Unlock instant, AI-driven research and patent intelligence for your innovation.

Method for establishing malicious website database, method and device for identifying malicious website

A malicious website and establishment method technology, applied in the direction of electrical digital data processing, computer security devices, special data processing applications, etc., can solve the problems of poor timeliness, low detection efficiency, false positives, etc., to reduce false negatives, high detection accuracy efficiency, improving timeliness and accuracy

Active Publication Date: 2016-08-03
BEIJING BAIDU NETCOM SCI & TECH CO LTD
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The detection efficiency of this method is low. When a malicious website is encountered, the browser environment may need to be restored, and it is difficult to build a completely real browser environment, which may easily lead to false positives.
For the URL library that illegal website operators replace at any time, it needs to be executed one by one before judgment can be made, and malicious URLs cannot be found in advance, and the timeliness is poor

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for establishing malicious website database, method and device for identifying malicious website
  • Method for establishing malicious website database, method and device for identifying malicious website
  • Method for establishing malicious website database, method and device for identifying malicious website

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0059] figure 1 It is a flow chart of the establishment method of the malicious URL database provided by this embodiment, such as figure 1 As shown, the method includes:

[0060] Step S101 , associating each website domain name with corresponding site attribute information in advance, and constructing a site information association database.

[0061] A website usually includes many webpages, and each webpage has a corresponding URL, and the URL is usually expressed by url (uniform resource locator, uniform resource locator), generally in the form of access protocol + domain name. For example, the Baidu website includes many webpages, the url of the Baidu homepage is "http: / / www.baidu.com", and the domain name is "baidu.com". Because the domain name of the website is unique, a website can be represented by the domain name of the website.

[0062] For a domain name, using tools such as whois, you can query the registration information of the website corresponding to the domai...

Embodiment 2

[0105] figure 2 It is a flow chart of the method for identifying malicious URLs provided in this embodiment, such as figure 2 As shown, the method includes:

[0106] Step S201. Obtain the url to be detected, and analyze the site attribute information of the url to be detected.

[0107] For the url to be detected, extract the corresponding domain name, use whois and other tools to query the site attribute information of the url to be detected, including website name, website owner, website owner email, company name, IP address, ICP number and other information.

[0108] Step S202 , using the site attribute information obtained through parsing, to search for a malicious URL having the same attribute information as the URL to be detected in a malicious URL database, the malicious URL database is established by the method described in Embodiment 1.

[0109] In the malicious URL database constructed in the first embodiment, the site attribute information of the URLs to be detec...

Embodiment 3

[0118] image 3 It is a schematic diagram of an apparatus for establishing a malicious website database provided in this embodiment. Such as image 3 As shown, the device includes:

[0119] The site information associating module 301 is used for associating each website domain name with corresponding site attribute information in advance to build a site information associating database.

[0120] The site information associating module 301 utilizes the site attribute information of the websites existing on the Internet in advance to build a site information associating database for inquiring about the relationship between various websites.

[0121] Specifically, when constructing the site information association database, the whois tool is used to collect the registration information of the websites existing on the Internet, including the website name, website owner, contact information of the website owner, company information, IP address information, etc. . Then use web c...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention provides a method for establishing a malicious website database, and a method and device for identifying malicious websites. The establishment method includes: S1, constructing a site information association database; S2, constructing an anti-link association database; S3, acquiring known malicious websites, Add it to the queue to be detected, repeat step S4 until the queue to be detected is empty, use all the data appearing in the queue to be detected to build a database of malicious URLs; S4, query the anti-chain association database, and determine all anti-chains of the current url url, add the anti-chain url whose weight exceeds the preset threshold to the queue to be detected; or analyze the site attribute information of the current url, query the site information association database, determine the domain name of the website that has the same site attribute information as the current url, and add Website domain names whose weight exceeds the preset threshold are added to the queue to be detected. Compared with the prior art, the invention improves the timeliness and accuracy of detection and reduces false positives.

Description

【Technical field】 [0001] The invention relates to the technical field of computer security, in particular to a method for establishing a malicious website database, a method and a device for identifying a malicious website. 【Background technique】 [0002] With the continuous development of computer and network technology, the Internet is becoming more and more important to people, and has penetrated into all aspects of people's work and life. But following it, there are more and more malicious acts against the Internet, and various security problems have greatly troubled network users. At present, there are a large number of websites used for fraud and other malicious activities on the Internet. These illegally profitable websites threaten the safety of users because of the concealment of their profit channels. However, the life cycle of these illegal websites is short, and once they are discovered, they are often banned or cancelled. In order to ensure the effect, operator...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F17/30G06F21/55G06F21/00
Inventor 梁知音
Owner BEIJING BAIDU NETCOM SCI & TECH CO LTD