WO2018113728A1 - Method and device for determining risk of phishing attack in public wifi network - Google Patents

Method and device for determining risk of phishing attack in public wifi network Download PDF

Info

Publication number
WO2018113728A1
WO2018113728A1 PCT/CN2017/117690 CN2017117690W WO2018113728A1 WO 2018113728 A1 WO2018113728 A1 WO 2018113728A1 CN 2017117690 W CN2017117690 W CN 2017117690W WO 2018113728 A1 WO2018113728 A1 WO 2018113728A1
Authority
WO
WIPO (PCT)
Prior art keywords
mac
target
secure
information
ssid
Prior art date
Application number
PCT/CN2017/117690
Other languages
French (fr)
Chinese (zh)
Inventor
张建新
高永岗
刘天
Original Assignee
北京奇虎科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京奇虎科技有限公司 filed Critical 北京奇虎科技有限公司
Publication of WO2018113728A1 publication Critical patent/WO2018113728A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/128Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Definitions

  • the present disclosure relates to the field of computer technologies, and in particular, to a method and apparatus for detecting a public WiFi phishing risk.
  • a solution to the phishing risk of the public WiFi is to deploy a WIDS (Wireless Intrusion Detection Systems) detection device within a certain range, and use the WIDS detection device to detect the phishing WiFi in the coverage.
  • WIDS Wireless Intrusion Detection Systems
  • WIDS detection device other than the Internet device (such as user equipment, gateway device, server, etc.).
  • the embodiment of the present disclosure provides a method and device for detecting a public WiFi phishing risk, which is used to implement a technical effect of performing phishing risk detection on a public WiFi without relying on additional hardware deployment.
  • the present disclosure provides a method for detecting a public WiFi phishing risk, including:
  • the target MAC information is inconsistent with any one of the secure MAC information corresponding to the target SSID recorded by the MAC information reference library, it is determined that the public WiFi has a phishing risk.
  • the present disclosure provides a device for detecting a public WiFi phishing risk, including:
  • an obtaining module configured to obtain information obtained by detecting, by the user equipment UE, a wireless access point AP of the public wireless fidelity WiFi, where the obtained information includes a target service set identifier SSID of the AP and target media access control MAC information of the AP;
  • a determining module configured to determine, according to the pre-stored MAC information reference library, whether the target MAC information is consistent with a secure MAC information corresponding to the target SSID recorded by the MAC information reference library, and the secure MAC information corresponding to the target SSID is one or more;
  • the determining module is configured to determine that the public WiFi has a phishing risk when the target MAC information is inconsistent with any one of the secure MAC information corresponding to the target SSID recorded by the MAC information reference library.
  • the present disclosure provides a computer program comprising:
  • Computer readable code when the computer readable code is run on a computing device, causes the computing device to perform the method of detecting the public WiFi phishing risk described above.
  • the present disclosure provides a computer readable medium, comprising:
  • a computer program for performing the above-described method of detecting the public WiFi phishing risk is stored.
  • information obtained by the user equipment UE detecting the wireless access point AP of the WiFi is first obtained, and the obtained information includes the target service set identifier SSID of the AP and the target media access control MAC of the AP. And then determining, according to the pre-stored MAC information reference library, whether the target MAC information is consistent with a secure MAC information corresponding to the target SSID recorded by the MAC information reference library, and the secure MAC information corresponding to the target SSID includes one or more, when the target When the MAC information is inconsistent with any secure MAC information corresponding to the target SSID recorded by the MAC information reference library, it is determined that the public WiFi has a phishing risk.
  • FIG. 1 is a flowchart of a method for detecting a public WiFi phishing risk in an embodiment of the present disclosure
  • FIG. 2 is a schematic structural diagram of a device for detecting a public WiFi phishing risk according to an embodiment of the present disclosure
  • FIG. 3 schematically illustrates a block diagram of a computing device for performing a method of detecting a public WiFi phishing risk in accordance with an embodiment of the present disclosure
  • FIG. 4 schematically illustrates an implementation for maintaining or carrying implementations in accordance with an embodiment of the present disclosure.
  • the embodiment of the present disclosure provides a method and device for detecting a public WiFi phishing risk, which is used to implement a technical effect of performing phishing risk detection on a public WiFi without relying on additional hardware deployment.
  • information obtained by the user equipment UE detecting the wireless access point AP of the WiFi is first obtained, and the obtained information includes the target service set identifier SSID of the AP and the target media access control MAC of the AP. And then determining, according to the pre-stored MAC information reference library, whether the target MAC information is consistent with a secure MAC information corresponding to the target SSID recorded by the MAC information reference library, and the secure MAC information corresponding to the target SSID includes one or more, when the target When the MAC information is inconsistent with any secure MAC information corresponding to the target SSID recorded by the MAC information reference library, it is determined that the public WiFi has a phishing risk.
  • the phishing risk of the public WiFi is detected by comparing whether the target MAC information of the public WiFi is consistent with the secure MAC information corresponding to the target SSID recorded in the MAC information reference library. Therefore, the prior art can only detect the fishing through additional hardware deployment.
  • the technical problem of risk realizes the technical effect of detecting public WiFi without relying on additional hardware deployment, thereby reducing the cost of public WiFi security maintenance.
  • a first aspect of the present disclosure provides a method for detecting a public WiFi phishing risk.
  • FIG. 1 it is a flowchart of a method for detecting a public WiFi phishing risk according to an embodiment of the present disclosure. The method includes:
  • S101 Obtain information obtained by detecting, by the user equipment UE, a wireless access point AP of the public wireless fidelity WiFi, where the obtained information includes a target service set identifier SSID of the AP and target media access control MAC information of the AP;
  • S102 Determine, according to the pre-stored MAC information reference library, whether the target MAC information is consistent with one secure MAC information corresponding to the target SSID recorded by the MAC information reference library, and the security MAC information corresponding to the target SSID is one or more;
  • the public WiFi in the embodiment of the present disclosure refers to an AP (Access Point) whose security attribute is OPEN, such as CMCC-WEB, ChinaNet, ChinaUnicom, and 16WiFi.
  • AP Access Point
  • OPEN security attribute
  • CMCC-WEB ChinaNet
  • ChinaUnicom ChinaUnicom
  • 16WiFi 16WiFi
  • the executor of the method for detecting the public WiFi phishing risk in the S101 to S103 in the embodiment of the present disclosure may be a UE (User Equipment) or a server connected to the UE, and the disclosure is not specifically limited.
  • the UE obtains information by detecting the AP of the public WiFi, and the information obtained in the embodiment of the present disclosure specifically includes the SSID (Service Set Identifier) of the AP. And the MAC (Media Access Control, Media Access Control or Medium Access Control) information of the AP.
  • the target SSID is the SSID of the AP
  • the target MAC information is the MAC information of the AP.
  • the MAC information is, for example, a MAC address and a MAC manufacturer, and the like, and the present disclosure is not specifically limited.
  • the phishing risk detection of the public WiFi may be specifically performed when the UE accesses the public WiFi, or when the UE accesses the new public WiFi, that is, when the public WiFi is different from the historical public WiFi SSID. .
  • the person skilled in the art to which the present disclosure pertains may make selections according to actual conditions, and the present disclosure is not specifically limited.
  • the target SSID and the target MAC information are obtained in S101, specifically, the SS ID and MAC information of the AP of the public WiFi to be detected are detected by the UE, and the target SSID is obtained in S101 for the execution subject as the server.
  • the target MAC information is specifically the SSID and MAC information reported by the receiving UE after detecting the AP.
  • executing S102 After obtaining the target SSID and the target MAC information, executing S102, determining, according to the pre-stored MAC information reference library, whether the target MAC information is one of the one or more secure MAC information corresponding to the target SSID recorded in the MAC information reference library. The information is consistent.
  • the MAC information reference library in the embodiment of the present disclosure records a plurality of SSIDs of the public WiFi, and secure MAC information corresponding to each SSID.
  • the MAC information reference library records four SSIDs of CMCC-WEB, ChinaNet, ChinaUnicom, and 16WiFi, and secure MAC information corresponding to each SSID.
  • the MAC information reference library may be established and maintained by the UE itself, or may be established and maintained by the server.
  • the server Preferably, in order to obtain a more comprehensive and more accurate MAC information reference library, it is better for the server to establish and maintain a MAC information reference library based on big data.
  • the execution subject in the embodiment of the present disclosure is the UE, the UE also needs to send an acquisition request to the server to request to obtain the MAC information reference library, and then receive the MAC information reference library delivered by the server based on the acquisition request, and then The MAC information base stock is stored in the storage space of the UE.
  • one or more secure MAC information corresponding to the target SSID is searched from the MAC information reference library based on the target SSID. Then, one or more secure MAC information corresponding to the target SSID and the target SSID are compared. If the target MAC information is consistent with one of the secure MAC information, it indicates that the target MAC information is secure, and thus the possibility that the public WiFi has a phishing risk is small, so it is determined that the public WiFi does not exist for fishing. risk. On the other hand, if the target MAC information is inconsistent with any one of the secure MAC information corresponding to the target SSID, it indicates that the public WiFi may be insecure, and in S103, it is determined that the public WiFi has a phishing risk.
  • the detection of the public WiFi phishing risk is realized. It can be seen from the above description that the method for detecting the public WiFi phishing risk of the embodiment of the present disclosure does not require additional hardware deployment, and compares whether the target MAC information of the public WiFi is consistent with the secure MAC information corresponding to the target SSID recorded in the MAC information reference library. And then detect the phishing risk of public WiFi. Therefore, the technical problem that the prior art can only detect the phishing risk through additional hardware deployment is solved, and the technical effect of detecting the public WiFi without relying on additional hardware deployment is realized, thereby reducing the cost of public WiFi security maintenance.
  • the storage MAC information reference library occupies a large storage resource
  • comparing the target MAC information with a large amount of secure MAC information also consumes a large amount of memory resources and power, therefore, considering the UE storage resources and memory.
  • the resources and power are limited, and therefore, it is preferable that the server performs the detection of the public WiFi phishing risk in the embodiment of the present disclosure.
  • the target MAC information can have multiple possibilities, the specific implementation manner of the S102 is also various. Some of them are described in detail below.
  • the target MAC information specifically includes the target MAC address
  • the MAC information also includes the secure MAC address
  • the S102 is implemented by the following process:
  • the target MAC address when the target MAC address is inconsistent with any one of the secure MAC addresses, it indicates that the target MAC information is inconsistent with any one of the secure MAC information corresponding to the target SSID of the MAC information reference record.
  • one or more secure MAC addresses corresponding to the target SSID are searched from the MAC information reference library, and then the target MAC address and the secure MAC address corresponding to the target SSID are compared.
  • the MAC address of each Internet access device is unique. Therefore, if the destination MAC address is consistent with one of the secure MAC addresses, it indicates that the AP device is configured by the public WiFi carrier, so the public WiFi is less likely to have a phishing risk. .
  • the target MAC address is consistent with one of the secure MAC addresses corresponding to the target SSID
  • the standard MAC information is consistent with one of the secure MAC information corresponding to the target SSID of the MAC information reference record, thereby determining that there is no phishing risk in the public WiFi.
  • all the secure MAC addresses of the target MAC address and the target SSID are inconsistent, it means that the AP device may not be configured by the public WiFi operator, so the public WiFi has a phishing risk.
  • the target MAC address is inconsistent with any one of the secure MAC addresses of the target SSID, it indicates that the target MAC information is inconsistent with all the secure MAC information corresponding to the target SSID of the MAC information reference record, and it is determined that the public WiFi has a phishing risk.
  • the target SSID is specifically ****-WEB
  • the secure MAC address of the ****-WEB recorded in the MAC information reference library is as shown in Table 1.
  • the destination MAC address is 58:66:ba:6e:57:20. Since the target MAC address is consistent with the secure address 58:66:ba:6e:57:20, it is determined that there is no phishing risk for the public WiFi. Assume that the target MAC address is 5c:ad:cf:46:b8:ae. Since the target MAC address is inconsistent with the secure MAC address in Table 1, it is determined that the public WiFi has a phishing risk.
  • the MAC information reference library may simultaneously record the coordinates of each secure MAC address when recording the secure MAC address.
  • the coordinates of the AP are further acquired.
  • the coordinates of the destination MAC address are the same If the coordinates of the secure MAC address are inconsistent, it means that the AP corresponding to the target MAC address is not the secure AP indicated by the same secure MAC address, so it is still determined that the public WiFi has a phishing risk.
  • the target MAC information specifically includes the target MAC manufacturer
  • the secure MAC information specifically includes the secure MAC manufacturer
  • the target MAC manufacturer when the target MAC manufacturer is inconsistent with any of the secure MAC producers, it indicates that the target MAC information is inconsistent with any one of the secure MAC information corresponding to the target SSID of the MAC information reference record.
  • the MAC manufacturer in the embodiment of the present disclosure refers to a company or manufacturer that produces an AP device or an AC (Access Control) device. Based on the target SSID, one or more secure MAC producers corresponding to the target SSID are searched from the MAC information reference library, and then the target MAC producer and the secure MAC producer corresponding to the target SSID are compared. Since, in general, operators of public WiFi purchase large quantities of AP equipment or AC equipment produced by one or more manufacturers, the probability of individual procurement is small, and the probability of these manufacturers producing phishing AP equipment or AC equipment for criminals is low.
