CN105959330A - False link interception method, device and system - Google Patents
False link interception method, device and system Download PDFInfo
- Publication number
- CN105959330A CN105959330A CN201610571094.7A CN201610571094A CN105959330A CN 105959330 A CN105959330 A CN 105959330A CN 201610571094 A CN201610571094 A CN 201610571094A CN 105959330 A CN105959330 A CN 105959330A
- Authority
- CN
- China
- Prior art keywords
- link
- false
- webpage
- false link
- interception method
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention relates to the technical field of network safety and especially relates to a false link interception method and system. The false link interception method is characterized by carrying out identification on a webpage access request initiated by a user client and obtaining a mirror image link; actively analyzing domain name information of the link and safety of the specific webpage content information; and intercepting a false link access request, thereby providing a more accurate and higher-recognition efficiency false link interception method for users. The false link interception method can be realized by establishing function modules, combining the function modules into a function module framework, and implementing the function module framework through computer programs stored in a computer readable storage medium. The false link interception system is established based on the false link interception method. The system comprises a client, an operator host, a network end and a server. The server of the false link interception system has the function module framework, and the system can enter the computer programs for implementing the function module framework, so that false link interception is realized.
Description
Technical field
The present invention relates to technical field of network security, particularly to falseness link hold-up interception method and system.For the hold-up interception method of falseness link, functional module construction can be combined into by setting up functional module, the computer program stored in a computer-readable storage medium implement.
Background technology
Along with the Internet and the fast development of mobile terminal, some personations or malice are imitated the falseness of the well-known network address and are linked on network propagation, once user enters the webpage that false link is pointed to, and is easy for being cheated by the content of these webpages, causes leakage of personal information loss the most financially.Along with the threat of internet communication and Security in Electronic Commerce energy is continuously increased by falseness link, false link detection technology is also increasingly subject to the concern of people.
Identification to falseness link at present is reported essentially from user, and internet security service provider sets up the black and white lists of web page interlinkage, after receiving user's report information, the web page interlinkage being verified as false link is added blacklist.Internet security service provider, by setting up interception mechanism in client, filters out the link being saved in blacklist when user browses webpage.The information updating of this false link hold-up interception method is delayed, and protectiveness is not strong, and when it plays effect, often the interests of user have been subjected to infringement, it is impossible to the Web vector graphic safety of omnibearing protection user.And the false link recognition methods of initiative recognition is carried out for link domain name, the character similarity generally being directed to domain name main body is identified, as similar in analyzed the second level domain letter the most several to the *** in www.***.com of link, the degree of accuracy of this false link recognition methods is the highest, easily cause and intercept by mistake, and this recognition methods needs user again to confirm mostly, make troubles to the use of user.
Summary of the invention
It is an object of the invention to: the safety of the link of the web-page requests that active analysis client is initiated, intercept the access request of falseness link, provide the user more accurately and the higher false link hold-up interception method of recognition efficiency.
For achieving the above object, the present invention provides false link hold-up interception method, obtain the link mirror image of client-access, judge whether this link is false link, if judging, this link is false link, then intercept the access request to this link, it is judged that this link be whether the step of false link specifically: take the webpage pointed by this link and the regular webpage prestored compare, similarity degree according to both pages, it is judged that whether this link is false link.
The false link hold-up interception method of the present invention, the web access requests initiating subscription client is identified and obtains mirror image link, the domain-name information of active analysis link and the safety of pointed web page content information, intercept the access request of falseness link, provide the user more accurately and the higher false link hold-up interception method of recognition efficiency.For the hold-up interception method of falseness link, functional module construction can be combined into by setting up functional module, the computer program stored in a computer-readable storage medium implement.
Setting up falseness link intercepting system based on this falseness link hold-up interception method, this system includes client, operator's main frame, network-side and server.The server of false link intercepting system has functional module construction, it is possible to the computer program of this functional module construction is implemented in typing, thus realizes the hold-up interception method of this falseness link.Specifically, client sends the link of web access requests, by operator's main frame and described network-side communication, server obtains the link mirror image of client-access by operator's main frame, take the webpage pointed by this link and the regular webpage prestored compares, similarity degree according to both pages, it is judged that whether this link is false link, thus intercepts the access request of false link.And recognition efficiency higher interception more accurate to falseness link can be realized by this falseness link intercepting system.
Accompanying drawing explanation
Fig. 1 is that the false link judged based on Page resemblance intercepts schematic flow sheet.
Fig. 2 is that the false link judged based on domain name and Page resemblance intercepts schematic flow sheet.
Fig. 3 is the structural representation of false link intercepting system.
The page home icon of Tu4Shi Taobao.
Detailed description of the invention
As it is shown on figure 3, user sends web access requests by computer client, through operator's main frame and network-side communication, network-side receives after the web-page requests signal of user, returns corresponding info web and is given to user.In the present embodiment, internet security service provider is connected to server at operator's main frame, is obtained the link mirror image of all web access requests passing through this operator's main frame by network bypass.The safety of the all-links acquired in server active analysis, once recognizes the access request of false link, just carries out this link intercepting operation, returns the info web preset, if InterURL homepage is to the client of user.When user clicks risky false link, server directly intercepts the access request of user, stops potential safety hazard.
Embodiment one.
The interception flow process of the false link judged based on Page resemblance as shown in Figure 1, after server obtains the link mirror image of client-access, it is judged that whether this link is in the data base of server.The data base of server includes blacklist and the white list of link, if this is linked in the white list of data base, illustrates that this link is normal web page interlinkage, and server allows user to conduct interviews this webpage;If this is linked in the blacklist of data base, illustrate that this link is false link, the server intercepts user access to this webpage, and return InterURL homepage to the client of user by webpage redirecting technique.If this link is not in data base, server compares, the webpage pointed by the link obtained and the regular webpage prestored according to the similarity degree of both pages, it is judged that whether this link is false link.
As a example by the page of Taobao, server obtains the page info of target web by the web access requests obtained, the similarity because usually determining webpage compared by the home icon of webpage, page keyword and page composition three kinds:
1) home icon of webpage is compared.Be provided with in the upper left corner of Taobao's homepage as shown in Figure 4 containing Taobao and the home icon of Taobao.com the two Chinese and English logo.The hold-up interception method of this falseness link, detect first against this position when calculating the similarity of webpage, if not finding similar home icon, then other parts of the page are detected, if finding close or essentially identical home icon in the page, by the figure of home icon and word relative analysis are calculated webpage similarity.
2) keyword of webpage is compared.As there being recurrent Taobao printed words in Taobao's page, there is substantial amounts of merchandise news, in the peer link hurdle below webpage, have linking of " Ali " group associated with Taobao.The hold-up interception method of this falseness link can extract these page keyword messages, and is calculated the similarity of front-page keyword.
3) page composition of webpage is compared.As the classified catalogue of Taobao is arranged on the left of the page, search column is placed in the middle in surface, and login window is above right side etc..By composition information such as the position of these modules, sizes in collection webpage, the similarity of the page composition of two webpages just can be calculated.
In conjunction with above-mentioned three kinds of testing results, if Page resemblance is higher than the judgment value of falseness link, such as 80%, it is possible to judge that this link is false link, the access request of this link of server intercepts, and return InterURL homepage to the client of user by webpage redirecting technique.If this content similarity is less than the judgment value of falseness link, illustrating that this link is normal web page interlinkage, server allows user to conduct interviews this webpage.Detection based on Page resemblance can identify false link to greatest extent, and the probability of missing inspection is low.
Embodiment two.
The interception flow process of the false link judged based on domain name and Page resemblance as shown in Figure 2, after server obtains the link mirror image of client-access, it is judged that whether this link is in the data base of server.The data base of server includes blacklist and the white list of link, if this is linked in the white list of data base, illustrates that this link is normal web page interlinkage, and server allows user to conduct interviews this webpage;If this is linked in the blacklist of data base, illustrating that this link is false link, this webpage is conducted interviews by server intercepts user, and returns InterURL homepage to the client of user by webpage redirecting technique.If this link is not in data base, the domain name that server takes corresponding to this link and regular webpage compares, and combines the Page resemblance obtained by the webpage comparative approach in embodiment one according to this comparative result, it is judged that whether this link is false link.
Server more first completes the domain name detection to link, and is calculated this link and each domain name similarity linked in data base.If the domain name similarity of this link is higher than the judgment value of falseness link, such as 80%, it is possible to judge that this link is false link, the access request of this link of server intercepts, and return InterURL homepage to the client of user by webpage redirecting technique.If the domain name similarity of this link is less than 80%, but in the range of default 60% ~ 80%, domain name similarity the linking in this preset range that server links with this in just filtering out data base, and the Page resemblance of the webpage that these links are pointed to is detected.If Page resemblance is higher than the judgment value of falseness link, such as 80%, it is possible to judge that this link is false link, the access request of this link of server intercepts, and return InterURL homepage to the client of user by webpage redirecting technique.If this content similarity is less than the judgment value of falseness link, illustrating that this link is normal web page interlinkage, server allows user to conduct interviews this webpage.
Server priority is utilized to obtain the characteristic of the domain name testing result to link, a part can be got rid of it has been determined that be that the probability of false link or false link is than relatively low link, thus reduce the amount of calculation to webpage similarity, accelerate the identification to falseness link.
As a example by domain name www.***.com of Baidu, main body that server is linked by contrast and TLD two parts determine domain name similarity:
1) main body of detection link.The domain name main body of Baidu is ***, and in the link of fake site, often letter is done similar replacement, the similarity utilizing character carrys out user cheating, as i changed into the false link www.ba1du.com of 1, this link reaches more than 80% with the domain name similarity of Baidu www.***.com, it can be determined that this link is false link.The maneuver that the letter of this likeness in form, numeral are replaced has the strongest fascination, it is not easy to be the user discover that, occupies larger specific gravity when computational fields name similarity.
2) TLD of detection link.The TLD of Baidu is .com, and in the link of fake site, keeps domain name main body *** constant, this TLD may be modified to _ com .cn etc., or add .123.cn at the rear of this TLD .com, make TLD .com become sub-domain, to reach obscuring visually.These links are also judged as more than 80% with the domain name similarity of Baidu www.***.com, it can be determined that this link is false link.Amendment to TLD is a kind of hidden mode of playing tricks, and by the detection to TLD, user can be avoided to merely enter in the case of domain name main body retrieves, be confused by the domain name addresses of fake site.
The false link hold-up interception method of the present invention, the web access requests initiating subscription client is identified and obtains mirror image link, main body and TLD by link determine domain name similarity, the similarity of webpage is determined by the home icon of webpage, page keyword and page composition information etc., the domain-name information of active analysis link and the safety of pointed web page content information, intercept the access request of falseness link, false link can be intercepted for user more accurately, and recognition efficiency is higher.For the hold-up interception method of falseness link, functional module construction can be combined into by setting up functional module, the computer program stored in a computer-readable storage medium implement.
Setting up falseness link intercepting system based on this falseness link hold-up interception method, this system includes client, operator's main frame, network-side and server.The server of false link intercepting system has functional module construction, it is possible to the computer program of this functional module construction is implemented in typing, thus realizes the hold-up interception method of this falseness link.
Claims (11)
1. false link hold-up interception method, obtain the link mirror image of client-access, judge whether this link is false link, if judging, this link is false link, then intercept the access request to this link, it is characterized in that, it is judged that this link be whether the step of false link specifically: take the webpage pointed by this link and the regular webpage prestored compare, similarity degree according to both pages, it is judged that whether this link is false link.
False link hold-up interception method the most according to claim 1, is characterized in that, the factor compared includes the home icon of webpage.
False link hold-up interception method the most according to claim 1, is characterized in that, the factor compared includes the keyword in webpage.
False link hold-up interception method the most according to claim 1, is characterized in that, the factor compared includes page composition.
False link hold-up interception method the most according to claim 1, it is characterized in that, judge described link be whether the step of false link specifically: also take the domain name corresponding to this link and regular webpage and compare, similarity degree according to both pages described in the combination of this comparative result, it is judged that whether this link is false link.
6. false link blocking apparatus, including:
Link acquisition module, obtains the link mirror image of client-access;
False link judge module, it is judged that the most false link of this link;
Blocking module, if judging, this link is false link, then intercept the access request to this link;
It is characterized in that, falseness links judge module specifically: take the webpage pointed by this link and the regular webpage prestored compares, according to the similarity degree of both pages, it is judged that whether this link is false link.
False link blocking apparatus the most according to claim 6, is characterized in that, the factor that false link judge module is compared includes the home icon of webpage.
False link blocking apparatus the most according to claim 6, is characterized in that, the keyword that the factor that false link judge module is compared includes in webpage.
False link blocking apparatus the most according to claim 6, is characterized in that, the factor that false link judge module is compared includes page composition.
The device that false link the most according to claim 6 intercepts, it is characterized in that, falseness links judge module specifically: also takes the domain name corresponding to this link and regular webpage and compares, similarity degree according to both pages described in the combination of this comparative result, it is judged that whether this link is false link.
11. false link intercepting systems, including client, operator's main frame, network-side and server, described client is by operator's main frame and described network-side communication, described server obtains the link mirror image of client-access by operator's main frame, it is characterized in that: described server perform claim 1 ~ 5 when according to any one of false link hold-up interception method, or described server have claim 6~10 when according to any one of false link blocking apparatus.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610571094.7A CN105959330A (en) | 2016-07-20 | 2016-07-20 | False link interception method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610571094.7A CN105959330A (en) | 2016-07-20 | 2016-07-20 | False link interception method, device and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105959330A true CN105959330A (en) | 2016-09-21 |
Family
ID=56901122
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610571094.7A Pending CN105959330A (en) | 2016-07-20 | 2016-07-20 | False link interception method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105959330A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106713285A (en) * | 2016-12-06 | 2017-05-24 | 广东万丈金数信息技术股份有限公司 | Website link security verification method and system |
| CN108111584A (en) * | 2017-12-15 | 2018-06-01 | 中南大学 | A kind of effective download link recognition methods of feature based extraction and system |
| WO2018120575A1 (en) * | 2016-12-30 | 2018-07-05 | 百度在线网络技术(北京)有限公司 | Method and device for identifying main picture in web page |
| CN111585978A (en) * | 2020-04-21 | 2020-08-25 | 微梦创科网络科技(中国)有限公司 | Method, client, server and system for intercepting false requests |
| CN111782986A (en) * | 2019-05-17 | 2020-10-16 | 北京京东尚科信息技术有限公司 | Method and device for monitoring access based on short link |
| CN112087459A (en) * | 2020-09-11 | 2020-12-15 | 杭州安恒信息技术股份有限公司 | Access request detection method, device, equipment and readable storage medium |
| CN112348104A (en) * | 2020-11-17 | 2021-02-09 | 百度在线网络技术(北京)有限公司 | Counterfeit program identification method, apparatus, device and storage medium |
| CN113141613B (en) * | 2021-04-27 | 2023-09-26 | 上海淇玥信息技术有限公司 | Communication channel detection method and device and electronic equipment |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102638448A (en) * | 2012-02-27 | 2012-08-15 | 珠海市君天电子科技有限公司 | Method for judging phishing websites based on non-content analysis |
| CN102737183A (en) * | 2012-06-12 | 2012-10-17 | 腾讯科技(深圳)有限公司 | Method and device for webpage safety access |
| US20130312081A1 (en) * | 2012-05-18 | 2013-11-21 | Estsecurity Co., Ltd. | Malicious code blocking system |
| CN104168293A (en) * | 2014-09-05 | 2014-11-26 | 北京奇虎科技有限公司 | Method and system for recognizing suspicious phishing web page in combination with local content rule base |
| CN104217160A (en) * | 2014-09-19 | 2014-12-17 | 中国科学院深圳先进技术研究院 | Method and system for detecting Chinese phishing website |
| CN104320378A (en) * | 2014-09-30 | 2015-01-28 | 百度在线网络技术(北京)有限公司 | Method and system for intercepting webpage data |
-
2016
- 2016-07-20 CN CN201610571094.7A patent/CN105959330A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102638448A (en) * | 2012-02-27 | 2012-08-15 | 珠海市君天电子科技有限公司 | Method for judging phishing websites based on non-content analysis |
| US20130312081A1 (en) * | 2012-05-18 | 2013-11-21 | Estsecurity Co., Ltd. | Malicious code blocking system |
| CN102737183A (en) * | 2012-06-12 | 2012-10-17 | 腾讯科技(深圳)有限公司 | Method and device for webpage safety access |
| CN104168293A (en) * | 2014-09-05 | 2014-11-26 | 北京奇虎科技有限公司 | Method and system for recognizing suspicious phishing web page in combination with local content rule base |
| CN104217160A (en) * | 2014-09-19 | 2014-12-17 | 中国科学院深圳先进技术研究院 | Method and system for detecting Chinese phishing website |
| CN104320378A (en) * | 2014-09-30 | 2015-01-28 | 百度在线网络技术(北京)有限公司 | Method and system for intercepting webpage data |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106713285A (en) * | 2016-12-06 | 2017-05-24 | 广东万丈金数信息技术股份有限公司 | Website link security verification method and system |
| WO2018120575A1 (en) * | 2016-12-30 | 2018-07-05 | 百度在线网络技术(北京)有限公司 | Method and device for identifying main picture in web page |
| CN108111584A (en) * | 2017-12-15 | 2018-06-01 | 中南大学 | A kind of effective download link recognition methods of feature based extraction and system |
| CN111782986A (en) * | 2019-05-17 | 2020-10-16 | 北京京东尚科信息技术有限公司 | Method and device for monitoring access based on short link |
| CN111585978A (en) * | 2020-04-21 | 2020-08-25 | 微梦创科网络科技(中国)有限公司 | Method, client, server and system for intercepting false requests |
| CN111585978B (en) * | 2020-04-21 | 2023-09-26 | 微梦创科网络科技(中国)有限公司 | Method, client, server and system for intercepting false request |
| CN112087459A (en) * | 2020-09-11 | 2020-12-15 | 杭州安恒信息技术股份有限公司 | Access request detection method, device, equipment and readable storage medium |
| CN112087459B (en) * | 2020-09-11 | 2023-02-21 | 杭州安恒信息技术股份有限公司 | Access request detection method, device, equipment and readable storage medium |
| CN112348104A (en) * | 2020-11-17 | 2021-02-09 | 百度在线网络技术(北京)有限公司 | Counterfeit program identification method, apparatus, device and storage medium |
| CN112348104B (en) * | 2020-11-17 | 2023-08-18 | 百度在线网络技术(北京)有限公司 | Identification method, device, equipment and storage medium for counterfeit program |
| CN113141613B (en) * | 2021-04-27 | 2023-09-26 | 上海淇玥信息技术有限公司 | Communication channel detection method and device and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105959330A (en) | False link interception method, device and system | |
| Jain et al. | A novel approach to protect against phishing attacks at client side using auto-updated white-list | |
| Ding et al. | A keyword-based combination approach for detecting phishing webpages | |
| AU2017295738B2 (en) | System and methods for detecting online fraud | |
| Blum et al. | Lexical feature based phishing URL detection using online learning | |
| Pan et al. | Anomaly based web phishing page detection | |
| Gowtham et al. | A comprehensive and efficacious architecture for detecting phishing webpages | |
| CN102957664B (en) | A kind of method and device identifying fishing website | |
| CN104954372B (en) | A kind of evidence obtaining of fishing website and verification method and system | |
| US20130263263A1 (en) | Web element spoofing prevention system and method | |
| US20160063541A1 (en) | Method for detecting brand counterfeit websites based on webpage icon matching | |
| CN105718577B (en) | Method and system for automatically detecting phishing aiming at newly added domain name | |
| CN110035075A (en) | Detection method, device, computer equipment and the storage medium of fishing website | |
| US20220030029A1 (en) | Phishing Protection Methods and Systems | |
| CN105119909A (en) | Fake website detection method and fake website detection system based on page visual similarity | |
| CN110784462B (en) | Three-layer phishing website detection system based on hybrid method | |
| Banerjee et al. | SUT: Quantifying and mitigating url typosquatting | |
| US20190268373A1 (en) | System, method, apparatus, and computer program product to detect page impersonation in phishing attacks | |
| CN116366338B (en) | Risk website identification method and device, computer equipment and storage medium | |
| Chiba et al. | {DomainScouter}: Understanding the Risks of Deceptive {IDNs} | |
| CN108270754B (en) | Detection method and device for phishing website | |
| CN102882889A (en) | Method and system for concentrated IP (Internet Protocol) collection and identification of phishing websites | |
| US20210176275A1 (en) | System and method for page impersonation detection in phishing attacks | |
| Loxdal et al. | Why phishing works on smartphones: A preliminary study | |
| CN105491031A (en) | Phishing website identifying method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160921 |
|
| RJ01 | Rejection of invention patent application after publication |