Method and device for detecting phishing web pages

Abstract

The application provides a phishing webpage detection method and a device. The method includes the following steps: calling a webpage rendering program to access a webpage to be detected; sending a user operation event to the webpage to be detected in the rendering process of the webpage to be detected; and detecting whether the webpage to be detected is a phishing webpage based on the rendering result of the webpage to be detected. According to the embodiment of the invention, a phishing webpage is normally opened in a rendering environment, and the problem that a phishing webpage using the webpage source file of a normal webpage cannot be detected is avoided. In the rendering process of the webpage to be detected, a user operation event is sent to the webpage to be detected to simulate an environment in which a real person browses a webpage. A phishing webpage will open the original page after monitoring the user operation event. Thus, further detection can be carried out to avoid the problem that a phishing webpage shows a non-phishing webpage when detecting webpage access by a non-real person and thus the phishing webpage cannot be detected. The accuracy of webpage detection is improved.

Description

technical field [0001] The present application relates to the field of webpage processing, in particular to a method for detecting phishing webpages and a device for detecting phishing webpages. Background technique [0002] Phishing webpages mainly fake the URL address or page content of real websites, pretend to be webpages such as banking and e-commerce, or use loopholes in real webpage server programs to insert dangerous webpage codes into webpages to Defraud users of personal information such as bank or credit card account numbers and passwords. [0003] When a conventional phishing web detection scheme detects whether a URL is a phishing web page, it obtains the returned web page source file, such as an HTML (Hypertext Markup Language) file, by visiting the URL, and parses and extracts the text or image features therein, and further based on the extracted text or image features for recognition. [0004] However, this conventional machine detection method has been una...

AI Technical Summary

Problems solved by technology

[0004] However, this conventional machine detection method has been unable to cope with the endless new phishing webpages. In order to bypass the webpage detection, the new phishing webpage usually judges whether it is currently being visited by a real person or a machine detection. If it is recognized as a machine detection, it will feed back a non-phishing webpage. , causing the detection engine to miss

[0005] Specifically, the webpage source files of new phishing webpages are usually configured with the text or picture features of normal webpages, and only after the browser rendering behavior determines that the webpage is visited by a real person, the phishing webpage will be rendered, thus making the non-browser environment The detection of phishing webpages cannot obtain the basis for identifying phishing webpages, and phishing webpages cannot be detected

Furthermore, even if the browser environment is used to detect phishing webpages, some phishing webpages will also detect whether there is a mouse movement event in the current environment and whether Flash is supported when the webpage is rendered. , so that it is not possible to recognize

[0006] In addition, there is a browser-based non-machine detection solution. When a user visits a page in the browser, it can immediately detect whether the page that has been opened is a phishing website. However, this solution can only detect the URL that the user is visiting, and cannot perform batch chemical detection

Images