Domain name structural feature-based hang horse web page detection method

A detection method and construction technology, applied in the computer field, can solve the problems of consuming large server resources and network resources, low efficiency of hanging horse webpages, divergence of detection targets, etc.

Active Publication Date: 2011-10-19
国家计算机病毒应急处理中心
View PDF3 Cites 33 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although the detection range of this method is large and comprehensive, but because the detection target is too divergent, it needs to consume a lot of server resources and network resources, and the efficiency of finding the web pages with Trojans is not high

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Domain name structural feature-based hang horse web page detection method
  • Domain name structural feature-based hang horse web page detection method
  • Domain name structural feature-based hang horse web page detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0039] The present inventor, through statistical analysis of a large number of captured web page Trojan data, found that the hacker Trojan activity has the characteristics of tools and batches. Hackers will apply for a batch of domain names before hanging horses, and the composition of these domain names has certain rules and similarities.

[0040] The URL of the linked horse website is as follows:

[0041] http: / / baidu-opop1.cn / Bfyy.htm

[0042] http: / / baidu-opop1.cn / ce.htm

[0043] http: / / baidu-opop2.cn / ce.htm

[0044] http: / / baidu-opop2.cn / Bfyy.htm

[0045] http: / / baidu-opop3.cn / Bfyy.htm

[0046] http: / / baidu-opop3.cn / real10.htm

[0047] http: / / baidu-opop3.cn / ce.htm

[0048] http: / / baidu-opop4.cn / Bfyy.htm

[0049]http: / / baidu-opop4.cn / ie7.htm

[0050] http: / / baidu-opop6.cn / ce.htm

[0051] http: / / baidu-opop7.cn / Bfyy.htm

[0052] http: / / baidu-opop7.cn / ie7.htm

[0053] In these website addresses, the domain name portion:

[0054] baidu-opop.cn

[0055] baidu-opop1...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a domain name structural feature-based hang horse web page detection method. In the method, an unknown hang horse web site is discovered by performing sample clustering on a small amount of known or suspicious hang horse web page uniform resource locators (URLs) which have been captured to obtain a formation rule, performing derivation through the formation rule, and finally validating the derived suspicious URLs, so that a better detection result can be obtained and the detection efficiency can be improved obviously in the situation of less investment; moreover, a large amount of clews and data can be obtained. In addition, a detection target range is optimized by the method, so that a target with high suspicious degree can be detected preferentially; therefore, the detection efficiency can be improved obviously. Furthermore, the method also can be combined with a conventional hang horse web page detection method, and can be preposed in application; therefore,the detection range is reduced for the conventional hang horse web page detection method; and better recall rate can still be maintained.

Description

technical field [0001] The invention belongs to the technical field of computers, and in particular relates to a method for detecting webpages linked to horses based on structural features of domain names. Background technique [0002] Trojan attack means that the attacker embeds malicious code (usually through IFrame, Script reference) in the webpage of the website that has gained control. When the user visits the webpage, the embedded malicious code will take advantage of the browser's own vulnerabilities, Third-party ActiveX vulnerabilities or other plug-in (such as Flash, PDF plug-in, etc.) vulnerabilities download and execute malicious Trojans without the user's knowledge. [0003] At present, the method for actively detecting webpages with Trojans on the WAN is mainly based on web crawling technology, that is, setting a number of entry points, using a web crawler program to obtain a large number of relevant links, and then making subsequent judgments one by one. Altho...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/00G06F17/30H04L29/06G06F21/56
Inventor 张健杜振华张津弟刘威梁宏舒心马勇
Owner 国家计算机病毒应急处理中心
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap