CN113923193A - Network domain name association method, device, storage medium and electronic equipment - Google Patents
Network domain name association method, device, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN113923193A CN113923193A CN202111254047.7A CN202111254047A CN113923193A CN 113923193 A CN113923193 A CN 113923193A CN 202111254047 A CN202111254047 A CN 202111254047A CN 113923193 A CN113923193 A CN 113923193A
- Authority
- CN
- China
- Prior art keywords
- network
- domain name
- anonymous
- clear
- matching
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 46
- 230000004044 response Effects 0.000 claims description 16
- 238000007781 pre-processing Methods 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 5
- 238000010586 diagram Methods 0.000 description 10
- 238000004891 communication Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 3
- 241000234282 Allium Species 0.000 description 2
- 235000002732 Allium cepa var. cepa Nutrition 0.000 description 2
- 238000013475 authorization Methods 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 235000014510 cooky Nutrition 0.000 description 1
- 238000010219 correlation analysis Methods 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application provides a network domain name association method, a device, a storage medium and electronic equipment, wherein anonymous network characteristic information is used as input of a network space radar system to obtain a suspected matching explicit network domain name; the anonymous network characteristic information is characteristic information in an anonymous network webpage corresponding to the anonymous network domain name; and determining the clear network matching domain name of the anonymous network domain name according to the anonymous network web page and the clear network web page suspected to match the clear network domain name. After the suspected matching clear network domain name is obtained, the contents in the anonymous network webpage and the clear network webpage suspected to match the clear network domain name are further matched or screened, so that the non-matching domain name in the suspected matching clear network domain name is screened out, the clear network matching domain name of the anonymous network domain name is further determined, and the accuracy of determining the clear network matching domain name of the anonymous network domain name is guaranteed. The tracking and positioning of the anonymous network are enhanced by the clear network matching domain name, and more information contained in the anonymous network domain name is acquired.
Description
Technical Field
The present application relates to the field of internet, and in particular, to a method and an apparatus for associating a network domain name, a storage medium, and an electronic device.
Background
Anonymous networks (Dark Web) exist on Dark networks, overlaying Web content on the network, requiring access with special software, special authorization, or special settings on the computer. The anonymous network is particularly an anonymous network mainly based on an Onion network (TOR for short), and has The greatest characteristic that data transmission is usually anonymous, so that The anonymity of users and website servers can be fully guaranteed. Because the anonymous network needs to be accessed through a specific technology or a communication protocol and corresponds to the content of the open network, and the encrypted currency enables anonymous transfer to be possible, the illegal transactions in the anonymous network market pose serious threats to the aspects of information security, property security and the like, therefore, for the above situations, a method or a system related to a network domain name is needed to enhance the tracking and positioning of the TOR anonymous network and acquire more information contained in the anonymous network domain name.
Disclosure of Invention
The present application aims to provide a method, an apparatus, a storage medium, and an electronic device for associating a network domain name, so as to at least partially improve the above problems.
In order to achieve the above purpose, the embodiments of the present application employ the following technical solutions:
in a first aspect, an embodiment of the present application provides a network domain name association method, where the method includes:
the anonymous network characteristic information is used as the input of a network space radar system to obtain a suspected matching clear network domain name;
the anonymous network feature information is feature information in an anonymous network webpage corresponding to the anonymous network domain name;
and determining the clear network matching domain name of the anonymous network domain name according to the anonymous network webpage and the clear network webpage suspected to match the clear network domain name.
In a second aspect, an embodiment of the present application provides a network domain name association apparatus, where the apparatus includes:
the preprocessing unit is used for taking the anonymous network characteristic information as the input of a network space radar system to obtain a suspected matching clear network domain name;
the anonymous network feature information is feature information in an anonymous network webpage corresponding to the anonymous network domain name;
and the matching unit is used for determining the clear network matching domain name of the anonymous network domain name according to the anonymous network webpage and the clear network webpage suspected of matching the clear network domain name.
In a third aspect, the present application provides a storage medium, on which a computer program is stored, and the computer program, when executed by a processor, implements the method described above.
In a fourth aspect, an embodiment of the present application provides an electronic device, including: a processor and memory for storing one or more programs; the one or more programs, when executed by the processor, implement the methods described above.
Compared with the prior art, the network domain name association method, the device, the storage medium and the electronic device provided by the embodiment of the application take the anonymous network characteristic information as the input of a network space radar system to obtain the suspected matching explicit network domain name; the anonymous network characteristic information is characteristic information in an anonymous network webpage corresponding to the anonymous network domain name; and determining the clear network matching domain name of the anonymous network domain name according to the anonymous network web page and the clear network web page suspected to match the clear network domain name. After the suspected matching clear network domain name is obtained, the contents in the anonymous network webpage and the clear network webpage suspected to match the clear network domain name are further matched or screened, so that the non-matching domain name in the suspected matching clear network domain name is screened out, the clear network matching domain name of the anonymous network domain name is further determined, and the accuracy of determining the clear network matching domain name of the anonymous network domain name is guaranteed. After the association between the anonymous network domain name and the clear network matching domain name is completed, the tracking and the positioning of the anonymous network are enhanced through the clear network matching domain name, and more information contained in the anonymous network domain name is obtained.
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and it will be apparent to those skilled in the art that other related drawings can be obtained from the drawings without inventive effort.
Fig. 1 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure;
fig. 2 is a schematic flowchart of a network domain name association method according to an embodiment of the present application;
fig. 3 is a schematic diagram illustrating sub-steps of S104 according to an embodiment of the present disclosure;
fig. 4 is one of the sub-steps of S104 provided in the embodiments of the present application;
fig. 5 is a flowchart illustrating a network domain name association method according to an embodiment of the present application;
fig. 6 is a schematic unit diagram of a network domain name association apparatus according to an embodiment of the present application.
In the figure: 10-a processor; 11-a memory; 12-a bus; 13-a communication interface; 201-a pre-processing unit; 202-matching unit.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present application, presented in the accompanying drawings, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
In the description of the present application, it should be noted that the terms "upper", "lower", "inner", "outer", and the like indicate orientations or positional relationships based on orientations or positional relationships shown in the drawings or orientations or positional relationships conventionally found in use of products of the application, and are used only for convenience in describing the present application and for simplification of description, but do not indicate or imply that the referred devices or elements must have a specific orientation, be constructed in a specific orientation, and be operated, and thus should not be construed as limiting the present application.
In the description of the present application, it is also to be noted that, unless otherwise explicitly specified or limited, the terms "disposed" and "connected" are to be interpreted broadly, e.g., as being either fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meaning of the above terms in the present application can be understood in a specific case by those of ordinary skill in the art.
Some embodiments of the present application will be described in detail below with reference to the accompanying drawings. The embodiments described below and the features of the embodiments can be combined with each other without conflict.
The embodiment of the application provides an electronic device which can be a server device or a computer device. Please refer to fig. 1, a schematic structural diagram of an electronic device. The electronic device comprises a processor 10, a memory 11, a bus 12. The processor 10 and the memory 11 are connected by a bus 12, and the processor 10 is configured to execute an executable module, such as a computer program, stored in the memory 11.
The processor 10 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the network domain name association method may be implemented by integrated logic circuits of hardware or instructions in the form of software in the processor 10. The Processor 10 may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; the device can also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, or a discrete hardware component.
The Memory 11 may comprise a high-speed Random Access Memory (RAM) and may further comprise a non-volatile Memory (non-volatile Memory), such as at least one disk Memory.
The bus 12 may be an ISA (Industry Standard architecture) bus, a PCI (peripheral Component interconnect) bus, an EISA (extended Industry Standard architecture) bus, or the like. Only one bi-directional arrow is shown in fig. 1, but this does not indicate only one bus 12 or one type of bus 12.
The memory 11 is used for storing programs, such as programs corresponding to the network domain name association device. The network domain name association device includes at least one software function module which can be stored in the memory 11 in the form of software or firmware (firmware) or solidified in an Operating System (OS) of the electronic device. The processor 10, upon receiving the execution instruction, executes the program to implement the network domain name association method.
Possibly, the electronic device provided by the embodiment of the present application further includes a communication interface 13. The communication interface 13 is connected to the processor 10 via a bus. The electronic device may communicate with other terminals (e.g. other servers) via the communication interface 13.
It should be understood that the structure shown in fig. 1 is merely a structural schematic diagram of a portion of an electronic device, which may also include more or fewer components than shown in fig. 1, or have a different configuration than shown in fig. 1. The components shown in fig. 1 may be implemented in hardware, software, or a combination thereof.
The network domain name association method provided in the embodiment of the present application may be applied to, but is not limited to, the electronic device shown in fig. 1, and please refer to fig. 2, where the network domain name association method includes: s103 and S104.
S103, the anonymous network characteristic information is used as the input of the network space radar system to obtain the suspected matching explicit network domain name.
The anonymous network feature information is feature information in an anonymous network webpage corresponding to the anonymous network domain name.
Alternatively, the anonymous network may be a darknet. Darknet (Dark Web) is a Web content that exists on a darknet, an overlay network, and requires only special software, special authorization, or special settings for the computer to access. In contrast, the plain Web (Surface Web) refers to a network that can be retrieved by a general search engine, and accounts for about 4% of the entire internet, such as hundredths, ***, and micro blogs.
The network space radar system, referred to as zoomEye for short, is an efficient private network space mapping system, can quickly provide comprehensive network space asset detection and accurate vulnerability mapping, performs visual display and centralized output on data, and provides decision basis and data support for clients to perform network space asset security supervision and management and establish an active defense attack system. The cyberspace radar system provides fast and accurate cyberspace asset discovery based on a zoomeye.
Optionally, the number of suspected matches indicates that the net domain name is N, where N is a positive integer greater than or equal to 0.
And S104, determining the clear network matching domain name of the anonymous network domain name according to the anonymous network web page and the clear network web page suspected to match the clear network domain name.
Optionally, The Tor (The Second Generation on Router), also known as an Onion network, is software for anonymous communication, where The name is derived from an acronym of an original software project name "The on Router", and The Tor network is composed of more than seven thousand relay nodes, each of which is provided by a global volunteer for free, and is relayed by relay nodes layer by layer, so as to achieve The purposes of hiding a real address of a user, avoiding network monitoring and traffic analysis. The anonymous network domain name may be a TOR domain name.
Optionally, after the suspected matching clear web domain name is obtained, matching or screening is further performed through the content in the anonymous network web page and the content in the clear web page suspected to match the clear web domain name, so that a non-matching domain name in the suspected matching clear web domain name is screened out, the clear web matching domain name of the anonymous network domain name is further determined, and the accuracy of determining the clear web matching domain name of the anonymous network domain name is guaranteed. After the association between the anonymous network domain name and the clear network matching domain name is completed, the tracking and the positioning of the anonymous network are enhanced through the clear network matching domain name, and more information contained in the anonymous network domain name is obtained.
In summary, the embodiment of the present application provides a network domain name association method, in which anonymous network characteristic information is used as an input of a network space radar system to obtain a suspected matching explicit network domain name; the anonymous network characteristic information is characteristic information in an anonymous network webpage corresponding to the anonymous network domain name; and determining the clear network matching domain name of the anonymous network domain name according to the anonymous network web page and the clear network web page suspected to match the clear network domain name. After the suspected matching clear network domain name is obtained, the contents in the anonymous network webpage and the clear network webpage suspected to match the clear network domain name are further matched or screened, so that the non-matching domain name in the suspected matching clear network domain name is screened out, the clear network matching domain name of the anonymous network domain name is further determined, and the accuracy of determining the clear network matching domain name of the anonymous network domain name is guaranteed. After the association between the anonymous network domain name and the clear network matching domain name is completed, the tracking and the positioning of the anonymous network are enhanced through the clear network matching domain name, and more information contained in the anonymous network domain name is obtained.
On the basis of fig. 2, for the content in S104, the embodiment of the present application further provides a possible implementation manner, please refer to fig. 3, where S104 includes: s104-1, S104-2, S104-5 to S104-7.
S104-1, judging whether the title of the anonymous network webpage is the same as the title of the explicit network webpage. If yes, executing S104-2; if not, S104-7 is executed.
If the title of the anonymous network webpage is different from the title of the open network webpage, the two are not matched, the suspected matched open network domain name corresponding to the open network webpage cannot be determined as the open network matched domain name of the anonymous network domain name, and at this time, S104-7 is executed to skip. Otherwise, if the title of the anonymous web page is the same as the title of the open web page, it indicates that the anonymous web page and the open web page may match, and further verification is required, i.e., S104-2 is performed.
S104-2, judging whether the site icon of the anonymous web page is the same as the site icon of the open web page. If yes, executing S104-5; if not, S104-7 is executed.
If the site icon of the anonymous web page is different from the site icon of the open web page, it is indicated that the two are not matched, and the suspected matched open web domain name corresponding to the open web page cannot be determined as the open web matched domain name of the anonymous web domain name, at this time, S104-7 is executed, and skipping is performed. On the contrary, if the site icon of the anonymous web page is the same as the site icon of the open web page, it indicates that the two may match, and further verification is required, i.e., S104-5 is performed.
S104-5, judging whether the similarity of the response contents of the anonymous web page and the clear web page is greater than a matching threshold value. If yes, executing S104-6; if not, S104-7 is executed.
If the similarity of the response contents of the anonymous web page and the open web page is smaller than or equal to the matching threshold, it is indicated that the two are not matched, and the suspected matching open web domain name corresponding to the open web page cannot be determined as the open web matching domain name of the anonymous web domain name, at this time, S104-7 is executed, and skipping is performed. Otherwise, if the similarity of the response contents of the anonymous web page and the open web page is greater than the matching threshold, it is determined that the anonymous web page and the open web page are matched, and then S104-6 is executed.
Alternatively, the matching threshold may be preset by a worker.
And S104-6, determining the suspected matching clear network domain name corresponding to the clear network webpage as the clear network matching domain name with the anonymous network domain name.
S104-7, skip.
It should be noted that the execution sequence of S104-1 and S104-2 is not limited in the embodiments of the present application, and the sequence in fig. 3 is only one possible implementation manner, and optionally, S104-1 and S104-2 may be executed synchronously, or S104-1 is executed after S104-2.
On the basis of fig. 3, regarding how to obtain the response content similarity, the embodiment of the present application further provides a possible implementation manner, please refer to fig. 4, where S104 further includes S104-3 and S104-4.
S104-3, obtaining anonymous network keywords and clear gateway keywords.
The anonymous network keywords are keywords in response content of the anonymous network webpage, and the clear gateway keywords are keywords in response content of the clear network webpage.
S104-4, obtaining the response content similarity according to the anonymous network key words and the clear gateway key words.
Optionally, using a difference computation aid Difflib (standard library module of python for comparing differences between texts and supporting output of HTML documents with stronger readability), the anonymous network keywords and the clear gateway keywords are compared to obtain response content similarity. It is understood that the higher the value of the response content similarity, the higher the corresponding matching degree.
On the basis of fig. 2, for how to obtain anonymous network feature information, a possible implementation manner is further provided in the embodiment of the present application, please refer to fig. 5, where the network domain name association method further includes S101 and S102.
S101, the anonymous network domain name is used as the input of an anonymous network access browser to acquire a corresponding anonymous network webpage.
Alternatively, the anonymous web access Browser may be a Tor Browser, a Browser dedicated to access darknet. The Tor Browser starts the Tor process in the background and connects to the network through it. Once the program is disconnected, the Tor Browser automatically deletes privacy sensitive data, such as cookies and browsing history.
Optionally, after the anonymous domain name is used as an input of the anonymous web access browser, the electronic device may request data from the corresponding server and receive the anonymous web page fed back by the corresponding server.
S102, extracting the characteristic information in the anonymous network webpage as anonymous network characteristic information.
Optionally, the anonymous network feature information of the anonymous network webpage is extracted in a regular matching or XPath grammar mode. The anonymous network characteristic information comprises one or more of title, description, site icon (favicon. ico), web page language, response text keyword and the like.
The description may include the usage of the web page and the operator of the web page; the site icon is an icon corresponding to a webpage; the icons corresponding to different websites are different, and the webpages in the same website can have the same icon; the web page language is a type of natural language such as chinese, japanese, or english.
On the basis of fig. 2, regarding how to save the matching relationship of the anonymous network domain name, the embodiment of the present application further provides a possible implementation manner, please continue to refer to fig. 5, and the network domain name association further includes S105.
And S105, storing the matching relation corresponding to the anonymous network domain name into a target database.
The matching relation comprises an anonymous network domain name and all clear network matching domain names.
Optionally, the target database is MySQ, which is a relational database management system. MySQL is one of the most popular Relational Database Management systems, and in terms of WEB applications, MySQL is one of the best RDBMS (Relational Database Management System) application software.
Optionally, a domain name data set is set in the target database, and the domain name data set is stored in the MySQL database in units of anonymous network domain names (e.g., Tor domain names).
In a possible implementation manner, the matching relationship further includes web page information of each explicit matching domain name.
Optionally, obtaining corresponding web page information in the open web through the zoomeeye high-level search grammar, and generating structured JSON data from the web page information in the open web according to a predefined rule, as follows:
JSON data is JavaScript Object Notation, a JS Object numbered Notation, and is a lightweight data exchange format. Based on a subset of ECMAScript (js specification set by the european computer association), data is stored and represented in a text format that is completely independent of the programming language. The compact and clear hierarchy makes JSON an ideal data exchange language. The network transmission method is easy to read and write by people, is easy to analyze and generate by machines, and effectively improves the network transmission efficiency.
According to the embodiment of the application, the hidden network domain name is taken as a target, and the bright network information with higher comprehensive relevance is acquired, retrieved, subjected to information correlation analysis and positioned, so that effective help is provided for tracing network security events, illegal sale loopholes, privacy and other data in the hidden network are attacked, and supervision on the hidden network is enhanced.
Referring to fig. 6, fig. 6 is a schematic diagram of a network domain name association apparatus according to an embodiment of the present application, where optionally, the network domain name association apparatus is applied to the electronic device described above.
The network domain name association device comprises a preprocessing unit 201 and a matching unit 202.
And the preprocessing unit 201 is configured to use the anonymous network characteristic information as an input of the cyber space radar system to obtain a suspected matching clear-web domain name.
The anonymous network feature information is feature information in an anonymous network webpage corresponding to the anonymous network domain name.
The matching unit 202 is configured to determine an explicit-network matching domain name of the anonymous domain name according to the anonymous network web page and the explicit-network web page suspected of matching the explicit-network domain name.
In a possible implementation manner, the matching unit 202 is further configured to determine whether the similarity of the response contents of the anonymous web page and the open web page is greater than a matching threshold value under the condition that the title of the anonymous web page is the same as the title of the open web page, and the site icon of the anonymous web page is the same as the site icon of the open web page; and if so, determining the suspected matching clear network domain name corresponding to the clear network webpage as the clear network matching domain name with the anonymous network domain name.
Alternatively, the preprocessing unit may perform the above S101-S103 and S105, and the matching unit 202 may perform the above S104.
It should be noted that, the network domain name association apparatus provided in this embodiment may execute the method flows shown in the above method flow embodiments, so as to achieve the corresponding technical effects. For the sake of brevity, the corresponding contents in the above embodiments may be referred to where not mentioned in this embodiment.
The embodiment of the present application further provides a storage medium, where the storage medium stores a computer instruction and a program, and the computer instruction and the program, when read and executed, execute the network domain name association method according to the embodiment. The storage medium may include memory, flash memory, registers, or a combination thereof, etc.
The following provides an electronic device, which may be a server device or a computer device, and as shown in fig. 1, the electronic device may implement the above-mentioned network domain name association method; specifically, the electronic device includes: processor 10, memory 11, bus 12. The processor 10 may be a CPU. The memory 11 is used for storing one or more programs, and when the one or more programs are executed by the processor 10, the network domain name association method of the above-described embodiment is performed.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.
It will be evident to those skilled in the art that the present application is not limited to the details of the foregoing illustrative embodiments, and that the present application may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the application being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Claims (10)
1. A network domain name association method, the method comprising:
the anonymous network characteristic information is used as the input of a network space radar system to obtain a suspected matching clear network domain name;
the anonymous network feature information is feature information in an anonymous network webpage corresponding to the anonymous network domain name;
and determining the clear network matching domain name of the anonymous network domain name according to the anonymous network webpage and the clear network webpage suspected to match the clear network domain name.
2. The method for associating a network domain name according to claim 1, wherein the step of determining the clear-web matching domain name of the anonymous network domain name according to the anonymous network web page and the clear-web page suspected of matching the clear-web domain name comprises:
under the condition that the title of the anonymous network webpage is the same as the title of the open network webpage and the site icon of the anonymous network webpage is the same as the site icon of the open network webpage, judging whether the similarity of the response contents of the anonymous network webpage and the open network webpage is greater than a matching threshold value or not;
and if so, determining the suspected matching clear network domain name corresponding to the clear network webpage as the clear network matching domain name of the anonymous network domain name.
3. The method for associating a network domain name according to claim 2, wherein the step of determining the clear-web matching domain name of the anonymous network domain name according to the anonymous network web page and the clear-web page suspected of matching the clear-web domain name further comprises:
obtaining anonymous network keywords and open-web key words, wherein the anonymous network keywords are keywords in response content of the anonymous network webpage, and the open-web keywords are keywords in response content of the open-web webpage;
and acquiring the response content similarity according to the anonymous network keyword and the open network keyword.
4. The network domain name association method of claim 1, wherein prior to said taking anonymous network characteristic information as an input to a cyberspace radar system, the method further comprises:
taking the anonymous network domain name as an input of an anonymous network access browser to acquire a corresponding anonymous network webpage;
and extracting the characteristic information in the anonymous network webpage as anonymous network characteristic information.
5. The method of claim 1, wherein after determining that the clear net of the anonymous network domain name matches the domain name based on the anonymous network web page and a clear net web page suspected of matching the clear net domain name, the method further comprises:
and storing a matching relation corresponding to the anonymous network domain name into a target database, wherein the matching relation comprises the anonymous network domain name and all clear network matching domain names.
6. The method for associating network domain names according to claim 5, wherein the matching relationship further includes web page information for each distinct network matching domain name.
7. An apparatus for associating a network domain name, the apparatus comprising:
the preprocessing unit is used for taking the anonymous network characteristic information as the input of a network space radar system to obtain a suspected matching clear network domain name;
the anonymous network feature information is feature information in an anonymous network webpage corresponding to the anonymous network domain name;
and the matching unit is used for determining the clear network matching domain name of the anonymous network domain name according to the anonymous network webpage and the clear network webpage suspected of matching the clear network domain name.
8. The apparatus according to claim 7, wherein the matching unit is further configured to determine whether the similarity of the response contents between the anonymous web page and the explicit web page is greater than a matching threshold value in the case that the title of the anonymous web page is the same as the title of the explicit web page and the site icon of the anonymous web page is the same as the site icon of the explicit web page; and if so, determining the suspected matching clear network domain name corresponding to the clear network webpage as the clear network matching domain name of the anonymous network domain name.
9. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1-6.
10. An electronic device, comprising: a processor and memory for storing one or more programs; the one or more programs, when executed by the processor, implement the method of any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111254047.7A CN113923193B (en) | 2021-10-27 | 2021-10-27 | Network domain name association method and device, storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111254047.7A CN113923193B (en) | 2021-10-27 | 2021-10-27 | Network domain name association method and device, storage medium and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113923193A true CN113923193A (en) | 2022-01-11 |
| CN113923193B CN113923193B (en) | 2023-11-28 |
Family
ID=79243193
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111254047.7A Active CN113923193B (en) | 2021-10-27 | 2021-10-27 | Network domain name association method and device, storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113923193B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102611691A (en) * | 2012-01-12 | 2012-07-25 | 深信服网络科技(深圳)有限公司 | Method, system and gateway device for detecting phishing websites |
| CN102622553A (en) * | 2012-04-24 | 2012-08-01 | 腾讯科技(深圳)有限公司 | Method and device for detecting webpage safety |
| US20180288073A1 (en) * | 2017-03-31 | 2018-10-04 | Ca, Inc. | Enhanced authentication with dark web analytics |
| CN108829792A (en) * | 2018-06-01 | 2018-11-16 | 成都康乔电子有限责任公司 | Distributed darknet excavating resource system and method based on scrapy |
| WO2019109529A1 (en) * | 2017-12-08 | 2019-06-13 | 平安科技(深圳)有限公司 | Webpage identification method, device, computer apparatus, and computer storage medium |
| CN112148956A (en) * | 2020-09-30 | 2020-12-29 | 上海交通大学 | Hidden net threat information mining system and method based on machine learning |
| CN112804210A (en) * | 2020-12-31 | 2021-05-14 | 北京知道创宇信息技术股份有限公司 | Data association method and device, electronic equipment and computer-readable storage medium |
| US20210194934A1 (en) * | 2019-09-25 | 2021-06-24 | Brilliance Center B.V. | System for anonymously tracking and/or analysing web and/or internet visitors |
-
2021
- 2021-10-27 CN CN202111254047.7A patent/CN113923193B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102611691A (en) * | 2012-01-12 | 2012-07-25 | 深信服网络科技(深圳)有限公司 | Method, system and gateway device for detecting phishing websites |
| CN102622553A (en) * | 2012-04-24 | 2012-08-01 | 腾讯科技(深圳)有限公司 | Method and device for detecting webpage safety |
| US20180288073A1 (en) * | 2017-03-31 | 2018-10-04 | Ca, Inc. | Enhanced authentication with dark web analytics |
| WO2019109529A1 (en) * | 2017-12-08 | 2019-06-13 | 平安科技(深圳)有限公司 | Webpage identification method, device, computer apparatus, and computer storage medium |
| CN108829792A (en) * | 2018-06-01 | 2018-11-16 | 成都康乔电子有限责任公司 | Distributed darknet excavating resource system and method based on scrapy |
| US20210194934A1 (en) * | 2019-09-25 | 2021-06-24 | Brilliance Center B.V. | System for anonymously tracking and/or analysing web and/or internet visitors |
| CN112148956A (en) * | 2020-09-30 | 2020-12-29 | 上海交通大学 | Hidden net threat information mining system and method based on machine learning |
| CN112804210A (en) * | 2020-12-31 | 2021-05-14 | 北京知道创宇信息技术股份有限公司 | Data association method and device, electronic equipment and computer-readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113923193B (en) | 2023-11-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Rao et al. | Jail-Phish: An improved search engine based phishing detection system | |
| Moghimi et al. | New rule-based phishing detection method | |
| Aljofey et al. | An effective detection approach for phishing websites using URL and HTML features | |
| Ramesh et al. | An efficacious method for detecting phishing webpages through target domain identification | |
| WO2019127881A1 (en) | Webpage data processing method and device, computer device and computer storage medium | |
| Rao et al. | Two level filtering mechanism to detect phishing sites using lightweight visual similarity approach | |
| CN102436564A (en) | Method and device for identifying falsified webpage | |
| Chiew et al. | Building standard offline anti-phishing dataset for benchmarking | |
| WO2013070534A1 (en) | Function extension for browsers or documents | |
| Vundavalli et al. | Malicious URL detection using supervised machine learning techniques | |
| CN111224923B (en) | Detection method, device and system for counterfeit websites | |
| Nirmal et al. | Analyzing and eliminating phishing threats in IoT, network and other Web applications using iterative intersection | |
| Jisha et al. | Mobile applications recommendation based on user ratings and permissions | |
| US11797617B2 (en) | Method and apparatus for collecting information regarding dark web | |
| CN110929185B (en) | Website directory detection method and device, computer equipment and computer storage medium | |
| CN108270754B (en) | Detection method and device for phishing website | |
| Shyni et al. | Phishing detection in websites using parse tree validation | |
| Du et al. | ExpSeeker: Extract public exploit code information from social media | |
| US11308091B2 (en) | Information collection system, information collection method, and recording medium | |
| CN110825976B (en) | Website page detection method and device, electronic equipment and medium | |
| CN113923193A (en) | Network domain name association method, device, storage medium and electronic equipment | |
| CN115051863A (en) | Abnormal flow detection method and device, electronic equipment and readable storage medium | |
| Wapet et al. | Preventing the propagation of a new kind of illegitimate apps | |
| Ou et al. | Viopolicy-detector: An automated approach to detecting GDPR suspected compliance violations in websites | |
| Gomes de Barros et al. | Piracema: a Phishing snapshot database for building dataset features |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |