CN115378695A - Method and device for detecting cloned web page - Google Patents
Method and device for detecting cloned web page Download PDFInfo
- Publication number
- CN115378695A CN115378695A CN202210998378.XA CN202210998378A CN115378695A CN 115378695 A CN115378695 A CN 115378695A CN 202210998378 A CN202210998378 A CN 202210998378A CN 115378695 A CN115378695 A CN 115378695A
- Authority
- CN
- China
- Prior art keywords
- code
- detection
- webpage
- target
- source code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 38
- 238000001514 detection method Methods 0.000 claims abstract description 212
- 230000006870 function Effects 0.000 claims description 15
- 238000004590 computer program Methods 0.000 claims description 14
- 238000010586 diagram Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 238000010367 cloning Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000001788 irregular Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention provides a method and a device for detecting a cloned webpage, wherein the method comprises the following steps: determining target detection characteristics corresponding to source codes of target webpages; generating a detection code according to the target detection feature; adding the detection code into the source code of the target webpage so that when a user terminal reads the source code of the webpage before loading the webpage, if the read source code contains the detection code, the detection code is executed; wherein the detection code, when executed, is to: and comparing the detection characteristics of the current source code with the target detection characteristics, and determining whether the webpage is a clone webpage according to the comparison result. According to the scheme, only the detection code needs to be added in the source code of the original webpage, the cost is low, and the detection accuracy rate is high.
Description
Technical Field
The embodiment of the invention relates to the technical field of network security, in particular to a method and a device for detecting a cloned webpage.
Background
The common internet fraud mode is that a clone webpage is manufactured by copying and copying a website page of another person, a user is tricked to log in the clone webpage when accessing a target website, and after operation is performed on the clone webpage, relevant information of the user is leaked.
In the prior art, the detection modes of the cloned web page include URL feature detection, blacklist matching, machine learning and other detection modes. But has the defects of high rate of missing report, low detection success rate, high cost and the like.
Disclosure of Invention
Based on the above problems, embodiments of the present invention provide a method and an apparatus for detecting a cloned web page.
In a first aspect, an embodiment of the present invention provides a method for detecting a cloned web page, including:
determining target detection characteristics corresponding to source codes of target webpages;
generating a detection code according to the target detection characteristics;
adding the detection code into the source code of the target webpage so that when a user terminal reads the source code of the webpage before loading the webpage, if the read source code contains the detection code, the detection code is executed;
wherein the detection code, when executed, is to: and comparing the detection characteristics of the current source code with the target detection characteristics, and determining whether the webpage is a clone webpage according to the comparison result.
In a possible implementation manner, the determining a target detection feature corresponding to a source code of a target web page includes:
and determining the hash value of the source code of the target webpage as the target detection feature.
In a possible implementation manner, the determining a target detection feature corresponding to a source code of a target web page includes:
determining a code part which is modified when a webpage clone is carried out based on a source code of the webpage;
determining the target detection characteristic from the portion of code to be modified.
In one possible implementation, the code portion to be modified includes a load address of page content;
the determining the target detection characteristic according to the code portion to be modified includes: and determining a loading address of page content included in the source code of the target webpage as the target detection feature.
In one possible implementation, the generating a detection code according to the target detection feature includes:
and adding the target detection characteristics to the specified position of a preset function code to obtain a detection code.
In one possible implementation, the method further includes:
and comprehensively encrypting the detection code so as to add the comprehensively encrypted detection code into the source code corresponding to the target webpage.
In a possible implementation manner, the determining whether the web page is a clone web page according to the comparison result includes: if the comparison result is that the detection characteristics of the current source code are different from the target detection characteristics, determining that the webpage is a clone webpage;
and/or the presence of a gas in the gas,
further comprising: and when the webpage is determined to be the clone webpage, prompting the user.
In a second aspect, an embodiment of the present invention further provides a cloned web page detection apparatus, including:
the characteristic determining unit is used for determining target detection characteristics corresponding to the source codes of the target web pages;
a code generating unit for generating a detection code according to the target detection feature;
a code updating unit, configured to add the detection code into the source code of the target webpage, so that when a user reads the source code of the webpage before loading the webpage, if the read source code includes the detection code, the detection code is executed;
wherein the detection code, when executed, is to: and comparing the detection characteristics of the current source code with the target detection characteristics, and determining whether the webpage is a clone webpage according to the comparison result.
In a third aspect, an embodiment of the present invention further provides an electronic device, which includes a memory and a processor, where the memory stores a computer program, and when the processor executes the computer program, the processor implements the method described in any embodiment of this specification.
In a fourth aspect, the present invention further provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed in a computer, the computer program causes the computer to execute the method described in any embodiment of the present specification.
The embodiment of the invention provides a method and a device for detecting a cloned webpage, wherein a detection code is generated based on a target detection characteristic corresponding to a source code of a target webpage, the detection code is added into the source code of the target webpage, a user side needs to read the source code of the webpage before loading the webpage, if the read source code comprises the detection code, the detection code is executed, the detection code is used for comparing the detection characteristic of the current source code to the target detection characteristic, and whether the webpage loaded by the user side is the cloned webpage or not can be determined according to a comparison result. According to the scheme, only the detection code needs to be added in the source code of the original webpage, so that the cost is low, and the detection accuracy rate is high.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a flowchart of a method for detecting a cloned web page according to an embodiment of the present invention;
fig. 2 is a hardware architecture diagram of an electronic device according to an embodiment of the present invention;
fig. 3 is a structural diagram of a cloned web page detection apparatus according to an embodiment of the present invention;
FIG. 4 is a block diagram of another apparatus for detecting cloned web pages according to an embodiment of the present invention;
fig. 5 is a structural diagram of another cloned web page detection apparatus according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer and more complete, the technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention, and based on the embodiments of the present invention, all other embodiments obtained by a person of ordinary skill in the art without creative efforts belong to the scope of the present invention.
Based on the aforementioned shortcomings of the conventional method for detecting cloned web pages, it is necessary to provide a new idea for detecting cloned web pages.
When the cloned webpage is used for imitating and copying the webpage of other websites, the imitation and copying are generally realized based on the source code of the cloned webpage, and the webpage content of the cloned webpage is the same as or similar to the cloned webpage by copying the source code and replacing the website of the webpage content loading server in the source code with the server website built by the cloned website.
Based on this, the inventive concept of the present invention lies in: considering that when a user accesses a certain webpage, the source code of the webpage is read before the page content of the webpage is loaded, therefore, the detection code can be added into the source code of the cloned webpage, the detection code comprises the detection feature corresponding to the source code, when the user reads the source code of the webpage, the detection code can be read and executed, and the detection of the cloned webpage is realized by using the detection code.
Specific implementations of the above concepts are described below.
Referring to fig. 1, an embodiment of the present invention provides a method for detecting a cloned web page, including:
102, generating a detection code according to the target detection characteristics;
wherein the detection code, when executed, is to: and comparing the detection characteristics of the current source code with the target detection characteristics, and determining whether the webpage is a clone webpage or not according to a comparison result.
The method can be executed by a source code generating end of a webpage, and can also be executed by other service ends after generating detection codes for the client webpages providing services in a one-to-one correspondence manner, the detection codes are sent to clients, and the clients add the detection codes into the source codes in a one-to-one correspondence manner.
In the embodiment of the invention, a detection code is generated based on the target detection feature of the source code corresponding to the target webpage, the detection code is added into the source code corresponding to the target webpage, the source code corresponding to the webpage needs to be read before the webpage is loaded by the user side, if the read source code contains the detection code, the detection code is executed, the detection code is used for comparing the detection feature of the current source code to the target detection feature, and whether the webpage loaded by the user side is the clone webpage can be determined according to the comparison result. According to the scheme, only the detection code needs to be added in the source code of the original webpage, so that the cost is low, and the detection accuracy rate is high.
The manner in which the various steps shown in fig. 1 are performed is described below.
First, in step 100, a target detection feature corresponding to a source code of a target web page is determined.
The source code of the web page refers to uncompiled text code or all source code files of a website, is a series of readable computer language instructions, and presents the page content of the web page after being translated by a browser or a server. Different web pages have source code that is not exactly the same, and therefore, the detection characteristics of the source code of different web pages are different.
In one implementation, the step may include: and determining the hash value of the source code corresponding to the target webpage as the target detection feature.
When the source codes are different, the calculated hash values are different, and the hash values are unique. If the target webpage is cloned, when the cloned webpage is generated based on the source code of the target webpage, part of the content of the source code is modified, and the hash value of the modified source code is changed, so that whether the source code is modified can be accurately determined by using the hash value as a detection feature, and whether the webpage is the cloned webpage can be determined.
In another implementation, the step may include: determining a code part which is modified when a webpage clone is carried out based on a source code of the webpage; determining the target detection characteristic from the portion of code to be modified.
As can also be known from the above description, when the clone web page is generated based on the source code of the target web page, a part of the content of the source code is modified, and thus the modified part of the content can be used as a detection feature for detecting whether the web page is cloned.
In the embodiment of the present invention, if the clone web page producer generates the clone web page by using the generation tool of the clone web page, corresponding features may be collected for a plurality of generation tools to determine the code portion modified by the generation tool for the source code of the cloned web page.
Generally, the principle of the generation tool is to input the source code of the cloned web page, and at least replace the loading address of the page content in the source code with the server address built by the cloned web site. Thus, it may be determined that the portion of code that is to be modified includes the load address of the page content.
Accordingly, determining the object detection feature from the portion of code to be modified includes: and determining a loading address of page content included in the source code of the target webpage as the target detection characteristic.
In the embodiment of the present invention, if the source code of the target web page includes the load addresses of the multiple page contents, the load address of any one or more page contents may be determined as the target detection feature.
Therefore, whether the webpage is the clone webpage or not can be detected by using the loading address of the page content as the detection characteristic.
Then, for step 102, a detection code is generated from the target detection feature.
In the embodiment of the present invention, the target detection feature needs to be compared as a comparison threshold, so that after the detection code is generated, the target detection feature is located in the detection code. For example, the target detection feature is located at a designated position of the detection code.
In one implementation, this step may include: and adding the target detection characteristics to the specified position of a preset function code to obtain a detection code.
The preset function code is a frame code for realizing a detection function, a code margin or a variable parameter is set at a specified position of the preset function code, and after the target detection feature is determined, the target detection feature can be added to the code margin or the variable parameter can be replaced to obtain a detection code. When generating corresponding detection codes for different webpages, the preset function codes can be used to improve the generation efficiency of the detection codes.
In one embodiment of the invention, the detection code may be implemented using a scripting language to better adapt the source code. The scripting language may preferably be JavaScript.
Finally, in step 104, the detection code is added to the source code of the target webpage, so that when the user reads the source code of the webpage before loading the webpage, if the read source code includes the detection code, the detection code is executed.
Since the detection code is added to the source code, it needs to be ensured that the detection code is not modified when cloning is performed based on the source code. Especially when the target detection feature is a load address of the page content, it needs to be ensured that the target detection feature in the detection code is not modified. For this purpose, in an embodiment of the present invention, the method further includes, before the step: and comprehensively encrypting the detection code. And then, when the step is executed, the detection code after comprehensive encryption is added into the source code of the target webpage.
The comprehensive encryption refers to multi-method mixed encryption, for example, a plurality of lines of JS codes are subjected to code compression to be changed into short codes, variables in the JS codes are subjected to irregular naming, chinese in the JS codes is converted into unicode or hexadecimal codes, the JS codes are converted into eval modes, and the like.
When the detection code is comprehensively encrypted, only the target detection characteristic can be comprehensively encrypted, part of the code including the target detection characteristic can be comprehensively encrypted, and the whole detection code can be comprehensively encrypted.
After the detection code is comprehensively encrypted, the target detection feature in the detection code can be hidden, so that the target detection feature is not modified after cloning. In addition, after the detection code is comprehensively encrypted, the function of the detection code can be hidden, so that a clone webpage maker cannot determine the execution significance of the part of the code.
In the embodiment of the present invention, the detection code may be configured to implement a detection function when executed, and specifically, the detection function includes: and comparing the detection characteristics of the current source code with the target detection characteristics, and determining whether the webpage is a clone webpage according to the comparison result.
The detection features of the current source code may be determined by the determination method in step 100, and the current source code is obtained first, then the detection features corresponding to the source codes except the detection code are determined, and finally the detection features are compared with the target detection features.
If the target detection characteristic is the loading address of the page content, the detection characteristic of the current source code can be determined in another mode: and receiving the page content sent by the loading server aiming at the current webpage, determining the loading address of the loading server, and comparing the address with the loading address in the target detection characteristic.
In this step, when determining whether the web page is a clone web page according to the comparison result, specifically, if the comparison result is that the detection feature of the current source code is different from the target detection feature, determining that the web page is a clone web page.
Further, when the webpage is determined to be a clone webpage, the user is prompted. The prompt may be a word such as "the web page is a clone web page, please determine whether to continue accessing".
By adding the detection code into the source code of the webpage, which is equivalent to adding a lock to the original webpage, when the user accesses the cloned webpage generated based on the source code of the original webpage, the judgment capability of the user on the cloned webpage can be effectively improved, and further the important data of the user is protected.
The scheme can be at least applied to website tamper prevention, website security detection and network service security systems, and prevents the website from being tampered, data leakage and the like caused by the attack of malicious attackers.
As shown in fig. 2 and fig. 3, an embodiment of the present invention provides a device for detecting a cloned web page. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. From a hardware level, as shown in fig. 2, a hardware architecture diagram of an electronic device where a cloned web page detection apparatus according to an embodiment of the present invention is located is provided, where the electronic device where the apparatus is located may generally include other hardware, such as a forwarding chip responsible for processing a packet, in addition to the processor, the memory, the network interface, and the nonvolatile memory shown in fig. 2. Taking a software implementation as an example, as shown in fig. 3, as a logical device, a CPU of the electronic device reads a corresponding computer program in the non-volatile memory into the memory for running. The embodiment provides a cloned web page detection device, which includes:
a feature determining unit 301, configured to determine a target detection feature corresponding to a source code of a target web page;
a code generation unit 302, configured to generate a detection code according to the target detection feature;
a code updating unit 303, configured to add the detection code into the source code of the target webpage, so that when the user reads the source code of the webpage before loading the webpage, if the read source code includes the detection code, the detection code is executed;
wherein the detection code, when executed, is to: and comparing the detection characteristics of the current source code with the target detection characteristics, and determining whether the webpage is a clone webpage according to the comparison result.
In an embodiment of the present invention, when determining the target detection feature corresponding to the source code of the target web page, the feature determining unit is specifically configured to: and determining the hash value of the source code of the target webpage as the target detection feature.
In an embodiment of the present invention, when determining the target detection feature corresponding to the source code of the target web page, the feature determining unit is specifically configured to: determining a code part which is modified when a webpage clone is carried out based on a source code of the webpage; determining the target detection characteristic from the portion of code to be modified.
In one embodiment of the invention, the code portion to be modified comprises a load address of the page content;
when determining the target detection feature according to the modified code portion, the feature determination unit is specifically configured to: and determining a loading address of page content included in the source code of the target webpage as the target detection feature.
In an embodiment of the present invention, when the code generation unit generates the detection code according to the target detection feature, the code generation unit is specifically configured to: and adding the target detection characteristics to the specified position of a preset function code to obtain a detection code.
In an embodiment of the present invention, referring to fig. 4, the apparatus for detecting a cloned web page further includes:
an encrypting unit 304, configured to perform comprehensive encryption on the detection code, so as to trigger the code updating unit to add the comprehensively encrypted detection code into the source code corresponding to the target web page.
In an embodiment of the present invention, the determining whether the web page is a clone web page according to the comparison result includes: and if the comparison result is that the detection characteristic of the current source code is different from the target detection characteristic, determining that the webpage is a clone webpage.
In an embodiment of the present invention, referring to fig. 5, the apparatus for detecting a cloned web page further includes:
the prompting unit 305 prompts the user when the web page is determined to be the clone web page.
It is to be understood that the schematic structure of the embodiment of the present invention does not form a specific limitation to a cloned web page detection apparatus. In other embodiments of the present invention, a cloned web page detection apparatus may include more or fewer components than shown, or combine certain components, or split certain components, or a different arrangement of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
For the information interaction, execution process and other contents between the modules in the above-mentioned apparatus, because the same concept is based on as the method embodiment of the present invention, specific contents can refer to the description in the method embodiment of the present invention, and are not described herein again.
The embodiment of the invention also provides electronic equipment which comprises a memory and a processor, wherein the memory stores a computer program, and the processor executes the computer program to realize the cloned webpage detection method in any embodiment of the invention.
An embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the computer program causes the processor to execute a method for detecting a cloned web page in any embodiment of the present invention.
Specifically, a system or an apparatus equipped with a storage medium on which software program codes that realize the functions of any of the above-described embodiments are stored may be provided, and a computer (or a CPU or MPU) of the system or the apparatus is caused to read out and execute the program codes stored in the storage medium.
In this case, the program code itself read from the storage medium can realize the functions of any of the above-described embodiments, and thus the program code and the storage medium storing the program code constitute a part of the present invention.
Examples of the storage medium for supplying the program code include a flexible disk, hard disk, magneto-optical disk, optical disk (e.g., CD-ROM, CD-R, CD-RW, DVD-ROM, DVD-RAM, DVD-RW, DVD + RW), magnetic tape, nonvolatile memory card, and ROM. Alternatively, the program code may be downloaded from a server computer by a communications network.
Further, it should be clear that the functions of any one of the above-described embodiments may be implemented not only by executing the program code read out by the computer, but also by causing an operating system or the like operating on the computer to perform a part or all of the actual operations based on instructions of the program code.
Further, it is to be understood that the program code read out from the storage medium is written to a memory provided in an expansion board inserted into the computer or to a memory provided in an expansion module connected to the computer, and then causes a CPU or the like mounted on the expansion board or the expansion module to perform part or all of the actual operations based on instructions of the program code, thereby realizing the functions of any of the above-described embodiments.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising a" \8230; "does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
Those of ordinary skill in the art will understand that: all or part of the steps for realizing the method embodiments can be completed by hardware related to program instructions, the program can be stored in a computer readable storage medium, and the program executes the steps comprising the method embodiments when executed; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, and not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. A method for detecting a cloned web page is characterized by comprising the following steps:
determining target detection characteristics corresponding to source codes of target webpages;
generating a detection code according to the target detection feature;
adding the detection code into the source code of the target webpage so that when a user terminal reads the source code of the webpage before loading the webpage, if the read source code contains the detection code, the detection code is executed;
wherein the detection code, when executed, is to: and comparing the detection characteristics of the current source code with the target detection characteristics, and determining whether the webpage is a clone webpage according to the comparison result.
2. The method of claim 1, wherein determining the target detection characteristic corresponding to the source code of the target webpage comprises:
and determining the hash value of the source code of the target webpage as the target detection feature.
3. The method of claim 1, wherein determining the target detection characteristic corresponding to the source code of the target webpage comprises:
determining a code part which is modified when a webpage clone is carried out based on a source code of a webpage;
determining the target detection characteristic from the portion of code to be modified.
4. The method of claim 3, wherein the portion of code to be modified comprises a load address of page content;
the determining the target detection characteristic according to the code portion to be modified includes: and determining a loading address of page content included in the source code of the target webpage as the target detection feature.
5. The method of claim 1, wherein generating a detection code based on the target detection feature comprises:
and adding the target detection characteristics to the specified position of a preset function code to obtain a detection code.
6. The method of claim 1, further comprising:
and comprehensively encrypting the detection code so as to add the comprehensively encrypted detection code into the source code corresponding to the target webpage.
7. The method according to any one of claims 1 to 6,
determining whether the webpage is a clone webpage according to the comparison result comprises the following steps: if the comparison result is that the detection characteristic of the current source code is different from the target detection characteristic, determining that the webpage is a clone webpage;
and/or the presence of a gas in the gas,
further comprising: and prompting the user when the webpage is determined to be the clone webpage.
8. A cloned web page detecting apparatus, comprising:
the characteristic determining unit is used for determining target detection characteristics corresponding to the source codes of the target web pages;
a code generation unit for generating a detection code according to the target detection feature;
a code updating unit, configured to add the detection code into the source code of the target web page, so that when a user reads the source code of the web page before loading the web page, if the read source code includes the detection code, the detection code is executed;
wherein the detection code, when executed, is to: and comparing the detection characteristics of the current source code with the target detection characteristics, and determining whether the webpage is a clone webpage or not according to a comparison result.
9. An electronic device comprising a memory having stored therein a computer program and a processor that, when executing the computer program, implements the method of any of claims 1-7.
10. A computer-readable storage medium, on which a computer program is stored which, when executed in a computer, causes the computer to carry out the method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210998378.XA CN115378695A (en) | 2022-08-19 | 2022-08-19 | Method and device for detecting cloned web page |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210998378.XA CN115378695A (en) | 2022-08-19 | 2022-08-19 | Method and device for detecting cloned web page |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115378695A true CN115378695A (en) | 2022-11-22 |
Family
ID=84065462
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210998378.XA Pending CN115378695A (en) | 2022-08-19 | 2022-08-19 | Method and device for detecting cloned web page |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115378695A (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109190412A (en) * | 2018-09-17 | 2019-01-11 | 杭州安恒信息技术股份有限公司 | The detection method and device of webpage tamper |
| CN109218332A (en) * | 2018-10-19 | 2019-01-15 | 杭州安恒信息技术股份有限公司 | One kind burying point type fishing website monitoring method |
| CN110851840A (en) * | 2019-11-13 | 2020-02-28 | 杭州安恒信息技术股份有限公司 | WEB backdoor detection method and device based on website vulnerability |
| CN111159775A (en) * | 2019-12-11 | 2020-05-15 | 中移(杭州)信息技术有限公司 | Webpage tampering detection method, system and device and computer readable storage medium |
| CN111556036A (en) * | 2020-04-20 | 2020-08-18 | 杭州安恒信息技术股份有限公司 | Detection method, device and equipment for phishing attack |
| CN112579155A (en) * | 2021-02-23 | 2021-03-30 | 北京北大软件工程股份有限公司 | Code similarity detection method and device and storage medium |
| CN113946366A (en) * | 2020-07-17 | 2022-01-18 | 华为技术有限公司 | Code analysis method, system and computing equipment |
| CN114357443A (en) * | 2021-12-13 | 2022-04-15 | 北京六方云信息技术有限公司 | Malicious code detection method, equipment and storage medium based on deep learning |
-
2022
- 2022-08-19 CN CN202210998378.XA patent/CN115378695A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109190412A (en) * | 2018-09-17 | 2019-01-11 | 杭州安恒信息技术股份有限公司 | The detection method and device of webpage tamper |
| CN109218332A (en) * | 2018-10-19 | 2019-01-15 | 杭州安恒信息技术股份有限公司 | One kind burying point type fishing website monitoring method |
| CN110851840A (en) * | 2019-11-13 | 2020-02-28 | 杭州安恒信息技术股份有限公司 | WEB backdoor detection method and device based on website vulnerability |
| CN111159775A (en) * | 2019-12-11 | 2020-05-15 | 中移(杭州)信息技术有限公司 | Webpage tampering detection method, system and device and computer readable storage medium |
| CN111556036A (en) * | 2020-04-20 | 2020-08-18 | 杭州安恒信息技术股份有限公司 | Detection method, device and equipment for phishing attack |
| CN113946366A (en) * | 2020-07-17 | 2022-01-18 | 华为技术有限公司 | Code analysis method, system and computing equipment |
| CN112579155A (en) * | 2021-02-23 | 2021-03-30 | 北京北大软件工程股份有限公司 | Code similarity detection method and device and storage medium |
| CN114357443A (en) * | 2021-12-13 | 2022-04-15 | 北京六方云信息技术有限公司 | Malicious code detection method, equipment and storage medium based on deep learning |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10021134B2 (en) | Methods and systems for phishing detection | |
| US9235586B2 (en) | Reputation checking obtained files | |
| US7673135B2 (en) | Request authentication token | |
| KR101001132B1 (en) | Method and System for Determining Vulnerability of Web Application | |
| US9152808B1 (en) | Adapting decoy data present in a network | |
| CN109376133B (en) | File access method and file access system | |
| US8650649B1 (en) | Systems and methods for determining whether to evaluate the trustworthiness of digitally signed files based on signer reputation | |
| CN104767719A (en) | Method and server for determining whether log-in terminal of website being mobile terminal or not | |
| CN103607385A (en) | Method and apparatus for security detection based on browser | |
| CN105635126A (en) | Malicious URL access protection method, client side, security server and system | |
| MXPA04002024A (en) | System for binding secrets to a computer system having tolerance for hardware changes. | |
| JP2016099857A (en) | Fraudulent program handling system and fraudulent program handling method | |
| CN115378695A (en) | Method and device for detecting cloned web page | |
| CN108462672A (en) | A kind of authentication protection method and system of reply network attack | |
| CN114401117A (en) | Account login verification system based on block chain | |
| CN112671765B (en) | Method and device for verifying validity of wireless network equipment | |
| US11481489B2 (en) | System and method for generating a representation of a web resource to detect malicious modifications of the web resource | |
| CN114003907A (en) | Malicious file detection method and device, computing equipment and storage medium | |
| CN115189938A (en) | Service safety protection method and device | |
| CN113051876A (en) | Malicious website identification method and device, storage medium and electronic equipment | |
| CN114640506B (en) | Vulnerability detection method, device, equipment and medium | |
| US11816213B2 (en) | System and method for improved protection against malicious code elements | |
| CN112437036B (en) | Data analysis method and equipment | |
| CN114168950B (en) | Method, device, equipment and product for repairing cross-site scripting attack vulnerability | |
| CN114844645B (en) | Data verification method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |