CN113992623B - Web page mail cross-site scripting attack detection method based on content and source code - Google Patents
Web page mail cross-site scripting attack detection method based on content and source code Download PDFInfo
- Publication number
- CN113992623B CN113992623B CN202111376604.2A CN202111376604A CN113992623B CN 113992623 B CN113992623 B CN 113992623B CN 202111376604 A CN202111376604 A CN 202111376604A CN 113992623 B CN113992623 B CN 113992623B
- Authority
- CN
- China
- Prior art keywords
- cross
- site scripting
- scripting attack
- webpage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Abstract
The invention relates to a cross-site scripting attack detection technical method oriented to a webpage mail, wherein a detected object is a cross-site scripting attack aiming at an electronic mail. The method is mainly applied to the fields of cross-site scripting attack vulnerability mining and load identification of the webpage mails, and is characterized in that the existing cross-site scripting attack data of the emails are trained by a machine learning method, and the trained model is applied to unknown cross-site scripting attack detection of the emails. The working process of the method comprises the steps of reading a large number of original mails and JavaScript source Code data of the original mails, constructing a corpus by using Word2Vec and Code2Vec, extracting mail characteristics according to the corpus, and finally training a detection model by using a random forest algorithm, a bidirectional circulation neural network and an attention mechanism. The method provides double-layer protection for the webpage mail based on the content of the email and the JavaScript source code, and provides a new solution for detecting the cross-site scripting attack of the email.
Description
Technical Field
The invention relates to the field of vulnerability discovery and the field of attack load identification, which mainly has the core that a large amount of webpage mails and source code data are collected, a characteristic vector matrix of a control flow is constructed by utilizing a natural language processing method, a random forest model and a bidirectional circulation neural network model are trained, and finally, the trained model is used for detecting the webpage mail cross-site scripting attack.
Background
The rapid development of internet technology makes the contact between people more and more tight, and the use of networks to transmit information has become the most common communication means. As one of the most common means of information transfer, e-mail has always played an important role in network communication. Since the value information is always contained in the e-mail, the e-mail is always targeted by attackers. With the rapid development of Web applications, most users are more accustomed to accessing an electronic mailbox and viewing an electronic mail at a Web end, so that an attacker can steal user identity and sensitive information by using a Web attack means. Among these attack threats, cross-site scripting attack is the most common method of attack suffered by webmail. An attack mode of transmitting cross-site scripting attack load to a webpage mail through an email is called as webpage mail cross-site scripting attack. The attack method of the webpage mail cross-site scripting attack has the characteristics of spontaneity, competiveness, concealment and the like, is difficult to effectively avoid on a user layer, and is an attack means which has the greatest threat and is most concerned in the safety of the webpage mail. When the cross-site scripting attack of the webpage mail is initiated, an attacker transmits a mail carrying malicious JavaScript codes to a victim in a mail mode, and when the victim views the mail or opens a mail directory, the malicious JavaScript codes automatically run through a browser, steal value information and return the value information to the attacker. If the attacker successfully steals the identity certificate, the attacker can directly log in the webpage mail to further steal information. Therefore, the cross-site scripting attack of the webpage mails has huge harm, in 2013 and 2016, the Yoohu webpage mails are popped out twice to form the cross-site scripting attack loopholes, and nearly 4000 ten thousand user information is leaked. In 2014, gmail explodes a cross-site scripting attack vulnerability, and though timely repaired, gmail still causes huge panic in the current year. The great harmfulness makes the cross site scripting attack of the web mail favored by attackers, and how to effectively prevent the attack method becomes a problem to be solved urgently.
Most of the existing web mail cross-site scripting attack detection research is limited to black box testing, namely a large number of attack samples are used for access collision, and the cross-site scripting attack loopholes existing in the web mail are tried to be excavated. However, this biased offensiveness detection method has great limitations:
(1) Depending on the comprehensiveness of the load generator, the generated cross-site scripting attack vector cannot be guaranteed to effectively point to unknown cross-site scripting attack vulnerabilities;
(2) With the updating of a mailbox system and a browser client, a novel cross-site scripting attack vulnerability may appear, and the novel vulnerability is difficult to dig out by virtue of an attack load generated by the existing knowledge amount;
(3) The existing webpage mail cross-site scripting attack research mostly focuses on finding the vulnerability of a server side, neglects interception of attack load and cannot provide long-term protection.
At present, more and more attackers adopt cross-site scripting to attack and steal value information in the webpage mails, and even large-scale electronic mailbox manufacturers are difficult to avoid properly. The current situation seriously threatens personal privacy safety and national confidential safety of people, and when the traditional webpage mail cross-site scripting attack detection method can not effectively intercept cross-site scripting attack, an electronic mailbox system urgently needs a method for providing comprehensive cross-site scripting attack protection for the webpage mail.
Disclosure of Invention
The invention discloses a webpage mail cross-site scripting attack detection method based on content and source codes, which is provided for solving the problem that the conventional webpage mail cross-site scripting attack detection technology is imperfect, and aims to ensure personal privacy safety when a user reads an email on a webpage mail.
The invention innovatively provides a source code layer and content layer-based webpage mail cross-site scripting attack defense method, which provides double-layer protection for a user when browsing a mail through static source code layer cross-site scripting attack vulnerability mining and electronic mail content cross-site scripting attack load identification. The invention mainly comprises two parts: on one hand, javaScript source codes loaded when a user accesses a webpage mail are detected, and whether cross-site scripting attack holes exist is mined; on the other hand, the header information and the content of the e-mail loaded by the user are detected, and whether the e-mail contains the malicious cross-site scripting attack load content or not is identified. Aiming at the described problem of vulnerability mining of cross site scripting attack on the Web page, the invention provides a JavaScript static source code analysis method based on ensemble learning and parameter adjustment, which can detect JavaScript codes contained in HTML returned by a Web server and externally connected JavaScript files and prevent cross site scripting attack vulnerabilities contained in the HTML. Aiming at the problem of identification of the cross-site scripting attack load of the mail content, the invention provides a method for identifying the cross-site scripting attack load of the mail content based on a deep learning and attention mechanism, which can identify the cross-site scripting attack load contained in the mail header and the mail body and prevent the impending information leakage.
In order to realize the detection method of the webpage mail cross-site scripting attack, the invention adopts the natural language processing technology to extract the characteristics of the source code and the mail content of the webpage mail, constructs a webpage mail cross-site scripting attack corpus and generates a corresponding characteristic vector matrix, thereby providing a data format which can be directly input and trained for a machine learning algorithm. The whole technical framework is divided into a data layer, a preprocessing layer, a training layer and a detection layer, input data are transmitted from bottom to top, and finally training and detection of the webpage mail cross-site scripting attack vulnerability mining and malicious utilization recognition model are completed. The invention finally realizes a method which can provide high-quality privacy protection for webpage mail users and has extremely high interception accuracy of cross-site scripting attack.
Drawings
The objects, implementations, advantages and features of the present invention will be more clearly understood from the following detailed description taken in conjunction with the accompanying drawings.
FIG. 1 is an inventive method flow framework;
FIG. 2 is an overall framework of the pre-processing layer;
FIG. 3 is an overall framework of a training layer;
FIG. 4 is a flowchart of a web mail cross-site scripting attack load detection module;
FIG. 5 is a flowchart of a Web mail cross-site scripting attack vulnerability mining module.
Detailed Description
The method is mainly used for identifying the cross-site scripting attack of the webpage mail, and the identified objects are divided into cross-site scripting attack vulnerabilities and cross-site scripting attack loads. Therefore, the E-mail content and the JavaScript source code are extracted from the webpage mail to serve as original data, and a final webpage mail cross-site scripting attack detection model is obtained after preprocessing, feature vector construction and training. The inventive method hierarchy is shown in FIG. 1.
The integral framework of the invention comprises four layers from bottom to top: the device comprises a data layer, a preprocessing layer, a training layer and a detection layer. The framework has hierarchy, data flow is transmitted from bottom to top, and the output of the lower layer is used as the input of the upper layer to participate in various processing. The process is mainly divided into two steps: firstly, extracting JavaScript statements and an external JavaScript file from a page source code returned by a Web server, constructing a control flow by taking a variable as a core, constructing a feature vector according to a pre-material library and semantic analysis, and finally constructing a random forest model for identification and excavating a cross-site scripting attack vulnerability contained in the random forest model. Secondly, extracting mail head information and text information from mail contents returned by a mail server, constructing a feature vector according to a pre-material library and semantic analysis, identifying the feature vector by using an attention mechanism and a deep learning model, and judging whether the mail contents carry cross-site scripting attack loads or not. Each layer is described in detail below.
The data layer is used for acquiring and processing the original data, sorting the original data and transmitting the sorted original data into the preprocessing layer. The preprocessing layer mainly comprises an email information preprocessing module and a JavaScript source code preprocessing module, and the main functional module frame of the preprocessing layer is shown in FIG. 2. The email message quintuple outputs a long string sequence through long character construction and load reduction processing, and the abstract syntax tree constructs an output program control flow through input output constraints and a control flow. In the email message preprocessing module, after the preprocessing module organizes email message quintuple into a long character string sequence, the invention reduces cross-site script attack load by three preprocessing methods, which are respectively: decoding, equivalent replacement, and deleting the interference characters. In the JavaScript source code preprocessing module, the system performs pre-detection on the JavaScript source codes through input and output constraint rules, so that source codes without detection values are filtered, the detection efficiency of the system is effectively improved, and meanwhile, the control flow construction is completed by adopting three steps of positioning a controllable input point, inputting control flow tracking and connecting control flow nodes in series.
The functional module of the training layer is mainly divided into three sub-modules, namely a corpus construction module, a web mail cross-site scripting attack load recognition model training module and a web mail cross-site scripting attack vulnerability discovery model training module, and the overall implementation framework is shown in fig. 3. The corpus construction module is mainly responsible for receiving the formatted data transmitted from the preprocessing layer, training word vectors and word labels to form a web mail cross-site scripting attack detection corpus. And the web mail cross-site scripting attack load identification model training module and the web mail cross-site scripting attack vulnerability discovery model training module are responsible for training a web mail cross-site scripting attack detection model by using a deep learning algorithm and an integrated learning algorithm, and transmitting the model into a detection layer to perform vulnerability discovery and load identification.
The web mail cross site scripting attack detection corpus is divided into a web mail cross site scripting attack vulnerability mining corpus and a web mail cross site scripting attack load identification corpus. For the web mail cross site scripting attack load identification corpus, word2Vec is used for training a corpus set and constructing the web mail cross site scripting attack load identification corpus. The internal key settings of the Word2Vec algorithm are as follows: constructing a 200-dimensional word vector matrix; only the association of 5 words before and after each word is considered; truncating the corpus dictionary, and discarding words with the word frequency less than 5; the parallelism of the parameter control training is fixed to 4. For the web mail cross site scripting vulnerability discovery corpus, when all control flows are integrated into a set to be trained, a Code2Vec algorithm is used for training the control flows and constructing the web mail cross site scripting vulnerability discovery corpus. The key parameters of the Code2Vec algorithm are as follows: the dimension of the output word label vector is 128; the number of training rounds is adjusted to 20 rounds, and the batch size is set to 1024; limiting the length of the word label, and discarding words with the number of characters exceeding 200; the parallelism of the parameter control training is set to 10.
The training module of the web mail cross-site scripting attack load recognition model mainly aims at training a neural network model for recognizing cross-site scripting attack load carried in an electronic mail, and the main work of the training module is divided into two steps: firstly, feature vector matrix conversion is carried out on a long character string sequence transmitted by a preprocessing module through a web mail cross-site scripting attack load recognition corpus, and secondly, vectorized electronic mail information data are trained by using a bidirectional circulation neural network and an attention mechanism. The training module of the webpage mail cross-site scripting attack vulnerability discovery model mainly aims at training a neural network model for discovering JavaScript source code cross-site scripting attack vulnerability, and the main work of the training module is divided into two steps: firstly, feature vector matrix transformation is carried out on control flow transmitted by a preprocessing module through a webpage mail cross-site scripting vulnerability mining corpus, and secondly vectorized control flow data are trained through random forests.
The detection layer receives the webpage mail cross-site scripting attack detection models trained by the training layer, and the detection models are two types and respectively correspond to vulnerability mining and load identification, so that the detection layer is divided into two modules according to the characteristics of the two types of models, namely a webpage mail cross-site scripting attack vulnerability detection module and a webpage mail cross-site scripting attack load detection module. The two detection modules complement each other to jointly resist the cross-site scripting attack of the e-mail which may happen.
When new e-mail information is input into the detection module, the module processes the input data, then uses the web mail cross-site scripting attack load identification model obtained in the training layer to predict, and judges whether the e-mail contains cross-site scripting attack load, and the basic flow of the functional module is shown in fig. 4. Firstly, extracting an information quintuple in an email by a detection module, calling a data processing function module of a preprocessing layer, and converting email information into a long character string sequence; then identifying a corpus according to a web mail cross-site scripting attack load of a training layer, and calling a corresponding function pair module to convert a long character string sequence into a feature vector matrix; and finally, predicting the characteristic vector matrix by using the webpage mail cross-site scripting attack load identification model to obtain the probability value of the cross-site scripting attack load contained in the input electronic mail information. The detection module outputs the prediction result, intercepts and isolates the e-mails classified as malicious according to the set threshold value, and prevents the e-mails from loading malicious script codes on a user lookup page, so that the privacy data of the user are protected.
And after the user logs in the webpage mail, the browser automatically loads the externally called JavaScript source code file. The part of the JavaScript source code files can be automatically extracted by the system and input into the webpage mail cross-site scripting attack vulnerability detection module, so that whether the JavaScript source codes loaded in the user page contain the cross-site scripting attack vulnerability or not is found, and the detection flow of the functional module is shown in figure 5. Firstly, the detection module performs abstract syntax tree conversion on JavaScript source codes, and calls a pre-detection module in a pre-detection layer to perform input and output constraint detection on the source codes, and if the source codes are judged to have no controllable input points in the pre-detection process, the source codes are directly output as JavaScript source codes without cross-site scripting attack vulnerabilities; if the controllable input point exists in the source code, the corresponding control flow is extracted; then, calling a web mail cross-site script attack load identification corpus, and converting a control flow code into a corresponding characteristic vector matrix; and finally, predicting the characteristic vector matrix by using a webpage mail cross-site scripting attack vulnerability mining model to obtain the probability value of the cross-site scripting attack vulnerability contained in the input control flow. By detecting the JavaScript source codes when the webpage mails are loaded, the cross-site scripting attack vulnerability possibly contained in the webpage mails can be effectively excavated, so that the possibly initiated cross-site scripting attack of the webpage mails is prevented, and a protection effect is achieved when the user uses the webpage mails to check and receive the emails.
As described above, the invention successfully realizes the double-layer protection of cross-site scripting attack for the webpage mail user from the email content layer and the source code layer, and has extremely high accuracy. Compared with the traditional webpage mail cross-site scripting attack detection method, the invention has the following innovations:
(1) Aiming at the current vast majority of mail security research directions focusing on phishing mails and junk mails, the text focuses on the more serious problem of webpage mail cross-site scripting attack. The current webpage mail cross-site scripting attack research is still stopped in server-side-based URL detection and dynamic fuzzy detection, and cannot provide permanent protection. The method provides a webpage mail cross-site scripting attack defense method based on a source code layer and a content layer, and provides double-layer protection for a user when browsing a mail through static source code layer cross-site scripting attack vulnerability mining and electronic mail content cross-site scripting attack load identification;
(2) Aiming at static source code detection of JavaScript codes, the source codes are analyzed in a control flow constructing mode, a detection method based on ensemble learning is used for mining cross-site scripting attack loopholes existing in the source codes, and cross-site scripting attack possibly suffered is prevented comprehensively;
(3) Aiming at static source code detection of JavaScript codes, source codes are analyzed in a control flow constructing mode, a detection method based on ensemble learning is used for mining cross-site scripting attack vulnerabilities existing in the source codes, and cross-site scripting attacks possibly suffered are prevented comprehensively.
Although the preferred embodiments of the present invention have been described for illustrative purposes, those skilled in the art will appreciate that various modifications, additions and substitutions are possible, without departing from the scope and spirit of the invention as disclosed in the accompanying claims.
Claims (1)
1. A webpage mail cross-site scripting attack detection method based on content and source codes is characterized by comprising the following steps:
A. in the data layer, acquiring needed EML files and JavaScript source code data from the webpage mails, processing the EML files and the JavaScript source code data into E-mail information quintuple and generating a JavaScript abstract syntax tree;
B. in the preprocessing layer, processing and outputting the e-mail information into a long character string sequence through long character construction and load reduction, and processing and outputting into a program control stream through input and output constraint and a control stream construction; the load restoration process comprises a plurality of modes of decoding, equivalent replacement and interference character deletion, and the control flow construction process comprises a plurality of modes of positioning controllable points, inputting control flow tracking and connecting control flow nodes in series;
C. in a training layer, acquiring modeling data, constructing a web mail cross-site scripting attack detection corpus, and training a web mail cross-site scripting attack detection model; the web page mail cross site scripting attack detection corpus is divided into a web page mail cross site scripting attack vulnerability mining corpus trained by using Code2Vec and a web page mail cross site scripting attack load recognition corpus trained by using Word2Vec, and the web page mail cross site scripting attack detection model is divided into a web page mail cross site scripting attack load recognition model trained by using a bidirectional cyclic neural network and an attention mechanism and a web page mail cross site scripting attack vulnerability mining model trained by using a random forest;
D. receiving a webpage mail cross-site scripting attack detection model trained by a training layer at a detection layer, and performing cross-site scripting attack vulnerability mining and cross-site scripting attack load identification on newly input webpage mail data; when new e-mail information is input into the detection module, the module processes the input data, then uses a web mail cross-site scripting attack load identification model obtained from the training layer to predict, and judges whether the e-mail contains cross-site scripting attack load or not; after a user logs in a webpage mail, the browser automatically loads an externally called JavaScript source code file; the JavaScript source code files are automatically extracted by the system and input into the webpage mail cross-site scripting attack vulnerability detection module, so that whether the JavaScript source codes loaded in the user page contain the cross-site scripting attack vulnerability or not is mined.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111376604.2A CN113992623B (en) | 2021-11-19 | 2021-11-19 | Web page mail cross-site scripting attack detection method based on content and source code |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111376604.2A CN113992623B (en) | 2021-11-19 | 2021-11-19 | Web page mail cross-site scripting attack detection method based on content and source code |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113992623A CN113992623A (en) | 2022-01-28 |
| CN113992623B true CN113992623B (en) | 2022-10-21 |
Family
ID=79749564
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111376604.2A Active CN113992623B (en) | 2021-11-19 | 2021-11-19 | Web page mail cross-site scripting attack detection method based on content and source code |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113992623B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114900492B (en) * | 2022-07-15 | 2022-10-18 | 北京六方云信息技术有限公司 | Abnormal mail detection method, device and system and computer readable storage medium |
| CN115567476A (en) * | 2022-09-28 | 2023-01-03 | 建信金融科技有限责任公司 | Junk mail detection method, device, processor and storage medium |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108512818A (en) * | 2017-02-28 | 2018-09-07 | 腾讯科技(深圳)有限公司 | Detect the method and device of loophole |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2011073982A1 (en) * | 2009-12-15 | 2011-06-23 | Seeker Security Ltd. | Method and system of runtime analysis |
| JP5656266B2 (en) * | 2012-01-24 | 2015-01-21 | Necソリューションイノベータ株式会社 | Blacklist extraction apparatus, extraction method and extraction program |
| US9049222B1 (en) * | 2012-02-02 | 2015-06-02 | Trend Micro Inc. | Preventing cross-site scripting in web-based e-mail |
| US9154492B2 (en) * | 2013-09-27 | 2015-10-06 | The University Of North Carolina At Charlotte | Moving target defense against cross-site scripting |
| US10498605B2 (en) * | 2016-06-02 | 2019-12-03 | Zscaler, Inc. | Cloud based systems and methods for determining and visualizing security risks of companies, users, and groups |
| US11032312B2 (en) * | 2018-12-19 | 2021-06-08 | Abnormal Security Corporation | Programmatic discovery, retrieval, and analysis of communications to identify abnormal communication activity |
-
2021
- 2021-11-19 CN CN202111376604.2A patent/CN113992623B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108512818A (en) * | 2017-02-28 | 2018-09-07 | 腾讯科技(深圳)有限公司 | Detect the method and device of loophole |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113992623A (en) | 2022-01-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Sahingoz et al. | Machine learning based phishing detection from URLs | |
| Nunan et al. | Automatic classification of cross-site scripting in web pages using document-based and URL-based features | |
| CN113992623B (en) | Web page mail cross-site scripting attack detection method based on content and source code | |
| Aljabri et al. | An assessment of lexical, network, and content-based features for detecting malicious urls using machine learning and deep learning models | |
| CN112989831B (en) | Entity extraction method applied to network security field | |
| CN104361097A (en) | Real-time detection method for electric power sensitive mail based on multimode matching | |
| Zhang et al. | Notice of retraction: A static analysis tool for detecting web application injection vulnerabilities for asp program | |
| Geyik et al. | Detection of phishing websites from URLs by using classification techniques on WEKA | |
| Banerjee et al. | Detection of XSS in web applications using Machine Learning Classifiers | |
| Zhang et al. | Cross-site scripting (XSS) detection integrating evidences in multiple stages | |
| Soleymani et al. | A novel approach for detecting DGA-based botnets in DNS queries using machine learning techniques | |
| Madhubala et al. | Survey on malicious URL detection techniques | |
| Gupta et al. | GeneMiner: a classification approach for detection of XSS attacks on web services | |
| Yaseen et al. | Email fraud attack detection using hybrid machine learning approach | |
| Alkhathami et al. | ‘Detection of SQL injection attacks using machine learning in cloud computing platform | |
| Das et al. | Detection of cross-site scripting attack under multiple scenarios | |
| Ray et al. | Detection of malicious URLs using deep learning approach | |
| Vahedi et al. | Identifying and categorizing malicious content on paste sites: a neural topic modeling approach | |
| Ravi et al. | URL based email phishing detection application | |
| Hess et al. | Malicious HTML file prediction: A detection and classification perspective with noisy data | |
| Wang | Malicious URL detection an evaluation of feature extraction and machine learning algorithm | |
| Huang et al. | UTANSA: Static Approach for Multi-Language Malicious Web Scripts Detection | |
| Elamathi et al. | An effective secure mechanism for phishing attacks using machine learning approach | |
| Marimuthu et al. | Intelligent antiphishing framework to detect phishing scam: A hybrid classification approach | |
| Kumarasiri et al. | Cybersmish: A Proactive Approach for Smishing Detection and Prevention using Machine Learning |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |