Fishing web page clustering method and device

A technology of phishing web pages and clustering method, applied in the field of information security, can solve the problem of not completely preventing the spread of phishing web pages from the source, and achieve the effect of preventing the spread and reducing the false positive rate.

Active Publication Date: 2013-11-20
TENCENT TECH (SHENZHEN) CO LTD
View PDF4 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

For example, b.a.cn.ms, c.a.cn.ms, and d.e.a.cn.ms are all secondary domain names of a.cn.ms. If the prior art phishing web page clustering method is used, b.a.cn.ms, c.a.cn The three sub-sites .ms and d.e.a.cn.ms are all identified as phishing pages, but because phishing criminals use "pan-analysis technology", they will automatically generate a large number of *.a.cn.ms in a very short time, that is, a The secondary domain name of .cn.ms, it can be seen that the clustering method of the whole site or the whole domain in the prior art has not completely stopped the spread of phishing webpages from the source

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Fishing web page clustering method and device
  • Fishing web page clustering method and device
  • Fishing web page clustering method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0048] At present, there are various clustering methods for phishing webpages, but the feature of "domain name type" has not been utilized yet. The inventor of the present invention thought of using "domain name type" to solve the problem of phishing webpage clustering, effectively avoiding the drawbacks of the prior art. When phishing criminals use the sub-domain name of the second-level domain name to commit crimes, they can use the feature of "domain name type" to directly cluster the phishing web pages into the sub-domain name of the second-level domain name applied by the phishing criminal, and identify them as phishing web pages , completely stop the spread of phishing webpages at the source. Among them, the domain name type can include top-level domain name and second-level domain name, etc., for example, .com is a top-level domain name, which can also provide sub-domain application, cn.ms is a second-level domain name, which can provide sub-domain registration, for For...

Embodiment 2

[0066] refer to image 3 , image 3 The flow chart of the phishing web page clustering method provided in this embodiment may specifically include:

[0067] Step 301: receiving any phishing URL;

[0068] Step 302: Obtain the domain name of the phishing website;

[0069] Step 303: Obtain the domain name type corresponding to the domain name in the preset domain name table;

[0070] Steps 301 to 303 in this embodiment are the same as steps 101 to 103 in Embodiment 1, and will not be repeated here.

[0071] Step 304: Determine whether the domain name type is a second-level domain name, if yes, go to step 305, if not, go to step 309.

[0072] In this embodiment, after acquiring the domain name type corresponding to the domain name, it is first judged whether the domain name type belongs to the second-level domain name, if yes, go to step 305 , otherwise go to step 309 .

[0073] In actual operation, after determining the domain name type, you can refer to Table 2 to determine...

Embodiment 3

[0097] refer to Figure 4 , Figure 4 The structural diagram of the phishing web page clustering device provided in this embodiment, the device may include:

[0098] A receiving module 401, configured to receive any phishing URL;

[0099] The first obtaining module 402 is used to obtain the domain name of the phishing website;

[0100] The second acquiring module 403 is configured to acquire the domain name type corresponding to the domain name in the preset domain name table;

[0101] The clustering module 404 is configured to implement clustering of phishing webpages according to the type of the domain name.

[0102] Wherein, the clustering module may include:

[0103] The first judging submodule is used to judge whether the domain name type is a second-level domain name;

[0104] A first acquiring submodule, configured to acquire the secondary domain of the domain name when the result of the first judging submodule is yes;

[0105] The first adding submodule is used t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a fishing web page clustering method and device. The method comprises the steps of receiving any fishing website; acquiring the domain name of the fishing website; acquiring the domain name type corresponding to the domain name from a preset domain name list; according to the domain name type, realizing fishing web page clustering. The fishing web page clustering method and device can realize fishing web page clustering after acquiring the domain name type corresponding to fishing websites, so that two defects generated by the clustering method in the prior art when a fishing criminal uses a secondary domain name of a second-level domain are overcome. Consequently, the false alarm rate and the missing reporting rate of fishing web pages are reduced, the detection ratio of the fishing webpages is improved, and the broadcast of fishing web pages is completely stopped from the source.

Description

technical field [0001] The invention relates to the field of information security, in particular to a phishing web page clustering method and device. Background technique [0002] Phishing webpages usually refer to webpages disguised as bank webpages or e-commerce webpages. The main harm is to steal private information such as bank account numbers and passwords submitted by users. The so-called "phishing web page" is a kind of network fraud, which means that criminals use various means to counterfeit the URL (web page address) and page content of the real website, or use the loopholes in the server program of the real website to insert Dangerous HTML (Hypertext Markup Language) codes are used to defraud users of private information such as bank or credit card account numbers and passwords. Clustering phishing webpages refers to clustering webpages used for "phishing" together as a comparison standard for detecting phishing webpages. [0003] There are many methods for clus...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F17/30
CPCG06F21/6209H04L63/1483G06F2221/2119G06F2221/2149H04L67/02H04L2101/30
Inventor 罗焱
Owner TENCENT TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap