CN117278298A - Domain name detection method, device, equipment and storage medium based on artificial intelligence - Google Patents
Domain name detection method, device, equipment and storage medium based on artificial intelligence Download PDFInfo
- Publication number
- CN117278298A CN117278298A CN202311301469.4A CN202311301469A CN117278298A CN 117278298 A CN117278298 A CN 117278298A CN 202311301469 A CN202311301469 A CN 202311301469A CN 117278298 A CN117278298 A CN 117278298A
- Authority
- CN
- China
- Prior art keywords
- domain name
- detection result
- detection
- text
- point information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 392
- 238000013473 artificial intelligence Methods 0.000 title claims abstract description 46
- 230000002159 abnormal effect Effects 0.000 claims abstract description 123
- 238000000034 method Methods 0.000 claims abstract description 39
- 238000007781 pre-processing Methods 0.000 claims abstract description 14
- 238000012545 processing Methods 0.000 claims description 27
- 230000011218 segmentation Effects 0.000 claims description 25
- 238000004891 communication Methods 0.000 claims description 15
- 238000012216 screening Methods 0.000 claims description 14
- 238000000605 extraction Methods 0.000 claims description 13
- 238000004422 calculation algorithm Methods 0.000 claims description 11
- 238000012937 correction Methods 0.000 claims description 8
- 238000004458 analytical method Methods 0.000 claims description 6
- 238000010276 construction Methods 0.000 claims description 6
- 230000008030 elimination Effects 0.000 claims description 2
- 238000003379 elimination reaction Methods 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 abstract description 14
- 230000008569 process Effects 0.000 description 10
- 230000009286 beneficial effect Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000003058 natural language processing Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 239000011800 void material Substances 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 230000006835 compression Effects 0.000 description 2
- 238000007906 compression Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000005065 mining Methods 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000002354 daily effect Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007423 decrease Effects 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 235000019800 disodium phosphate Nutrition 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000003203 everyday effect Effects 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000007619 statistical method Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The application belongs to the field of artificial intelligence and the field of financial science and technology, and relates to a domain name detection method based on artificial intelligence, which comprises the following steps: preprocessing the initial domain name buried point information to obtain domain name buried point information; constructing a malicious domain name detection task based on the acquired task type and domain name state; executing a malicious domain name detection task, and acquiring a first domain name matched with the domain name state from the domain name embedded point information; and extracting the suspected abnormal domain name from the first domain name, detecting text data and image data corresponding to the suspected abnormal domain name, and generating a target domain name detection result of the suspected abnormal domain name. The application also provides a domain name detection device, computer equipment and storage medium based on artificial intelligence. In addition, the application relates to blockchain technology, and domain name embedding point information can be stored in the blockchain. The method and the device can be applied to malicious domain name detection scenes in the financial field, effectively improve the detection accuracy of the malicious domain name and improve the detection efficiency of the malicious domain name.
Description
Technical Field
The application relates to the technical field of artificial intelligence development and the field of financial science and technology, in particular to a domain name detection method, a domain name detection device, computer equipment and a storage medium based on artificial intelligence.
Background
When a user accesses a website of a financial and technological enterprise, such as an insurance enterprise or a bank, using a mobile terminal, the user often inadvertently clicks a website corresponding to some malicious domain name. The malicious domain name refers to a website with a malicious link, the website generally utilizes the loopholes of application software or a browser, malicious codes such as Trojan horse, virus programs and the like are implanted in the website, and the disguised website service content is utilized to induce the user to access, so that the terminal equipment of the user is attacked, and the privacy information of the user is obtained; therefore, the malicious domain name has a large potential safety hazard of the network and needs to be detected.
In the prior art, the method for detecting the malicious domain name is generally based on a malicious domain name information library, a manual analysis algorithm and the like, the method for judging the malicious domain name is single and has low accuracy, and the existing method has low detection efficiency when facing a large number of malicious domain names with various phishing means.
Disclosure of Invention
The embodiment of the application aims to provide a domain name detection method, device, computer equipment and storage medium based on artificial intelligence, so as to solve the technical problems of low accuracy and low detection efficiency of the existing malicious domain name detection method.
In order to solve the above technical problems, the embodiments of the present application provide a domain name detection method based on artificial intelligence, which adopts the following technical scheme:
acquiring initial domain name buried point information acquired by a mobile terminal, and preprocessing the initial domain name buried point information to obtain corresponding domain name buried point information;
acquiring a preset task type and a domain name state, and constructing a corresponding malicious domain name detection task based on the task type and the domain name state;
executing the malicious domain name detection task, and acquiring a first domain name matched with the domain name state from the domain name embedded point information;
extracting a suspected abnormal domain name from the first domain name, and acquiring text data and image data corresponding to the suspected abnormal domain name;
performing text detection on the text data based on a preset text detection rule to obtain a corresponding text detection result;
Performing image detection on the image data based on a preset skin color detection model to obtain a corresponding image detection result;
and generating a target domain name detection result corresponding to the suspected abnormal domain name based on the text detection result and the image detection result.
Further, the step of preprocessing the initial domain name buried point information to obtain corresponding domain name buried point information specifically includes:
performing error removal processing on the initial buried point information based on a preset error correction rule to obtain corresponding first domain name buried point information;
performing duplication elimination processing on the first domain name buried point information to obtain corresponding second domain name buried point information;
carrying out emptying treatment on the second domain name buried point information to obtain corresponding third domain name buried point information;
and taking the third domain name buried point information as the domain name buried point information.
Further, the step of extracting the suspected abnormal domain name from the first domain name specifically includes:
calling a preset domain name white list;
matching the first domain name with all domain names contained in the domain name white list to obtain a corresponding first matching result;
screening second domain names failing to match from all the first domain names based on the first matching result;
And taking the second domain name as the suspected abnormal domain name.
Further, the step of performing text detection on the text data based on a preset text detection rule to obtain a corresponding text detection result specifically includes:
word segmentation is carried out on the text data to obtain a corresponding word segmentation result;
extracting text features from the word segmentation result based on a preset text feature extraction algorithm to obtain corresponding text features;
constructing corresponding text data to be tested based on the text characteristics;
calling a preset violation word library;
performing regular matching on the violation word library based on the text data to be detected to obtain a corresponding second matching result;
and generating the text detection result corresponding to the text data based on the second matching result.
Further, the step of performing image detection on the image data based on a preset skin color detection model to obtain a corresponding image detection result specifically includes:
inputting the image data into the skin tone detection model;
calculating an average proportion of exposed skin of the image data by the skin color detection model;
acquiring a preset proportion threshold value
Comparing the average proportion of the exposed skin with the proportion threshold value in a numerical mode to obtain a corresponding comparison result;
And generating the image detection result corresponding to the image data based on the comparison result.
Further, the step of generating a target domain name detection result corresponding to the suspected abnormal domain name based on the text detection result and the image detection result specifically includes:
content analysis is carried out on the text detection result and the image detection result, and if the text detection result and the image detection result are both normal, a first domain name detection result with the suspected abnormal domain name being a legal domain name is generated;
if the text detection result and the image detection result are abnormal, generating a second domain name detection result that the suspected abnormal domain name is a malicious domain name;
if the text detection result is normal and the image detection result is abnormal, generating a third domain name detection result that the suspected abnormal domain name is a suspected malicious domain name;
and if the text detection result is abnormal and the image detection result is normal, generating a third domain name detection result that the suspected abnormal domain name is a suspected malicious domain name.
Further, after the step of generating the target domain name detection result corresponding to the suspected abnormal domain name based on the text detection result and the image detection result, the method further includes:
Judging whether a malicious domain name exists in the suspected abnormal domain name or not based on the target domain name detection result;
if yes, screening a third domain name belonging to the malicious domain name from the suspected abnormal domain name;
generating corresponding domain name early warning information based on the third domain name;
acquiring communication information of a target person;
based on the communication information, pushing the domain name early warning information to the target personnel.
In order to solve the technical problems, the embodiment of the application also provides a domain name detection device based on artificial intelligence, which adopts the following technical scheme:
the first acquisition module is used for acquiring initial domain name buried point information acquired by the mobile terminal and preprocessing the initial domain name buried point information to obtain corresponding domain name buried point information;
the construction module is used for acquiring a preset task type and a domain name state and constructing a corresponding malicious domain name detection task based on the task type and the domain name state;
the second acquisition module is used for executing the malicious domain name detection task and acquiring a first domain name matched with the domain name state from the domain name embedded point information;
the extraction module is used for extracting a suspected abnormal domain name from the first domain name and acquiring text data and image data corresponding to the suspected abnormal domain name;
The first detection module is used for carrying out text detection on the text data based on a preset text detection rule to obtain a corresponding text detection result;
the second detection module is used for carrying out image detection on the image data based on a preset skin color detection model to obtain a corresponding image detection result;
and the first generation module is used for generating a target domain name detection result corresponding to the suspected abnormal domain name based on the text detection result and the image detection result.
In order to solve the above technical problems, the embodiments of the present application further provide a computer device, which adopts the following technical schemes:
acquiring initial domain name buried point information acquired by a mobile terminal, and preprocessing the initial domain name buried point information to obtain corresponding domain name buried point information;
acquiring a preset task type and a domain name state, and constructing a corresponding malicious domain name detection task based on the task type and the domain name state;
executing the malicious domain name detection task, and acquiring a first domain name matched with the domain name state from the domain name embedded point information;
extracting a suspected abnormal domain name from the first domain name, and acquiring text data and image data corresponding to the suspected abnormal domain name;
Performing text detection on the text data based on a preset text detection rule to obtain a corresponding text detection result;
performing image detection on the image data based on a preset skin color detection model to obtain a corresponding image detection result;
and generating a target domain name detection result corresponding to the suspected abnormal domain name based on the text detection result and the image detection result.
In order to solve the above technical problems, embodiments of the present application further provide a computer readable storage medium, which adopts the following technical solutions:
acquiring initial domain name buried point information acquired by a mobile terminal, and preprocessing the initial domain name buried point information to obtain corresponding domain name buried point information;
acquiring a preset task type and a domain name state, and constructing a corresponding malicious domain name detection task based on the task type and the domain name state;
executing the malicious domain name detection task, and acquiring a first domain name matched with the domain name state from the domain name embedded point information;
extracting a suspected abnormal domain name from the first domain name, and acquiring text data and image data corresponding to the suspected abnormal domain name;
performing text detection on the text data based on a preset text detection rule to obtain a corresponding text detection result;
Performing image detection on the image data based on a preset skin color detection model to obtain a corresponding image detection result;
and generating a target domain name detection result corresponding to the suspected abnormal domain name based on the text detection result and the image detection result.
Compared with the prior art, the embodiment of the application has the following main beneficial effects:
firstly, acquiring initial domain name buried point information acquired by a mobile terminal, and preprocessing the initial domain name buried point information to obtain corresponding domain name buried point information; then acquiring a preset task type and a domain name state, and constructing a corresponding malicious domain name detection task based on the task type and the domain name state; then executing the malicious domain name detection task, and acquiring a first domain name matched with the domain name state from the domain name embedded point information; extracting a suspected abnormal domain name from the first domain name, and acquiring text data and image data corresponding to the suspected abnormal domain name; further performing text detection on the text data based on a preset text detection rule to obtain a corresponding text detection result; performing image detection on the image data based on a preset skin color detection model to obtain a corresponding image detection result; and finally, generating a target domain name detection result corresponding to the suspected abnormal domain name based on the text detection result and the image detection result. According to the method, initial domain name buried point information acquired by a mobile terminal is intelligently preprocessed to obtain domain name buried point information, then a malicious domain name detection task is built based on a preset task type and a domain name state and is automatically executed, so that a first domain name matched with the domain name state is obtained from the domain name buried point information, text detection is conducted on text data corresponding to the suspected abnormal domain name based on a preset text detection rule, image detection is conducted on image data corresponding to the suspected abnormal domain name based on a preset skin color detection model, and finally a target domain name detection result corresponding to the suspected abnormal domain name is generated according to the obtained text detection result and the image detection result. According to the method and the device for detecting the malicious domain name, the text detection rule and the skin color detection model are combined to conduct automatic detection processing of the malicious domain name, so that the detection accuracy of the malicious domain name is effectively improved, and the detection efficiency of the malicious domain name is improved.
Drawings
For a clearer description of the solution in the present application, a brief description will be given below of the drawings that are needed in the description of the embodiments of the present application, it being obvious that the drawings in the following description are some embodiments of the present application, and that other drawings may be obtained from these drawings without inventive effort for a person of ordinary skill in the art.
FIG. 1 is an exemplary system architecture diagram in which the present application may be applied;
FIG. 2 is a flow chart of one embodiment of an artificial intelligence based domain name detection method according to the present application;
FIG. 3 is a schematic diagram of one embodiment of an artificial intelligence based domain name detection device according to the present application;
FIG. 4 is a schematic structural diagram of one embodiment of a computer device according to the present application.
Detailed Description
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs; the terminology used in the description of the applications herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application; the terms "comprising" and "having" and any variations thereof in the description and claims of the present application and in the description of the figures above are intended to cover non-exclusive inclusions. The terms first, second and the like in the description and in the claims or in the above-described figures, are used for distinguishing between different objects and not necessarily for describing a sequential or chronological order.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the present application. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments.
In order to better understand the technical solutions of the present application, the following description will clearly and completely describe the technical solutions in the embodiments of the present application with reference to the accompanying drawings.
As shown in fig. 1, a system architecture 100 may include terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 is used as a medium to provide communication links between the terminal devices 101, 102, 103 and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
The user may interact with the server 105 via the network 104 using the terminal devices 101, 102, 103 to receive or send messages or the like. Various communication client applications, such as a web browser application, a shopping class application, a search class application, an instant messaging tool, a mailbox client, social platform software, etc., may be installed on the terminal devices 101, 102, 103.
The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablet computers, electronic book readers, MP3 players (Moving Picture Experts Group Audio Layer III, dynamic video expert compression standard audio plane 3), MP4 (Moving Picture Experts Group Audio Layer IV, dynamic video expert compression standard audio plane 4) players, laptop and desktop computers, and the like.
The server 105 may be a server providing various services, such as a background server providing support for pages displayed on the terminal devices 101, 102, 103.
It should be noted that, the domain name detection method based on artificial intelligence provided in the embodiments of the present application is generally executed by a server/terminal device, and accordingly, the domain name detection device based on artificial intelligence is generally disposed in the server/terminal device.
It should be understood that the number of terminal devices, networks and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
With continued reference to FIG. 2, a flow chart of one embodiment of an artificial intelligence based domain name detection method according to the present application is shown. The order of the steps in the flowchart may be changed and some steps may be omitted according to various needs. The domain name detection method based on the artificial intelligence can be applied to any scene needing malicious domain name detection, and can be applied to products of the scenes, such as malicious domain name detection in the field of financial insurance. The domain name detection method based on artificial intelligence comprises the following steps:
Step S201, initial domain name buried point information acquired by a mobile terminal is acquired, and the initial domain name buried point information is preprocessed to obtain corresponding domain name buried point information.
In this embodiment, the electronic device (for example, the server/terminal device shown in fig. 1) on which the domain name detection method based on artificial intelligence operates may acquire the initial domain name buried point information through a wired connection manner or a wireless connection manner. It should be noted that the wireless connection may include, but is not limited to, 3G/4G/5G connection, wiFi connection, bluetooth connection, wiMAX connection, zigbee connection, UWB (ultra wideband) connection, and other now known or later developed wireless connection. When a user uses a mobile terminal to make a network request, the mobile terminal can make a corresponding domain name buried point for the network request accessed by the user so as to collect and store domain name information corresponding to the network request, and the initial domain name buried point information is obtained. In addition, in the application scenario in the field of financial insurance, the network request may specifically be a request triggered by a user using a transaction terminal for an insurance system, a banking system, a transaction system, an order system, which are developed by a financial science and technology enterprise, such as an insurance enterprise, a bank, etc., so as to query data such as required transaction data, payment data, service data, etc. In addition, the specific implementation process of preprocessing the initial domain name embedding point information to obtain the corresponding domain name embedding point information will be described in further detail in the following specific embodiments, which will not be described herein.
Step S202, acquiring a preset task type and a domain name state, and constructing a corresponding malicious domain name detection task based on the task type and the domain name state.
In this embodiment, the task types may include a single task or a loop task. The single task refers to executing a malicious domain name detection task, and the circulating task refers to detecting the malicious domain name detection task at daily timing. The domain name status may include normal on-line, abnormal on-line, failed on-line, validated off-line, normal off-line, abnormal off-line, failed off-line, validated off-line. The task type and the domain name state can be selected by related personnel according to actual domain name detection requirements. In addition, the trigger time can be further selected for the malicious domain name detection task, and if the detected task type is set as a single detection task, the trigger time can be selected to be triggered immediately or at fixed time; if the detection task type is set as a cycle detection task, the triggering time is set as a fixed time point triggering in the early morning every day by default.
Step S203, executing the malicious domain name detection task, and acquiring a first domain name matched with the domain name state from the domain name embedded point information.
In this embodiment, after the construction of the malicious domain name detection task is completed, the malicious domain name detection task may be executed to perform a malicious domain name detection flow corresponding to the malicious domain name detection task. The domain name embedded point information can be subjected to information screening by using the domain name state so as to acquire a first domain name matched with the domain name state from the domain name embedded point information.
Step S204, extracting a suspected abnormal domain name from the first domain name, and acquiring text data and image data corresponding to the suspected abnormal domain name.
In this embodiment, the above specific implementation process of extracting the suspected abnormal domain name from the first domain name will be described in further detail in the following specific embodiments, which will not be described herein.
Step S205, text detection is carried out on the text data based on a preset text detection rule, and a corresponding text detection result is obtained.
In this embodiment, the text detection is performed on the text data based on the preset text detection rule, so as to obtain a specific implementation process of the corresponding text detection result, which will be described in further detail in the subsequent specific embodiments, which are not described herein.
And performing image detection on the image data based on a preset skin color detection model to obtain a corresponding image detection result.
In this embodiment, the specific implementation process of performing image detection on the image data based on the preset skin color detection model to obtain the corresponding image detection result will be described in further detail in the subsequent specific embodiments, which will not be described herein.
And generating a target domain name detection result corresponding to the suspected abnormal domain name based on the text detection result and the image detection result.
In this embodiment, the specific implementation process of generating the target domain name detection result corresponding to the suspected abnormal domain name from the text detection result and the image detection result will be described in further detail in the following specific embodiments, which will not be described herein.
Firstly, acquiring initial domain name buried point information acquired by a mobile terminal, and preprocessing the initial domain name buried point information to obtain corresponding domain name buried point information; then acquiring a preset task type and a domain name state, and constructing a corresponding malicious domain name detection task based on the task type and the domain name state; then executing the malicious domain name detection task, and acquiring a first domain name matched with the domain name state from the domain name embedded point information; extracting a suspected abnormal domain name from the first domain name, and acquiring text data and image data corresponding to the suspected abnormal domain name; further performing text detection on the text data based on a preset text detection rule to obtain a corresponding text detection result; performing image detection on the image data based on a preset skin color detection model to obtain a corresponding image detection result; and finally, generating a target domain name detection result corresponding to the suspected abnormal domain name based on the text detection result and the image detection result. According to the method, initial domain name buried point information acquired by a mobile terminal is intelligently preprocessed to obtain domain name buried point information, then a malicious domain name detection task is built based on a preset task type and a domain name state and is automatically executed, so that a first domain name matched with the domain name state is obtained from the domain name buried point information, text detection is conducted on text data corresponding to a suspected abnormal domain name based on a preset text detection rule, image detection is conducted on image data corresponding to the suspected abnormal domain name based on a preset skin color detection model, and finally a target domain name detection result corresponding to the suspected abnormal domain name is generated according to the obtained text detection result and the image detection result. According to the method and the device for detecting the malicious domain name, the text detection rule and the skin color detection model are combined to conduct automatic detection processing of the malicious domain name, so that the detection accuracy of the malicious domain name is effectively improved, and the detection efficiency of the malicious domain name is improved.
In some optional implementations, the preprocessing the initial domain name embedding point information in step S202 to obtain corresponding domain name embedding point information includes the following steps:
and carrying out error removal processing on the initial buried point information based on a preset error correction rule to obtain corresponding first domain name buried point information.
In this embodiment, the error correction rule is an error correction rule constructed according to a standard domain name format, and the error correction rule is used to perform error removal processing on the initial buried point information, so as to correct the error information in the initial buried point information, thereby obtaining the first domain name buried point information.
And performing duplication removal processing on the first domain name buried point information to obtain corresponding second domain name buried point information.
In this embodiment, the pre-constructed deduplication SQL may be executed to perform deduplication processing on the first domain name buried point information, so as to obtain corresponding second domain name buried point information.
And carrying out void removal processing on the second domain name buried point information to obtain corresponding third domain name buried point information.
In this embodiment, for the critical data, null is not allowed, and the domain name buried point information with null in the second domain name buried point information is removed by querying whether the null exists in the second domain name buried point information, so as to obtain corresponding third domain name buried point information.
And taking the third domain name buried point information as the domain name buried point information.
In this embodiment, after the domain name embedded point information is obtained, the domain name embedded point information may also be stored, so as to be called later.
The method comprises the steps of performing error removal processing on initial buried point information based on a preset error correction rule to obtain corresponding first domain name buried point information; then carrying out duplication removal processing on the first domain name buried point information to obtain corresponding second domain name buried point information; then, carrying out emptying treatment on the second domain name buried point information to obtain corresponding third domain name buried point information; and taking the third domain name buried point information as the domain name buried point information. According to the method and the device, the initial buried point information is subjected to error removal, duplication removal and void removal, so that the pretreatment of the initial domain name buried point information can be rapidly and accurately completed, the domain name buried point information in a standard format can be obtained, the malicious buried point detection can be carried out by using the domain name buried point information subsequently, the processing workload of malicious domain name detection can be effectively reduced, and the processing efficiency of the malicious domain name detection is improved.
In some optional implementations of this embodiment, the extracting the suspected abnormal domain name from the first domain name in step S204 includes the following steps:
And calling a preset domain name white list.
In this embodiment, the domain name whitelist is list data which is pre-constructed according to actual service requirements and stores legal domain names.
And matching the first domain name with all domain names contained in the domain name white list to obtain a corresponding first matching result.
In this embodiment, the first domain name may be matched with each domain name included in the domain name whitelist, so as to obtain a corresponding first matching result. Wherein, the content of the first matching result may include matching success or matching failure.
And screening second domain names failing to match from all the first domain names based on the first matching result.
In this embodiment, the second domain name that fails to match refers to a domain name that does not exist in the above-mentioned domain name whitelist.
And taking the second domain name as the suspected abnormal domain name.
The method comprises the steps of calling a preset domain name white list; then matching the first domain name with all domain names contained in the domain name white list to obtain a corresponding first matching result; then, based on the first matching result, screening out second domain names which fail to match from all the first domain names; and taking the second domain name as the suspected abnormal domain name. According to the method and the device for screening the suspected abnormal domain name based on the domain name white list, the first domain name is matched with all domain names contained in the domain name white list, so that the suspected abnormal domain name can be screened out from the first domain name rapidly and accurately according to the obtained matching result, the acquiring efficiency of the suspected abnormal domain name is improved, and the accuracy of the obtained suspected abnormal domain name is guaranteed.
In some alternative implementations, step S205 includes the steps of:
and performing word segmentation on the text data to obtain a corresponding word segmentation result.
In this embodiment, the text data may be segmented based on the use of a segmentation tool to obtain a corresponding segmentation result. The selection of the word segmentation tool is not particularly limited, and any one of HanLP, barker word segmentation, antique word segmentation, boson NLP, alicloud NLP, tengxin Wen Zhi and the like may be used, for example, and a word segmentation tool with the best word segmentation effect among all word segmentation tools is preferably used as a tool for segmenting text data.
And extracting text features from the word segmentation result based on a preset text feature extraction algorithm to obtain corresponding text features.
In this embodiment, the text feature extraction algorithm may specifically be TF-IDF algorithm. TF-IDF (term frequency-reverse document frequency) is a common weighting technique used for information retrieval (information retrieval) and text mining (text mining). It consists of two parts, TF and IDF. TF-IDF is a statistical method for evaluating the importance of a word to one of a set of documents or a corpus (another way to evaluate the importance of a word or word to other words in a set of documents or a corpus). The importance of a word increases proportionally with the number of times it appears in the file, but at the same time decreases inversely with the frequency with which it appears in the corpus. The main ideas of TF-IDF are: if a word appears in one article with a high frequency TF and in other articles with few occurrences, the word or phrase is considered to have good category discrimination and is suitable for classification. Specifically, the probability of occurrence of keywords (meaning the word segmentation in the word segmentation result) included in the text data may be calculated by using the TF-IDF algorithm, and the specified keywords of the first n bits of the probability of occurrence ranking may be extracted as the above-described text features.
And constructing corresponding text data to be tested based on the text characteristics.
In this embodiment, the text data to be tested may be obtained by integrating all the text features. The text data to be tested consists of all the text features.
And calling a preset violation word library.
In this embodiment, the above-mentioned violation word library is a database that stores a plurality of common violation words, which is screened and determined in advance according to actual service usage requirements.
And carrying out regular matching on the violation word library based on the text data to be detected to obtain a corresponding second matching result.
In this embodiment, the corresponding second matching result may be obtained by performing regular matching on all the offensive words included in the offensive word library using the text data to be tested. Wherein, the content of the second matching result may include matching success or matching failure.
And generating the text detection result corresponding to the text data based on the second matching result.
In this embodiment, if the second matching result of any word in the text data to be tested is successful, determining that the text detection result of the text data is abnormal; and if the second matching results of the words contained in the text data to be tested are all matching failures, judging that the text detection result of the text data is normal.
The text data is subjected to word segmentation to obtain a corresponding word segmentation result; then, text feature extraction is carried out on the word segmentation result based on a preset text feature extraction algorithm, and corresponding text features are obtained; then constructing corresponding text data to be tested based on the text characteristics; subsequently calling a preset violation word library, and carrying out regular matching on the violation word library based on the text data to be tested to obtain a corresponding second matching result; and finally, generating the text detection result corresponding to the text data based on the second matching result. According to the text detection method and device, the text detection is carried out on the text data based on the text feature extraction algorithm and the violation word bank, so that the text detection result corresponding to the text data can be obtained quickly and accurately, the accuracy of the generated text detection result is guaranteed, and the target domain name detection result corresponding to the suspected abnormal domain name can be generated accurately according to the text detection result.
In some alternative implementations, step S206 includes the steps of:
the image data is input into the skin tone detection model.
In this embodiment, the skin color detection model is a model which is constructed in advance and is used for detecting skin color of image data, and skin color detection refers to detection of skin exposed to the outside in a large area in the image data. The corresponding functional process of skin tone detection model may include: the method comprises the steps of obtaining a known skin tone image in a common format, converting the known skin tone image into a color space image, counting pixels with each brightness value in the color space image, and calculating the proportion of exposed skin in the color space image based on the pixels with each brightness value.
And calculating the average proportion of the exposed skin of the image data through the skin color detection model.
In the present embodiment, the average value of the exposed skin proportions of all the images in the image data may be calculated by calculating the exposed skin proportions of each image included in the above-described image data using the skin tone detection model to obtain the corresponding exposed skin average proportions.
And acquiring a preset proportion threshold value.
In this embodiment, the value of the ratio threshold is not specifically limited, and may be set according to actual use requirements.
And carrying out numerical comparison on the average proportion of the exposed skin and the proportion threshold value to obtain a corresponding comparison result.
In this embodiment, the comparison result includes that the average proportion of the exposed skin is greater than the proportion threshold, or that the average proportion of the exposed skin is not greater than the proportion threshold.
And generating the image detection result corresponding to the image data based on the comparison result.
In this embodiment, if the above comparison result is that the average proportion of the exposed skin is greater than the proportion threshold, it is determined that the image detection result corresponding to the image data is abnormal, and if the above comparison result is that the average proportion of the exposed skin is not greater than the proportion threshold, it is determined that the image detection result corresponding to the image data is normal.
The application is implemented by inputting the image data into the skin color detection model; then calculating the average proportion of the exposed skin of the image data through the skin color detection model; then acquiring a preset proportion threshold value; subsequently, carrying out numerical comparison on the average proportion of the exposed skin and the proportion threshold value to obtain a corresponding comparison result; and finally, generating the image detection result corresponding to the image data based on the comparison result. According to the method and the device, the image data is subjected to image detection based on the use of the preset skin color detection model, so that the image detection result corresponding to the image data can be obtained quickly and accurately, the accuracy of the generated image detection result is ensured, and the target domain name detection result corresponding to the suspected abnormal domain name can be generated accurately according to the image detection result.
In some alternative implementations of the present embodiment, step S207 includes the steps of:
and carrying out content analysis on the text detection result and the image detection result, and if the text detection result and the image detection result are both normal, generating a first domain name detection result that the suspected abnormal domain name is a legal domain name.
In this embodiment, the text detection result may include normal or abnormal, and the image detection result may include normal or abnormal.
And if the text detection result and the image detection result are abnormal, generating a second domain name detection result that the suspected abnormal domain name is a malicious domain name.
And if the text detection result is normal and the image detection result is abnormal, generating a third domain name detection result that the suspected abnormal domain name is a suspected malicious domain name.
And if the text detection result is abnormal and the image detection result is normal, generating a third domain name detection result that the suspected abnormal domain name is a suspected malicious domain name.
Content analysis is carried out on the text detection result and the image detection result, and if the text detection result and the image detection result are both normal, a first domain name detection result that the suspected abnormal domain name is a legal domain name is generated; if the text detection result and the image detection result are abnormal, generating a second domain name detection result that the suspected abnormal domain name is a malicious domain name; if the text detection result is normal and the image detection result is abnormal, generating a third domain name detection result that the suspected abnormal domain name is a suspected malicious domain name; and if the text detection result is abnormal and the image detection result is normal, generating a third domain name detection result that the suspected abnormal domain name is a suspected malicious domain name. According to the method and the device for detecting the target domain name, the text detection result and the image detection result are subjected to data analysis, so that the target domain name detection result corresponding to the suspected abnormal domain name can be generated rapidly, and the accuracy of the generated target domain name detection result is guaranteed.
In some optional implementations of this embodiment, after step S207, the electronic device may further perform the following steps:
and judging whether a malicious domain name exists in the suspected abnormal domain name or not based on the target domain name detection result.
In this embodiment, the content of the target domain name detection result may include that the suspected abnormal domain name is a malicious domain name, or that the suspected abnormal domain name is a suspected malicious domain name, or that the suspected abnormal domain name is a legal domain name.
If yes, screening a third domain name belonging to the malicious domain name from the suspected abnormal domain name.
In this embodiment, the third domain name is a domain name whose content of the domain name detection result in the suspected abnormal domain name is a malicious domain name.
And generating corresponding domain name early warning information based on the third domain name.
In this embodiment, the third domain name may be filled into a preset pre-warning information template to generate corresponding domain name pre-warning information. The early warning information template is an information template constructed according to actual malicious domain name early warning requirements, the content of the early warning information template is not particularly limited, and the early warning information template can be set according to actual use requirements.
And acquiring communication information of the target personnel.
In this embodiment, the target person may be a domain name manager. The communication information can be through mail address or short message address.
Based on the communication information, pushing the domain name early warning information to the target personnel.
Judging whether a malicious domain name exists in the suspected abnormal domain name or not based on the target domain name detection result; if yes, screening a third domain name belonging to the malicious domain name from the suspected abnormal domain name; then generating corresponding domain name early warning information based on the third domain name; then, obtaining communication information of a target person; and pushing the domain name early warning information to the target personnel based on the communication information. After the target domain name detection result corresponding to the suspected abnormal domain name is generated, if the third domain name belonging to the malicious domain name exists in the suspected abnormal domain name, the corresponding domain name early warning information is intelligently generated based on the third domain name, and the domain name early warning information is pushed to the target personnel, so that the subsequent target personnel can rapidly carry out related operation and maintenance processing on the malicious domain name according to the received domain name early warning information, collection of the malicious domain name does not need to be carried out manually, and the method and the device are beneficial to improving the working efficiency and the working experience of the personnel.
It should be understood that the sequence number of each step in the foregoing embodiment does not mean that the execution sequence of each process should be determined by the function and the internal logic, and should not limit the implementation process of the embodiment of the present invention.
It should be emphasized that, to further ensure the privacy and security of the target domain name detection result, the target domain name detection result may also be stored in a node of a blockchain.
The blockchain referred to in the application is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanism, encryption algorithm and the like. The Blockchain (Blockchain), which is essentially a decentralised database, is a string of data blocks that are generated by cryptographic means in association, each data block containing a batch of information of network transactions for verifying the validity of the information (anti-counterfeiting) and generating the next block. The blockchain may include a blockchain underlying platform, a platform product services layer, an application services layer, and the like.
The embodiment of the application can acquire and process the related data based on the artificial intelligence technology. Among these, artificial intelligence (Artificial Intelligence, AI) is the theory, method, technique and application system that uses a digital computer or a digital computer-controlled machine to simulate, extend and extend human intelligence, sense the environment, acquire knowledge and use knowledge to obtain optimal results.
Artificial intelligence infrastructure technologies generally include technologies such as sensors, dedicated artificial intelligence chips, cloud computing, distributed storage, big data processing technologies, operation/interaction systems, mechatronics, and the like. The artificial intelligence software technology mainly comprises a computer vision technology, a robot technology, a biological recognition technology, a voice processing technology, a natural language processing technology, machine learning/deep learning and other directions.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by computer readable instructions stored in a computer readable storage medium that, when executed, may comprise the steps of the embodiments of the methods described above. The storage medium may be a nonvolatile storage medium such as a magnetic disk, an optical disk, a Read-Only Memory (ROM), or a random access Memory (Random Access Memory, RAM).
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited in order and may be performed in other orders, unless explicitly stated herein. Moreover, at least some of the steps in the flowcharts of the figures may include a plurality of sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, the order of their execution not necessarily being sequential, but may be performed in turn or alternately with other steps or at least a portion of the other steps or stages.
With further reference to fig. 3, as an implementation of the method shown in fig. 2, the present application provides an embodiment of an artificial intelligence-based domain name detection apparatus, where the embodiment of the apparatus corresponds to the embodiment of the method shown in fig. 2, and the apparatus may be specifically applied to various electronic devices.
As shown in fig. 3, the domain name detection device 300 based on artificial intelligence according to this embodiment includes: a first acquisition module 301, a construction module 302, a second acquisition module 303, an extraction module 304, a first detection module 305, a second detection module 306, and a first generation module 307. Wherein:
the first obtaining module 301 is configured to obtain initial domain name buried point information collected by the mobile terminal, and perform preprocessing on the initial domain name buried point information to obtain corresponding domain name buried point information;
the construction module 302 is configured to obtain a preset task type and a domain name state, and construct a corresponding malicious domain name detection task based on the task type and the domain name state;
a second obtaining module 303, configured to perform the malicious domain name detection task, and obtain a first domain name matched with the domain name state from the domain name embedded point information;
the extracting module 304 is configured to extract a suspected abnormal domain name from the first domain name, and obtain text data and image data corresponding to the suspected abnormal domain name;
The first detection module 305 is configured to perform text detection on the text data based on a preset text detection rule, so as to obtain a corresponding text detection result;
the second detection module 306 is configured to perform image detection on the image data based on a preset skin color detection model, so as to obtain a corresponding image detection result;
a first generating module 307, configured to generate a target domain name detection result corresponding to the suspected abnormal domain name based on the text detection result and the image detection result.
In this embodiment, the operations performed by the modules or units are respectively corresponding to the steps of the domain name detection method based on artificial intelligence in the foregoing embodiment, which is not described herein again.
In some optional implementations of this embodiment, the first obtaining module 301 includes:
the first processing sub-module is used for carrying out error removal processing on the initial buried point information based on a preset error correction rule to obtain corresponding first domain name buried point information;
the second processing sub-module is used for carrying out duplication removal processing on the first domain name buried point information to obtain corresponding second domain name buried point information;
the third processing sub-module is used for carrying out void removal processing on the second domain name buried point information to obtain corresponding third domain name buried point information;
And the first determining submodule is used for taking the third domain name buried point information as the domain name buried point information.
In this embodiment, the operations performed by the modules or units are respectively corresponding to the steps of the domain name detection method based on artificial intelligence in the foregoing embodiment, which is not described herein again.
In some alternative implementations of the present embodiment, the extraction module 304 includes:
the first calling sub-module is used for calling a preset domain name white list;
the first matching sub-module is used for matching the first domain name with all domain names contained in the domain name white list to obtain a corresponding first matching result;
the screening sub-module is used for screening second domain names which are failed to match from all the first domain names based on the first matching result;
and the second determining submodule is used for taking the second domain name as the suspected abnormal domain name.
In this embodiment, the operations performed by the modules or units are respectively corresponding to the steps of the domain name detection method based on artificial intelligence in the foregoing embodiment, which is not described herein again.
In some alternative implementations of the present embodiment, the first detection module 305 includes:
The word segmentation sub-module is used for segmenting the text data to obtain a corresponding word segmentation result;
the extraction submodule is used for extracting text features of the word segmentation result based on a preset text feature extraction algorithm to obtain corresponding text features;
the construction submodule is used for constructing corresponding text data to be tested based on the text characteristics;
the second calling sub-module is used for calling a preset violation word library;
the second matching sub-module is used for carrying out regular matching on the violation word library based on the text data to be detected to obtain a corresponding second matching result;
and the first generation sub-module is used for generating the text detection result corresponding to the text data based on the second matching result.
In this embodiment, the operations performed by the modules or units are respectively corresponding to the steps of the domain name detection method based on artificial intelligence in the foregoing embodiment, which is not described herein again.
In some alternative implementations of the present embodiment, the second detection module 306 includes:
an input sub-module for inputting the image data into the skin tone detection model;
a calculation sub-module for calculating an average proportion of exposed skin of the image data by the skin color detection model;
The acquisition sub-module is used for acquiring a preset proportion threshold value;
the comparison sub-module is used for carrying out numerical comparison on the average proportion of the exposed skin and the proportion threshold value to obtain a corresponding comparison result;
and the second generation sub-module is used for generating the image detection result corresponding to the image data based on the comparison result.
In this embodiment, the operations performed by the modules or units are respectively corresponding to the steps of the domain name detection method based on artificial intelligence in the foregoing embodiment, which is not described herein again.
In some alternative implementations of the present embodiment, the first generating module 307 includes:
a third generation sub-module, configured to perform content analysis on the text detection result and the image detection result, and if the text detection result and the image detection result are both normal, generate a first domain name detection result that the suspected abnormal domain name is a legal domain name;
a fourth generation sub-module, configured to generate a second domain name detection result in which the suspected abnormal domain name is a malicious domain name if the text detection result and the image detection result are both abnormal;
a fifth generation sub-module, configured to generate a third domain name detection result that the suspected abnormal domain name is a suspected malicious domain name if the text detection result is normal and the image detection result is abnormal;
And a sixth generation sub-module, configured to generate a third domain name detection result that the suspected abnormal domain name is a suspected malicious domain name if the text detection result is abnormal and the image detection result is normal.
In this embodiment, the operations performed by the modules or units are respectively corresponding to the steps of the domain name detection method based on artificial intelligence in the foregoing embodiment, which is not described herein again.
In some optional implementations of this embodiment, the domain name detection device based on artificial intelligence further includes:
the judging module is used for judging whether a malicious domain name exists in the suspected abnormal domain name or not based on the target domain name detection result;
the screening module is used for screening a third domain name belonging to the malicious domain name from the suspected abnormal domain name if the third domain name belongs to the malicious domain name;
the second generation module is used for generating corresponding domain name early warning information based on the third domain name;
the third acquisition module is used for acquiring the communication information of the target personnel;
and the sending module is used for pushing the domain name early warning information to the target personnel based on the communication information.
In this embodiment, the operations performed by the modules or units are respectively corresponding to the steps of the domain name detection method based on artificial intelligence in the foregoing embodiment, which is not described herein again.
In order to solve the technical problems, the embodiment of the application also provides computer equipment. Referring specifically to fig. 4, fig. 4 is a basic structural block diagram of a computer device according to the present embodiment.
The computer device 4 comprises a memory 41, a processor 42, a network interface 43 communicatively connected to each other via a system bus. It should be noted that only computer device 4 having components 41-43 is shown in the figures, but it should be understood that not all of the illustrated components are required to be implemented and that more or fewer components may be implemented instead. It will be appreciated by those skilled in the art that the computer device herein is a device capable of automatically performing numerical calculations and/or information processing in accordance with predetermined or stored instructions, the hardware of which includes, but is not limited to, microprocessors, application specific integrated circuits (Application Specific Integrated Circuit, ASICs), programmable gate arrays (fields-Programmable Gate Array, FPGAs), digital processors (Digital Signal Processor, DSPs), embedded devices, etc.
The computer equipment can be a desktop computer, a notebook computer, a palm computer, a cloud server and other computing equipment. The computer equipment can perform man-machine interaction with a user through a keyboard, a mouse, a remote controller, a touch pad or voice control equipment and the like.
The memory 41 includes at least one type of readable storage medium including flash memory, hard disk, multimedia card, card memory (e.g., SD or DX memory, etc.), random Access Memory (RAM), static Random Access Memory (SRAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), programmable Read Only Memory (PROM), magnetic memory, magnetic disk, optical disk, etc. In some embodiments, the storage 41 may be an internal storage unit of the computer device 4, such as a hard disk or a memory of the computer device 4. In other embodiments, the memory 41 may also be an external storage device of the computer device 4, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash Card (Flash Card) or the like, which are provided on the computer device 4. Of course, the memory 41 may also comprise both an internal memory unit of the computer device 4 and an external memory device. In this embodiment, the memory 41 is typically used to store an operating system and various application software installed on the computer device 4, such as computer readable instructions based on an artificial intelligence domain name detection method. Further, the memory 41 may be used to temporarily store various types of data that have been output or are to be output.
The processor 42 may be a central processing unit (Central Processing Unit, CPU), controller, microcontroller, microprocessor, or other data processing chip in some embodiments. The processor 42 is typically used to control the overall operation of the computer device 4. In this embodiment, the processor 42 is configured to execute computer readable instructions stored in the memory 41 or process data, such as executing computer readable instructions of the domain name detection method based on artificial intelligence.
The network interface 43 may comprise a wireless network interface or a wired network interface, which network interface 43 is typically used for establishing a communication connection between the computer device 4 and other electronic devices.
Compared with the prior art, the embodiment of the application has the following main beneficial effects:
in the embodiment of the application, the initial domain name buried point information acquired by the mobile terminal is intelligently preprocessed to obtain domain name buried point information, then a malicious domain name detection task is constructed based on a preset task type and a domain name state and is automatically executed, so that a first domain name matched with the domain name state is obtained from the domain name buried point information, text detection is carried out on text data corresponding to the suspected abnormal domain name based on a preset text detection rule, image detection is carried out on image data corresponding to the suspected abnormal domain name based on a preset skin color detection model, and finally a target domain name detection result corresponding to the suspected abnormal domain name is generated according to the obtained text detection result and the image detection result. According to the embodiment of the application, the text detection rule and the skin color detection model are combined to automatically detect the malicious domain name, so that the detection accuracy of the malicious domain name is effectively improved, and the detection efficiency of the malicious domain name is improved.
The present application also provides another embodiment, namely, a computer-readable storage medium storing computer-readable instructions executable by at least one processor to cause the at least one processor to perform the steps of the artificial intelligence-based domain name detection method as described above.
Compared with the prior art, the embodiment of the application has the following main beneficial effects:
in the embodiment of the application, the initial domain name buried point information acquired by the mobile terminal is intelligently preprocessed to obtain domain name buried point information, then a malicious domain name detection task is constructed based on a preset task type and a domain name state and is automatically executed, so that a first domain name matched with the domain name state is obtained from the domain name buried point information, text detection is carried out on text data corresponding to the suspected abnormal domain name based on a preset text detection rule, image detection is carried out on image data corresponding to the suspected abnormal domain name based on a preset skin color detection model, and finally a target domain name detection result corresponding to the suspected abnormal domain name is generated according to the obtained text detection result and the image detection result. According to the embodiment of the application, the text detection rule and the skin color detection model are combined to automatically detect the malicious domain name, so that the detection accuracy of the malicious domain name is effectively improved, and the detection efficiency of the malicious domain name is improved.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk), comprising several instructions for causing a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the method described in the embodiments of the present application.
It is apparent that the embodiments described above are only some embodiments of the present application, but not all embodiments, the preferred embodiments of the present application are given in the drawings, but not limiting the patent scope of the present application. This application may be embodied in many different forms, but rather, embodiments are provided in order to provide a more thorough understanding of the present disclosure. Although the present application has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that modifications may be made to the embodiments described in the foregoing, or equivalents may be substituted for elements thereof. All equivalent structures made by the specification and the drawings of the application are directly or indirectly applied to other related technical fields, and are also within the protection scope of the application.
Claims (10)
1. The domain name detection method based on artificial intelligence is characterized by comprising the following steps:
acquiring initial domain name buried point information acquired by a mobile terminal, and preprocessing the initial domain name buried point information to obtain corresponding domain name buried point information;
acquiring a preset task type and a domain name state, and constructing a corresponding malicious domain name detection task based on the task type and the domain name state;
executing the malicious domain name detection task, and acquiring a first domain name matched with the domain name state from the domain name embedded point information;
extracting a suspected abnormal domain name from the first domain name, and acquiring text data and image data corresponding to the suspected abnormal domain name;
performing text detection on the text data based on a preset text detection rule to obtain a corresponding text detection result;
performing image detection on the image data based on a preset skin color detection model to obtain a corresponding image detection result;
and generating a target domain name detection result corresponding to the suspected abnormal domain name based on the text detection result and the image detection result.
2. The method for detecting a domain name based on artificial intelligence according to claim 1, wherein the step of preprocessing the initial domain name buried point information to obtain corresponding domain name buried point information specifically comprises:
Performing error removal processing on the initial buried point information based on a preset error correction rule to obtain corresponding first domain name buried point information;
performing duplication elimination processing on the first domain name buried point information to obtain corresponding second domain name buried point information;
carrying out emptying treatment on the second domain name buried point information to obtain corresponding third domain name buried point information;
and taking the third domain name buried point information as the domain name buried point information.
