CN114710468A - Domain name generation and identification method, device, equipment and medium - Google Patents

Domain name generation and identification method, device, equipment and medium Download PDF

Info

Publication number
CN114710468A
CN114710468A CN202210336645.7A CN202210336645A CN114710468A CN 114710468 A CN114710468 A CN 114710468A CN 202210336645 A CN202210336645 A CN 202210336645A CN 114710468 A CN114710468 A CN 114710468A
Authority
CN
China
Prior art keywords
character string
domain name
approximate
core
protected
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210336645.7A
Other languages
Chinese (zh)
Inventor
穆建光
张龙
赵粤征
叶建伟
黄�俊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nsfocus Technologies Inc
Nsfocus Technologies Group Co Ltd
Original Assignee
Nsfocus Technologies Inc
Nsfocus Technologies Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nsfocus Technologies Inc, Nsfocus Technologies Group Co Ltd filed Critical Nsfocus Technologies Inc
Priority to CN202210336645.7A priority Critical patent/CN114710468A/en
Publication of CN114710468A publication Critical patent/CN114710468A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/30Managing network names, e.g. use of aliases or nicknames
    • H04L61/301Name conversion
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/30Managing network names, e.g. use of aliases or nicknames
    • H04L61/3015Name registration, generation or assignment
    • H04L61/3025Domain name generation or assignment

Abstract

The application discloses a domain name generation and identification method, device, equipment and medium. Due to the fact that the domain name deformation rule is configured in advance, the core character string contained in the domain name to be protected can be converted according to the domain name deformation rule, so that the approximate character string corresponding to the core character string is obtained, the approximate domain name corresponding to the domain name to be protected is determined according to the obtained approximate character string, all the approximate domain names which can possibly imitate the domain name to be protected are obtained as far as possible, the approximate domain name corresponding to the domain name to be protected does not need to be obtained in a collection mode, and workload and cost for obtaining the approximate domain name corresponding to the domain name to be protected are greatly reduced.

Description

Domain name generation and identification method, device, equipment and medium
Technical Field
The present application relates to the field of network security technologies, and in particular, to a method, an apparatus, a device, and a medium for generating and identifying a domain name.
Background
In the related art, domain names of some phishing websites generally adopt a mode of finely adjusting the positions of characters contained in counterfeited legal domain names, so that the legal domain names are counterfeited, namely, approximate domain names corresponding to the legal domain names are adopted, thereby inducing the access of users and obtaining the secret information (such as card numbers and passwords of bank cards, passwords of electronic mailboxes and the like) of the accessed users. In order to protect the information security of the user, the acquired domain name to be detected may be matched with a violation domain name (e.g., a domain name of a phishing website) collected in advance, so as to determine whether the domain name to be detected is the violation domain name. Because the number of illegal domains that can be collected is limited, the domain name to be detected cannot be matched with all illegal domains, and the obtained identification result may be inaccurate.
Therefore, how to acquire a large number of approximate domain names which imitate the domain name to be protected is an urgent problem to be solved.
Disclosure of Invention
The embodiment of the application provides a domain name generation and identification method, device, equipment and medium, which are used for solving the problem that the existing approximate domain name which imitates a domain name to be protected in a large amount cannot be obtained.
The embodiment of the application provides a domain name generation method, which further comprises the following steps:
acquiring a core character string contained in a domain name to be protected; the core character string is used for uniquely identifying the domain name to be protected;
acquiring an approximate character string corresponding to the core character string according to a preset domain name deformation rule; and the domain name deformation rule is used for converting characters contained in the core character string.
The embodiment of the application provides a domain name identification method, which comprises the following steps:
acquiring a core character string contained in a domain name to be detected; the core character string is used for uniquely identifying the domain name to be detected;
matching the core character string with a pre-stored approximate character string; the approximate character string is generated through a preset domain name deformation rule;
if the matched approximate character string exists, determining that the domain name to be detected is the illegal domain name;
and if the matched approximate character string does not exist, determining the domain name to be detected as the compliant domain name.
The embodiment of the application provides a domain name generating device, the device includes:
the acquisition module is used for acquiring a core character string contained in the domain name to be protected; the core character string is used for uniquely identifying the domain name to be protected;
the processing module is used for acquiring an approximate character string corresponding to the core character string through a preset domain name deformation rule; and the domain name deformation rule is used for converting characters contained in the core character string.
The embodiment of the application provides a domain name identification device, which comprises:
the acquisition unit is used for acquiring a core character string contained in the domain name to be detected; the core character string is used for uniquely identifying the domain name to be detected;
the matching unit is used for matching the core character string with a pre-stored approximate character string; the approximate character string is generated through a preset domain name deformation rule;
the determining unit is used for determining the domain name to be detected as the illegal domain name if the matching unit determines that the matched approximate character string exists; and if the matching unit determines that no matched approximate character string exists, determining that the domain name to be detected is a compliant domain name.
An embodiment of the present application provides an electronic device, where the electronic device at least includes a processor and a memory, and the processor is configured to implement the steps of the domain name generation method as described above when executing a computer program stored in the memory, or implement the steps of the domain name identification method as described above.
Embodiments of the present application provide a computer-readable storage medium, which stores a computer program, and when the computer program is executed by a processor, the computer program implements the steps of the domain name generation method as described above, or implements the steps of the domain name identification method as described above.
Due to the fact that the domain name deformation rule is configured in advance, the core character string contained in the domain name to be protected can be converted according to the domain name deformation rule, so that the approximate character string corresponding to the core character string is obtained, the approximate domain name corresponding to the domain name to be protected is determined according to the obtained approximate character string, all the approximate domain names which can possibly imitate the domain name to be protected are obtained as far as possible, the approximate domain name corresponding to the domain name to be protected does not need to be obtained in a collection mode, and workload and cost for obtaining the approximate domain name corresponding to the domain name to be protected are greatly reduced.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic diagram of a domain name generation process provided by an embodiment of the present application;
fig. 2 is a schematic diagram of a specific domain name generation process provided in an embodiment of the present application;
fig. 3 is a schematic diagram of a domain name identification process according to an embodiment of the present application;
fig. 4 is a schematic diagram of a specific domain name identification process provided in an embodiment of the present application;
fig. 5 is a schematic structural diagram of a domain name generation apparatus provided in an embodiment of the present application;
fig. 6 is a schematic structural diagram of a domain name recognition apparatus according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of another electronic device according to an embodiment of the present application.
Detailed Description
The present application will now be described in further detail with reference to the accompanying drawings, wherein like reference numerals refer to like elements throughout. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
As will be appreciated by one skilled in the art, embodiments of the present application may be embodied as a system, apparatus, device, method, or computer program product. Thus, the present application may be embodied in the form of: entirely hardware, entirely software (including firmware, resident software, micro-code, etc.), or a combination of hardware and software.
In this document, it is to be understood that any number of elements in the figures are provided by way of illustration and not limitation, and any nomenclature is used for differentiation only and not in any limiting sense.
For convenience of understanding, some concepts related to the embodiments of the present application are explained below:
and (3) phishing websites: phishing websites refer to false websites that spoof users. The page of the phishing website is basically consistent with the real website interface, and the account number and the password information submitted by a consumer are deceived or stolen. Phishing websites typically have only one or a few pages, which are slightly different from real websites.
Approximate domain name: which refers to domain names with very similar length, character shape, character order, etc.
In practical applications, "phishing websites" are phishing behaviors that become abnormally rampant as network popularity and online transactions increase. Often almost identical to a bank website or other known website, thereby enticing users to submit sensitive information. The phisher can imitate the victims to carry out fraudulent financial transactions and even utilize the personal information to carry out other illegal activities through the stolen personal information. Therefore, in order to avoid generating more loss, protect the user from surfing the internet safely and purify the network space, a more efficient and reliable phishing website detection technology must be researched.
In the related art, a large number of illegal domain names are generally acquired in a collection mode, so that the domain name to be detected can be matched with the illegal domain names collected in advance subsequently, and whether the domain name to be detected is the illegal domain name or not is determined. However, because the number of illegal domains that can be collected is limited, the domain name to be detected cannot be matched with all illegal domains, and thus the obtained identification result may be inaccurate.
In order to solve the problem, the application provides a domain name generation and identification method, device, equipment and medium. Due to the fact that the domain name deformation rule is configured in advance, the core character string contained in the domain name to be protected can be converted according to the domain name deformation rule, so that the approximate character string corresponding to the core character string is obtained, the approximate domain name corresponding to the domain name to be protected is determined according to the obtained approximate character string, all the approximate domain names which can possibly imitate the domain name to be protected are obtained as far as possible, the approximate domain name corresponding to the domain name to be protected does not need to be obtained in a collection mode, and workload and cost for obtaining the approximate domain name corresponding to the domain name to be protected are greatly reduced.
For convenience of understanding of the embodiment of the present application, the application scenarios of the present application are introduced above, and the service scenarios described in the embodiment of the present application are for more clearly explaining the technical solutions of the embodiment of the present application, and do not constitute limitations on the technical solutions provided in the embodiment of the present application. For example, the scenarios such as title protection of a domain name, infringement inquiry of a domain name and the like can be applied to the technical scheme provided by the application.
Example 1:
fig. 1 is a schematic diagram of a domain name generation process provided in an embodiment of the present application, where the process includes:
s101: acquiring a core character string contained in a domain name to be protected; and the core character string is used for uniquely identifying the domain name to be protected.
The domain name generation method provided by the embodiment of the application is applied to electronic devices (for convenience of description, referred to as domain name generation devices), and the domain name generation device may be an intelligent device such as a mobile terminal and a computer, or a server, for example, an application server.
In an actual application scenario, after receiving a processing request for generating an approximate domain name corresponding to a certain domain name, an electronic device for domain name generation determines the domain name as a domain name to be protected, and performs corresponding processing by using the domain name generation method provided by the application based on the domain name to be protected, so as to determine the approximate domain name corresponding to the domain name to be protected.
The electronic device for domain name generation receives the processing request, and the processing request mainly includes at least one of the following conditions:
in the first case, when a worker needs to collect the approximate domain names corresponding to the at least one domain name, a service processing request may be input to the intelligent device, and after receiving the service processing request for the at least one domain name, the intelligent device may send a processing request for generating the approximate domain names corresponding to the at least one domain name to the electronic device for domain name generation.
And in the second situation, when the intelligent device detects that a certain domain name is input by a worker, the intelligent device can also actively generate a processing request of the domain name and send the processing request to the electronic device for generating the domain name.
The electronic device for generating the domain name may be the same as or different from the smart device.
In the application, the core character string represents the character string contained in the domain name to be protected, and the character string of the domain name to be protected can be uniquely identified.
The core character string included in the domain name to be protected may be the domain name to be protected itself, or may be a partial character string included in the domain name to be protected.
In an example, the obtaining a core character string included in a domain name to be protected includes:
dividing the domain name to be protected into a plurality of sections of character strings according to a preset dividing mode;
determining each target character string of the non-top-level domain name in the multi-segment character strings;
matching each target character string with a stored general character string;
and determining the target character string without the matched universal character string in the target character string as the core character string.
Typically, the namespace of a domain name is made up of multiple parts, and each part is separated by a ". multidot." symbol. For example, for domain name www.nsfocus.com, the top domain name in the domain name is com, the second domain name is nsfocus. Wherein, the right-most part of the domain name is the top-level domain name of the domain name. The top-level domain name included in the illegal domain name is generally the same as the top-level domain name included in the legal domain name, and the illegal domain name is generally the part of the non-top-level domain name in the legal domain name is finely adjusted, so that the legal domain name is counterfeited. Therefore, in the application, the universal character string can be determined according to the character string included in the collected legal domain name, so that after the domain name to be protected is conveniently acquired subsequently, the electronic device can identify and analyze each part included in the domain name to be protected based on the pre-stored universal character string, and then acquire the core character string included in the domain name to be protected.
The universal character string can be determined according to a second-level domain name in the legal domain name. For example, edu (for educational institutions), com (for commercial companies), net (for web services), org (for organizational associations), gov (for government departments), mil (for military domains), and int (for international organizations).
For example, the domain name to be protected may be divided according to a preset dividing manner, that is, the domain name to be protected is divided into a plurality of segments of character strings. For example, each separator and the position of each separator included in the domain name to be protected are determined, and the domain name to be protected is divided based on the position of each separator and the position of each separator, so that the multiple segments of character strings included in the domain name to be protected are obtained. And determining the top-level domain name contained in the domain name to be protected according to the positions of the multiple sections of character strings in the domain name to be protected. For example, a legitimate domain name typically contains a top-level domain name that is located to the right of the rightmost delimiter of the legitimate domain name. And determining the character string of the non-top-level domain name in the multi-section character string as a target character string. And aiming at each target character string, matching the target character string with a pre-stored general character string. If the target character string is determined not to be matched with each universal character string, which indicates that the character string is most likely not a character string contained in a legal domain name, determining the target character string as a core character string; and if the target character string is determined to be matched with any universal character string, which indicates that the character string is the character string contained in the legal domain name, acquiring the next target character string.
And matching each target character string with a pre-stored general character string in sequence according to the sequence of each target character string from right to left in the domain name to be protected respectively.
For example, when the domain name www.nsfocus.com to be protected is identified, the location of each delimiter ". and each delimiter'. included in the domain name www.nsfocus.com to be protected in the domain name to be protected are obtained. Dividing the domain name to be protected according to the position of each separator and the position of each separator' in the domain name to be protected, and obtaining the domain name to be protected and dividing the domain name to be protected into three segments of character strings, namely www, nsfocus and com. And determining the top-level domain name contained in the domain name to be protected as com according to the positions of the plurality of sections of character strings in the domain name to be protected. And determining character strings www and nsfocus of the non-top-level domain name in the multi-segment character strings as target character strings. And aiming at each target character string, matching the target character string with a pre-stored general character string. If the target character string is determined not to be matched with each universal character string, which indicates that the character string is most likely not a character string contained in a legal domain name, determining the target character string as a core character string; and if the target character string is determined to be matched with any universal character string, which indicates that the character string is the character string contained in the legal domain name, acquiring the next target character string.
S102: acquiring an approximate character string corresponding to the core character string according to a preset domain name deformation rule; and the domain name deformation rule is used for converting characters contained in the core character string.
Since all illegal domains on the market cannot be collected, the domain name to be protected cannot be accurately protected. Therefore, in the present application, a domain name distortion rule is preconfigured to generate an approximate character string corresponding to a core character string included in a domain name to be protected through the domain name distortion rule, so as to expand an existing illegal domain name, thereby obtaining all approximate domain names that may possibly imitate the domain name to be protected as much as possible, and storing the generated approximate domain name, so as to facilitate the accuracy of a matching result for subsequently matching the domain name to be protected with the stored approximate domain name.
In one example, generating the approximate character string based on the preconfigured domain name distortion rule is implemented by three ways:
in the first mode, considering the existing illegal domain name, the legal domain name is counterfeited in a mode of finely adjusting the positions of characters contained in the counterfeited legal domain name. Therefore, in the present application, each character included in the core character string may be reordered, all permutation combinations may be determined, and at least one approximate character string corresponding to the core character string may be determined according to all obtained permutation combinations.
In an example, other permutation combinations different from the permutation combination corresponding to the core character string may be determined from all the obtained permutation combinations, and at least one other permutation combination may be determined as the approximate character string corresponding to the core character string.
In another example, all the obtained permutation combinations may be subjected to deduplication processing, a permutation combination that is the same as the permutation combination corresponding to the core character string is deleted from all the permutation combinations subjected to deduplication processing, and all the remaining permutation combinations are determined as the approximate character strings corresponding to the core character string; or determining other permutation combinations different from the permutation combination corresponding to the core character string in all the obtained permutation combinations, performing deduplication processing on all the other permutation combinations, and determining the other permutation combinations subjected to the deduplication processing as the approximate character string corresponding to the core character string.
For example, the core string is www.nsfocus, and the corresponding approximate string of the core string is www.nsfoucs.
For another example, assuming that the core string is nsfocus, each character included in the core string is obtained and represented by the following table:
1 2 3 4 5 6 7
n s f o c u s
for the 7 characters, each character can appear at any position, and all permutation combinations formed by the 7 characters are obtained. And performing deduplication processing on all the obtained permutation combinations, and deleting the permutation combination which is the same as the permutation combination corresponding to the core character string, so as to obtain at least one approximate character string corresponding to the core character string.
Supposing that any core character string contains M characters, sequencing the M characters, and acquiring the corresponding character of the core character string
Figure BDA0003574580220000091
And (4) combining the permutations. Wherein, all the obtained sequencing combinations contain B repeated sequencing combinations, and at least one approximate character string corresponding to the core character string has
Figure BDA0003574580220000092
And (4) respectively.
And in a second mode, the characters contained in the counterfeited legal domain name are replaced by considering the existing illegal domain name. Therefore, in the present application, a replacement character corresponding to a different character is configured in advance for the character, wherein the replacement character is similar to the character. For example, the following table may represent a preconfigured character to replacement character correspondence:
character(s) Replacing characters
b 6,h,d
c 0,o
d b,6
g 8
s 5
o 0,c
O Q,o,0
In a specific implementation process, aiming at each character string, determining a replacement character corresponding to each character contained in the character string according to a preset corresponding relation between the character and the replacement character; wherein the string comprises one or more of: the core character string and an approximate character string corresponding to the core character string; according to the replacement characters corresponding to each character, at least one replacement character string corresponding to the character string is obtained; wherein the replacement character string is obtained by replacing at least one character included in the character string. And determining the obtained at least one replacement character string as an approximate character string corresponding to the core character string.
For example, the character string is www.nsfocus, and if the replacement character corresponding to O (lower case) is determined to have O (upper case) and 0, the approximate character string corresponding to the character string is www.nsf0ucs and www.nsfOucs according to the replacement character corresponding to O.
Assuming that any character string contains M characters, determining the replacement characters corresponding to the M characters respectively, wherein each character corresponds to C replacement characters respectively. According to the replacement character corresponding to each character, corresponding L to the character stringKA replacement string. WhereinL can be determined by the following formulaK
LK=C1K×C2K×C3K×…×CMK
Wherein, CMKIndicating a replacement character, L, corresponding to the Mth characterKIndicating the kth string.
And thirdly, considering the existing illegal domain name, adding character strings into the counterfeited legal domain name, thereby realizing the counterfeited legal domain name. Therefore, in the present application, at least one additional character string, such as "_", "0-" or the like, is previously configured. The additional character string may be a prefix character string, a suffix character string, or the like. For example, the following table may represent preconfigured additional strings:
prefix character string Suffix character string
my,my- 0 to 1 numbers, -0, -1, -2
i,i- -on,on
blog,blog- -cn,-com
bank,bank- er
In the specific implementation process, aiming at each character string, adding a pre-configured additional character string into the character string; and determining the added character string as an approximate character string corresponding to the core character string.
The character string may be a core character string, or may be an approximate character string obtained based on at least one of the above manners, for example, an approximate character string obtained based on the first manner, an approximate character string obtained based on the first and second manners, and the like.
For example, the character string is www.nsfocus, and in the character string, the prefix character string my is added, and the character string corresponds to the approximate character string www.mynsfocus.
In an example, the at least two manners for generating the approximate character string may be combined with each other, for example, the manner one and the manner two may be simultaneously employed to generate the approximate character string, or the manner one, the manner two and the manner three may be simultaneously employed to generate the approximate character string, and the like, and either manner may continue to be expanded on the basis of the previously generated approximate character string, for example, on the basis of the approximate character string generated by the manner one, the manner two continues to generate the approximate character string, and then the manner three continues to generate the approximate character string, and the like.
In consideration of the fact that repeated approximate character strings may exist in the obtained approximate character strings based on the above embodiment, the similar character strings may be subjected to deduplication processing after the approximate character strings are obtained, and the similar character strings identical to the core character strings are deleted, so that storage space consumed by storing a large number of repeated approximate character strings is saved, and a calculation amount wasted by subsequently matching the core character strings with the repeated approximate character strings is saved.
Due to the fact that the domain name deformation rule is configured in advance, the core character string contained in the domain name to be protected can be converted according to the domain name deformation rule, so that the approximate character string corresponding to the core character string is obtained, the approximate domain name corresponding to the domain name to be protected is determined according to the obtained approximate character string, all the approximate domain names which can possibly imitate the domain name to be protected are obtained as far as possible, the approximate domain name corresponding to the domain name to be protected does not need to be obtained in a collection mode, and workload and cost for obtaining the approximate domain name corresponding to the domain name to be protected are greatly reduced.
Example 2:
the domain name generation method provided by the present application is explained below by a specific embodiment, and fig. 2 is a schematic diagram of a specific domain name generation process provided by the embodiment of the present application, where the process includes:
s201: and acquiring the domain name to be protected.
S202: and dividing the domain name to be protected into a plurality of sections of character strings according to a preset dividing mode.
S203: and determining each target character string of the non-top-level domain name in the multi-segment character string.
S204: and matching each target character string with the stored general character strings, and determining the target character strings without the matched general character strings in the target character strings as core character strings.
S205: and acquiring an approximate character string corresponding to the core character string according to a preset domain name deformation rule.
In one example, the approximate character string is generated through a preset domain name deformation rule in at least one of the following ways:
in a first mode, aiming at each stored core character string, each character contained in the core character string is reordered, and all permutation and combination are determined; wherein, the core character string is used for identifying a legal domain name; and determining at least one approximate character string corresponding to the core character string according to all the permutation and combination.
Supposing that any core character string contains M characters, sequencing the M characters, and acquiring the corresponding character of the core character string
Figure BDA0003574580220000121
And (4) permutation and combination. Wherein, all the obtained sequencing combinations contain B repeated sequencing combinations, and at least one approximate character string corresponding to the core character string has
Figure BDA0003574580220000122
And (4) respectively.
Determining, for each character string, a replacement character corresponding to each character included in the character string according to a preset correspondence between the character and the replacement character; wherein the character string comprises one or more of: the core character string and at least one approximate character string corresponding to the core character string; combining the replacement characters corresponding to each character according to the sequence of each character in the character string; and determining at least one approximate character string corresponding to the character string according to each combination.
Still taking the above as an example, the first mode can obtain
Figure BDA0003574580220000123
A character string for
Figure BDA0003574580220000124
And (4) further processing the character strings by adopting a second mode. Assuming that any character string contains M characters, determining the replacement characters corresponding to the M characters respectively, wherein each character corresponds to C replacement characters respectively. According to the sequence of the M characters in the character string, combining the replacement characters corresponding to the M characters respectively, and then obtaining the L corresponding to the character stringKAnd (4) combining the two. By the second mode, Z approximate character strings can be acquired.
Wherein Z can be determined by the following formula:
Figure BDA0003574580220000125
LK=C1K×C2K×C3K×…×CMK
wherein Z represents the total number of the obtained approximate character strings, CMRepresents a replacement character, L, corresponding to the Mth character contained in the Kth character stringKIndicating the kth string.
Adding a pre-configured additional character string to each currently acquired character string in a mode III; and determining an approximate character string corresponding to the character string according to the added character string.
The character string may be a core character string, or may be an approximate character string obtained based on at least one of the above manners, for example, an approximate character string obtained based on the first manner, an approximate character string obtained based on the first and second manners, and the like.
By taking the above as an example, assuming that each character string corresponds to S approximate character strings, Z × S-1 approximate character strings can be obtained on the basis of the character strings obtained in the second mode, so that a large number of approximate character strings, that is, a large number of character strings of the illegal domain name, can be obtained.
In an example, the at least two manners for generating the approximate character string may be combined with each other, for example, the manner one and the manner two may be simultaneously employed to generate the approximate character string, or the manner one, the manner two and the manner three may be simultaneously employed to generate the approximate character string, and the like, and either manner may continue to be expanded on the basis of the previously generated approximate character string, for example, on the basis of the approximate character string generated by the manner one, the manner two continues to generate the approximate character string, and then the manner three continues to generate the approximate character string, and the like.
S206: and carrying out duplicate removal processing on the obtained approximate character string, and deleting the approximate character string which is the same as the core character string.
Example 3:
the present application provides a domain name identification method, and fig. 3 is a schematic diagram of a domain name identification process provided in an embodiment of the present application, where the process includes:
s301: acquiring a core character string contained in a domain name to be detected; and the core character string is used for uniquely identifying the domain name to be detected.
The domain name identification method provided by the embodiment of the application is applied to electronic equipment (for convenience of description, referred to as domain name identification equipment), and the domain name identification equipment can be intelligent equipment such as a mobile terminal, a computer and the like, and can also be a server, such as an application server and the like.
The domain name identifying device may be the same as or different from the domain name generating device described above.
It should be noted that the process of acquiring the core character string included in the domain name to be detected is the same as the process of acquiring the core character string included in the domain name to be protected, and repeated parts are not described in detail.
S302: matching the core character string with a pre-stored approximate character string; the approximate character string is generated through a preset domain name deformation rule.
It should be noted that the method for obtaining the approximate character string has been described in the above embodiments, and details are not described here.
S303: and if the matched approximate character string exists, determining that the domain name to be detected is the illegal domain name.
S304: and if the matched approximate character string does not exist, determining the domain name to be detected as the compliant domain name.
In a possible application scenario, after the approximate character string is acquired based on the above embodiment, the acquired approximate character string may be used in a scenario of illegal domain name identification. Illustratively, after the domain name to be detected is acquired, the core character string included in the domain name to be detected is determined. And then matching the core character string with each stored approximate character string so as to determine whether the domain name to be protected is an illegal domain name.
Specifically, for each approximate character string, the similarity between the approximate character string and the core character string may be determined, and if it is determined that the similarity is greater than a preset similarity threshold, it is determined that the core character string is similar to the approximate character string, that is, it is determined that there is a matched approximate character string in the core character string. If the similarity is not larger than the preset similarity threshold, determining that the core character string is not similar to the approximate character string, namely determining that the core character string is not matched with the approximate character string.
The similarity can be expressed in a cosine similarity, a cosine distance, an euclidean distance, and the like.
And when the core character string is determined to have the matched approximate character string, determining that the domain name to be detected is the illegal domain name. And when the core character string is determined not to be matched with each approximate character string, namely, no approximate character string matched with the core character string exists, determining that the domain name to be detected is a compliant domain name.
In one example, after it is determined that there is no approximate character string matching the core character string, prompt information for performing manual review on the approximate character string may be output, so as to prevent the user from accessing the illegal domain name as much as possible, thereby affecting the property security of the user.
Example 4:
the domain name identification method provided by the present application is explained below by a specific embodiment, and fig. 4 is a schematic diagram of a specific domain name identification process provided by the embodiment of the present application, where the process includes:
s401: and generating an approximate character string based on a preset rule for generating the illegal domain name.
S402: and acquiring the domain name to be detected.
S403: and dividing the domain name to be detected into a plurality of sections of character strings according to a preset dividing mode.
S404: each target string of the non-top domain name in the plurality of strings is determined.
S405: and matching each target character string with the stored general character strings, and determining the target character strings without the matched general character strings in the target character strings as core character strings.
S406: matching the core character string with each stored approximate character string, and judging whether the matched approximate character string exists, if so, executing S407, otherwise, executing S408.
In one example, whether there is an approximate character string matching the core character string may be determined by whether a similarity between the core character string and each of the approximate character strings is greater than a preset threshold.
S407: and determining the domain name to be detected as the illegal domain name.
S408: and determining the domain name to be detected as a compliant domain name.
Example 5:
the present application provides a domain name generation device, and fig. 5 is a schematic structural diagram of a domain name generation device provided in an embodiment of the present application, where the domain name generation device includes:
an obtaining module 51, configured to obtain a core character string included in a domain name to be protected; the core character string is used for uniquely identifying the domain name to be protected;
the processing module 52 is configured to obtain an approximate character string corresponding to the core character string according to a preset domain name deformation rule; and the domain name deformation rule is used for converting characters contained in the core character string.
In some possible embodiments, the obtaining module 51 is specifically configured to divide the domain name to be protected into a plurality of segments of character strings according to a preset dividing manner; determining each target character string of the non-top-level domain name in the multiple sections of character strings; matching each target character string with a stored general character string; and determining the target character string without the matched universal character string in the target character string as the core character string.
In some possible embodiments, the processing module 52 is specifically configured to reorder each character included in the core string, and determine all permutation combinations; and determining all the permutation and combination as the approximate character string corresponding to the core character string.
In some possible embodiments, the processing module 52 is specifically configured to, for each character string, determine, according to a preset correspondence between characters and replacement characters, a replacement character corresponding to each character included in the character string; wherein the string comprises one or more of: the core character string and an approximate character string corresponding to the core character string; according to the replacement character corresponding to each character, at least one replacement character string corresponding to the character string is obtained; the replacement character string is obtained by replacing at least one character contained in the character string; and determining the at least one replacing character string as an approximate character string corresponding to the core character string.
In some possible embodiments, the processing module 52 is specifically configured to add, for each character string, a pre-configured additional character string to the first character string; wherein the string comprises one or more of: the core character string and an approximate character string corresponding to the core character string; and determining the added character string as an approximate character string corresponding to the core character string.
In some possible embodiments, the processing module 52 is further configured to perform deduplication processing on an approximate character string corresponding to the core character string.
Due to the fact that the domain name deformation rule is configured in advance, the core character string contained in the domain name to be protected can be converted according to the domain name deformation rule, so that the approximate character string corresponding to the core character string is obtained, the approximate domain name corresponding to the domain name to be protected is determined according to the obtained approximate character string, all the approximate domain names which can possibly imitate the domain name to be protected are obtained as far as possible, the approximate domain name corresponding to the domain name to be protected does not need to be obtained in a collection mode, and workload and cost for obtaining the approximate domain name corresponding to the domain name to be protected are greatly reduced.
Example 6:
the present application provides a domain name recognition apparatus, and fig. 6 is a schematic structural diagram of a domain name recognition apparatus provided in an embodiment of the present application, where the apparatus includes:
an obtaining unit 61, configured to obtain a core character string included in a domain name to be detected; the core character string is used for uniquely identifying the domain name to be detected;
a matching unit 62, configured to match the core character string with a pre-stored approximate character string; the approximate character string is generated through a preset domain name deformation rule;
a determining unit 63, configured to determine that the domain name to be detected is the illegal domain name if the matching unit 32 determines that the matched approximate character string exists; if the matching unit 32 determines that there is no matched approximate character string, it determines that the domain name to be detected is a compliant domain name.
Example 7:
fig. 7 is a schematic structural diagram of an electronic device provided in an embodiment of the present application, and on the basis of the foregoing embodiments, an embodiment of the present application further provides an electronic device, as shown in fig. 7, including: the system comprises a processor 71, a communication interface 72, a memory 73 and a communication bus 74, wherein the processor 71, the communication interface 72 and the memory 73 are communicated with each other through the communication bus 74;
the memory 73 has stored therein a computer program which, when executed by the processor 71, causes the processor 71 to perform the steps of:
acquiring a core character string contained in a domain name to be protected; the core character string is used for uniquely identifying the domain name to be protected;
acquiring an approximate character string corresponding to the core character string according to a preset domain name deformation rule; and the domain name deformation rule is used for converting characters contained in the core character string.
Because the principle of the electronic device for solving the problem is similar to the domain name generation method, the implementation of the electronic device may refer to embodiment 1-2 of the method, and repeated details are not described herein.
Example 8:
fig. 8 is a schematic structural diagram of another electronic device provided in the embodiment of the present application, and on the basis of the foregoing embodiments, an embodiment of the present application further provides an electronic device, as shown in fig. 8, including: the system comprises a processor 81, a communication interface 82, a memory 83 and a communication bus 84, wherein the processor 81, the communication interface 82 and the memory 83 are communicated with each other through the communication bus 84;
the memory 83 has stored therein a computer program which, when executed by the processor 81, causes the processor 81 to perform the steps of:
acquiring a core character string contained in a domain name to be detected; the core character string is used for uniquely identifying the domain name to be detected;
matching the core character string with a pre-stored approximate character string; the approximate character string is generated through a preset domain name deformation rule;
if the matched approximate character string exists, determining that the domain name to be detected is the illegal domain name;
and if the matched approximate character string does not exist, determining the domain name to be detected as the compliant domain name.
Since the principle of solving the problem of the electronic device is similar to that of the domain name recognition method, the implementation of the electronic device may refer to embodiment 3-4 of the method, and the repeated parts are not described again.
The communication bus mentioned in the electronic device may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this is not intended to represent only one bus or type of bus.
The communication interface 82 is used for communication between the above-described electronic apparatus and other apparatuses.
The Memory may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. Alternatively, the memory may be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, including a central processing unit, a Network Processor (NP), and the like; but may also be a Digital instruction processor (DSP), an application specific integrated circuit, a field programmable gate array or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or the like.
Example 9:
on the basis of the foregoing embodiments, the present application further provides a computer-readable storage medium, in which a computer program executable by a processor is stored, and when the program runs on the processor, the processor is caused to execute the following steps:
acquiring a core character string contained in a domain name to be protected; the core character string is used for uniquely identifying the domain name to be protected;
acquiring an approximate character string corresponding to the core character string according to a preset domain name deformation rule; and the domain name deformation rule is used for converting characters contained in the core character string.
Because the principle of solving the problem of the computer-readable storage medium is similar to the domain name generation method, the implementation of the computer-readable storage medium can be referred to in embodiment 1-2 of the method, and repeated details are not repeated.
Example 10:
on the basis of the foregoing embodiments, an embodiment of the present application further provides a computer-readable storage medium, in which a computer program executable by a processor is stored, and when the program runs on the processor, the processor is caused to execute the following steps:
acquiring a core character string contained in a domain name to be detected; the core character string is used for uniquely identifying the domain name to be detected;
matching the core character string with a pre-stored approximate character string; the approximate character string is generated through a preset domain name deformation rule;
if the matched approximate character string exists, determining that the domain name to be detected is the illegal domain name;
and if the matched approximate character string does not exist, determining the domain name to be detected as the compliant domain name.
Since the principle of solving the problem of the computer-readable storage medium is similar to that of the domain name identification method, the implementation of the computer-readable storage medium can be referred to in embodiment 3-4 of the method, and the repeated parts are not described again.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims (11)

1. A method for generating a domain name, the method further comprising:
acquiring a core character string contained in a domain name to be protected; the core character string is used for uniquely identifying the domain name to be protected;
acquiring an approximate character string corresponding to the core character string according to a preset domain name deformation rule; and the domain name deformation rule is used for converting characters contained in the core character string.
2. The method according to claim 1, wherein the obtaining of the core character string included in the domain name to be protected includes:
dividing the domain name to be protected into a plurality of sections of character strings according to a preset dividing mode;
determining each target character string of the non-top-level domain name in the multi-segment character strings;
matching each target character string with a stored general character string;
and determining the target character string without the matched universal character string in the target character string as the core character string.
3. The method according to claim 1, wherein the obtaining of the approximate character string corresponding to the core character string through a preset domain name distortion rule includes:
reordering each character contained in the core character string, and determining all permutation and combination;
and determining all the permutation combinations as approximate character strings corresponding to the core character strings.
4. The method according to claim 3, wherein the obtaining of the approximate character string corresponding to the core character string according to a preset domain name distortion rule includes:
aiming at each character string, determining a replacement character corresponding to each character contained in the character string according to a corresponding relation between the characters and the replacement characters configured in advance; wherein the string comprises one or more of: the core character string and an approximate character string corresponding to the core character string; according to the replacement character corresponding to each character, at least one replacement character string corresponding to the character string is obtained; the replacement character string is obtained by replacing at least one character contained in the character string; and determining the at least one replacing character string as an approximate character string corresponding to the core character string.
5. The method according to claim 3, wherein the obtaining of the approximate character string corresponding to the core character string according to a preset domain name distortion rule includes:
adding a pre-configured additional character string to the first character string for each character string; wherein the string comprises one or more of: the core character string and an approximate character string corresponding to the core character string; and determining the added character string as an approximate character string corresponding to the core character string.
6. The method of claim 1, further comprising:
and carrying out deduplication processing on the approximate character string corresponding to the core character string, and deleting the approximate character string same as the core character string.
7. A method for domain name recognition, the method comprising:
acquiring a core character string contained in a domain name to be detected; the core character string is used for uniquely identifying the domain name to be detected;
matching the core character string with a pre-stored approximate character string; the approximate character string is generated through a preset domain name deformation rule;
if the matched approximate character string exists, determining that the domain name to be detected is the illegal domain name;
and if the matched approximate character string does not exist, determining that the domain name to be detected is a compliant domain name.
8. A domain name generation apparatus, the apparatus comprising:
the acquisition module is used for acquiring a core character string contained in the domain name to be protected; the core character string is used for uniquely identifying the domain name to be protected;
the processing module is used for acquiring an approximate character string corresponding to the core character string through a preset domain name deformation rule; and the domain name deformation rule is used for converting characters contained in the core character string.
9. A domain name recognition apparatus, the apparatus comprising:
the acquisition unit is used for acquiring a core character string contained in the domain name to be detected; the core character string is used for uniquely identifying the domain name to be detected;
the matching unit is used for matching the core character string with a pre-stored approximate character string; the approximate character string is generated through a preset domain name deformation rule;
the determining unit is used for determining the domain name to be detected as the illegal domain name if the matching unit determines that the matched approximate character string exists; and if the matching unit determines that no matched approximate character string exists, determining that the domain name to be detected is a compliant domain name.
10. An electronic device, characterized in that the electronic device comprises at least a processor and a memory, the processor being configured to implement the steps of the domain name generation method according to any of claims 1-6, or the steps of the domain name recognition method according to claim 7, when executing a computer program stored in the memory.
11. A computer-readable storage medium, characterized in that it stores a computer program which, when being executed by a processor, carries out the steps of the domain name generation method according to any one of claims 1 to 6, or carries out the steps of the domain name identification method according to claim 7.
CN202210336645.7A 2022-03-31 2022-03-31 Domain name generation and identification method, device, equipment and medium Pending CN114710468A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210336645.7A CN114710468A (en) 2022-03-31 2022-03-31 Domain name generation and identification method, device, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210336645.7A CN114710468A (en) 2022-03-31 2022-03-31 Domain name generation and identification method, device, equipment and medium

Publications (1)

Publication Number Publication Date
CN114710468A true CN114710468A (en) 2022-07-05

Family

ID=82170898

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210336645.7A Pending CN114710468A (en) 2022-03-31 2022-03-31 Domain name generation and identification method, device, equipment and medium

Country Status (1)

Country Link
CN (1) CN114710468A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116743483A (en) * 2023-07-14 2023-09-12 上海斗象信息科技有限公司 Subdomain name generating method, subdomain name naming rule learning method and device

Citations (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080092242A1 (en) * 2006-10-16 2008-04-17 Red Hat, Inc. Method and system for determining a probability of entry of a counterfeit domain in a browser
CN102611691A (en) * 2012-01-12 2012-07-25 深信服网络科技(深圳)有限公司 Method, system and gateway device for detecting phishing websites
CN102801709A (en) * 2012-06-28 2012-11-28 北京奇虎科技有限公司 Phishing website identification system and method
CN102882987A (en) * 2011-07-12 2013-01-16 阿里巴巴集团控股有限公司 Domain filter list storing and matching method and device
US20140283106A1 (en) * 2013-03-14 2014-09-18 Donuts Inc. Domain protected marks list based techniques for managing domain name registrations
CN104113539A (en) * 2014-07-11 2014-10-22 哈尔滨工业大学(威海) Phishing website engine detection method and device
CN104580092A (en) * 2013-10-21 2015-04-29 航天信息股份有限公司 Method and device for conducting security detection on network page
US20150326530A1 (en) * 2014-05-12 2015-11-12 Michael C. Wood Firewall Security for Computers with Internet Access and Method
CN105138912A (en) * 2015-09-25 2015-12-09 北京奇虎科技有限公司 Method and device for generating phishing website detection rules automatically
US20150358276A1 (en) * 2014-05-28 2015-12-10 International Business Machines Corporation Method, apparatus and system for resolving domain names in network
CN106330811A (en) * 2015-06-15 2017-01-11 中兴通讯股份有限公司 Domain name credibility determination method and device
CN108712403A (en) * 2018-05-04 2018-10-26 哈尔滨工业大学(威海) The illegal domain name method for digging of similitude is constructed based on domain name
CN108768982A (en) * 2018-05-17 2018-11-06 江苏通付盾信息安全技术有限公司 Detection method, device, computing device and the computer storage media of fishing website
CN110781876A (en) * 2019-10-15 2020-02-11 北京工业大学 Visual feature-based counterfeit domain name lightweight detection method and system
CN110858852A (en) * 2018-08-23 2020-03-03 北京国双科技有限公司 Method and device for acquiring registered domain name
CN111683089A (en) * 2020-06-08 2020-09-18 绿盟科技集团股份有限公司 Method, server, medium and computer equipment for identifying phishing website
CN111698256A (en) * 2020-06-17 2020-09-22 绿盟科技集团股份有限公司 Method and device for detecting illegal link
CN112492059A (en) * 2020-11-17 2021-03-12 国家计算机网络与信息安全管理中心 DGA domain name detection model training method, DGA domain name detection device and storage medium
CN112507176A (en) * 2020-12-03 2021-03-16 平安科技(深圳)有限公司 Automatic determination method and device for domain name infringement, electronic equipment and storage medium
US20210203676A1 (en) * 2019-12-27 2021-07-01 Arbor Networks, Inc. Detecting phishing attacks on a network
CN113630399A (en) * 2021-07-28 2021-11-09 上海纽盾网安科技有限公司 Anti-phishing method, device and system based on gateway
CN113807087A (en) * 2020-06-16 2021-12-17 中国电信股份有限公司 Website domain name similarity detection method and device
CN114254069A (en) * 2020-09-22 2022-03-29 中国电信股份有限公司 Domain name similarity detection method and device and storage medium

Patent Citations (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080092242A1 (en) * 2006-10-16 2008-04-17 Red Hat, Inc. Method and system for determining a probability of entry of a counterfeit domain in a browser
CN102882987A (en) * 2011-07-12 2013-01-16 阿里巴巴集团控股有限公司 Domain filter list storing and matching method and device
CN102611691A (en) * 2012-01-12 2012-07-25 深信服网络科技(深圳)有限公司 Method, system and gateway device for detecting phishing websites
CN102801709A (en) * 2012-06-28 2012-11-28 北京奇虎科技有限公司 Phishing website identification system and method
US20140283106A1 (en) * 2013-03-14 2014-09-18 Donuts Inc. Domain protected marks list based techniques for managing domain name registrations
CN104580092A (en) * 2013-10-21 2015-04-29 航天信息股份有限公司 Method and device for conducting security detection on network page
US20150326530A1 (en) * 2014-05-12 2015-11-12 Michael C. Wood Firewall Security for Computers with Internet Access and Method
US20150358276A1 (en) * 2014-05-28 2015-12-10 International Business Machines Corporation Method, apparatus and system for resolving domain names in network
CN104113539A (en) * 2014-07-11 2014-10-22 哈尔滨工业大学(威海) Phishing website engine detection method and device
CN106330811A (en) * 2015-06-15 2017-01-11 中兴通讯股份有限公司 Domain name credibility determination method and device
CN105138912A (en) * 2015-09-25 2015-12-09 北京奇虎科技有限公司 Method and device for generating phishing website detection rules automatically
CN108712403A (en) * 2018-05-04 2018-10-26 哈尔滨工业大学(威海) The illegal domain name method for digging of similitude is constructed based on domain name
CN108768982A (en) * 2018-05-17 2018-11-06 江苏通付盾信息安全技术有限公司 Detection method, device, computing device and the computer storage media of fishing website
CN110858852A (en) * 2018-08-23 2020-03-03 北京国双科技有限公司 Method and device for acquiring registered domain name
CN110781876A (en) * 2019-10-15 2020-02-11 北京工业大学 Visual feature-based counterfeit domain name lightweight detection method and system
US20210203676A1 (en) * 2019-12-27 2021-07-01 Arbor Networks, Inc. Detecting phishing attacks on a network
CN111683089A (en) * 2020-06-08 2020-09-18 绿盟科技集团股份有限公司 Method, server, medium and computer equipment for identifying phishing website
CN113807087A (en) * 2020-06-16 2021-12-17 中国电信股份有限公司 Website domain name similarity detection method and device
CN111698256A (en) * 2020-06-17 2020-09-22 绿盟科技集团股份有限公司 Method and device for detecting illegal link
CN114254069A (en) * 2020-09-22 2022-03-29 中国电信股份有限公司 Domain name similarity detection method and device and storage medium
CN112492059A (en) * 2020-11-17 2021-03-12 国家计算机网络与信息安全管理中心 DGA domain name detection model training method, DGA domain name detection device and storage medium
CN112507176A (en) * 2020-12-03 2021-03-16 平安科技(深圳)有限公司 Automatic determination method and device for domain name infringement, electronic equipment and storage medium
CN113630399A (en) * 2021-07-28 2021-11-09 上海纽盾网安科技有限公司 Anti-phishing method, device and system based on gateway

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
朱怡;宁振虎;周艺华;: "基于视觉特征的仿冒域名轻量级检测技术", 计算机应用, no. 08, 10 August 2020 (2020-08-10) *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116743483A (en) * 2023-07-14 2023-09-12 上海斗象信息科技有限公司 Subdomain name generating method, subdomain name naming rule learning method and device
CN116743483B (en) * 2023-07-14 2024-04-16 上海斗象信息科技有限公司 Subdomain name generating method, subdomain name naming rule learning method and device

Similar Documents

Publication Publication Date Title
CN110099059B (en) Domain name identification method and device and storage medium
CN108092963B (en) Webpage identification method and device, computer equipment and storage medium
AU2014240202B2 (en) Dynamic tokenization with multiple token tables
WO2015051720A1 (en) Method and device for detecting suspicious dns, and method and system for processing suspicious dns
CN103546446B (en) Phishing website detection method, device and terminal
CN110489466B (en) Method and device for generating invitation code, terminal equipment and storage medium
US10614250B2 (en) Systems and methods for detecting and remedying theft of data
CN108881230B (en) Secure transmission method and device for government affair big data
CN110781952A (en) Image identification risk prompting method, device, equipment and storage medium
CN109977684A (en) A kind of data transmission method, device and terminal device
CN116366338B (en) Risk website identification method and device, computer equipment and storage medium
US8910281B1 (en) Identifying malware sources using phishing kit templates
CN107342866A (en) Electronic document verification method, equipment and system
CN104954329A (en) Method and apparatus for processing biological characteristic information
CN114710468A (en) Domain name generation and identification method, device, equipment and medium
CN108234454A (en) A kind of identity identifying method, server and client device
CN112765502B (en) Malicious access detection method, device, electronic equipment and storage medium
CN108090364B (en) Method and system for positioning data leakage source
CN116055067B (en) Weak password detection method, device, electronic equipment and medium
CN112380537A (en) Method, device, storage medium and electronic equipment for detecting malicious software
CN113032821A (en) Data desensitization method and device, electronic equipment and readable storage medium
CN109672678B (en) Phishing website identification method and device
CN110728585A (en) Authority guaranteeing method, device, equipment and storage medium
CN108241732B (en) Electronic device, information processing method, and storage medium
CN110059081A (en) Data output method, device and the computer equipment shown based on data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination