining the open net matching domain name of the anonymous network domain name according to the anonymous network webpage and the open net webpage suspected of matching the open net domain name;
the matching unit is further configured to obtain an anonymous network keyword and an explicit gateway keyword when the title of the anonymous network webpage is the same as the title of the explicit network webpage and the site icon of the anonymous network webpage is the same as the site icon of the explicit network webpage, where the anonymous network keyword is a keyword in response content of the anonymous network webpage and the explicit network keyword is a keyword in response content of the explicit network webpage; acquiring the response content similarity according to the anonymous network keywords and the open network keywords; judging whether the response content similarity of the anonymous network webpage and the Ming network webpage is larger than a matching threshold value or not; and if so, determining the suspected matched open network domain name corresponding to the open network webpage as the open network matched domain name of the anonymous network domain name.
6. A computer readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, implements the method according to any of claims 1-4.
7. An electronic device, comprising: a processor and a memory for storing one or more programs; the method of any of claims 1-4 is implemented when the one or more programs are executed by the processor.
CN202111254047.7A 2021-10-27 2021-10-27 Network domain name association method and device, storage medium and electronic equipment Active CN113923193B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111254047.7A CN113923193B (en) 2021-10-27 2021-10-27 Network domain name association method and device, storage medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111254047.7A CN113923193B (en) 2021-10-27 2021-10-27 Network domain name association method and device, storage medium and electronic equipment

Publications (2)

Publication Number Publication Date
CN113923193A CN113923193A (en) 2022-01-11
CN113923193B true CN113923193B (en) 2023-11-28

Family

ID=79243193

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111254047.7A Active CN113923193B (en) 2021-10-27 2021-10-27 Network domain name association method and device, storage medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN113923193B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102611691A (en) * 2012-01-12 2012-07-25 深信服网络科技(深圳)有限公司 Method, system and gateway device for detecting phishing websites
CN102622553A (en) * 2012-04-24 2012-08-01 腾讯科技(深圳)有限公司 Method and device for detecting webpage safety
CN108829792A (en) * 2018-06-01 2018-11-16 成都康乔电子有限责任公司 Distributed darknet excavating resource system and method based on scrapy
WO2019109529A1 (en) * 2017-12-08 2019-06-13 平安科技(深圳)有限公司 Webpage identification method, device, computer apparatus, and computer storage medium
CN112148956A (en) * 2020-09-30 2020-12-29 上海交通大学 Hidden net threat information mining system and method based on machine learning
CN112804210A (en) * 2020-12-31 2021-05-14 北京知道创宇信息技术股份有限公司 Data association method and device, electronic equipment and computer-readable storage medium

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10496994B2 (en) * 2017-03-31 2019-12-03 Ca, Inc. Enhanced authentication with dark web analytics
US20210377228A1 (en) * 2019-09-25 2021-12-02 Brilliance Center B.V. Methods for anonymously tracking and/or analysing web and/or internet visitors

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102611691A (en) * 2012-01-12 2012-07-25 深信服网络科技(深圳)有限公司 Method, system and gateway device for detecting phishing websites
CN102622553A (en) * 2012-04-24 2012-08-01 腾讯科技(深圳)有限公司 Method and device for detecting webpage safety
WO2019109529A1 (en) * 2017-12-08 2019-06-13 平安科技(深圳)有限公司 Webpage identification method, device, computer apparatus, and computer storage medium
CN108829792A (en) * 2018-06-01 2018-11-16 成都康乔电子有限责任公司 Distributed darknet excavating resource system and method based on scrapy
CN112148956A (en) * 2020-09-30 2020-12-29 上海交通大学 Hidden net threat information mining system and method based on machine learning
CN112804210A (en) * 2020-12-31 2021-05-14 北京知道创宇信息技术股份有限公司 Data association method and device, electronic equipment and computer-readable storage medium

Also Published As

Publication number Publication date
CN113923193A (en) 2022-01-11

Similar Documents

Publication Publication Date Title
Rao et al. Jail-Phish: An improved search engine based phishing detection system
US11343269B2 (en) Techniques for detecting domain threats
Aljofey et al. An effective detection approach for phishing websites using URL and HTML features
Ramesh et al. An efficacious method for detecting phishing webpages through target domain identification
US11799823B2 (en) Domain name classification systems and methods
US20120066359A1 (en) Method and system for evaluating link-hosting webpages
EP3972192B1 (en) Method and system for layered detection of phishing websites
JP7254925B2 (en) Transliteration of data records for improved data matching
CN111224923B (en) Detection method, device and system for counterfeit websites
CN110619075B (en) Webpage identification method and equipment
CN110929185B (en) Website directory detection method and device, computer equipment and computer storage medium
US11797617B2 (en) Method and apparatus for collecting information regarding dark web
Nowroozi et al. An adversarial attack analysis on malicious advertisement URL detection framework
Wu et al. Malicious website detection based on urls static features
Du et al. ExpSeeker: Extract public exploit code information from social media
CN115801455B (en) Method and device for detecting counterfeit website based on website fingerprint
CN113923193B (en) Network domain name association method and device, storage medium and electronic equipment
CN110825976B (en) Website page detection method and device, electronic equipment and medium
CN115001724B (en) Network threat intelligence management method, device, computing equipment and computer readable storage medium
Sebastián et al. Domain and website attribution beyond WHOIS
CN112769792A (en) ISP attack detection method and device, electronic equipment and storage medium
Ou et al. Viopolicy-detector: An automated approach to detecting GDPR suspected compliance violations in websites
CN114826712B (en) Malicious domain name detection method and device and electronic equipment
CN115982508B (en) Heterogeneous information network-based website detection method, electronic equipment and medium
US12021894B2 (en) Phishing detection based on modeling of web page content

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant