Formalization detection method and system for malicious URL (uniform resource locator)

A detection method and detection system technology, which can be applied in transmission systems, digital transmission systems, electrical components, etc., can solve problems such as missed reports of antivirus software, and achieve the effect of high detection rate and good detection rate.
CN102843271AActive Publication Date: 2012-12-26HARBIN ANTIY TECH
3 Cites 26 Cited by

Patent Information

Authority / Receiving Office
CN Β· China
Current Assignee / Owner
HARBIN ANTIY TECH
Publication Date
2012-12-26

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention discloses a formalization detection method for a malicious URL (uniform resource locator). The formalization detection method comprises the following steps of: splitting the URL to be detected into syntactic element character strings according to a URL syntactic structure on the basis of the standard of RFC (request for comments); extracting designated character strings from the character strings obtained by splitting; performing completing treatment on the non-existent character strings; reordering the character strings obtained after completing treatment to obtain a new URL, and calculating the hash value of the new URL; and traversing a malicious URL feature library, and performing contrast detection on feature data in the malicious URL feature library and the hash value of the URL to be detected. The invention further discloses a formalization detection system for the malicious URL. The technical scheme disclosed by the invention can be effectively used against the variability in the formats of the URL; and compared with the traditional URL detection method, the detection rate against the malicious URL which often changes the format is higher, and a single feature can also be adopted for corresponding to multiple format variants of the malicious URL, so that the volume of a virus feature library required for the detection method is smaller, and the space of a memory and a magnetic disk can be further saved.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention relates to the technical field of computer network security, in particular to a formal detection method and system for malicious URLs. Background technique

[0002] According to the RFC specification, the grammatical format of URL (Uniform Resource Locator) is as follows: "scheme: / / username:passworddomain:port / path?query_string#fragment_id" (see: RFC1738 standard http: / / www.ietf.org / rfc / rfc1738 .txt), all URLs must follow this rule. If the protocol (scheme) part is omitted, it defaults to the HTTP protocol. The username and password (username:password) part can be omitted. In the HTTP protocol, the port number (port) The default is 80, which can also be omitted, and the fragment_id part has no practical value in detecting whether it is a malicious URL. According to the above characteristics of the URL format, it can be considered that the format of the URL is variable, and multiple URLs that are not exactly the same may point to the same...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More