  • the target MAC producer is consistent with one of the secure MAC producers, it means that the AP device is configured by the public WiFi operator, so the public WiFi is less likely to have a phishing risk. Therefore, when the target MAC manufacturer is consistent with one of the secure MAC producers of the target SSID, it indicates that the target MAC information is consistent with the target SSID of the MAC information reference record, and it is determined that there is no phishing risk in the public WiFi. On the other hand, if the target MAC manufacturer is inconsistent with any secure MAC manufacturer corresponding to the target SSID, it means that the AP device may not be configured by the public WiFi operator, so the public WiFi has a risk of phishing.
  • the secure MAC producer of the ****-WEB recorded in the MAC information reference library is as shown in Table 2.
  • the target MAC producer is Hangzhou H3C Technologies Co. Since the target MAC manufacturer is consistent with the secure MAC manufacturer Hangzhou H3C Technologies Co., it is determined that there is no phishing risk for the public WiFi. Assuming that the target MAC address producer is ABC, since the target MAC producer is inconsistent with the secure MAC producer in Table 2, it is determined that the public WiFi has a phishing risk.
  • the third type is the third type.
  • the target MAC information further includes a target MAC manufacturer
  • the secure MAC information further includes a secure MAC manufacturer.
  • the target MAC information is any one of the secure MAC addresses corresponding to the target SSID of the MAC information reference record. The information is inconsistent.
  • the target MAC information specifically includes the target MAC address and the target MAC manufacturer
  • the secure MAC information also includes the secure MAC address and the secure MAC manufacturer.
  • the specific process of determining whether the target MAC address is consistent with the secure MAC address corresponding to the target SSID has been introduced in the first implementation manner, so the similarities between the first implementation manner and the third implementation manner are no longer Repeat it.
  • the third implementation differs from the first implementation in that when all the secure MAC addresses corresponding to the target MAC address are inconsistent, the public WiFi is not confirmed to have a phishing risk, but the target MAC production is further determined. Whether the vendor is consistent with one of the secure MAC producers corresponding to the SSID. When the target MAC producer is also inconsistent with all secure MAC producers, it will be determined that the public WiFi has a phishing risk.
  • the reference library may not record the secure MAC address corresponding to all the target SSIDs, or the new secure MAC address of the target SSID is not recorded in time, all the secure MAC addresses of the target MAC address and the target SSID are Inconsistent, further verify that the target MAC manufacturer is a secure MAC producer.
  • the method may further include:
  • the target MAC address is inconsistent with any one of the secure MAC addresses, and the target MAC manufacturer is consistent with a secure MAC manufacturer, the target MAC address is recorded as the secure MAC address corresponding to the target SSID.
  • the target MAC address is inconsistent with one or more secure MAC addresses, and the target MAC manufacturer is consistent with one of the secure MAC producers, it indicates that the target MAC address is missing from the MAC information reference library.
  • the target MAC address is added as a secure MAC address corresponding to the target SSID.
  • the target MAC information specifically includes the target MAC address and the target MAC manufacturer
  • the secure MAC information specifically includes the secure MAC address and the secure MAC producer, S102.
  • the target MAC information is inconsistent with any secure MAC information corresponding to the target SSID of the MAC information reference record.
  • the target MAC address and the target MAC manufacturer will be verified simultaneously.
  • it may first determine whether the target MAC address is consistent with one of the secure MAC addresses corresponding to the target SSID, and then determine whether the target MAC manufacturer is consistent with one of the secure MAC producers corresponding to the target SSID, or first determine the target MAC production. Whether the quotient is consistent with one of the secure MAC producers corresponding to the target SSID, and then determining whether the target MAC address is consistent with one of the secure MAC addresses of the target SSID, or simultaneously performing the above two independent determinations, the disclosure does not specifically limit.
  • the fourth implementation differs from the first implementation and the second implementation in that
  • the public WiFi security is determined when the target MAC address is consistent with one of the secure MAC addresses of the target SSID, or the target MAC producer is consistent with one of the secure MAC producers of the target SSID.
  • all the secure MAC addresses corresponding to the target MAC address and the target SSID are inconsistent, and the target MAC producers are also inconsistent with all the secure MAC producers corresponding to the target SSID, it is determined that the public WiFi has a phishing risk. Thereby, the detection accuracy of the public WiFi fishing risk is improved.
  • any one of the above five implementation manners may be selected by a person of ordinary skill in the art according to the actual implementation, and the disclosure is not specifically limited.
  • the following describes how the server establishes a MAC information reference library.
  • the server sends a report command to the multiple UEs of the access server, where the report is used to notify each UE to detect the accessed AP, obtain the access AP information, and report the detected AP information to the server.
  • the AP information includes at least the security attribute, the SSID, and the MAC information, and further includes the coordinates of the AP, etc., and the disclosure does not specifically limit the disclosure.
  • the server obtains a large amount of AP information by reporting the multiple UEs. Further, the server administrator can also obtain AP information from operators of different public WiFi.
  • the server filters out the AP whose security attribute is OPEN, that is, filters public WiFi from a large number of WiFi.
  • the AP information with the same content needs to be subjected to deduplication processing, so that there is no AP information with the same content in the remaining AP information.
  • the secure AP information of the secure AP is filtered out from the AP information of a large number of public WiFi.
  • all the secure AP information are clustered according to the SSID, thereby obtaining secure MAC information such as a secure MAC address, a secure MAC producer, and coordinates corresponding to each SSID. Then, the secure MAC information corresponding to each SSID is recorded, and a MAC information reference library is established.
  • the number of each SSID is further obtained, and the ranking from high to low is performed according to the number of each SSID. Then, only the SSID sorted before the preset sorting and the corresponding secure MAC information are recorded in the MAC information reference library. In other words, since the probability of accessing the less common public WiFi is smaller in the specific implementation process, only the SSID of the public WiFi with a relatively high coverage rate and a large number of public WiFi addresses may be recorded in the MAC information reference library and corresponding MAC security information.
  • the server may also receive user correction information reported by the UE, and then add, delete, or modify the security MAC information based on the user correction information.
  • the second aspect of the present disclosure further provides a device for detecting a public WiFi phishing risk, as shown in FIG. 2, including:
  • the obtaining module 101 is configured to obtain information obtained by detecting, by the user equipment UE, the wireless access point AP of the public wireless fidelity WiFi, where the obtained information includes the target service set identifier SSID of the AP and the target media access control MAC information of the AP. ;
  • the determining module 102 is configured to determine, according to the pre-stored MAC information reference library, whether the target MAC information is consistent with one secure MAC information corresponding to the target SSID recorded by the MAC information reference database, and the secure MAC information corresponding to the target SSID is one or more;
  • the determining module 103 is configured to determine that the public WiFi has a phishing risk when the target MAC information is inconsistent with any one of the secure MAC information corresponding to the target SSID recorded by the MAC information reference library.
  • the target MAC information includes a target MAC address
  • the secure MAC information includes a secure MAC address
  • the determining module 102 is configured to determine whether the target MAC address is consistent with a secure MAC address corresponding to the target SSID recorded by the MAC information reference library;
  • the target MAC address when the target MAC address is inconsistent with any one of the secure MAC addresses, it indicates that the target MAC information is inconsistent with any one of the secure MAC information corresponding to the target SSID of the MAC information reference record.
  • the target MAC information includes a target MAC manufacturer
  • the secure MAC information includes a secure MAC manufacturer
  • the determining module 102 is configured to determine whether the target MAC manufacturer is consistent with a secure MAC producer corresponding to the target SSID recorded by the MAC information reference library;
  • the target MAC manufacturer when the target MAC manufacturer is inconsistent with any of the secure MAC producers, it indicates that the target MAC information is inconsistent with any one of the secure MAC information corresponding to the target SSID of the MAC information reference record.
  • the target MAC information also includes the target MAC manufacturer
  • the secure MAC information also includes the secure MAC manufacturer, when the target MAC address is inconsistent with any of the secure MAC addresses.
  • the determining module 102 is further configured to determine whether the target MAC manufacturer is consistent with a secure MAC manufacturer corresponding to the target SSID recorded by the MAC information reference library;
  • the target MAC information is any one of the secure MAC addresses corresponding to the target SSID of the MAC information reference record. The information is inconsistent.
  • the device in the embodiment of the present disclosure further includes:
  • the recording module is configured to record the target MAC address as the secure MAC address corresponding to the target SSID when the target MAC address is inconsistent with any one of the secure MAC addresses, and the target MAC manufacturer is consistent with a secure MAC manufacturer.
  • FIG. 3 illustrates a computing device that can implement a method of detecting a public WiFi phishing risk in accordance with the present disclosure.
  • the computing device traditionally includes a processor 310 and a computer program product or computer readable medium in the form of a storage device 320.
  • the storage device 320 may be an electronic memory such as a flash memory, an EEPROM (Electrically Erasable Programmable Read Only Memory), an EPROM, a hard disk, or a ROM.
  • Storage device 320 has a storage space 330 that stores program code 331 for performing any of the method steps described above.
  • storage space 330 storing program code may include various program code 331 for implementing various steps in the above methods, respectively.
  • the program code can be read from or written to one or more computer program products.
  • These computer program products include program code carriers such as a hard disk, a compact disk (CD), a memory card, or a floppy disk.
  • Such computer program products are typically portable or fixed storage units such as those shown in FIG.
  • the storage unit may have storage segments, storage spaces, and the like that are similarly arranged to storage device 320 in the computing device of FIG.
  • the program code can be compressed, for example, in an appropriate form.
  • the storage unit includes computer readable code 331' for performing the method steps in accordance with the present disclosure, ie, code that can be read by a processor, such as 310, which when executed by the computing device causes the computing device Execution The various steps in the method described.
  • information obtained by the user equipment UE detecting the wireless access point AP of the WiFi is first obtained, and the obtained information includes the target service set identifier SSID of the AP and the target media access control MAC of the AP. And then determining, according to the pre-stored MAC information reference library, whether the target MAC information is consistent with a secure MAC information corresponding to the target SSID recorded by the MAC information reference library, and the secure MAC information corresponding to the target SSID includes one or more, when the target When the MAC information is inconsistent with any secure MAC information corresponding to the target SSID recorded by the MAC information reference library, it is determined that the public WiFi has a phishing risk.
  • the phishing risk of the public WiFi is detected by comparing whether the target MAC information of the public WiFi is consistent with the secure MAC information corresponding to the target SSID recorded in the MAC information reference library. Therefore, the technical problem that the prior art can only detect the phishing risk through additional hardware deployment is solved, and the technical effect of detecting the public WiFi without relying on additional hardware deployment is realized, thereby reducing the cost of public WiFi security maintenance.
  • modules in the devices of the embodiments can be adaptively changed and placed in one or more devices different from the embodiment.
  • the modules or units or components of the embodiments may be combined into one module or unit or component, and further they may be divided into a plurality of sub-modules or sub-units or sub-components.
  • any combination of the features disclosed in the specification, including the accompanying claims, the abstract and the drawings, and any methods so disclosed, or All processes or units of the device are combined.
  • Each feature disclosed in this specification (including the accompanying claims, the abstract and the drawings) may be replaced by alternative features that provide the same, equivalent or similar purpose.
  • Various component embodiments of the present disclosure may be implemented in hardware, or in a software module running on one or more processors, or in a combination thereof.
  • a microprocessor or digital signal processor may be used in practice to implement some or all of the functionality of a gateway, proxy server, some or all of the components in accordance with embodiments of the present disclosure.
  • the present disclosure may also be implemented as a device or device program (eg, a computer program and a computer program product) for performing some or all of the methods described herein.
  • Such a program implementing the present disclosure may be stored on a computer readable medium or may be in the form of one or more signals. Such signals may be downloaded from an Internet website, provided on a carrier signal, or provided in any other form.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiments of the invention provide a method and device for determining a risk of phishing attacks in a public WiFi network. The method comprises: obtaining information obtained by user equipment (UE) performing detection on an access point (AP) in a public wireless fidelity (WiFi) network, wherein the obtained information comprises a target service set identifier (SSID) and a target medium access control (MAC) information of the AP; determining, on the basis of a pre-stored MAC information reference library, whether the target MAC information is consistent with secure MAC information corresponding to the target SSID recorded in the MAC information reference library, wherein the target SSID corresponds to one or more secure MAC information; and if not, determining that a risk of phishing attacks is present in the public WiFi network.

Description

公共WiFi钓鱼风险的检测方法和装置Method and device for detecting public WiFi fishing risk
相关申请的交叉参考Cross-reference to related applications
本申请要求于2016年12月21日提交中国专利局、申请号为201611191620.3、名称为“一种公共WiFi钓鱼风险的检测方法和装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。The present application claims priority to Chinese Patent Application No. 201611191620.3, entitled "Detecting Method and Apparatus for Public WiFi Fishing Risk", which is filed on December 21, 2016, the entire contents of which are incorporated by reference. In this application.
技术领域Technical field
本公开涉及计算机技术领域,尤其涉及一种公共WiFi钓鱼风险的检测方法和装置。The present disclosure relates to the field of computer technologies, and in particular, to a method and apparatus for detecting a public WiFi phishing risk.
背景技术Background technique
随着公共WiFi(无线保真,Wireless-Fidelity)数量的增加和普及,公共WiFi的安全问题也变的越来越严峻。据统计,目前66%的公共WiFi不够安全。不法分子将钓鱼WiFi仿造成公共WiFi,致使用户接入钓鱼WiFi后财产和隐私受损。With the increase and popularity of public WiFi (Wireless-Fidelity), the security of public WiFi has become more and more serious. According to statistics, 66% of public WiFi is currently not secure enough. The criminals will copy the phishing WiFi into a public WiFi, causing damage to property and privacy after the user accesses the phishing WiFi.
在相关技术中,针对公共WiFi的钓鱼风险,一种解决方法是在一定范围内部署WIDS(无线入侵检测,Wireless Intrusion Detection Systems)检测设备,利用WIDS检测设备来检测覆盖范围中的钓鱼WiFi。In the related art, a solution to the phishing risk of the public WiFi is to deploy a WIDS (Wireless Intrusion Detection Systems) detection device within a certain range, and use the WIDS detection device to detect the phishing WiFi in the coverage.
然而,上述检测钓鱼风险的方式必须依赖上网设备(如用户设备、网关设备、服务器等)以外的硬件部署(即WIDS检测设备)才能实现。However, the above method of detecting phishing risk must rely on hardware deployment (ie, WIDS detection device) other than the Internet device (such as user equipment, gateway device, server, etc.).
发明内容Summary of the invention
本公开实施例提供了一种公共WiFi钓鱼风险的检测方法和装置,用于实现不依赖额外硬件部署而对公共WiFi进行钓鱼风险检测的技术效果。The embodiment of the present disclosure provides a method and device for detecting a public WiFi phishing risk, which is used to implement a technical effect of performing phishing risk detection on a public WiFi without relying on additional hardware deployment.
第一方面,本公开提供了一种公共WiFi钓鱼风险的检测方法,包括:In a first aspect, the present disclosure provides a method for detecting a public WiFi phishing risk, including:
获得用户设备UE对公共无线保真WiFi的无线接入点AP进行检测而获得的信息,获得的信息包括AP的目标服务集标识符SSID和AP的目标媒体访问控制MAC信息; Obtaining information obtained by the user equipment UE detecting the wireless access point AP of the public wireless fidelity WiFi, and the obtained information includes the target service set identifier SSID of the AP and the target media access control MAC information of the AP;
基于预先存储的MAC信息基准库,判断目标MAC信息是否与MAC信息基准库记录的目标SSID对应的一个安全MAC信息一致,目标SSID对应的安全MAC信息为一个或多个;Determining, according to the pre-stored MAC information reference library, whether the target MAC information is consistent with one secure MAC information corresponding to the target SSID recorded by the MAC information reference library, and the secure MAC information corresponding to the target SSID is one or more;
当目标MAC信息与MAC信息基准库记录的目标SSID对应的任何一个安全MAC信息均不一致时,确定公共WiFi存在钓鱼风险。When the target MAC information is inconsistent with any one of the secure MAC information corresponding to the target SSID recorded by the MAC information reference library, it is determined that the public WiFi has a phishing risk.
第二方面,本公开提供了一种公共WiFi钓鱼风险的检测装置,包括:In a second aspect, the present disclosure provides a device for detecting a public WiFi phishing risk, including:
获得模块,用于获得用户设备UE对公共无线保真WiFi的无线接入点AP进行检测而获得的信息,获得的信息包括AP的目标服务集标识符SSID和AP的目标媒体访问控制MAC信息;And an obtaining module, configured to obtain information obtained by detecting, by the user equipment UE, a wireless access point AP of the public wireless fidelity WiFi, where the obtained information includes a target service set identifier SSID of the AP and target media access control MAC information of the AP;
判断模块,用于基于预先存储的MAC信息基准库,判断目标MAC信息是否与MAC信息基准库记录的目标SSID对应的一个安全MAC信息一致,目标SSID对应的安全MAC信息为一个或多个;a determining module, configured to determine, according to the pre-stored MAC information reference library, whether the target MAC information is consistent with a secure MAC information corresponding to the target SSID recorded by the MAC information reference library, and the secure MAC information corresponding to the target SSID is one or more;
确定模块,用于当目标MAC信息与MAC信息基准库记录的目标SSID对应的任何一个安全MAC信息均不一致时,确定公共WiFi存在钓鱼风险。The determining module is configured to determine that the public WiFi has a phishing risk when the target MAC information is inconsistent with any one of the secure MAC information corresponding to the target SSID recorded by the MAC information reference library.
第三方面,本公开提供了一种计算机程序,包括:In a third aspect, the present disclosure provides a computer program comprising:
计算机可读代码,当计算机可读代码在计算设备上运行时,导致计算设备执行上述公共WiFi钓鱼风险的检测方法。Computer readable code, when the computer readable code is run on a computing device, causes the computing device to perform the method of detecting the public WiFi phishing risk described above.
第四方面,本公开提供了一种计算机可读介质,包括:In a fourth aspect, the present disclosure provides a computer readable medium, comprising:
存储了上述执行上述公共WiFi钓鱼风险的检测方法的计算机程序。A computer program for performing the above-described method of detecting the public WiFi phishing risk is stored.
本公开实施例中的上述一个或多个技术方案,至少具有如下一种或多种技术效果:The above one or more technical solutions in the embodiments of the present disclosure have at least one or more of the following technical effects:
在本公开实施例的技术方案中,首先获得用户设备UE对WiFi的无线接入点AP进行检测而获得的信息,获得的信息包括AP的目标服务集标识符SSID和AP的目标媒体访问控制MAC信息,然后基于预先存储的MAC信息基准库,判断目标MAC信息是否与MAC信息基准库记录的目标SSID对应的一个安全MAC信息中一致,目标SSID对应的安全MAC信息包括一个或多个,当目标MAC信息与MAC信息基准库记录的目标SSID对应的任何安全MAC信息均不一致时,确定公共WiFi存在钓鱼风险。所以,在不需要额外硬件部署的情况下,通过对比公共WiFi的目标MAC信息是否与MAC信息基准库中记录的目标SSID对应的安全MAC信息一致,进而对公共WiFi 的钓鱼风险进行检测。由此解决了现有技术只能通过额外硬件部署检测钓鱼风险的技术问题,实现了不依赖额外硬件部署而对公共WiFi进行检测的技术效果,进而降低了对公共WiFi安全维护的成本。In the technical solution of the embodiment of the present disclosure, information obtained by the user equipment UE detecting the wireless access point AP of the WiFi is first obtained, and the obtained information includes the target service set identifier SSID of the AP and the target media access control MAC of the AP. And then determining, according to the pre-stored MAC information reference library, whether the target MAC information is consistent with a secure MAC information corresponding to the target SSID recorded by the MAC information reference library, and the secure MAC information corresponding to the target SSID includes one or more, when the target When the MAC information is inconsistent with any secure MAC information corresponding to the target SSID recorded by the MAC information reference library, it is determined that the public WiFi has a phishing risk. Therefore, in the case that no additional hardware deployment is required, whether the target MAC information of the public WiFi is consistent with the secure MAC information corresponding to the target SSID recorded in the MAC information reference library, and then the public WiFi is used. The risk of fishing is tested. Therefore, the technical problem that the prior art can only detect the phishing risk through additional hardware deployment is solved, and the technical effect of detecting the public WiFi without relying on additional hardware deployment is realized, thereby reducing the cost of public WiFi security maintenance.
附图概述BRIEF abstract
通过阅读下文优选实施方式的详细描述,各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的,而并不认为是对本公开的限制。而且在整个附图中,用相同的参考符号表示相同的部件。在附图中:Various other advantages and benefits will become apparent to those skilled in the art from a The drawings are only for the purpose of illustrating the preferred embodiments and are not to be considered as limiting. Throughout the drawings, the same reference numerals are used to refer to the same parts. In the drawing:
图1为本公开实施例中公共WiFi钓鱼风险的检测方法流程图;1 is a flowchart of a method for detecting a public WiFi phishing risk in an embodiment of the present disclosure;
图2为本公开实施例中公共WiFi钓鱼风险的检测装置结构示意图;2 is a schematic structural diagram of a device for detecting a public WiFi phishing risk according to an embodiment of the present disclosure;
图3示意性地示出了用于执行根据本公开实施例的公共WiFi钓鱼风险的检测方法的计算设备的框图;以及图4示意性地示出了用于保持或者携带实现根据本公开实施例的公共WiFi钓鱼风险的检测方法的程序代码的存储单元。3 schematically illustrates a block diagram of a computing device for performing a method of detecting a public WiFi phishing risk in accordance with an embodiment of the present disclosure; and FIG. 4 schematically illustrates an implementation for maintaining or carrying implementations in accordance with an embodiment of the present disclosure. The storage unit of the program code of the public WiFi fishing risk detection method.
本发明的较佳实施方式Preferred embodiment of the invention
本公开实施例提供了一种公共WiFi钓鱼风险的检测方法和装置,用于实现不依赖额外硬件部署而对公共WiFi进行钓鱼风险检测的技术效果。The embodiment of the present disclosure provides a method and device for detecting a public WiFi phishing risk, which is used to implement a technical effect of performing phishing risk detection on a public WiFi without relying on additional hardware deployment.
为了解决上述技术问题,本公开提供的技术方案思路如下:In order to solve the above technical problems, the technical solutions provided by the present disclosure are as follows:
在本公开实施例的技术方案中,首先获得用户设备UE对WiFi的无线接入点AP进行检测而获得的信息,获得的信息包括AP的目标服务集标识符SSID和AP的目标媒体访问控制MAC信息,然后基于预先存储的MAC信息基准库,判断目标MAC信息是否与MAC信息基准库记录的目标SSID对应的一个安全MAC信息中一致,目标SSID对应的安全MAC信息包括一个或多个,当目标MAC信息与MAC信息基准库记录的目标SSID对应的任何安全MAC信息均不一致时,确定公共WiFi存在钓鱼风险。所以,在不需要额外硬件部署的情况下,通过对比公共WiFi的目标MAC信息是否与MAC信息基准库中记录的目标SSID对应的安全MAC信息一致,进而对公共WiFi的钓鱼风险进行检测。由此解决了现有技术只能通过额外硬件部署检测钓鱼 风险的技术问题,实现了不依赖额外硬件部署而对公共WiFi进行检测的技术效果,进而降低了对公共WiFi安全维护的成本。In the technical solution of the embodiment of the present disclosure, information obtained by the user equipment UE detecting the wireless access point AP of the WiFi is first obtained, and the obtained information includes the target service set identifier SSID of the AP and the target media access control MAC of the AP. And then determining, according to the pre-stored MAC information reference library, whether the target MAC information is consistent with a secure MAC information corresponding to the target SSID recorded by the MAC information reference library, and the secure MAC information corresponding to the target SSID includes one or more, when the target When the MAC information is inconsistent with any secure MAC information corresponding to the target SSID recorded by the MAC information reference library, it is determined that the public WiFi has a phishing risk. Therefore, in the case that no additional hardware deployment is required, the phishing risk of the public WiFi is detected by comparing whether the target MAC information of the public WiFi is consistent with the secure MAC information corresponding to the target SSID recorded in the MAC information reference library. Therefore, the prior art can only detect the fishing through additional hardware deployment. The technical problem of risk realizes the technical effect of detecting public WiFi without relying on additional hardware deployment, thereby reducing the cost of public WiFi security maintenance.
下面通过附图以及具体实施例对本公开技术方案做详细的说明,应当理解本公开实施例以及实施例中的具体特征是对本公开技术方案的详细的说明,而不是对本公开技术方案的限定,在不冲突的情况下,本公开实施例以及实施例中的技术特征可以相互组合。The technical solutions of the present disclosure are described in detail below with reference to the accompanying drawings and specific embodiments. It is understood that the specific features of the embodiments and the embodiments of the present disclosure are the detailed description of the technical solutions of the present disclosure, and In the case of no conflict, the technical features of the embodiments of the present disclosure and the embodiments may be combined with each other.
本文中术语“和/或”,仅仅是一种描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B这三种情况。另外,本文中字符“/”,一般表示前后关联对象是一种“或”的关系。The term "and/or" in this context is merely an association describing the associated object, indicating that there may be three relationships, for example, A and / or B, which may indicate that A exists separately, and both A and B exist, respectively. B these three situations. In addition, the character "/" in this article generally indicates that the contextual object is an "or" relationship.
本公开第一方面提供了一种公共WiFi钓鱼风险的检测方法,请参考图1,为本公开实施例中公共WiFi钓鱼风险的检测方法流程图。该方法包括:A first aspect of the present disclosure provides a method for detecting a public WiFi phishing risk. Referring to FIG. 1 , it is a flowchart of a method for detecting a public WiFi phishing risk according to an embodiment of the present disclosure. The method includes:
S101:获得用户设备UE对公共无线保真WiFi的无线接入点AP进行检测而获得的信息,获得的信息包括AP的目标服务集标识符SSID和AP的目标媒体访问控制MAC信息;S101: Obtain information obtained by detecting, by the user equipment UE, a wireless access point AP of the public wireless fidelity WiFi, where the obtained information includes a target service set identifier SSID of the AP and target media access control MAC information of the AP;
S102:基于预先存储的MAC信息基准库,判断目标MAC信息是否与MAC信息基准库记录的目标SSID对应的一个安全MAC信息一致,目标SSID对应的安全MAC信息为一个或多个;S102: Determine, according to the pre-stored MAC information reference library, whether the target MAC information is consistent with one secure MAC information corresponding to the target SSID recorded by the MAC information reference library, and the security MAC information corresponding to the target SSID is one or more;
S103:当目标MAC信息与MAC信息基准库记录的目标SSID对应的任何一个安全MAC信息均不一致时,确定公共WiFi存在钓鱼风险。S103: When any one of the secure MAC information corresponding to the target SSID recorded by the MAC information reference database is inconsistent, it is determined that the public WiFi has a phishing risk.
具体来讲,本公开实施例中的公共WiFi指的是安全属性为OPEN的AP(无线接入点,Access Point),例如CMCC-WEB、ChinaNet、ChinaUnicom和16WiFi等。Specifically, the public WiFi in the embodiment of the present disclosure refers to an AP (Access Point) whose security attribute is OPEN, such as CMCC-WEB, ChinaNet, ChinaUnicom, and 16WiFi.
本公开实施例中S101至S103中检测公共WiFi钓鱼风险的方法的执行主体可以为UE(用户设备,User Equipment),也可以为与UE连接的服务器,本公开不做具体限制。The executor of the method for detecting the public WiFi phishing risk in the S101 to S103 in the embodiment of the present disclosure may be a UE (User Equipment) or a server connected to the UE, and the disclosure is not specifically limited.
当需要对一公共WiFi的钓鱼风险进行检测时,UE对该公共WiFi的AP进行检测而获得信息,本公开实施例中获得的信息具体包括该AP的SSID(服务集标识符,Service Set Identifier),以及该AP的MAC(媒体访问控制,Media Access Control或者Medium Access Control)信息。在本公开实施 例中,目标SSID即为该AP的SSID,目标MAC信息即为该AP的MAC信息。其中,MAC信息例如为MAC地址和MAC生产商等,本公开不做具体限制。When the phishing risk of a public WiFi is detected, the UE obtains information by detecting the AP of the public WiFi, and the information obtained in the embodiment of the present disclosure specifically includes the SSID (Service Set Identifier) of the AP. And the MAC (Media Access Control, Media Access Control or Medium Access Control) information of the AP. Implemented in the present disclosure For example, the target SSID is the SSID of the AP, and the target MAC information is the MAC information of the AP. The MAC information is, for example, a MAC address and a MAC manufacturer, and the like, and the present disclosure is not specifically limited.
其中,对公共WiFi进行钓鱼风险检测,可以具体为UE每次接入公共WiFi的时候,或者具体为UE接入新的公共WiFi的时候,即接入与历史公共WiFi的SSID不同的公共WiFi时。本公开所属领域的普通技术人员可以根据实际进行选择,本公开不做具体限制。The phishing risk detection of the public WiFi may be specifically performed when the UE accesses the public WiFi, or when the UE accesses the new public WiFi, that is, when the public WiFi is different from the historical public WiFi SSID. . The person skilled in the art to which the present disclosure pertains may make selections according to actual conditions, and the present disclosure is not specifically limited.
对于执行主体为UE,S101中获得目标SSID和目标MAC信息,具体为UE对AP进行检测而获得待检测公共WiFi的AP的SSID和MAC信息;而对于执行主体为服务器,S101中获得目标SSID和目标MAC信息,具体为接收UE在对AP进行检测后上报的SSID和MAC信息。For the execution subject being the UE, the target SSID and the target MAC information are obtained in S101, specifically, the SS ID and MAC information of the AP of the public WiFi to be detected are detected by the UE, and the target SSID is obtained in S101 for the execution subject as the server. The target MAC information is specifically the SSID and MAC information reported by the receiving UE after detecting the AP.
获得目标SSID和目标MAC信息后,执行S102,基于预先存储的MAC信息基准库,判断目标MAC信息是否与MAC信息基准库中记录的目标SSID对应的一个或多个安全MAC信息中的一个安全MAC信息一致。After obtaining the target SSID and the target MAC information, executing S102, determining, according to the pre-stored MAC information reference library, whether the target MAC information is one of the one or more secure MAC information corresponding to the target SSID recorded in the MAC information reference library. The information is consistent.
具体来讲,本公开实施例中的MAC信息基准库记录有多个公共WiFi的SSID,以及每个SSID对应的安全的MAC信息。举例来说,假设MAC信息基准库中记录了CMCC-WEB、ChinaNet、ChinaUnicom和16WiFi四个SSID,以及每个SSID对应的安全MAC信息。Specifically, the MAC information reference library in the embodiment of the present disclosure records a plurality of SSIDs of the public WiFi, and secure MAC information corresponding to each SSID. For example, assume that the MAC information reference library records four SSIDs of CMCC-WEB, ChinaNet, ChinaUnicom, and 16WiFi, and secure MAC information corresponding to each SSID.
在本公开实施例中,MAC信息基准库可以由UE自行建立并维护,也可以由服务器建立并维护。优选的,为了获得更加全面和更加精确的MAC信息基准库,由服务器基于大数据建立并维护MAC信息基准库为较佳选择。当然,如果本公开实施例中的执行主体为UE,则UE还需要向服务器发送表示请求获取MAC信息基准库的获取请求,进而接收服务器基于获取请求而下发的MAC信息基准库,然后再将MAC信息基准库存储在UE的存储空间中。In the embodiment of the present disclosure, the MAC information reference library may be established and maintained by the UE itself, or may be established and maintained by the server. Preferably, in order to obtain a more comprehensive and more accurate MAC information reference library, it is better for the server to establish and maintain a MAC information reference library based on big data. Of course, if the execution subject in the embodiment of the present disclosure is the UE, the UE also needs to send an acquisition request to the server to request to obtain the MAC information reference library, and then receive the MAC information reference library delivered by the server based on the acquisition request, and then The MAC information base stock is stored in the storage space of the UE.
为了对公共WiFi进行钓鱼风险检测,基于目标SSID,从MAC信息基准库中搜索出目标SSID对应的一个或多个安全MAC信息。然后,比较目标MAC信息与目标SSID对应的一个或多个安全MAC信息。如果目标MAC信息与其中一个安全MAC信息一致,则表示目标MAC信息安全,进而表示该公共WiFi存在钓鱼风险的可能性较小,所以确定公共WiFi不存在钓鱼 风险。反之,如果目标MAC信息与目标SSID对应的任何一个安全MAC信息均不一致,则表示公共WiFi可能不安全,进而在S103中,确定公共WiFi存在钓鱼风险。In order to perform phishing risk detection on the public WiFi, one or more secure MAC information corresponding to the target SSID is searched from the MAC information reference library based on the target SSID. Then, one or more secure MAC information corresponding to the target SSID and the target SSID are compared. If the target MAC information is consistent with one of the secure MAC information, it indicates that the target MAC information is secure, and thus the possibility that the public WiFi has a phishing risk is small, so it is determined that the public WiFi does not exist for fishing. risk. On the other hand, if the target MAC information is inconsistent with any one of the secure MAC information corresponding to the target SSID, it indicates that the public WiFi may be insecure, and in S103, it is determined that the public WiFi has a phishing risk.
通过上述过程,就实现了对公共WiFi钓鱼风险的检测。由上述描述可以看出,本公开实施例检测公共WiFi钓鱼风险的方法并不需要额外硬件部署,通过对比公共WiFi的目标MAC信息是否与MAC信息基准库中记录的目标SSID对应的安全MAC信息一致,进而对公共WiFi的钓鱼风险进行检测。由此解决了现有技术只能通过额外硬件部署检测钓鱼风险的技术问题,实现了不依赖额外硬件部署而对公共WiFi进行检测的技术效果,进而降低了对公共WiFi安全维护的成本。Through the above process, the detection of the public WiFi phishing risk is realized. It can be seen from the above description that the method for detecting the public WiFi phishing risk of the embodiment of the present disclosure does not require additional hardware deployment, and compares whether the target MAC information of the public WiFi is consistent with the secure MAC information corresponding to the target SSID recorded in the MAC information reference library. And then detect the phishing risk of public WiFi. Therefore, the technical problem that the prior art can only detect the phishing risk through additional hardware deployment is solved, and the technical effect of detecting the public WiFi without relying on additional hardware deployment is realized, thereby reducing the cost of public WiFi security maintenance.
在具体实现过程中,由于存储MAC信息基准库会占用较大的存储资源,同时将目标MAC信息与大量安全MAC信息进行对比也会消耗大量内存资源和电量,因此,考虑到UE存储资源、内存资源和电量有限,因此,由服务器执行本公开实施例中公共WiFi钓鱼风险的检测为较佳选择。In the specific implementation process, since the storage MAC information reference library occupies a large storage resource, comparing the target MAC information with a large amount of secure MAC information also consumes a large amount of memory resources and power, therefore, considering the UE storage resources and memory. The resources and power are limited, and therefore, it is preferable that the server performs the detection of the public WiFi phishing risk in the embodiment of the present disclosure.
进一步,由于目标MAC信息可以有多种可能,所以S102的具体实现方式也有多种。下面就对其中几种进行详细介绍。Further, since the target MAC information can have multiple possibilities, the specific implementation manner of the S102 is also various. Some of them are described in detail below.
第一种:The first:
在第一种实现方式中,目标MAC信息具体包括目标MAC地址,MAC信息也具体包括安全MAC地址,进而S102通过如下过程实现:In the first implementation, the target MAC information specifically includes the target MAC address, and the MAC information also includes the secure MAC address, and the S102 is implemented by the following process:
判断目标MAC地址是否与MAC信息基准库记录的目标SSID对应的一个安全MAC地址一致;Determining whether the target MAC address is consistent with a secure MAC address corresponding to the target SSID recorded by the MAC information reference library;
其中,当目标MAC地址与任何一个安全MAC地址均不一致时,表示目标MAC信息与MAC信息基准记录的目标SSID对应的任何一个安全MAC信息均不一致。Wherein, when the target MAC address is inconsistent with any one of the secure MAC addresses, it indicates that the target MAC information is inconsistent with any one of the secure MAC information corresponding to the target SSID of the MAC information reference record.
具体来讲,基于目标SSID,从MAC信息基准库中搜索出目标SSID对应的一个或多个安全MAC地址,然后比较目标MAC地址和目标SSID对应的安全MAC地址。通常情况下,每个上网设备的MAC地址唯一,因此如果目标MAC地址与其中一个安全MAC地址一致,则表示该AP设备由公共WiFi运营商配置,所以该公共WiFi存在钓鱼风险的可能性较小。因此,当目标MAC地址与目标SSID对应的其中一个安全MAC地址一致时,表示目 标MAC信息与MAC信息基准记录的目标SSID对应的其中一个安全MAC信息一致,进而确定公共WiFi不存在钓鱼风险。反之,如果目标MAC地址与目标SSID对应的所有安全MAC地址均不一致,则表示该AP设备可能并不由公共WiFi运营商配置,所以该公共WiFi存在钓鱼风险。因此,当目标MAC地址与目标SSID的对应的任何一个安全MAC地址均不一致时,表示目标MAC信息与MAC信息基准记录的目标SSID对应所有安全MAC信息均不一致,确定该公共WiFi存在钓鱼风险。Specifically, based on the target SSID, one or more secure MAC addresses corresponding to the target SSID are searched from the MAC information reference library, and then the target MAC address and the secure MAC address corresponding to the target SSID are compared. Generally, the MAC address of each Internet access device is unique. Therefore, if the destination MAC address is consistent with one of the secure MAC addresses, it indicates that the AP device is configured by the public WiFi carrier, so the public WiFi is less likely to have a phishing risk. . Therefore, when the target MAC address is consistent with one of the secure MAC addresses corresponding to the target SSID, The standard MAC information is consistent with one of the secure MAC information corresponding to the target SSID of the MAC information reference record, thereby determining that there is no phishing risk in the public WiFi. On the other hand, if all the secure MAC addresses of the target MAC address and the target SSID are inconsistent, it means that the AP device may not be configured by the public WiFi operator, so the public WiFi has a phishing risk. Therefore, when the target MAC address is inconsistent with any one of the secure MAC addresses of the target SSID, it indicates that the target MAC information is inconsistent with all the secure MAC information corresponding to the target SSID of the MAC information reference record, and it is determined that the public WiFi has a phishing risk.
举例来说,目标SSID具体为****-WEB,MAC信息基准库中记录的****-WEB的安全MAC地址如表1所示。For example, the target SSID is specifically ****-WEB, and the secure MAC address of the ****-WEB recorded in the MAC information reference library is as shown in Table 1.
表1Table 1
Figure PCTCN2017117690-appb-000001
Figure PCTCN2017117690-appb-000001
假设目标MAC地址为58:66:ba:6e:57:20。由于目标MAC地址与安全地址58:66:ba:6e:57:20一致,所以确定该公共WiFi不存在钓鱼风险。假设目标MAC地址为5c:ad:cf:46:b8:ae,由于目标MAC地址与表1中的安全MAC地址均不一致,所以确定该公共WiFi存在钓鱼风险。Assume that the destination MAC address is 58:66:ba:6e:57:20. Since the target MAC address is consistent with the secure address 58:66:ba:6e:57:20, it is determined that there is no phishing risk for the public WiFi. Assume that the target MAC address is 5c:ad:cf:46:b8:ae. Since the target MAC address is inconsistent with the secure MAC address in Table 1, it is determined that the public WiFi has a phishing risk.
进一步,在具体实现过程中,可能会存在MAC地址重复的情况,为了区分地址相同的不同MAC地址,MAC信息基准库在记录安全MAC地址时,可以同时记录每个安全MAC地址的坐标,由此来区分重复的MAC。例如,58:66:ba:6e:57:20(坐标:北京)和58:66:ba:6e:57:20(坐标:上海)。进而,S101中还需要进一步获取AP的坐标,在目标MAC地址与目标SSID对应的其中一个MAC地址一致时,进一步判断目标MAC地址的坐标是否与该一致的安全MAC地址的坐标一致。如果目标MAC地址的坐标与该相同的 安全MAC地址的坐标不一致,则表示目标MAC地址对应的AP其实并不是这个相同的安全MAC地址所指示的安全AP,所以仍然确定公共WiFi存在钓鱼风险。Further, in a specific implementation process, there may be a case where the MAC address is duplicated. In order to distinguish different MAC addresses with the same address, the MAC information reference library may simultaneously record the coordinates of each secure MAC address when recording the secure MAC address. To distinguish between duplicate MACs. For example, 58:66:ba:6e:57:20 (coordinates: Beijing) and 58:66:ba:6e:57:20 (coordinates: Shanghai). Further, in S101, the coordinates of the AP are further acquired. When the target MAC address and one of the MAC addresses corresponding to the target SSID are consistent, it is further determined whether the coordinates of the target MAC address are consistent with the coordinates of the consistent secure MAC address. If the coordinates of the destination MAC address are the same If the coordinates of the secure MAC address are inconsistent, it means that the AP corresponding to the target MAC address is not the secure AP indicated by the same secure MAC address, so it is still determined that the public WiFi has a phishing risk.
第二种:Second:
在第二种实现方式中,目标MAC信息具体包括目标MAC生产商,安全MAC信息也具体包括安全MAC生产商,进而S102通过如下过程实现:In the second implementation manner, the target MAC information specifically includes the target MAC manufacturer, and the secure MAC information specifically includes the secure MAC manufacturer, and then S102 is implemented by the following process:
判断目标MAC生产商是否与MAC信息基准库记录的目标SSID对应的一个安全MAC生产商一致;Determining whether the target MAC manufacturer is consistent with a secure MAC manufacturer corresponding to the target SSID recorded in the MAC information reference library;
其中,当目标MAC生产商与任何一个安全MAC生产商均不一致时,表示目标MAC信息与MAC信息基准记录的目标SSID对应的任何一个安全MAC信息均不一致。Wherein, when the target MAC manufacturer is inconsistent with any of the secure MAC producers, it indicates that the target MAC information is inconsistent with any one of the secure MAC information corresponding to the target SSID of the MAC information reference record.
具体来讲,本公开实施例中的MAC生产商,指的是生产AP设备或者AC(接入控制器,Access Control)设备的公司或厂家。基于目标SSID,从MAC信息基准库中搜索出目标SSID对应的一个或多个安全MAC生产商,然后比较目标MAC生产商和目标SSID对应的安全MAC生产商。由于通常情况下,公共WiFi的运营商会大批量采购一个或多个生产商生产的AP设备或者AC设备,个别采购的几率较小,且这些生产商为不法分子生产钓鱼AP设备或者AC设备的几率也较小,因此如果目标MAC生产商与其中一个安全MAC生产商一致,则表示该AP设备由公共WiFi运营商配置,所以该公共WiFi存在钓鱼风险的可能性较小。因此,当目标MAC生产商与目标SSID的其中一个安全MAC生产商一致时,表示目标MAC信息与MAC信息基准记录的目标SSID对应其中一个安全MAC信息一致,进而确定公共WiFi不存在钓鱼风险。反之,如果目标MAC生产商与目标SSID对应的任何安全MAC生产商均不一致,则表示该AP设备可能并不由公共WiFi运营商配置,所以该公共WiFi存在钓鱼风险。因此,当目标MAC生产商与目标SSID的对应的任何安全MAC生产商均不一致时,表示目标MAC信息与MAC信息基准记录的目标SSID对应的所有安全MAC信息均不一致,确定该公共WiFi存在钓鱼风险。Specifically, the MAC manufacturer in the embodiment of the present disclosure refers to a company or manufacturer that produces an AP device or an AC (Access Control) device. Based on the target SSID, one or more secure MAC producers corresponding to the target SSID are searched from the MAC information reference library, and then the target MAC producer and the secure MAC producer corresponding to the target SSID are compared. Since, in general, operators of public WiFi purchase large quantities of AP equipment or AC equipment produced by one or more manufacturers, the probability of individual procurement is small, and the probability of these manufacturers producing phishing AP equipment or AC equipment for criminals is low. It is also small, so if the target MAC producer is consistent with one of the secure MAC producers, it means that the AP device is configured by the public WiFi operator, so the public WiFi is less likely to have a phishing risk. Therefore, when the target MAC manufacturer is consistent with one of the secure MAC producers of the target SSID, it indicates that the target MAC information is consistent with the target SSID of the MAC information reference record, and it is determined that there is no phishing risk in the public WiFi. On the other hand, if the target MAC manufacturer is inconsistent with any secure MAC manufacturer corresponding to the target SSID, it means that the AP device may not be configured by the public WiFi operator, so the public WiFi has a risk of phishing. Therefore, when the target MAC manufacturer is inconsistent with any of the secure MAC producers corresponding to the target SSID, all the secure MAC information corresponding to the target SS information and the target SSID of the MAC information reference record are inconsistent, and it is determined that the public WiFi has a fishing risk. .
沿用目标SSID具体为****-WEB的例子来说,MAC信息基准库中记录的****-WEB的安全MAC生产商如表2所示。 As an example of the target SSID specifically ****-WEB, the secure MAC producer of the ****-WEB recorded in the MAC information reference library is as shown in Table 2.
表2Table 2
Figure PCTCN2017117690-appb-000002
Figure PCTCN2017117690-appb-000002
假设目标MAC生产商为Hangzhou H3C Technologies Co.。由于目标MAC生产商与安全MAC生产商Hangzhou H3C Technologies Co.一致,所以确定该公共WiFi不存在钓鱼风险。假设目标MAC地址生产商为ABC,由于目标MAC生产商与表2中的安全MAC生产商均不一致,所以确定该公共WiFi存在钓鱼风险。Assume that the target MAC producer is Hangzhou H3C Technologies Co. Since the target MAC manufacturer is consistent with the secure MAC manufacturer Hangzhou H3C Technologies Co., it is determined that there is no phishing risk for the public WiFi. Assuming that the target MAC address producer is ABC, since the target MAC producer is inconsistent with the secure MAC producer in Table 2, it is determined that the public WiFi has a phishing risk.
第三种:The third type:
结合第一种实现方式,在第三种实现方式中,目标MAC信息进一步还包括目标MAC生产商,安全MAC信息也进一步还包括安全MAC生产商, 当目标MAC地址与一个或多个安全MAC地址均不一致时,进而S102的实现过程进一步还包括:In combination with the first implementation manner, in the third implementation manner, the target MAC information further includes a target MAC manufacturer, and the secure MAC information further includes a secure MAC manufacturer. When the target MAC address is inconsistent with one or more secure MAC addresses, the implementation process of S102 further includes:
判断目标MAC生产商是否与MAC信息基准库记录的目标SSID对应的一个安全MAC生产商一致;Determining whether the target MAC manufacturer is consistent with a secure MAC manufacturer corresponding to the target SSID recorded in the MAC information reference library;
其中,当目标MAC地址与任何一个安全MAC地址均不一致,并且目标MAC生产商与任何一个安全MAC生产商也均不一致时,表示目标MAC信息与MAC信息基准记录的目标SSID对应的任何一个安全MAC信息均不一致。Wherein, when the target MAC address is inconsistent with any one of the secure MAC addresses, and the target MAC manufacturer is also inconsistent with any of the secure MAC manufacturers, the target MAC information is any one of the secure MAC addresses corresponding to the target SSID of the MAC information reference record. The information is inconsistent.
具体来讲,在第三种实现方式中,目标MAC信息具体包括目标MAC地址和目标MAC生产商,安全MAC信息也具体包括安全MAC地址和安全MAC生产商。在第三种实现方式中,首先判断目标MAC地址是否与目标SSID对应的其中一个安全MAC地址一致。如果目标MAC地址与目标SSID对应的其中一个安全MAC地址一致,则判断公共WiFi不存在钓鱼风险。其中,判断目标MAC地址是否与目标SSID对应的安全MAC地址一致的具体过程在第一种实现方式中已经介绍了,因此对于第一种实现方式和第三种实现方式的相同之处就不再重复赘述了。Specifically, in the third implementation manner, the target MAC information specifically includes the target MAC address and the target MAC manufacturer, and the secure MAC information also includes the secure MAC address and the secure MAC manufacturer. In the third implementation manner, it is first determined whether the target MAC address is consistent with one of the secure MAC addresses corresponding to the target SSID. If the target MAC address is consistent with one of the secure MAC addresses corresponding to the target SSID, it is determined that there is no phishing risk in the public WiFi. The specific process of determining whether the target MAC address is consistent with the secure MAC address corresponding to the target SSID has been introduced in the first implementation manner, so the similarities between the first implementation manner and the third implementation manner are no longer Repeat it.
第三种实现方式与第一种实现方式的不同之处在于,当目标MAC地址与目标SSID对应的所有安全MAC地址均不一致时,不会确认公共WiFi存在钓鱼风险,而是进一步判断目标MAC生产商是否与SSID对应的其中一个安全MAC生产商一致。当目标MAC生产商与所有安全MAC生产商也均不一致时,才会确定公共WiFi存在钓鱼风险。The third implementation differs from the first implementation in that when all the secure MAC addresses corresponding to the target MAC address are inconsistent, the public WiFi is not confirmed to have a phishing risk, but the target MAC production is further determined. Whether the vendor is consistent with one of the secure MAC producers corresponding to the SSID. When the target MAC producer is also inconsistent with all secure MAC producers, it will be determined that the public WiFi has a phishing risk.
具体来讲,由于基准库可能并未记录全部目标SSID对应的安全的MAC地址,或者并未及时记录目标SSID的新的安全MAC地址,所以,在目标MAC地址与目标SSID的所有安全MAC地址均不一致时,进一步验证目标MAC生产商是否为安全MAC生产商。Specifically, since the reference library may not record the secure MAC address corresponding to all the target SSIDs, or the new secure MAC address of the target SSID is not recorded in time, all the secure MAC addresses of the target MAC address and the target SSID are Inconsistent, further verify that the target MAC manufacturer is a secure MAC producer.
由于安全MAC生产商生产的大多数AP设备或AC设备是安全的,所以当目标MAC地址与目标SSID对应的所有安全MAC地址均不一致,然而目标MAC生产商与目标SSID对应的其中一个安全MAC生产商一致时,仍然认为公共WiFi是安全的。而当目标MAC地址与目标SSID对应的所有安全MAC地址均不一致,目标MAC生产商也与目标SSID对应的所有安全MAC 生产商均不一致时,才会确定公共WiFi存在钓鱼风险。由此,提高了公共WiFi钓鱼风险的检测准确率。Since most AP devices or AC devices produced by the secure MAC manufacturer are secure, all secure MAC addresses corresponding to the target SSID and the target SSID are inconsistent, but one of the target MAC producers corresponds to the target SSID. When the business is consistent, public WiFi is still considered safe. When the target MAC address is inconsistent with all the secure MAC addresses corresponding to the target SSID, the target MAC manufacturer also has all the secure MAC addresses corresponding to the target SSID. When the producers are inconsistent, it will be determined that there is a risk of fishing in public WiFi. Thereby, the detection accuracy of the public WiFi fishing risk is improved.
进一步,对于第三种实现方式,还可以包括:Further, for the third implementation manner, the method may further include:
当目标MAC地址与任何一个安全MAC地址均不一致,而目标MAC生产商与一个安全MAC生产商一致时,将目标MAC地址记录为目标SSID对应的安全MAC地址。When the target MAC address is inconsistent with any one of the secure MAC addresses, and the target MAC manufacturer is consistent with a secure MAC manufacturer, the target MAC address is recorded as the secure MAC address corresponding to the target SSID.
具体来讲,当目标MAC地址与一个或多个安全MAC地址均不一致,而目标MAC生产商与其中一个安全MAC生产商一致时,表明MAC信息基准库中遗漏了目标MAC地址,因此,此时将目标MAC地址添加为目标SSID对应的一个安全MAC地址。Specifically, when the target MAC address is inconsistent with one or more secure MAC addresses, and the target MAC manufacturer is consistent with one of the secure MAC producers, it indicates that the target MAC address is missing from the MAC information reference library. The target MAC address is added as a secure MAC address corresponding to the target SSID.
第四种:Fourth:
结合第一种实现方式和第二种实现方式,在第四种实现方式,目标MAC信息具体包括目标MAC地址和目标MAC生产商,安全MAC信息具体包括安全MAC地址和安全MAC生产商,S102的实现过程如下:With reference to the first implementation manner and the second implementation manner, in the fourth implementation manner, the target MAC information specifically includes the target MAC address and the target MAC manufacturer, and the secure MAC information specifically includes the secure MAC address and the secure MAC producer, S102. The implementation process is as follows:
判断目标MAC地址是否与MAC信息基准库记录的目标SSID对应的一个安全MAC地址一致,以及目标MAC生产商是否与SSID对应的一个安全MAC生产商一致;Determining whether the target MAC address is consistent with a secure MAC address corresponding to the target SSID recorded by the MAC information reference library, and whether the target MAC manufacturer is consistent with a secure MAC producer corresponding to the SSID;
其中,当目标MAC地址与任何安全MAC地址均不一致,并且目标MAC生产商与任何安全MAC生产商也均不一致时,表示目标MAC信息与MAC信息基准记录的目标SSID对应的任何安全MAC信息均不一致。Wherein, when the target MAC address is inconsistent with any secure MAC address, and the target MAC manufacturer is also inconsistent with any secure MAC manufacturer, the target MAC information is inconsistent with any secure MAC information corresponding to the target SSID of the MAC information reference record. .
在第四种实现方式中,将同时对目标MAC地址和目标MAC生产商进行验证。在具体实现过程中,可以先判断目标MAC地址是否与目标SSID对应其中一个安全MAC地址一致,再判断目标MAC生产商是否与目标SSID对应的其中一个安全MAC生产商一致,或者先判断目标MAC生产商是否与目标SSID对应的其中一个安全MAC生产商一致,再判断目标MAC地址是否与目标SSID对应其中一个安全MAC地址一致,或者同时进行上述两个独立的判断,本公开不做具体限制。In the fourth implementation, the target MAC address and the target MAC manufacturer will be verified simultaneously. In the specific implementation process, it may first determine whether the target MAC address is consistent with one of the secure MAC addresses corresponding to the target SSID, and then determine whether the target MAC manufacturer is consistent with one of the secure MAC producers corresponding to the target SSID, or first determine the target MAC production. Whether the quotient is consistent with one of the secure MAC producers corresponding to the target SSID, and then determining whether the target MAC address is consistent with one of the secure MAC addresses of the target SSID, or simultaneously performing the above two independent determinations, the disclosure does not specifically limit.
对于第四种实现方式与第一种实现方式和第二种实现方式的相同之处就不再重复赘述了。The details of the fourth implementation being the same as the first implementation and the second implementation are not repeated.
第四种实现方式与第一种实现方式和第二种实现方式的不同之处在于, 当目标MAC地址与目标SSID的其中一个安全MAC地址一致,或者目标MAC生产商与目标SSID的其中一个安全MAC生产商一致时,确定公共WiFi安全。而当目标MAC地址与目标SSID对应的所有安全MAC地址均不一致,并且目标MAC生产商也与目标SSID对应的所有安全MAC生产商也均不一致时,才会确定公共WiFi存在钓鱼风险。由此,提高了公共WiFi钓鱼风险的检测准确率。The fourth implementation differs from the first implementation and the second implementation in that The public WiFi security is determined when the target MAC address is consistent with one of the secure MAC addresses of the target SSID, or the target MAC producer is consistent with one of the secure MAC producers of the target SSID. When all the secure MAC addresses corresponding to the target MAC address and the target SSID are inconsistent, and the target MAC producers are also inconsistent with all the secure MAC producers corresponding to the target SSID, it is determined that the public WiFi has a phishing risk. Thereby, the detection accuracy of the public WiFi fishing risk is improved.
在具体实现过程中,本公开所属领域的普通技术人员可以根据实际选择上述五种实现方式中的任一种,本公开不做具体限制。In the specific implementation process, any one of the above five implementation manners may be selected by a person of ordinary skill in the art according to the actual implementation, and the disclosure is not specifically limited.
下面对服务器如何建立MAC信息基准库进行介绍。The following describes how the server establishes a MAC information reference library.
首先,服务器向接入服务器的多个UE发送上报指令,该上报指令用于通知每个UE对接入的AP进行检测,获取接入AP信息,并且将检测到的AP信息上报给服务器。其中,AP信息至少包括安全属性、SSID和MAC信息,进一步还可以包括AP的坐标等,本公开不做具体限制。进而,服务器通过多个UE的上报,获得大量AP信息。进一步,服务器的管理人员还可以从不同公共WiFi的运营商处获得AP信息。First, the server sends a report command to the multiple UEs of the access server, where the report is used to notify each UE to detect the accessed AP, obtain the access AP information, and report the detected AP information to the server. The AP information includes at least the security attribute, the SSID, and the MAC information, and further includes the coordinates of the AP, etc., and the disclosure does not specifically limit the disclosure. Further, the server obtains a large amount of AP information by reporting the multiple UEs. Further, the server administrator can also obtain AP information from operators of different public WiFi.
然后,服务器基于每个AP信息中的安全属性,筛选出安全属性为OPEN的AP,即从大量WiFi中筛选出公共WiFi。另外,还需要对内容相同的AP信息进行去重处理,使得剩余的AP信息中没有内容相同的AP信息。以及,通过检测和验证,从大量公共WiFi的AP信息中筛选出安全AP的安全AP信息。Then, based on the security attributes in each AP information, the server filters out the AP whose security attribute is OPEN, that is, filters public WiFi from a large number of WiFi. In addition, the AP information with the same content needs to be subjected to deduplication processing, so that there is no AP information with the same content in the remaining AP information. And, by detecting and verifying, the secure AP information of the secure AP is filtered out from the AP information of a large number of public WiFi.
接下来,按照SSID对所有安全AP信息进行聚类,从而获得每个SSID对应的安全MAC地址、安全MAC生产商以及坐标等安全MAC信息。然后,记录每个SSID对应的安全MAC信息,建立MAC信息基准库。Next, all the secure AP information are clustered according to the SSID, thereby obtaining secure MAC information such as a secure MAC address, a secure MAC producer, and coordinates corresponding to each SSID. Then, the secure MAC information corresponding to each SSID is recorded, and a MAC information reference library is established.
进一步,为了存储减少MAC信息基准库所占用的存储资源,进一步获得每个SSID的数量,并且按照每个SSID的数量进行由高到底的排序。然后,在MAC信息基准库中仅记录排序在预设排序前的SSID以及对应的安全MAC信息。换言之,由于在具体实现过程中接入较不常见的公共WiFi的几率较小,所以MAC信息基准库中可以仅记录较为常见,覆盖率较高,且数量较多的公共WiFi的SSID以及对应的MAC安全信息。Further, in order to store the storage resources occupied by the MAC information reference library, the number of each SSID is further obtained, and the ranking from high to low is performed according to the number of each SSID. Then, only the SSID sorted before the preset sorting and the corresponding secure MAC information are recorded in the MAC information reference library. In other words, since the probability of accessing the less common public WiFi is smaller in the specific implementation process, only the SSID of the public WiFi with a relatively high coverage rate and a large number of public WiFi addresses may be recorded in the MAC information reference library and corresponding MAC security information.
更进一步,还可以统计出每个SSID的每个安全MAC生产商的比重,进 而将比重较高的安全MAC生产商记录在MAC安全基准库中,比重较低的安全MAC生产商则不记录。Further, you can also calculate the proportion of each secure MAC producer for each SSID. The safe MAC producers with higher proportions are recorded in the MAC security reference library, and the safe MAC producers with lower proportions are not recorded.
更进一步,服务器在维护MAC信息基准库时,还可以接收UE上报的用户修正信息,进而基于用户修正信息添加、删除或修改安全MAC信息。Further, when the server maintains the MAC information reference library, the server may also receive user correction information reported by the UE, and then add, delete, or modify the security MAC information based on the user correction information.
基于与前述实施例中公共WiFi钓鱼风险的检测方法同样的公开构思,本公开第二方面还提供一种公共WiFi钓鱼风险的检测装置,如图2所示,包括:Based on the same disclosure concept as the method for detecting the public WiFi phishing risk in the foregoing embodiment, the second aspect of the present disclosure further provides a device for detecting a public WiFi phishing risk, as shown in FIG. 2, including:
获得模块101,用于获得用户设备UE对公共无线保真WiFi的无线接入点AP进行检测而获得的信息,获得的信息包括AP的目标服务集标识符SSID和AP的目标媒体访问控制MAC信息;The obtaining module 101 is configured to obtain information obtained by detecting, by the user equipment UE, the wireless access point AP of the public wireless fidelity WiFi, where the obtained information includes the target service set identifier SSID of the AP and the target media access control MAC information of the AP. ;
判断模块102,用于基于预先存储的MAC信息基准库,判断目标MAC信息是否与MAC信息基准库记录的目标SSID对应的一个安全MAC信息一致,目标SSID对应的安全MAC信息为一个或多个;The determining module 102 is configured to determine, according to the pre-stored MAC information reference library, whether the target MAC information is consistent with one secure MAC information corresponding to the target SSID recorded by the MAC information reference database, and the secure MAC information corresponding to the target SSID is one or more;
确定模块103,用于当目标MAC信息与MAC信息基准库记录的目标SSID对应的任何一个安全MAC信息均不一致时,确定公共WiFi存在钓鱼风险。The determining module 103 is configured to determine that the public WiFi has a phishing risk when the target MAC information is inconsistent with any one of the secure MAC information corresponding to the target SSID recorded by the MAC information reference library.
具体来讲,目标MAC信息包括目标MAC地址,安全MAC信息包括安全MAC地址,判断模块102用于判断目标MAC地址是否与MAC信息基准库记录的目标SSID对应的一个安全MAC地址一致;Specifically, the target MAC information includes a target MAC address, and the secure MAC information includes a secure MAC address, and the determining module 102 is configured to determine whether the target MAC address is consistent with a secure MAC address corresponding to the target SSID recorded by the MAC information reference library;
其中,当目标MAC地址与任何一个安全MAC地址均不一致时,表示目标MAC信息与MAC信息基准记录的目标SSID对应的任何一个安全MAC信息均不一致。Wherein, when the target MAC address is inconsistent with any one of the secure MAC addresses, it indicates that the target MAC information is inconsistent with any one of the secure MAC information corresponding to the target SSID of the MAC information reference record.
或者,目标MAC信息包括目标MAC生产商,安全MAC信息包括安全MAC生产商,判断模块102用于判断目标MAC生产商是否与MAC信息基准库记录的目标SSID对应的一个安全MAC生产商一致;Alternatively, the target MAC information includes a target MAC manufacturer, the secure MAC information includes a secure MAC manufacturer, and the determining module 102 is configured to determine whether the target MAC manufacturer is consistent with a secure MAC producer corresponding to the target SSID recorded by the MAC information reference library;
其中,当目标MAC生产商与任何一个安全MAC生产商均不一致时,表示目标MAC信息与MAC信息基准记录的目标SSID对应的任何一个安全MAC信息均不一致。Wherein, when the target MAC manufacturer is inconsistent with any of the secure MAC producers, it indicates that the target MAC information is inconsistent with any one of the secure MAC information corresponding to the target SSID of the MAC information reference record.
进一步,目标MAC信息还包括目标MAC生产商,安全MAC信息还包括安全MAC生产商,当目标MAC地址与任何一个安全MAC地址均不一致 时,判断模块102还用于判断目标MAC生产商是否与MAC信息基准库记录的目标SSID对应的一个安全MAC生产商一致;Further, the target MAC information also includes the target MAC manufacturer, and the secure MAC information also includes the secure MAC manufacturer, when the target MAC address is inconsistent with any of the secure MAC addresses. The determining module 102 is further configured to determine whether the target MAC manufacturer is consistent with a secure MAC manufacturer corresponding to the target SSID recorded by the MAC information reference library;
其中,当目标MAC地址与任何一个安全MAC地址均不一致,并且目标MAC生产商与任何一个安全MAC生产商也均不一致时,表示目标MAC信息与MAC信息基准记录的目标SSID对应的任何一个安全MAC信息均不一致。Wherein, when the target MAC address is inconsistent with any one of the secure MAC addresses, and the target MAC manufacturer is also inconsistent with any of the secure MAC manufacturers, the target MAC information is any one of the secure MAC addresses corresponding to the target SSID of the MAC information reference record. The information is inconsistent.
更进一步,本公开实施例中的装置还包括:Further, the device in the embodiment of the present disclosure further includes:
记录模块,用于当目标MAC地址与任何一个安全MAC地址均不一致,而目标MAC生产商与一个安全MAC生产商一致时,将目标MAC地址记录为目标SSID对应的安全MAC地址。The recording module is configured to record the target MAC address as the secure MAC address corresponding to the target SSID when the target MAC address is inconsistent with any one of the secure MAC addresses, and the target MAC manufacturer is consistent with a secure MAC manufacturer.
前述图1实施例中的公共WiFi钓鱼风险的检测方法的各种变化方式和具体实例同样适用于本实施例的公共WiFi钓鱼风险的检测装置,通过前述对公共WiFi钓鱼风险的检测方法的详细描述,本领域技术人员可以清楚的知道本实施例中公共WiFi钓鱼风险的检测装置的实施方法,所以为了说明书的简洁,在此不再详述。The various changes and specific examples of the method for detecting the public WiFi phishing risk in the foregoing embodiment of FIG. 1 are also applicable to the public WiFi phishing risk detecting apparatus of the present embodiment, and the foregoing detailed description of the method for detecting the public WiFi phishing risk is described. The method for implementing the detection device of the public WiFi phishing risk in this embodiment can be clearly understood by those skilled in the art, so that the details of the description will not be described in detail herein.
本公开第三方面提供了一种计算机程序,图3示出了可以实现根据本公开的公共WiFi钓鱼风险的检测方法的计算设备。该计算设备传统上包括处理器310和以存储设备320形式的计算机程序产品或者计算机可读介质。存储设备320可以是诸如闪存、EEPROM(电可擦除可编程只读存储器)、EPROM、硬盘或者ROM之类的电子存储器。存储设备320具有存储用于执行上述方法中的任何方法步骤的程序代码331的存储空间330。例如,存储程序代码的存储空间330可以包括分别用于实现上面的方法中的各种步骤的各个程序代码331。这些程序代码可以从一个或者多个计算机程序产品中读出或者写入到这一个或者多个计算机程序产品中。这些计算机程序产品包括诸如硬盘、紧致盘(CD)、存储卡或者软盘之类的程序代码载体。这样的计算机程序产品通常为例如图4所示的便携式或者固定存储单元。该存储单元可以具有与图3的计算设备中的存储设备320类似布置的存储段、存储空间等。程序代码可以例如以适当形式进行压缩。通常,存储单元包括用于执行根据本公开的方法步骤的计算机可读代码331',即可以由诸如310之类的处理器读取的代码,当这些代码由计算设备运行时,导致该计算设备执行上 面所描述的方法中的各个步骤。A third aspect of the present disclosure provides a computer program, and FIG. 3 illustrates a computing device that can implement a method of detecting a public WiFi phishing risk in accordance with the present disclosure. The computing device traditionally includes a processor 310 and a computer program product or computer readable medium in the form of a storage device 320. The storage device 320 may be an electronic memory such as a flash memory, an EEPROM (Electrically Erasable Programmable Read Only Memory), an EPROM, a hard disk, or a ROM. Storage device 320 has a storage space 330 that stores program code 331 for performing any of the method steps described above. For example, storage space 330 storing program code may include various program code 331 for implementing various steps in the above methods, respectively. The program code can be read from or written to one or more computer program products. These computer program products include program code carriers such as a hard disk, a compact disk (CD), a memory card, or a floppy disk. Such computer program products are typically portable or fixed storage units such as those shown in FIG. The storage unit may have storage segments, storage spaces, and the like that are similarly arranged to storage device 320 in the computing device of FIG. The program code can be compressed, for example, in an appropriate form. Typically, the storage unit includes computer readable code 331' for performing the method steps in accordance with the present disclosure, ie, code that can be read by a processor, such as 310, which when executed by the computing device causes the computing device Execution The various steps in the method described.
本公开实施例中的上述一个或多个技术方案,至少具有如下一种或多种技术效果:The above one or more technical solutions in the embodiments of the present disclosure have at least one or more of the following technical effects:
在本公开实施例的技术方案中,首先获得用户设备UE对WiFi的无线接入点AP进行检测而获得的信息,获得的信息包括AP的目标服务集标识符SSID和AP的目标媒体访问控制MAC信息,然后基于预先存储的MAC信息基准库,判断目标MAC信息是否与MAC信息基准库记录的目标SSID对应的一个安全MAC信息中一致,目标SSID对应的安全MAC信息包括一个或多个,当目标MAC信息与MAC信息基准库记录的目标SSID对应的任何安全MAC信息均不一致时,确定公共WiFi存在钓鱼风险。所以,在不需要额外硬件部署的情况下,通过对比公共WiFi的目标MAC信息是否与MAC信息基准库中记录的目标SSID对应的安全MAC信息一致,进而对公共WiFi的钓鱼风险进行检测。由此解决了现有技术只能通过额外硬件部署检测钓鱼风险的技术问题,实现了不依赖额外硬件部署而对公共WiFi进行检测的技术效果,进而降低了对公共WiFi安全维护的成本。In the technical solution of the embodiment of the present disclosure, information obtained by the user equipment UE detecting the wireless access point AP of the WiFi is first obtained, and the obtained information includes the target service set identifier SSID of the AP and the target media access control MAC of the AP. And then determining, according to the pre-stored MAC information reference library, whether the target MAC information is consistent with a secure MAC information corresponding to the target SSID recorded by the MAC information reference library, and the secure MAC information corresponding to the target SSID includes one or more, when the target When the MAC information is inconsistent with any secure MAC information corresponding to the target SSID recorded by the MAC information reference library, it is determined that the public WiFi has a phishing risk. Therefore, in the case that no additional hardware deployment is required, the phishing risk of the public WiFi is detected by comparing whether the target MAC information of the public WiFi is consistent with the secure MAC information corresponding to the target SSID recorded in the MAC information reference library. Therefore, the technical problem that the prior art can only detect the phishing risk through additional hardware deployment is solved, and the technical effect of detecting the public WiFi without relying on additional hardware deployment is realized, thereby reducing the cost of public WiFi security maintenance.
在此提供的算法和显示不与任何特定计算机、虚拟系统或者其它设备固有相关。各种通用系统也可以与基于在此的示教一起使用。根据上面的描述,构造这类系统所要求的结构是显而易见的。此外,本公开也不针对任何特定编程语言。应当明白,可以利用各种编程语言实现在此描述的本公开的内容,并且上面对特定语言所做的描述是为了披露本公开的最佳实施方式。The algorithms and displays provided herein are not inherently related to any particular computer, virtual system, or other device. Various general purpose systems can also be used with the teaching based on the teachings herein. The structure required to construct such a system is apparent from the above description. Moreover, the present disclosure is not directed to any particular programming language. It is to be understood that the subject matter of the present disclosure, which is described herein, may be described in a particular language.
在此处所提供的说明书中,说明了大量具体细节。然而,能够理解,本公开的实施例可以在没有这些具体细节的情况下实践。在一些实例中,并未详细示出公知的方法、结构和技术,以便不模糊对本说明书的理解。In the description provided herein, numerous specific details are set forth. However, it is understood that the embodiments of the present disclosure may be practiced without these specific details. In some instances, well-known methods, structures, and techniques are not shown in detail so as not to obscure the understanding of the description.
类似地,应当理解,为了精简本公开并帮助理解各个公开方面中的一个或多个,在上面对本公开的示例性实施例的描述中,本公开的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。然而,并不应将该公开的方法解释成反映如下意图:即所要求保护的本公开要求比在每个权利要求中所明确记载的特征更多的特征。更确切地说,如下面的权利要求书所反映的那样,公开方面在于少于前面公开的单个实施例的所有特征。因此,遵循具体实施方式的权利要求书由此明确地并入该具体实施方式,其中每个权利 要求本身都作为本公开的单独实施例。In the description of the exemplary embodiments of the present disclosure, the various features of the present disclosure are sometimes grouped together into a single embodiment, Figure, or a description of it. However, the method disclosed is not to be interpreted as reflecting the intention that the claimed invention requires more features than those recited in the claims. Rather, as disclosed in the following claims, the disclosed aspects are less than all features of the single embodiments disclosed herein. Therefore, the claims following the specific embodiments are hereby explicitly incorporated into the specific embodiments, The requirements themselves are a separate embodiment of the present disclosure.
本领域那些技术人员可以理解,可以对实施例中的设备中的模块进行自适应性地改变并且把它们设置在与该实施例不同的一个或多个设备中。可以把实施例中的模块或单元或组件组合成一个模块或单元或组件,以及此外可以把它们分成多个子模块或子单元或子组件。除了这样的特征和/或过程或者单元中的至少一些是相互排斥之外,可以采用任何组合对本说明书(包括伴随的权利要求、摘要和附图)中公开的所有特征以及如此公开的任何方法或者设备的所有过程或单元进行组合。除非另外明确陈述,本说明书(包括伴随的权利要求、摘要和附图)中公开的每个特征可以由提供相同、等同或相似目的的替代特征来代替。Those skilled in the art will appreciate that the modules in the devices of the embodiments can be adaptively changed and placed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and further they may be divided into a plurality of sub-modules or sub-units or sub-components. In addition to such features and/or at least some of the processes or units being mutually exclusive, any combination of the features disclosed in the specification, including the accompanying claims, the abstract and the drawings, and any methods so disclosed, or All processes or units of the device are combined. Each feature disclosed in this specification (including the accompanying claims, the abstract and the drawings) may be replaced by alternative features that provide the same, equivalent or similar purpose.
此外,本领域的技术人员能够理解,尽管在此的一些实施例包括其它实施例中所包括的某些特征而不是其它特征,但是不同实施例的特征的组合意味着处于本公开的范围之内并且形成不同的实施例。例如,在下面的权利要求书中,所要求保护的实施例的任意之一都可以以任意的组合方式来使用。In addition, those skilled in the art will appreciate that, although some embodiments herein include certain features that are included in other embodiments and not in other features, combinations of features of different embodiments are intended to be within the scope of the present disclosure. And different embodiments are formed. For example, in the following claims, any one of the claimed embodiments can be used in any combination.
本公开的各个部件实施例可以以硬件实现,或者以在一个或者多个处理器上运行的软件模块实现,或者以它们的组合实现。本领域的技术人员应当理解,可以在实践中使用微处理器或者数字信号处理器(DSP)来实现根据本公开实施例的网关、代理服务器、系统中的一些或者全部部件的一些或者全部功能。本公开还可以实现为用于执行这里所描述的方法的一部分或者全部的设备或者装置程序(例如,计算机程序和计算机程序产品)。这样的实现本公开的程序可以存储在计算机可读介质上,或者可以具有一个或者多个信号的形式。这样的信号可以从因特网网站上下载得到,或者在载体信号上提供,或者以任何其他形式提供。Various component embodiments of the present disclosure may be implemented in hardware, or in a software module running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or digital signal processor (DSP) may be used in practice to implement some or all of the functionality of a gateway, proxy server, some or all of the components in accordance with embodiments of the present disclosure. The present disclosure may also be implemented as a device or device program (eg, a computer program and a computer program product) for performing some or all of the methods described herein. Such a program implementing the present disclosure may be stored on a computer readable medium or may be in the form of one or more signals. Such signals may be downloaded from an Internet website, provided on a carrier signal, or provided in any other form.
应该注意的是上述实施例对本公开进行说明而不是对本公开进行限制,并且本领域技术人员在不脱离所附权利要求的范围的情况下可设计出替换实施例。在权利要求中,不应将位于括号之间的任何参考符号构造成对权利要求的限制。单词“包含”不排除存在未列在权利要求中的元件或步骤。位于元件之前的单词“一”或“一个”不排除存在多个这样的元件。本公开可以借助于包括有若干不同元件的硬件以及借助于适当编程的计算机来实现。在列举了若干装置的单元权利要求中,这些装置中的若干个可以是通过同一个 硬件项来具体体现。单词第一、第二、以及第三等的使用不表示任何顺序。可将这些单词解释为名称。 It should be noted that the above-described embodiments are illustrative of the present disclosure and are not intended to limit the scope of the disclosure, and those skilled in the art can devise alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as a limitation. The word "comprising" does not exclude the presence of the elements or steps that are not recited in the claims. The word "a" or "an" The present disclosure can be implemented by means of hardware comprising several distinct elements and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be the same Hardware items are embodied. The use of the words first, second, and third does not indicate any order. These words can be interpreted as names.

Claims (12)

  1. 一种公共WiFi钓鱼风险的检测方法,其特征在于,包括:A method for detecting a public WiFi phishing risk, comprising:
    获得用户设备UE对公共无线保真WiFi的无线接入点AP进行检测而获得的信息,所述获得的信息包括所述AP的目标服务集标识符SSID和所述AP的目标媒体访问控制MAC信息;Obtaining information obtained by the user equipment UE detecting the wireless access point AP of the public wireless fidelity WiFi, where the obtained information includes a target service set identifier SSID of the AP and target media access control MAC information of the AP ;
    基于预先存储的MAC信息基准库,判断所述目标MAC信息是否与所述MAC信息基准库记录的所述目标SSID对应的一个安全MAC信息一致,所述目标SSID对应的所述安全MAC信息为一个或多个;Determining, according to the pre-stored MAC information reference library, whether the target MAC information is consistent with a secure MAC information corresponding to the target SSID recorded by the MAC information reference library, and the secure MAC information corresponding to the target SSID is one Or multiple;
    当所述目标MAC信息与所述MAC信息基准库记录的所述目标SSID对应的任何一个安全MAC信息均不一致时,确定所述公共WiFi存在钓鱼风险。When the target MAC information is inconsistent with any one of the secure MAC information corresponding to the target SSID recorded by the MAC information reference library, it is determined that the public WiFi has a phishing risk.
  2. 如权利要求1所述的方法,其特征在于,所述目标MAC信息包括目标MAC地址,所述安全MAC信息包括安全MAC地址,判断所述目标MAC信息是否与所述MAC信息基准库记录的所述目标SSID对应的一个安全MAC信息一致,包括:The method according to claim 1, wherein said target MAC information comprises a target MAC address, said secure MAC information comprises a secure MAC address, and said determining whether said target MAC information is recorded with said MAC information reference library A secure MAC information corresponding to the target SSID is consistent, including:
    判断所述目标MAC地址是否与所述MAC信息基准库记录的所述目标SSID对应的一个所述安全MAC地址一致;Determining whether the target MAC address is consistent with one of the secure MAC addresses corresponding to the target SSID recorded by the MAC information reference library;
    其中,当所述目标MAC地址与任何一个所述安全MAC地址均不一致时,表示所述目标MAC信息与所述MAC信息基准记录的所述目标SSID对应的任何一个安全MAC信息均不一致。Wherein, when the target MAC address is inconsistent with any one of the secure MAC addresses, it indicates that the target MAC information is inconsistent with any one of the secure MAC information corresponding to the target SSID of the MAC information reference record.
  3. 如权利要求1所述的方法,其特征在于,所述目标MAC信息包括目标MAC生产商,所述安全MAC信息包括安全MAC生产商,判断所述目标MAC信息是否与所述MAC信息基准库记录的所述目标SSID对应的一个安全MAC信息一致,包括:The method of claim 1, wherein the target MAC information comprises a target MAC manufacturer, the secure MAC information comprises a secure MAC producer, and determining whether the target MAC information is recorded with the MAC information reference library The same secure SS information corresponding to the target SSID is consistent, including:
    判断所述目标MAC生产商是否与所述MAC信息基准库记录的所述目标SSID对应的一个所述安全MAC生产商一致;Determining whether the target MAC manufacturer is consistent with one of the secure MAC producers corresponding to the target SSID recorded by the MAC information reference library;
    其中,当所述目标MAC生产商与任何一个所述安全MAC生产商均不一致时,表示所述目标MAC信息与所述MAC信息基准记录的所述目标SSID对应的任何一个安全MAC信息均不一致。 Wherein, when the target MAC manufacturer is inconsistent with any one of the secure MAC producers, it indicates that the target MAC information is inconsistent with any one of the secure MAC information corresponding to the target SSID of the MAC information reference record.
  4. 如权利要求2所述的方法,其特征在于,所述目标MAC信息还包括目标MAC生产商,所述安全MAC信息还包括安全MAC生产商,当所述目标MAC地址与任何一个所述安全MAC地址均不一致时,判断所述目标MAC信息是否与所述MAC信息基准库记录的所述目标SSID对应的一个安全MAC信息一致,还包括:The method of claim 2, wherein the target MAC information further comprises a target MAC producer, the secure MAC information further comprising a secure MAC producer, when the target MAC address is associated with any one of the secure MACs When the addresses are inconsistent, it is determined whether the target MAC information is consistent with a secure MAC information corresponding to the target SSID recorded by the MAC information reference database, and further includes:
    判断所述目标MAC生产商是否与所述MAC信息基准库记录的所述目标SSID对应的一个所述安全MAC生产商一致;Determining whether the target MAC manufacturer is consistent with one of the secure MAC producers corresponding to the target SSID recorded by the MAC information reference library;
    其中,当所述目标MAC地址与任何一个所述安全MAC地址均不一致,并且所述目标MAC生产商与任何一个所述安全MAC生产商也均不一致时,表示所述目标MAC信息与所述MAC信息基准记录的所述目标SSID对应的任何一个安全MAC信息均不一致。Wherein, when the target MAC address is inconsistent with any one of the secure MAC addresses, and the target MAC manufacturer is also inconsistent with any one of the secure MAC manufacturers, the target MAC information and the MAC are indicated. Any one of the secure MAC information corresponding to the target SSID of the information reference record is inconsistent.
  5. 如权利要求4所述的方法,其特征在于,所述方法还包括:The method of claim 4, wherein the method further comprises:
    当所述目标MAC地址与任何一个所述安全MAC地址均不一致,而所述目标MAC生产商与一个所述安全MAC生产商一致时,将所述目标MAC地址记录为所述目标SSID对应的所述安全MAC地址。When the target MAC address is inconsistent with any one of the secure MAC addresses, and the target MAC manufacturer is consistent with one of the secure MAC producers, the target MAC address is recorded as the location corresponding to the target SSID. The secure MAC address.
  6. 一种公共WiFi钓鱼风险的检测装置,其特征在于,包括:A device for detecting a public WiFi phishing risk, comprising:
    获得模块,用于获得用户设备UE对公共无线保真WiFi的无线接入点AP进行检测而获得的信息,所述获得的信息包括所述AP的目标服务集标识符SSID和所述AP的目标媒体访问控制MAC信息;And an obtaining module, configured to obtain information obtained by the user equipment UE detecting the wireless access point AP of the public wireless fidelity WiFi, where the obtained information includes a target service set identifier SSID of the AP and a target of the AP Media access control MAC information;
    判断模块,用于基于预先存储的MAC信息基准库,判断所述目标MAC信息是否与所述MAC信息基准库记录的所述目标SSID对应的一个安全MAC信息一致,所述目标SSID对应的所述安全MAC信息为一个或多个;a determining module, configured to determine, according to the pre-stored MAC information reference library, whether the target MAC information is consistent with a secure MAC information corresponding to the target SSID recorded by the MAC information reference library, where the target SSID is The security MAC information is one or more;
    确定模块,用于当所述目标MAC信息与所述MAC信息基准库记录的所述目标SSID对应的任何一个安全MAC信息均不一致时,确定所述公共WiFi存在钓鱼风险。And a determining module, configured to determine that the public WiFi has a phishing risk when the target MAC information is inconsistent with any one of the secure MAC information corresponding to the target SSID recorded by the MAC information reference library.
  7. 如权利要求6所述的装置,其特征在于,所述目标MAC信息包括目标MAC地址,所述安全MAC信息包括安全MAC地址,所述判断模块用于判断所述目标MAC地址是否与所述MAC信息基准库记录的所述目标SSID对应的一个所述安全MAC地址一致;The apparatus according to claim 6, wherein the target MAC information includes a target MAC address, the secure MAC information includes a secure MAC address, and the determining module is configured to determine whether the target MAC address is related to the MAC address. One of the secure MAC addresses corresponding to the target SSID recorded by the information base library is consistent;
    其中,当所述目标MAC地址与任何一个所述安全MAC地址均不一致 时,表示所述目标MAC信息与所述MAC信息基准记录的所述目标SSID对应的任何一个安全MAC信息均不一致。Wherein the target MAC address is inconsistent with any one of the secure MAC addresses At the time, it is indicated that the target MAC information is inconsistent with any one of the secure MAC information corresponding to the target SSID of the MAC information reference record.
  8. 如权利要求6所述的装置,其特征在于,所述目标MAC信息包括目标MAC生产商,所述安全MAC信息包括安全MAC生产商,所述判断模块用于判断所述目标MAC生产商是否与所述MAC信息基准库记录的所述目标SSID对应的一个所述安全MAC生产商一致;The apparatus according to claim 6, wherein said target MAC information comprises a target MAC manufacturer, said secure MAC information comprises a secure MAC manufacturer, and said determining module is configured to determine whether said target MAC producer is One of the secure MAC producers corresponding to the target SSID recorded by the MAC information reference library is consistent;
    其中,当所述目标MAC生产商与任何一个所述安全MAC生产商均不一致时,表示所述目标MAC信息与所述MAC信息基准记录的所述目标SSID对应的任何一个安全MAC信息均不一致。Wherein, when the target MAC manufacturer is inconsistent with any one of the secure MAC producers, it indicates that the target MAC information is inconsistent with any one of the secure MAC information corresponding to the target SSID of the MAC information reference record.
  9. 如权利要求7所述的装置,其特征在于,所述目标MAC信息还包括目标MAC生产商,所述安全MAC信息还包括安全MAC生产商,当所述目标MAC地址与任何一个所述安全MAC地址均不一致时,所述判断模块还用于判断所述目标MAC生产商是否与所述MAC信息基准库记录的所述目标SSID对应的一个所述安全MAC生产商一致;The apparatus according to claim 7, wherein said target MAC information further comprises a target MAC producer, said secure MAC information further comprising a secure MAC producer, said target MAC address and any one of said secure MACs When the addresses are inconsistent, the determining module is further configured to determine whether the target MAC manufacturer is consistent with one of the secure MAC producers corresponding to the target SSID recorded by the MAC information reference library;
    其中,当所述目标MAC地址与任何一个所述安全MAC地址均不一致,并且所述目标MAC生产商与任何一个所述安全MAC生产商也均不一致时,表示所述目标MAC信息与所述MAC信息基准记录的所述目标SSID对应的任何一个安全MAC信息均不一致。Wherein, when the target MAC address is inconsistent with any one of the secure MAC addresses, and the target MAC manufacturer is also inconsistent with any one of the secure MAC manufacturers, the target MAC information and the MAC are indicated. Any one of the secure MAC information corresponding to the target SSID of the information reference record is inconsistent.
  10. 如权利要求9所述的装置,其特征在于,所述装置还包括:The device of claim 9 wherein said device further comprises:
    记录模块,用于当所述目标MAC地址与任何一个所述安全MAC地址均不一致,而所述目标MAC生产商与一个所述安全MAC生产商一致时,将所述目标MAC地址记录为所述目标SSID对应的所述安全MAC地址。a recording module, configured to record the target MAC address as the target MAC address when the target MAC address is inconsistent with any one of the secure MAC addresses, and the target MAC manufacturer is consistent with one of the secure MAC manufacturers The secure MAC address corresponding to the target SSID.
  11. 一种计算机程序,包括计算机可读代码,当所述计算机可读代码在计算设备上运行时,导致所述计算设备执行根据权利要求1-5中的任一项所述的公共WiFi钓鱼风险的检测方法。A computer program comprising computer readable code causing the computing device to perform a public WiFi phishing risk according to any one of claims 1-5 when the computer readable code is run on a computing device Detection method.
  12. 一种计算机可读介质,其中存储了如权利要求11所述的计算机程序。 A computer readable medium storing the computer program of claim 11.
PCT/CN2017/117690 2016-12-21 2017-12-21 Method and device for determining risk of phishing attack in public wifi network WO2018113728A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201611191620.3 2016-12-21
CN201611191620.3A CN106454847A (en) 2016-12-21 2016-12-21 Method and device for detecting phishing risk of public WiFi

Publications (1)

Publication Number Publication Date
WO2018113728A1 true WO2018113728A1 (en) 2018-06-28

Family

ID=58215334

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/117690 WO2018113728A1 (en) 2016-12-21 2017-12-21 Method and device for determining risk of phishing attack in public wifi network

Country Status (2)

Country Link
CN (1) CN106454847A (en)
WO (1) WO2018113728A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111314911A (en) * 2020-02-26 2020-06-19 广东星辰信通科技有限公司 WiFi terminal sniffing prevention method
CN112512050A (en) * 2020-11-06 2021-03-16 北京小米移动软件有限公司 Method and device for preventing terminal from attacking and storage medium

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106454847A (en) * 2016-12-21 2017-02-22 北京奇虎科技有限公司 Method and device for detecting phishing risk of public WiFi
CN109729525A (en) * 2017-10-31 2019-05-07 中国电信股份有限公司 Fishing WIFI recognition methods, device, terminal device and computer readable storage medium
CN109391944B (en) * 2018-10-31 2022-05-20 北京小米移动软件有限公司 Wireless network remarking method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101277229A (en) * 2008-05-26 2008-10-01 杭州华三通信技术有限公司 Method for detecting illegality equipment and wireless client terminal
CN103780430A (en) * 2014-01-20 2014-05-07 华为技术有限公司 Method and device for monitoring network equipment
US20150172289A1 (en) * 2013-12-18 2015-06-18 Electronics And Telecommunications Research Institute Apparatus and method for identifying rogue device
CN106454847A (en) * 2016-12-21 2017-02-22 北京奇虎科技有限公司 Method and device for detecting phishing risk of public WiFi
CN106792704A (en) * 2015-11-24 2017-05-31 中国移动通信集团公司 A kind of method and device for detecting fishing access point

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102843682B (en) * 2012-08-20 2015-03-18 中国联合网络通信集团有限公司 Access point authorizing method, device and system
CN104580152A (en) * 2014-12-03 2015-04-29 中国科学院信息工程研究所 Protection method and system against wifi (wireless fidelity) phishing

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101277229A (en) * 2008-05-26 2008-10-01 杭州华三通信技术有限公司 Method for detecting illegality equipment and wireless client terminal
US20150172289A1 (en) * 2013-12-18 2015-06-18 Electronics And Telecommunications Research Institute Apparatus and method for identifying rogue device
CN103780430A (en) * 2014-01-20 2014-05-07 华为技术有限公司 Method and device for monitoring network equipment
CN106792704A (en) * 2015-11-24 2017-05-31 中国移动通信集团公司 A kind of method and device for detecting fishing access point
CN106454847A (en) * 2016-12-21 2017-02-22 北京奇虎科技有限公司 Method and device for detecting phishing risk of public WiFi

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111314911A (en) * 2020-02-26 2020-06-19 广东星辰信通科技有限公司 WiFi terminal sniffing prevention method
CN112512050A (en) * 2020-11-06 2021-03-16 北京小米移动软件有限公司 Method and device for preventing terminal from attacking and storage medium

Also Published As

Publication number Publication date
CN106454847A (en) 2017-02-22

Similar Documents

Publication Publication Date Title
WO2018113728A1 (en) Method and device for determining risk of phishing attack in public wifi network
US11240132B2 (en) Device classification
WO2018113730A1 (en) Method and apparatus for detecting network security
US10140453B1 (en) Vulnerability management using taxonomy-based normalization
WO2015051720A1 (en) Method and device for detecting suspicious dns, and method and system for processing suspicious dns
US20180131624A1 (en) Managing Network Traffic
US9668126B2 (en) Preventing location tracking via smartphone MAC address
US20150172303A1 (en) Malware Detection and Identification
US20210120012A1 (en) Detecting malicious beaconing communities using lockstep detection and co-occurrence graph
WO2014082484A1 (en) User login monitoring device and method
US9690598B2 (en) Remotely establishing device platform integrity
CN112602304A (en) Identifying device types based on behavioral attributes
CN111581643B (en) Penetration attack evaluation method and device, electronic device and readable storage medium
WO2019237362A1 (en) Privacy-preserving content classification
US11522916B2 (en) System and method for clustering networked electronic devices to counter cyberattacks
WO2017101874A1 (en) Detection method for apt attack, terminal device, server and system
WO2016029441A1 (en) File scanning method and apparatus
WO2016095687A1 (en) Virtualisation security detection method and system
CN113497807A (en) Method and device for detecting user login risk and computer readable storage medium
WO2018113726A1 (en) Ap risk detection method and apparatus
CN113301155A (en) Data routing method, device, equipment and storage medium
US10242318B2 (en) System and method for hierarchical and chained internet security analysis
CN112016934B (en) Method, apparatus and computer readable storage medium for detecting abnormal data
CN112688899A (en) In-cloud security threat detection method and device, computing equipment and storage medium
CN113765850A (en) Internet of things anomaly detection method and device, computing equipment and computer storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17884730

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17884730

Country of ref document: EP

Kind code of ref document: A1