Formalization detection method and system for malicious URL (uniform resource locator)

A detection method and detection system technology, which can be applied in transmission systems, digital transmission systems, electrical components, etc., can solve problems such as missed reports of antivirus software, and achieve the effect of high detection rate and good detection rate.

Active Publication Date: 2012-12-26
HARBIN ANTIY TECH
View PDF3 Cites 26 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] Currently, malicious URL detection methods are all based on string matching. Security vendors collect a large number of malicious URLs and store them in the signature database. Part of the malicious URL detection problem, but due to the variability of the URL format mentioned above, a simple change of a malicious URL, without changing the nature of its malicious link, its content has been matched with the characteristics of the virus database It is not completely consistent, which

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Formalization detection method and system for malicious URL (uniform resource locator)
  • Formalization detection method and system for malicious URL (uniform resource locator)
  • Formalization detection method and system for malicious URL (uniform resource locator)

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] In order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the above-mentioned purposes, features and advantages of the present invention more obvious and easy to understand, the technical solutions in the present invention will be further detailed below in conjunction with the accompanying drawings illustrate.

[0036] The present invention aims at the variability of the character string format of the malicious URL link address, and regularizes the character string format, abandons the part that is changeable and meaningless to detection, supplements the part that is omitted by default, and forms a composition that contains enough Informative data to be detected. The string format of the regularized URL address is "scheme: / / domain:port / path", which retains the protocol, domain name, port, and path. These data can completely determine the address information pointed to by a URL, so th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a formalization detection method for a malicious URL (uniform resource locator). The formalization detection method comprises the following steps of: splitting the URL to be detected into syntactic element character strings according to a URL syntactic structure on the basis of the standard of RFC (request for comments); extracting designated character strings from the character strings obtained by splitting; performing completing treatment on the non-existent character strings; reordering the character strings obtained after completing treatment to obtain a new URL, and calculating the hash value of the new URL; and traversing a malicious URL feature library, and performing contrast detection on feature data in the malicious URL feature library and the hash value of the URL to be detected. The invention further discloses a formalization detection system for the malicious URL. The technical scheme disclosed by the invention can be effectively used against the variability in the formats of the URL; and compared with the traditional URL detection method, the detection rate against the malicious URL which often changes the format is higher, and a single feature can also be adopted for corresponding to multiple format variants of the malicious URL, so that the volume of a virus feature library required for the detection method is smaller, and the space of a memory and a magnetic disk can be further saved.

Description

technical field [0001] The invention relates to the technical field of computer network security, in particular to a formal detection method and system for malicious URLs. Background technique [0002] According to the RFC specification, the grammatical format of URL (Uniform Resource Locator) is as follows: "scheme: / / username:passworddomain:port / path?query_string#fragment_id" (see: RFC1738 standard http: / / www.ietf.org / rfc / rfc1738 .txt), all URLs must follow this rule. If the protocol (scheme) part is omitted, it defaults to the HTTP protocol. The username and password (username:password) part can be omitted. In the HTTP protocol, the port number (port) The default is 80, which can also be omitted, and the fragment_id part has no practical value in detecting whether it is a malicious URL. According to the above characteristics of the URL format, it can be considered that the format of the URL is variable, and multiple URLs that are not exactly the same may point to the same...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/26H04L29/06
Inventor 苏培旺李石磊张栗伟
Owner HARBIN ANTIY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap