CN103179095A - Method and client device for detecting phishing websites - Google Patents
Method and client device for detecting phishing websites Download PDFInfo
- Publication number
- CN103179095A CN103179095A CN2011104362614A CN201110436261A CN103179095A CN 103179095 A CN103179095 A CN 103179095A CN 2011104362614 A CN2011104362614 A CN 2011104362614A CN 201110436261 A CN201110436261 A CN 201110436261A CN 103179095 A CN103179095 A CN 103179095A
- Authority
- CN
- China
- Prior art keywords
- website
- key area
- targeted website
- file structure
- feature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Information Transfer Between Computers (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention provides a method and a client device for detecting phishing websites and aims at solving the problem that existing detecting methods cannot detect newly-emerging phishing websites due to the delay. The method for detecting the phishing websites comprises obtaining the URL (uniform resource locator) of a target website and obtaining the page information of the target website according to the URL; extracting key area characteristics from the page information of the target website and subjecting the key area characteristics to the interface image similarity matching with key area characteristics in a real key area characteristic library; and if the matching degree of the interface image similarity matches with a second preset condition, determining the target website to be a phishing website, if not, determining the target website to be a normal website. The method for detecting the phishing websites completely utilizes local characteristics as the detection marks without image cutting or distance matching, thereby being applicable to the blurring mapping of images and effectively identifying the phishing websites even though the images of the phishing websites are deformed or warped.
Description
Technical field
The application relates to network security technology, particularly relates to a kind of method and client terminal device that detects fishing website.
Background technology
Fishing website is a kind of network fraud behavior, refer to that the lawless person utilizes various means, URL address and the content of pages of counterfeit true website, perhaps utilize the leak on true Website server program to insert dangerous HTML code in some webpage of website, gain the malicious websites of user bank or the private data such as credit card account, password or sensitive information by cheating with this.
Fishing website propagated very strong, and also very large to user's harm, so prior art has proposed the method for multiple detection fishing website.Wherein, the detection method that generally adopts is: blacklist is set, in client browser access services end, checks that at first website that client browser will access is whether in described blacklist, if so, directly judge that the website that will access is fishing website; If not, be judged to be normal website, can access.
Above-mentioned detection method can absolutely detect the fishing website in piping off, but there is certain property delayed in the collection of blacklist, for emerging fishing website, can not in time be indexed in blacklist, therefore existing this method can't detect.
Summary of the invention
The application provides a kind of method and client terminal device that detects fishing website, has to solve present detection method the property delayed, and can't detect the problem of emerging fishing website.
In order to address the above problem, the application discloses a kind of method that detects fishing website, comprising:
Obtain the network address of targeted website, and obtain the page info of targeted website according to described network address;
Extract the key area feature from the page info of targeted website, and carry out the coupling of interface image similarity with the key area feature in true key area feature database;
If it is second pre-conditioned that the matching degree of interface image similarity meets, determine that the targeted website is fishing website, otherwise determine that the targeted website is normal website.
Wherein, it is second pre-conditioned that the matching degree of described interface image similarity meets, and comprising: the matching degree of interface image similarity surpasses the second preset value, meets second pre-conditioned.
Preferably, the described key area feature that extracts from the page info of targeted website comprises: determine one or more key areas on the page-images of described targeted website; Extract in each key area and consisted of the n stack features point of a group by two characteristic points; Two characteristic points in above-mentioned every stack features point are drawn a straight line, and extract m characteristic point on described straight line, each key area is expressed as the characteristic point array of a n * m thus, and wherein n and m are natural number; Each key area characteristic of correspondence lattice array is combined with random array according to the acquiring size of page-images, obtain describing the key area feature of the described targeted website page.
Preferably, extract according to particular point in each key area and be made of the n stack features point of a group two characteristic points, wherein said particular point comprises angle point, marginal point, bright spot and dim spot.
Preferably, described combining comprises: with each key area characteristic of correspondence lattice array and random array addition according to the acquiring size of page-images.
Preferably, before the coupling of described interface image similarity, also comprise: extract the file structure feature from the page info of targeted website, and carry out the coupling of file structure similarity with the file structure feature in true file characteristics storehouse; If it is first pre-conditioned that the matching degree of file structure similarity meets, determine that the targeted website is fishing website, if do not meet pre-conditionedly, carry out the coupling of interface image similarity.
Preferably, it is first pre-conditioned that the matching degree of described file structure similarity meets, and comprising: the matching degree of file structure similarity surpasses the first preset value, meets first pre-conditioned.
Preferably, the coupling of described file structure similarity comprises: the file structure feature of the targeted website page and the file structure feature in true file characteristics storehouse are compared, and the file structure feature on coupling is added corresponding weights; The weights of all file structure features of the targeted website page are cumulative, obtain total score value; With the matching degree of described total score value as the file structure similarity.
Preferably, after the described network address of obtaining the targeted website, also comprise: detect described targeted website whether in default white list, when described targeted website is not in described white list, obtain the page info of targeted website according to described network address; Otherwise, determine that the targeted website is normal website.
Preferably, described method also comprises: set up true file characteristics storehouse and true key area feature database according to described white list.
The application also provides a kind of client terminal device that detects fishing website, comprising:
The webpage acquisition module is used for obtaining the network address of targeted website, and obtains the page info of targeted website according to described network address;
The key area characteristic extracting module is used for extracting the key area feature from the page info of targeted website;
The key area characteristic matching module is used for the key area feature of the targeted website page and the key area feature of true key area feature database are carried out the coupling of interface image similarity; If it is second pre-conditioned that the matching degree of interface image similarity meets, determine that the targeted website is fishing website, otherwise determine that the targeted website is normal website.
Preferably, described key area characteristic extracting module comprises:
Key area is determined submodule, is used for determining one or more key areas on the page-images of described targeted website;
The feature point extraction submodule is used for extracting at each key area being made of the n stack features point of a group two characteristic points; Two characteristic points in above-mentioned every stack features point are drawn a straight line, and extract m characteristic point on described straight line, each key area is expressed as the characteristic point array of a n * m thus, and wherein n and m are natural number;
The key area feature is determined submodule, is used for each key area characteristic of correspondence lattice array is combined with random array according to the acquiring size of page-images, obtains describing the key area feature of the described targeted website page.
Preferably, described device also comprises:
The file structure characteristic extracting module is used for extracting the file structure feature from the page info of targeted website;
The file structure characteristic matching module is used for the file structure feature of the targeted website page and the file structure feature in true file characteristics storehouse are carried out the coupling of file structure similarity; If it is first pre-conditioned that the matching degree of file structure similarity meets, determine that the targeted website is fishing website, if do not meet pre-conditionedly, trigger the key area characteristic extracting module.
Preferably, described file structure characteristic matching module comprises:
Matched sub-block is used for the file structure feature of the targeted website page and the file structure feature in true file characteristics storehouse are compared, and the file structure feature on coupling is added corresponding weights;
The weights calculating sub module is used for the weights of all file structure features of the targeted website page cumulatively, obtains total score value; With the matching degree of described total score value as the file structure similarity.
Preferably, described device also comprises:
Whether white list screening module, when described targeted website is not in described white list, triggers described webpage acquisition module and obtains the page info of targeted website according to described network address in default white list for detection of described targeted website; Otherwise, determine that the targeted website is normal website.
Preferably, described device also comprises:
Feature database is set up module, is used for setting up true file characteristics storehouse and true key area feature database according to described white list.
Compared with prior art, the application comprises following advantage:
At first, when the application calculates in the coupling of carrying out the interface image similarity, main key area with Website page, position such as logging zone, payment zone, local buckling features etc. are as Matching Elements, and this image-recognizing method need not to carry out image cutting and distance coupling fully with the sign that is characterized as of part, so the application supports the blurring mapping of image, even distortion appears in the image of fishing website and distortion still can effectively be identified.
Secondly, the application carries out similarity from the file structure of website and two aspects, UI interface and calculates, and first targeted website and true file characteristics storehouse is carried out the coupling of file structure similarity, and is first pre-conditioned if matching degree meets, and is defined as fishing website; Otherwise, continue targeted website and true key area feature database are carried out the coupling of interface image similarity, second pre-conditioned if matching degree meets, be defined as fishing website, otherwise be defined as normal website.Through the common judgement of above-mentioned two parts, even the targeted website is emerging fishing website, as long as the feature of the true website that imitate the targeted website all is embodied in true file characteristics storehouse or true key area feature database, just can in time detect.Therefore, the application can in time detect fishing website, and Intercept Interview prompting user.
Again, the application can also first detect the targeted website whether in default white list, when described targeted website is not in described white list, then carries out similarity from file structure and two aspects, UI interface and calculates.Can filter out in advance a large amount of normal websites like this, and only detect targetedly for the relatively less fishing website of quantity, thereby improve detection efficiency.
Certainly, arbitrary product of enforcement the application not necessarily needs to reach simultaneously above-described all advantages.
Description of drawings
Fig. 1 is the described a kind of method flow diagram that detects fishing website of the embodiment of the present application;
Fig. 2 extracts the flow chart of key area feature in the embodiment of the present application;
Fig. 3 is the described a kind of method flow diagram that detects fishing website of another embodiment of the application;
Fig. 4 is the described a kind of client terminal device structure chart that detects fishing website of the embodiment of the present application;
Fig. 5 is the described a kind of client terminal device structure chart that detects fishing website of another embodiment of the application.
Embodiment
For above-mentioned purpose, the feature and advantage that make the application can become apparent more, below in conjunction with the drawings and specific embodiments, the application is described in further detail.
Fishing website has very strong mimetism, and UI imitates official website in the interface substantially, and the application carries out similarity calculating from this angle from file structure and two aspects, UI interface of Website page, in time finds fishing website, and tackles this type of indicating risk user.
Below by embodiment, the application's specific implementation is elaborated.
With reference to Fig. 1, it is the described a kind of method flow diagram that detects fishing website of the embodiment of the present application.
Step 101 is obtained the network address of targeted website, and obtains the page info of targeted website according to described network address;
Described targeted website is namely the suspected site that needs detection.Usually, can get the network address (figure URL) of targeted website from the access request of the targeted website that client browser sends, can get info web from server end according to this network address, described info web is the data that comprise web page contents.
Step 102 extracts the file structure feature from the page info of targeted website, and carries out the coupling of file structure similarity with the file structure feature in true file characteristics storehouse;
If it is first pre-conditioned that the matching degree of file structure similarity meets, determine that the targeted website is fishing website, if do not meet pre-conditionedly, continue following steps 103;
The file structure characteristic extraction procedure of targeted website specifically can comprise following two sub-steps:
Substep 1 resolves to DOM (Document Object Model, DOM Document Object Model) tree structure with the page info of targeted website;
The present embodiment can adopt any file structure analytic method of the prior art.
Substep 2 extracts the file structure feature from described dom tree structure.
When a webpage represents with the dom tree structure, the DOM structure can be further described the set into the file structure feature.For example:
The DOM structure is
<a
Href=" http://ju.atpanel.com/? url=http: //list.taobao.com/browse/cat-0.htm? ad_id=﹠amp; Am_id=﹠amp; Cm_id=﹠amp; Pm_id=15006048193468e03af6 " target=" _ top " rel=" nofollow "〉commodity classification</a 〉
Can be described as feature A:http: //ju.atpanel.com;
Feature B: commodity classification.
For the dom tree structure of the targeted website page, therefrom Extraction parts file structure feature is carried out the part coupling, also can extract whole file structure features and carry out global registration, and the present embodiment does not limit.
In addition, described true file characteristics storehouse is to set up according to the true webpage of official website, and these true webpages are all the webpages of protected website.When setting up true file characteristics storehouse, at first also need all shielded true webpages are carried out the file structure feature extraction, its leaching process with extract the file structure feature class seemingly from the page info of targeted website; Then, the file structure feature that extracts is arranged weights, in order to calculate matching degree.
The coupling of described file structure similarity specifically can comprise following substep:
Substep 1 is compared the file structure feature of the targeted website page and the file structure feature in true file characteristics storehouse, and the file structure feature on coupling is added corresponding weights;
Substep 2, the weights of all file structure features of the targeted website page are cumulative, obtain total score value;
Substep 3 is with the matching degree of described total score value as the file structure similarity.
For instance:
At first, depict the web page template of official as feature with the mode of dom tree.
Such as the DOM structure is
<a
Href=" http://ju.atpanel.com/? url=http: //list.taobao.com/browse/cat-0.htm? ad_id=﹠amp; Am_id=﹠amp; Cm_id=﹠amp; Pm_id=15006048193468e03af6 " target=" _ top " rel=" nofollow "〉commodity classification</a 〉
Can be described as feature A:http: //ju.atpanel.com
Feature B: commodity classification
Then, these two features according to the weight in webpage (being defined by the business personnel), are marked.Wherein,
Feature A is: 10 minutes
Feature B is: 5 minutes
The true file characteristics storehouse of setting up according to the method described above is the file structure feature of all protected webpages and the set of corresponding weights thereof in the storehouse.When mating, according to the DOM node of targeted website, the file structure feature of all webpages in the file structure feature of targeted website and storehouse is mated, rather than mate for the file structure feature of certain webpage.If on the feature A coupling in certain file structure feature of targeted website and true file characteristics storehouse, score adds 10 minutes; If another file structure feature of this targeted website is also mated with feature B in true file characteristics storehouse, score adds 5 minutes again.
According to this process, the file structure feature that extracts when the targeted website obtains a total score value after all completing with true file characteristics storehouse coupling.Total this score value is higher, show that similarity both is larger, the targeted website is that the possibility of fishing website is just larger, because the targeted website as the suspected site, is to imitate true website, if similarity is larger, showing that the imitation degree is higher, be exactly a fishing website.If similarity is lower, show that the true website that needs protection in targeted website and true file characteristics storehouse is more not alike, illustrate that this targeted website might not imitate true website.
Based on this, concrete, it is first pre-conditioned that the matching degree of described file structure similarity meets, can for: the matching degree of file structure similarity surpasses the first preset value, meets first pre-conditioned; If surpass described the first preset value, do not meet first pre-conditioned.
For meet above-mentioned first pre-conditioned be the higher targeted website of similarity, can be judged to be fishing website.Further, can also judge that the similarity of which the true website in described fishing website and true file characteristics storehouse is the highest, thereby determine the object that this fishing website imitates.
But, for do not meet above-mentioned first pre-conditioned be the lower targeted website of similarity, this moment can't determine it is normal website fully, also need integrating step 103 to judge further.In actual applications, can not be 0 even the matching degree score value that process step 102 obtains is very low, so generally all can enter the processing of step 103 yet.But at some in particular cases, do not get rid of the matching degree score value yet and be 0 situation, this moment the targeted website fully with true file characteristics storehouse in the website do not exist any similarly, can judge that in this case the targeted website is normal website, need not to enter the processing of step 103 again.
Step 103 extracts the key area feature from the page info of targeted website, and carries out the coupling of interface image similarity with the key area feature in true key area feature database;
If it is second pre-conditioned that the matching degree of interface image similarity meets, determine that the targeted website is fishing website, otherwise determine that the targeted website is normal website.
The coupling of described interface image similarity is based on the coupling of image recognition, main key area with Website page, position such as logging zone, payment zone, local buckling features etc. are as Matching Elements, this image-recognizing method is fully with the sign that is characterized as of part, need not to carry out image cutting and distance coupling, thus the blurring mapping of picture supported, even distortion appears in the image of fishing website and distortion still can effectively be identified.
Describe how to extract the key area feature in detail from the page info of website below by Fig. 2.
With reference to Fig. 2, it is to extract the flow chart of key area feature in the embodiment of the present application.With the example that is extracted as of targeted website, step is as follows:
Step 201 is determined one or more key areas on the page-images of described targeted website;
At first, the picture point with the page of targeted website defines out; Then, choose key area from the page.As previously mentioned, key area refers to the positions such as LOGO, copyright statement zone of logging zone, payment zone, website.Key area can be chosen one, also can choose a plurality of.
Step 202 extracts in each key area and is made of the n stack features point of a group two characteristic points;
After key area is extracted separately, each key area is extracted according to particular point be made of the n stack features point of a group two characteristic points, wherein said particular point comprises angle point, marginal point, bright spot and dim spot etc.For example, each key area is extracted 128 stack features points according to angle point, marginal point, bright spot, dim spot etc., every group comprises two characteristic points.
Step 203 draws a straight line two characteristic points in above-mentioned every stack features point, and extracts m characteristic point on described straight line, and each key area is expressed as the characteristic point array of a n * m thus, and wherein n and m are natural number;
Concrete, n and m can be identical, also can be different.For example, the equal value 128 of n and m for every stack features point, after in organizing, two characteristic points are linked to be straight line, extracts 128 characteristic points on this straight line.Like this, 128 stack features points just consist of the characteristic point array of 128 * 128.
Step 204 combines each key area characteristic of correspondence lattice array with random array according to the acquiring size of page-images, obtain describing the key area feature of the described targeted website page.
Described random array is according to the image size and random the generation, random array when being combined, the characteristic point array can be had multiple combination, for example: can be with each key area characteristic of correspondence lattice array and random array addition according to the acquiring size of page-images, perhaps subtract each other other computings such as perhaps multiply each other.By this combination, the key feature in piece image just can be described out with treated characteristic point.
The targeted website can extract by the flow process of Fig. 2 the key area feature, and is same, and the key area feature in true key area feature database also can extract by the flow process of Fig. 2, and the object that just extracts is the interface image of the true webpage of official website.
When carrying out fishing website identification, the sectional drawing of targeted website can be carried out the key area feature extraction according to above method, then extracting in advance good key area feature in the key area feature that the targeted website is extracted and true key area feature database mates, if the characteristic point that meets is more, represent that the website similarity is larger, be judged as fishing website when similarity surpasses threshold values.
Therefore, the matching degree of described interface image similarity meets the second pre-conditioned being specifically as follows: the matching degree of interface image similarity surpasses the second preset value, meets second pre-conditioned; If surpass described the second preset value, do not meet second pre-conditioned.
Need to prove that this key area feature matching method based on image recognition does not relate to traditional image cutting and distance coupling, so support the blurring mapping of image.And, concept according to projective geometry, the characteristics of image that obtains according to angle point, bright spot, edge, dim spot etc., can be because of the dwindling of image, distortion or distortion and larger variation occurs, therefore fishing website in the situation that do not change image basic display effect, still can effectively identify.
In sum, this file structure and UI interface image two aspects from the website are carried out similarity and are calculated, and the method for carrying out fishing website identification according to similarity result of calculation, can in time detect fishing website, even the targeted website is emerging fishing website, as long as the feature of the true website that imitate this targeted website all is embodied in true file characteristics storehouse or true key area feature database, just can in time detect.
Need to prove, embodiment illustrated in fig. 1 is the application's a preferred embodiment, and the application exists by the detection method that following examples also can solve prior art the property delayed, and can't detect the problem of emerging fishing website.This embodiment can only comprise the step 101 and 103 of Fig. 1, namely directly carry out the coupling of interface image similarity, also can in time detect fishing website, even the targeted website is emerging fishing website, as long as the feature of the true website that imitate this targeted website all is embodied in true file characteristics storehouse or true key area feature database, just can in time detect.Certainly, if according to the detection method that file structure and UI interface image are combined embodiment illustrated in fig. 1, hesitating has increased the coupling of file structure similarity, detects better effect so can reach.
Based on foregoing, more understand the application's realization in order to make those skilled in the art, describe below by another preferred embodiment.
In this embodiment, at first set up true file characteristics storehouse and true key area feature database according to default white list.Listed shielded website in described white list, if fishing website imitates the true website in white list, even this fishing website is emerging, in not being put on the blacklist, also can be detected.
With reference to Fig. 3, it is the described a kind of method flow diagram that detects fishing website of another embodiment of the application.
Step 301 is obtained browser event;
The operation of the described method monitoring of the present embodiment browser, and obtain browser event.
Step 302 is taken over browser event;
The described method of the present embodiment is taken over the browser event that gets and is come, and carries out the detection identification of fishing website.
By analyzing browser event, can detect whether webpage redirect event is arranged in current browser event.The webpage redirect refers to jump to from a webpage operation of another webpage, and for example the user opens certain webpage, and a plurality of links are arranged on this webpage, and the user just produces webpage redirect event after clicking wherein certain link.Usually, the possibility that the user directly opens a fishing website is very little, is generally to be linked to fishing website in the process of webpage redirect, so whether the target URL that the present embodiment mainly detects redirect in webpage redirect event is fishing website.
If webpage redirect event is arranged, can extract the target URL of redirect, and obtain the info web of targeted website from destination server according to this URL, then enter step 304.If there is no webpage redirect event, return to step 301 and continue to monitor and obtain browser event (not shown in Fig. 3).
Step 304 detects described targeted website whether in default white list;
Therefore because the network address of fishing website is slightly different from the network address of the true website that will imitate, compares by network address and can find that the targeted website is whether in white list.When described targeted website is not in described white list, be the suspected site, need enter step 305; Otherwise the targeted website in white list, must be safe real website, therefore can determine that the targeted website is normal website, process ends.
By the Preliminary screening of white list, can filter out in advance a large amount of normal websites, and only detect targetedly for the relatively less fishing website of quantity, thereby improve detection efficiency.
If described matching result value surpasses pre-set threshold value, determine that the targeted website is fishing website, and send dangerous caution reminding user; If described matching result value does not surpass pre-set threshold value, enter step 306.
Step 306 judges whether to meet the image recognition requirement;
The requirement of image recognition be the DOM structure coupling similarity in the situation that low value but be not 0 can enter step 307 and carry out image recognition; If the matching result value of DOM identification is 0, can not carry out image recognition, be judged as normal website, flow process finishes.
Therefore, unless fishing website does not fully exist any similarly to the official website, namely the matching result value is 0, otherwise all can carry out image recognition.
Area recognizing method is mainly with the key area of official website, position such as logging zone, payment zone, the local buckling feature is as Matching Elements, this kind method is fully with the sign that is characterized as of part, carry out the full figure coupling, need not to carry out the cutting of picture, thus the blurring mapping of picture supported, even distortion appears in the image of fishing website and distortion still can effectively be identified.
If the matching result value of image recognition surpasses pre-set threshold value, determine that the targeted website is fishing website, and send dangerous caution reminding user; If described matching result value does not surpass pre-set threshold value, determine that the targeted website is normal website.
In sum, embodiment illustrated in fig. 3ly at first filter out true and reliable website by white list in order to improve detection efficiency, then the suspected site is carried out similarity from file structure and two aspects, UI interface and calculate.And, if be judged to be fishing website, also can send dangerous information warning, the prompting user.
Need to prove, for aforesaid each embodiment of the method, for simple description, therefore it all is expressed as a series of combination of actions, but those skilled in the art should know, the application is not subjected to the restriction of described sequence of movement, because according to the application, some step can adopt other orders or carry out simultaneously.Secondly, those skilled in the art also should know, the embodiment described in specification all belongs to preferred embodiment, and related action might not be that the application is necessary.
Based on the explanation of said method embodiment, the application also provides the client terminal device embodiment of corresponding detection fishing website, realizes the described content of said method embodiment.
With reference to Fig. 4, it is the described a kind of client terminal device structure chart that detects fishing website of the embodiment of the present application.
Described client terminal device can comprise with lower module:
Webpage acquisition module 10 is used for obtaining the network address of targeted website, and obtains the page info of targeted website according to described network address;
File structure characteristic extracting module 20 is used for extracting the file structure feature from the page info of targeted website;
File structure characteristic matching module 30 is used for the file structure feature of the targeted website page and the file structure feature in true file characteristics storehouse are carried out the coupling of file structure similarity; If it is first pre-conditioned that the matching degree of file structure similarity meets, determine that the targeted website is fishing website, if do not meet pre-conditionedly, trigger key area characteristic extracting module 40;
Key area characteristic extracting module 40 is used for extracting the key area feature from the page info of targeted website;
Key area characteristic matching module 50 is used for the key area feature of the targeted website page and the key area feature of true key area feature database are carried out the coupling of interface image similarity; If it is second pre-conditioned that the matching degree of interface image similarity meets, determine that the targeted website is fishing website, otherwise determine that the targeted website is normal website.
Wherein, it is first pre-conditioned that the matching degree of described file structure similarity meets, and comprising: the matching degree of file structure similarity surpasses the first preset value, meets first pre-conditioned;
It is second pre-conditioned that the matching degree of described interface image similarity meets, and comprising: the matching degree of interface image similarity surpasses the second preset value, meets second pre-conditioned.
Need to prove, above-mentioned client terminal device structure is only the application's a preferred embodiment, described client terminal device only comprises webpage acquisition module 10, key area characteristic extracting module 40 and key area characteristic matching module 50, there is the property delayed in the detection method that also can solve prior art, and can't detect the problem of emerging fishing website.
Based on above-mentioned two client terminal device embodiment, particularly, described key area characteristic matching module 50 can comprise following submodule:
Key area is determined submodule, is used for determining one or more key areas on the page-images of described targeted website;
The feature point extraction submodule is used for extracting at each key area being made of the n stack features point of a group two characteristic points; Two characteristic points in above-mentioned every stack features point are drawn a straight line, and extract m characteristic point on described straight line, each key area is expressed as the characteristic point array of a n * m thus, and wherein n and m are natural number;
The key area feature is determined submodule, is used for each key area characteristic of correspondence lattice array is combined with random array according to the acquiring size of page-images, obtains describing the key area feature of the described targeted website page.
Wherein, the feature point extraction submodule can extract according to particular point in each key area and be made of the n stack features point of a group two characteristic points, and wherein said particular point comprises angle point, marginal point, bright spot and dim spot.
Wherein, the computing such as described combination can be addition, multiply each other is for example with each key area characteristic of correspondence lattice array and random array addition according to the acquiring size of page-images.
Particularly, described file structure characteristic matching module 30 can comprise following submodule:
The DOM analyzing sub-module is used for the page info of targeted website is resolved to the dom tree structure;
File characteristics extracts submodule, is used for extracting the file structure feature from described dom tree structure.
Particularly, described file structure characteristic matching module 30 can comprise following submodule:
Matched sub-block is used for the file structure feature of the targeted website page and the file structure feature in true file characteristics storehouse are compared, and the file structure feature on coupling is added corresponding weights;
The weights calculating sub module is used for the weights of all file structure features of the targeted website page cumulatively, obtains total score value; With the matching degree of described total score value as the file structure similarity.
Further alternatively, in order to improve detection efficiency, as shown in Figure 5, described client terminal device can also comprise with lower module:
Whether white list screening module 60, when described targeted website is not in described white list, triggers described webpage acquisition module 10 and obtains the page info of targeted website according to described network address in default white list for detection of described targeted website; Otherwise, determine that the targeted website is normal website.
Described client terminal device can also comprise:
Feature database is set up module 70, is used for setting up true file characteristics storehouse and true key area feature database according to described white list.
For the client terminal device embodiment of above-mentioned detection fishing website, because it is substantially similar to embodiment of the method, so describe fairly simple, relevant part gets final product to the part explanation of embodiment of the method shown in Figure 3 referring to Fig. 1.
Whether in actual applications, the independent software that the client terminal device of described detection fishing website can be made similar plug-in unit is installed to client, be fishing website for detection of the website of client-access.In addition, described client terminal device also directly in embedding browser, as a functional module of browser, makes this browser have the function that detects fishing website.
Each embodiment in this specification all adopts the mode of going forward one by one to describe, and what each embodiment stressed is and the difference of other embodiment that between each embodiment, identical similar part is mutually referring to getting final product.
The application can be used in numerous general or special purpose computingasystem environment or configuration.For example: personal computer, server computer, handheld device or portable set, plate equipment, multicomputer system, the system based on microprocessor, set top box, programmable consumer-elcetronics devices, network PC, minicom, mainframe computer, comprise distributed computing environment (DCE) of above any system or equipment etc.
At last, also need to prove, in this article, relational terms such as the first and second grades only is used for an entity or operation are separated with another entity or operating space, and not necessarily requires or hint and have the relation of any this reality or sequentially between these entities or operation.
Above a kind of detection fishing website method and the client terminal device that the application is provided, be described in detail, used specific case herein the application's principle and execution mode are set forth, the explanation of above embodiment just is used for helping to understand the application's method and core concept thereof; Simultaneously, for one of ordinary skill in the art, the thought according to the application all will change in specific embodiments and applications, and in sum, this description should not be construed as the restriction to the application.
Claims (16)
1. a method that detects fishing website, is characterized in that, comprising:
Obtain the network address of targeted website, and obtain the page info of targeted website according to described network address;
Extract the key area feature from the page info of targeted website, and carry out the coupling of interface image similarity with the key area feature in true key area feature database;
If it is second pre-conditioned that the matching degree of interface image similarity meets, determine that the targeted website is fishing website, otherwise determine that the targeted website is normal website.
2. method according to claim 1, is characterized in that, it is second pre-conditioned that the matching degree of described interface image similarity meets, and comprising:
The matching degree of interface image similarity surpasses the second preset value, meets second pre-conditioned.
3. method according to claim 1, is characterized in that, the described key area feature that extracts from the page info of targeted website comprises:
Determine one or more key areas on the page-images of described targeted website;
Extract in each key area and consisted of the n stack features point of a group by two characteristic points;
Two characteristic points in above-mentioned every stack features point are drawn a straight line, and extract m characteristic point on described straight line, each key area is expressed as the characteristic point array of a n * m thus, and wherein n and m are natural number;
Each key area characteristic of correspondence lattice array is combined with random array according to the acquiring size of page-images, obtain describing the key area feature of the described targeted website page.
4. method according to claim 3 is characterized in that:
Extract according to particular point in each key area and be made of the n stack features point of a group two characteristic points, wherein said particular point comprises angle point, marginal point, bright spot and dim spot.
5. method according to claim 3, is characterized in that, described combining comprises:
With each key area characteristic of correspondence lattice array and random array addition according to the acquiring size of page-images.
6. method according to claim 1, is characterized in that, before the coupling of described interface image similarity, also comprises:
Extract the file structure feature from the page info of targeted website, and carry out the coupling of file structure similarity with the file structure feature in true file characteristics storehouse;
If it is first pre-conditioned that the matching degree of file structure similarity meets, determine that the targeted website is fishing website, if do not meet pre-conditionedly, carry out the coupling of interface image similarity.
7. method according to claim 6, is characterized in that, it is first pre-conditioned that the matching degree of described file structure similarity meets, and comprising:
The matching degree of file structure similarity surpasses the first preset value, meets first pre-conditioned.
8. method according to claim 6, is characterized in that, the coupling of described file structure similarity comprises:
The file structure feature of the targeted website page and the file structure feature in true file characteristics storehouse are compared, and the file structure feature on coupling is added corresponding weights;
The weights of all file structure features of the targeted website page are cumulative, obtain total score value;
With the matching degree of described total score value as the file structure similarity.
9. method according to claim 1, is characterized in that, after the described network address of obtaining the targeted website, also comprises:
Detect described targeted website whether in default white list, when described targeted website is not in described white list, obtain the page info of targeted website according to described network address; Otherwise, determine that the targeted website is normal website.
10. method according to claim 9, is characterized in that, also comprises: set up true file characteristics storehouse and true key area feature database according to described white list.
11. a client terminal device that detects fishing website is characterized in that, comprising:
The webpage acquisition module is used for obtaining the network address of targeted website, and obtains the page info of targeted website according to described network address;
The key area characteristic extracting module is used for extracting the key area feature from the page info of targeted website;
The key area characteristic matching module is used for the key area feature of the targeted website page and the key area feature of true key area feature database are carried out the coupling of interface image similarity; If it is second pre-conditioned that the matching degree of interface image similarity meets, determine that the targeted website is fishing website, otherwise determine that the targeted website is normal website.
12. device according to claim 11 is characterized in that, described key area characteristic extracting module comprises:
Key area is determined submodule, is used for determining one or more key areas on the page-images of described targeted website;
The feature point extraction submodule is used for extracting at each key area being made of the n stack features point of a group two characteristic points; Two characteristic points in above-mentioned every stack features point are drawn a straight line, and extract m characteristic point on described straight line, each key area is expressed as the characteristic point array of a n * m thus, and wherein n and m are natural number;
The key area feature is determined submodule, is used for each key area characteristic of correspondence lattice array is combined with random array according to the acquiring size of page-images, obtains describing the key area feature of the described targeted website page.
13. device according to claim 11 is characterized in that, also comprises:
The file structure characteristic extracting module is used for extracting the file structure feature from the page info of targeted website;
The file structure characteristic matching module is used for the file structure feature of the targeted website page and the file structure feature in true file characteristics storehouse are carried out the coupling of file structure similarity; If it is first pre-conditioned that the matching degree of file structure similarity meets, determine that the targeted website is fishing website, if do not meet pre-conditionedly, trigger the key area characteristic extracting module.
14. device according to claim 13 is characterized in that, described file structure characteristic matching module comprises:
Matched sub-block is used for the file structure feature of the targeted website page and the file structure feature in true file characteristics storehouse are compared, and the file structure feature on coupling is added corresponding weights;
The weights calculating sub module is used for the weights of all file structure features of the targeted website page cumulatively, obtains total score value; With the matching degree of described total score value as the file structure similarity.
15. device according to claim 11 is characterized in that, also comprises:
Whether white list screening module, when described targeted website is not in described white list, triggers described webpage acquisition module and obtains the page info of targeted website according to described network address in default white list for detection of described targeted website; Otherwise, determine that the targeted website is normal website.
16. device according to claim 15 is characterized in that, also comprises:
Feature database is set up module, is used for setting up true file characteristics storehouse and true key area feature database according to described white list.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110436261.4A CN103179095B (en) | 2011-12-22 | 2011-12-22 | A kind of method and client terminal device detecting fishing website |
| HK13110000.2A HK1182857A1 (en) | 2011-12-22 | 2013-08-27 | Method and client device for detecting phishing websites |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110436261.4A CN103179095B (en) | 2011-12-22 | 2011-12-22 | A kind of method and client terminal device detecting fishing website |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103179095A true CN103179095A (en) | 2013-06-26 |
| CN103179095B CN103179095B (en) | 2016-03-30 |
Family
ID=48638721
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110436261.4A Active CN103179095B (en) | 2011-12-22 | 2011-12-22 | A kind of method and client terminal device detecting fishing website |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN103179095B (en) |
| HK (1) | HK1182857A1 (en) |
Cited By (27)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103442014A (en) * | 2013-09-03 | 2013-12-11 | 中国科学院信息工程研究所 | Method and system for automatic detection of suspected counterfeit websites |
| CN103530367A (en) * | 2013-10-12 | 2014-01-22 | 深圳先进技术研究院 | Phishing netsite identification system and method |
| CN103986731A (en) * | 2014-05-30 | 2014-08-13 | 北京奇虎科技有限公司 | Method and device for detecting phishing web pages through picture matching |
| CN104636420A (en) * | 2013-11-11 | 2015-05-20 | 国际商业机器公司 | System and method for hyperlink data presentation |
| CN104679798A (en) * | 2013-12-03 | 2015-06-03 | 腾讯科技(深圳)有限公司 | Webpage detection method and device |
| CN104978423A (en) * | 2015-06-30 | 2015-10-14 | 北京奇虎科技有限公司 | Website type detection method and apparatus |
| WO2015188604A1 (en) * | 2014-06-13 | 2015-12-17 | 百度国际科技(深圳)有限公司 | Phishing webpage detection method and device |
| CN105335360A (en) * | 2014-05-26 | 2016-02-17 | 国际商业机器公司 | Method and apparatus for generating document structure |
| CN105653959A (en) * | 2015-12-31 | 2016-06-08 | 深圳市安之天信息技术有限公司 | Method and system for identifying counterfeited website on the basis of functional image |
| CN105763543A (en) * | 2016-02-03 | 2016-07-13 | 百度在线网络技术(北京)有限公司 | Phishing site identification method and device |
| CN106127042A (en) * | 2016-07-06 | 2016-11-16 | 苏州仙度网络科技有限公司 | Webpage visual similarity recognition method |
| CN106559395A (en) * | 2015-09-29 | 2017-04-05 | 北京东土军悦科技有限公司 | A kind of data message detection method and device based on industrial network |
| CN107436890A (en) * | 2016-05-26 | 2017-12-05 | 阿里巴巴集团控股有限公司 | A kind of detection method and device of the Type of website |
| WO2018077035A1 (en) * | 2016-10-31 | 2018-05-03 | 腾讯科技(深圳)有限公司 | Malicious resource address detecting method and apparatus, and storage medium |
| CN108154031A (en) * | 2018-01-17 | 2018-06-12 | 腾讯科技(深圳)有限公司 | Recognition methods, device, storage medium and the electronic device of camouflage applications program |
| CN108306878A (en) * | 2018-01-30 | 2018-07-20 | 平安科技(深圳)有限公司 | Detection method for phishing site, device, computer equipment and storage medium |
| CN108629165A (en) * | 2017-03-17 | 2018-10-09 | 平安科技(深圳)有限公司 | The display methods and device of website |
| CN110309335A (en) * | 2019-07-03 | 2019-10-08 | 腾讯科技(深圳)有限公司 | A kind of picture match method, apparatus, equipment and storage medium |
| CN110309453A (en) * | 2018-03-07 | 2019-10-08 | 中移(苏州)软件技术有限公司 | A kind of webpage jump method and device |
| CN110309402A (en) * | 2018-02-27 | 2019-10-08 | 阿里巴巴集团控股有限公司 | Detect the method and system of website |
| WO2019214086A1 (en) * | 2018-05-08 | 2019-11-14 | 平安科技(深圳)有限公司 | Visiting planning method and apparatus, terminal device, and medium |
| CN111078979A (en) * | 2019-11-29 | 2020-04-28 | 上海观安信息技术股份有限公司 | Method and system for identifying network credit website based on OCR and text processing technology |
| CN111224923A (en) * | 2018-11-26 | 2020-06-02 | 阿里巴巴集团控股有限公司 | Detection method, device and system for counterfeit websites |
| CN113507485A (en) * | 2021-08-12 | 2021-10-15 | 河北民族师范学院 | Cloud security access system and method |
| CN114005004A (en) * | 2021-12-30 | 2022-02-01 | 成都无糖信息技术有限公司 | Fraud website identification method and system based on picture instance level characteristics |
| CN114124564A (en) * | 2021-12-03 | 2022-03-01 | 北京天融信网络安全技术有限公司 | Counterfeit website detection method and device, electronic equipment and storage medium |
| CN114448664A (en) * | 2021-12-22 | 2022-05-06 | 深信服科技股份有限公司 | Phishing webpage identification method and device, computer equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101534306A (en) * | 2009-04-14 | 2009-09-16 | 深圳市腾讯计算机***有限公司 | Detecting method and a device for fishing website |
| CN101826105A (en) * | 2010-04-02 | 2010-09-08 | 南京邮电大学 | Phishing webpage detection method based on Hungary matching algorithm |
| CN102082792A (en) * | 2010-12-31 | 2011-06-01 | 成都市华为赛门铁克科技有限公司 | Phishing webpage detection method and device |
| CN102170446A (en) * | 2011-04-29 | 2011-08-31 | 南京邮电大学 | Fishing webpage detection method based on spatial layout and visual features |
-
2011
- 2011-12-22 CN CN201110436261.4A patent/CN103179095B/en active Active
-
2013
- 2013-08-27 HK HK13110000.2A patent/HK1182857A1/en unknown
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101534306A (en) * | 2009-04-14 | 2009-09-16 | 深圳市腾讯计算机***有限公司 | Detecting method and a device for fishing website |
| CN101826105A (en) * | 2010-04-02 | 2010-09-08 | 南京邮电大学 | Phishing webpage detection method based on Hungary matching algorithm |
| CN102082792A (en) * | 2010-12-31 | 2011-06-01 | 成都市华为赛门铁克科技有限公司 | Phishing webpage detection method and device |
| CN102170446A (en) * | 2011-04-29 | 2011-08-31 | 南京邮电大学 | Fishing webpage detection method based on spatial layout and visual features |
Non-Patent Citations (2)
| Title |
|---|
| WENYIN 等: "Detection of Phishing Webpages based on Visual Similarity", 《2005 SPECIAL INTEREST TRACKS AND POSTERS OF THE 14TH INTERNATIONAL CONFERENCE ON WORLD WIDE WEB》 * |
| WENYIN 等: "Detection of Phishing Webpages based on Visual Similarity", 《2005 SPECIAL INTEREST TRACKS AND POSTERS OF THE 14TH INTERNATIONAL CONFERENCE ON WORLD WIDE WEB》, 14 May 2005 (2005-05-14) * |
Cited By (39)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103442014A (en) * | 2013-09-03 | 2013-12-11 | 中国科学院信息工程研究所 | Method and system for automatic detection of suspected counterfeit websites |
| CN103530367B (en) * | 2013-10-12 | 2017-07-18 | 深圳先进技术研究院 | A kind of fishing website identification system and method |
| CN103530367A (en) * | 2013-10-12 | 2014-01-22 | 深圳先进技术研究院 | Phishing netsite identification system and method |
| CN104636420A (en) * | 2013-11-11 | 2015-05-20 | 国际商业机器公司 | System and method for hyperlink data presentation |
| CN104636420B (en) * | 2013-11-11 | 2018-05-11 | 格芯公司 | System and method for hyperlink data to be presented |
| CN104679798A (en) * | 2013-12-03 | 2015-06-03 | 腾讯科技(深圳)有限公司 | Webpage detection method and device |
| CN105335360A (en) * | 2014-05-26 | 2016-02-17 | 国际商业机器公司 | Method and apparatus for generating document structure |
| CN105335360B (en) * | 2014-05-26 | 2018-06-08 | 国际商业机器公司 | The method and apparatus for generating file structure |
| CN103986731A (en) * | 2014-05-30 | 2014-08-13 | 北京奇虎科技有限公司 | Method and device for detecting phishing web pages through picture matching |
| WO2015188604A1 (en) * | 2014-06-13 | 2015-12-17 | 百度国际科技(深圳)有限公司 | Phishing webpage detection method and device |
| CN104978423A (en) * | 2015-06-30 | 2015-10-14 | 北京奇虎科技有限公司 | Website type detection method and apparatus |
| CN106559395A (en) * | 2015-09-29 | 2017-04-05 | 北京东土军悦科技有限公司 | A kind of data message detection method and device based on industrial network |
| CN106559395B (en) * | 2015-09-29 | 2019-12-03 | 北京东土军悦科技有限公司 | A kind of data message detection method and device based on industrial network |
| CN105653959A (en) * | 2015-12-31 | 2016-06-08 | 深圳市安之天信息技术有限公司 | Method and system for identifying counterfeited website on the basis of functional image |
| CN105763543A (en) * | 2016-02-03 | 2016-07-13 | 百度在线网络技术(北京)有限公司 | Phishing site identification method and device |
| CN105763543B (en) * | 2016-02-03 | 2019-08-30 | 百度在线网络技术(北京)有限公司 | A kind of method and device identifying fishing website |
| CN107436890A (en) * | 2016-05-26 | 2017-12-05 | 阿里巴巴集团控股有限公司 | A kind of detection method and device of the Type of website |
| CN106127042A (en) * | 2016-07-06 | 2016-11-16 | 苏州仙度网络科技有限公司 | Webpage visual similarity recognition method |
| WO2018077035A1 (en) * | 2016-10-31 | 2018-05-03 | 腾讯科技(深圳)有限公司 | Malicious resource address detecting method and apparatus, and storage medium |
| CN108629165A (en) * | 2017-03-17 | 2018-10-09 | 平安科技(深圳)有限公司 | The display methods and device of website |
| CN108154031A (en) * | 2018-01-17 | 2018-06-12 | 腾讯科技(深圳)有限公司 | Recognition methods, device, storage medium and the electronic device of camouflage applications program |
| CN108154031B (en) * | 2018-01-17 | 2021-08-06 | 腾讯科技(深圳)有限公司 | Method, device, storage medium and electronic device for identifying disguised application |
| CN108306878A (en) * | 2018-01-30 | 2018-07-20 | 平安科技(深圳)有限公司 | Detection method for phishing site, device, computer equipment and storage medium |
| CN110309402A (en) * | 2018-02-27 | 2019-10-08 | 阿里巴巴集团控股有限公司 | Detect the method and system of website |
| CN110309453A (en) * | 2018-03-07 | 2019-10-08 | 中移(苏州)软件技术有限公司 | A kind of webpage jump method and device |
| WO2019214086A1 (en) * | 2018-05-08 | 2019-11-14 | 平安科技(深圳)有限公司 | Visiting planning method and apparatus, terminal device, and medium |
| CN111224923B (en) * | 2018-11-26 | 2022-07-22 | 阿里巴巴集团控股有限公司 | Detection method, device and system for counterfeit websites |
| CN111224923A (en) * | 2018-11-26 | 2020-06-02 | 阿里巴巴集团控股有限公司 | Detection method, device and system for counterfeit websites |
| CN110309335A (en) * | 2019-07-03 | 2019-10-08 | 腾讯科技(深圳)有限公司 | A kind of picture match method, apparatus, equipment and storage medium |
| CN110309335B (en) * | 2019-07-03 | 2023-01-06 | 腾讯科技(深圳)有限公司 | Picture matching method, device and equipment and storage medium |
| CN111078979A (en) * | 2019-11-29 | 2020-04-28 | 上海观安信息技术股份有限公司 | Method and system for identifying network credit website based on OCR and text processing technology |
| CN113507485B (en) * | 2021-08-12 | 2022-07-29 | 河北民族师范学院 | Cloud security access system and method |
| CN113507485A (en) * | 2021-08-12 | 2021-10-15 | 河北民族师范学院 | Cloud security access system and method |
| CN114124564A (en) * | 2021-12-03 | 2022-03-01 | 北京天融信网络安全技术有限公司 | Counterfeit website detection method and device, electronic equipment and storage medium |
| CN114124564B (en) * | 2021-12-03 | 2023-11-28 | 北京天融信网络安全技术有限公司 | Method and device for detecting counterfeit website, electronic equipment and storage medium |
| CN114448664A (en) * | 2021-12-22 | 2022-05-06 | 深信服科技股份有限公司 | Phishing webpage identification method and device, computer equipment and storage medium |
| CN114448664B (en) * | 2021-12-22 | 2024-01-02 | 深信服科技股份有限公司 | Method and device for identifying phishing webpage, computer equipment and storage medium |
| CN114005004B (en) * | 2021-12-30 | 2022-04-01 | 成都无糖信息技术有限公司 | Fraud website identification method and system based on picture instance level characteristics |
| CN114005004A (en) * | 2021-12-30 | 2022-02-01 | 成都无糖信息技术有限公司 | Fraud website identification method and system based on picture instance level characteristics |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103179095B (en) | 2016-03-30 |
| HK1182857A1 (en) | 2013-12-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103179095A (en) | Method and client device for detecting phishing websites | |
| Chiew et al. | Utilisation of website logo for phishing detection | |
| CN111401416B (en) | Abnormal website identification method and device and abnormal countermeasure identification method | |
| Hara et al. | Visual similarity-based phishing detection without victim site information | |
| CN106685936B (en) | Webpage tampering detection method and device | |
| CN104462152B (en) | A kind of recognition methods of webpage and device | |
| CN103559235B (en) | A kind of online social networks malicious web pages detection recognition methods | |
| Wenyin et al. | Detection of phishing webpages based on visual similarity | |
| CN104954372B (en) | A kind of evidence obtaining of fishing website and verification method and system | |
| CN102467633A (en) | Method and system for safely browsing webpage | |
| CN107688743B (en) | Malicious program detection and analysis method and system | |
| EP2920688A1 (en) | Method and device for detecting malicious url | |
| CN102170446A (en) | Fishing webpage detection method based on spatial layout and visual features | |
| CN107786537B (en) | Isolated page implantation attack detection method based on Internet cross search | |
| CN101895516A (en) | Method and device for positioning cross-site scripting attack source | |
| Zhou et al. | Visual similarity based anti-phishing with the combination of local and global features | |
| CN103379111A (en) | Intelligent anti-phishing defensive system | |
| CN104158828A (en) | Method and system for identifying doubtful phishing webpage on basis of cloud content rule base | |
| Gu et al. | An efficient approach to detecting phishing web | |
| CN108337269A (en) | A kind of WebShell detection methods | |
| CN107800686A (en) | A kind of fishing website recognition methods and device | |
| Jain et al. | Detection of phishing attacks in financial and e-banking websites using link and visual similarity relation | |
| Park et al. | Phishing website detection framework through web scraping and data mining | |
| CN110443031A (en) | A kind of two dimensional code Risk Identification Method and system | |
| CN103870752A (en) | Method and device for detecting Flash XSS (Cross Site Script) vulnerabilities and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 1182857 Country of ref document: HK |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: GR Ref document number: 1182857 Country of ref document: HK |