3. The method for detecting a domain name based on artificial intelligence according to claim 1, wherein the step of extracting a suspected abnormal domain name from the first domain name specifically comprises:
calling a preset domain name white list;
matching the first domain name with all domain names contained in the domain name white list to obtain a corresponding first matching result;
screening second domain names failing to match from all the first domain names based on the first matching result;
and taking the second domain name as the suspected abnormal domain name.
4. The domain name detection method based on artificial intelligence according to claim 1, wherein the step of performing text detection on the text data based on a preset text detection rule to obtain a corresponding text detection result specifically comprises:
Word segmentation is carried out on the text data to obtain a corresponding word segmentation result;
extracting text features from the word segmentation result based on a preset text feature extraction algorithm to obtain corresponding text features;
constructing corresponding text data to be tested based on the text characteristics;
calling a preset violation word library;
performing regular matching on the violation word library based on the text data to be detected to obtain a corresponding second matching result;
and generating the text detection result corresponding to the text data based on the second matching result.
5. The domain name detection method based on artificial intelligence according to claim 1, wherein the step of performing image detection on the image data based on a preset skin color detection model to obtain a corresponding image detection result specifically comprises:
inputting the image data into the skin tone detection model;
calculating an average proportion of exposed skin of the image data by the skin color detection model;
acquiring a preset proportion threshold value;
comparing the average proportion of the exposed skin with the proportion threshold value in a numerical mode to obtain a corresponding comparison result;
and generating the image detection result corresponding to the image data based on the comparison result.
6. The method for detecting a domain name based on artificial intelligence according to claim 1, wherein the step of generating a target domain name detection result corresponding to the suspected abnormal domain name based on the text detection result and the image detection result specifically comprises:
content analysis is carried out on the text detection result and the image detection result, and if the text detection result and the image detection result are both normal, a first domain name detection result with the suspected abnormal domain name being a legal domain name is generated;
if the text detection result and the image detection result are abnormal, generating a second domain name detection result that the suspected abnormal domain name is a malicious domain name;
if the text detection result is normal and the image detection result is abnormal, generating a third domain name detection result that the suspected abnormal domain name is a suspected malicious domain name;
and if the text detection result is abnormal and the image detection result is normal, generating a third domain name detection result that the suspected abnormal domain name is a suspected malicious domain name.
7. The artificial intelligence based domain name detection method according to claim 1, further comprising, after the step of generating a target domain name detection result corresponding to the suspected abnormal domain name based on the text detection result and the image detection result:
Judging whether a malicious domain name exists in the suspected abnormal domain name or not based on the target domain name detection result;
if yes, screening a third domain name belonging to the malicious domain name from the suspected abnormal domain name;
generating corresponding domain name early warning information based on the third domain name;
acquiring communication information of a target person;
based on the communication information, pushing the domain name early warning information to the target personnel.
8. An artificial intelligence based domain name detection device, comprising:
the first acquisition module is used for acquiring initial domain name buried point information acquired by the mobile terminal and preprocessing the initial domain name buried point information to obtain corresponding domain name buried point information;
the construction module is used for acquiring a preset task type and a domain name state and constructing a corresponding malicious domain name detection task based on the task type and the domain name state;
the second acquisition module is used for executing the malicious domain name detection task and acquiring a first domain name matched with the domain name state from the domain name embedded point information;
the extraction module is used for extracting a suspected abnormal domain name from the first domain name and acquiring text data and image data corresponding to the suspected abnormal domain name;
The first detection module is used for carrying out text detection on the text data based on a preset text detection rule to obtain a corresponding text detection result;
the second detection module is used for carrying out image detection on the image data based on a preset skin color detection model to obtain a corresponding image detection result;
and the first generation module is used for generating a target domain name detection result corresponding to the suspected abnormal domain name based on the text detection result and the image detection result.
9. A computer device comprising a memory having stored therein computer readable instructions which when executed implement the steps of the artificial intelligence based domain name detection method of any of claims 1 to 7.
10. A computer readable storage medium having stored thereon computer readable instructions which when executed by a processor implement the steps of the artificial intelligence based domain name detection method according to any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311301469.4A CN117278298A (en) | 2023-10-09 | 2023-10-09 | Domain name detection method, device, equipment and storage medium based on artificial intelligence |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311301469.4A CN117278298A (en) | 2023-10-09 | 2023-10-09 | Domain name detection method, device, equipment and storage medium based on artificial intelligence |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117278298A true CN117278298A (en) | 2023-12-22 |
Family
ID=89204358
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311301469.4A Pending CN117278298A (en) | 2023-10-09 | 2023-10-09 | Domain name detection method, device, equipment and storage medium based on artificial intelligence |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117278298A (en) |
-
2023
- 2023-10-09 CN CN202311301469.4A patent/CN117278298A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110427453B (en) | Data similarity calculation method, device, computer equipment and storage medium | |
| CN116956326A (en) | Authority data processing method and device, computer equipment and storage medium | |
| CN116774973A (en) | Data rendering method, device, computer equipment and storage medium | |
| CN116453125A (en) | Data input method, device, equipment and storage medium based on artificial intelligence | |
| CN116485512A (en) | Bank data analysis method and system based on reinforcement learning | |
| CN115757075A (en) | Task abnormity detection method and device, computer equipment and storage medium | |
| CN117278298A (en) | Domain name detection method, device, equipment and storage medium based on artificial intelligence | |
| CN108768742B (en) | Network construction method and device, electronic equipment and storage medium | |
| CN116663003A (en) | Attack detection method, attack detection device, computer equipment and storage medium | |
| CN117093715B (en) | Word stock expansion method, system, computer equipment and storage medium | |
| CN111897970B (en) | Text comparison method, device, equipment and storage medium based on knowledge graph | |
| CN117272256A (en) | Sensitive data detection method and device, computer equipment and storage medium | |
| CN116977611A (en) | Picture identification method, device, computer equipment and storage medium | |
| CN117407420A (en) | Data construction method, device, computer equipment and storage medium | |
| CN117034173A (en) | Data processing method, device, computer equipment and storage medium | |
| CN117056629A (en) | Cache configuration method, device, computer equipment and storage medium | |
| CN116701488A (en) | Data processing method, device, computer equipment and storage medium | |
| CN116795707A (en) | Software privacy compliance pre-detection method and related equipment thereof | |
| CN117076775A (en) | Information data processing method, information data processing device, computer equipment and storage medium | |
| CN116737437A (en) | Data analysis method, device, computer equipment and storage medium | |
| CN117389607A (en) | Signboard configuration method and device, computer equipment and storage medium | |
| CN116932090A (en) | Tool pack loading method, device, computer equipment and storage medium | |
| CN116680198A (en) | Interface return data anomaly detection method and related equipment thereof | |
| CN117992966A (en) | Vulnerability detection method, model training method and corresponding devices | |
| CN117827814A (en) | Data verification method, device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |