Malicious webpage discovery method and system based on feature detection

A malicious webpage and feature detection technology, applied in the field of network flow security, can solve problems such as long time consumption, low resource utilization rate, and large computing resource consumption, and achieve the best efficiency and accuracy

Active Publication Date: 2018-11-06
INST OF INFORMATION ENG CHINESE ACAD OF SCI +1
View PDF5 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] 3) Unbalanced data set characteristics
For example, Google checks hundreds of millions of URLs every day and can only find about 9,500 unsafe sites. The analysis value of most web pages is low, and detection takes a long time
At the same time, since automatic analysis and manual reporting consume a large amount of computing resources, if each web page is analyzed, resource utilization will be very low

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious webpage discovery method and system based on feature detection
  • Malicious webpage discovery method and system based on feature detection
  • Malicious webpage discovery method and system based on feature detection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0044] The technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention.

[0045] The present invention will be described in detail below in conjunction with the above.

[0046] The system architecture diagram of the present invention is as follows figure 1 shown.

[0047] 1) Analyze HTTP traffic in real time through the network flow capture platform Papp. Papp has two configuration methods, one is to capture traffic in real time for analysis, and the other is to read network traffic Pcap packets (process characteristic analysis software package) for testing ; Among them, the network flow capture platform Papp is a special traffic acquisition tool, and its function is similar to the TCPDUMP command under Linux.

[0048]2) URL features are extracted from traffic parsed by the Papp platform.

[0049] It is implemented through the URL-related network b...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention provides a malicious webpage discovery method based on feature detection. The method comprises the steps of: reading a URL file, and extracting URL related network behavior features; reading a DNS file to extract domain name related network behavior features; reading an NetFlow file to extract flow related network behavior features; and for the URL related network behavior features, the domain name related network behavior features and the flow related network behavior features, performing rule matching, and identifying malicious URLs according to a matching result. Basedon a network flow captured in real time, a system having detection and identification functions online to achieve the method mentioned above is constructed. The system implements online webpage identification to identify the URLs of the malicious webpage in real time from the real-time network flow.

Description

technical field [0001] The invention relates to network flow security technology, in particular to online real-time analysis of large-scale network flow, mining and discovery of malicious URLs, and in particular to a method and system for discovering malicious webpages based on feature detection. Background technique [0002] As an open sharing platform, the Internet not only provides convenience for people, but also creates new opportunities for criminals to collect personal privacy information and organize criminal activities. In some known cybercriminal activities, webpages containing malicious codes and phishing (ie, malicious webpages, including: phishing websites, web Trojan horses, pornographic websites, etc.) often play a very important role. Statistics from Kaspersky show that malicious webpages appear and play a role in 87.36% of cyber attacks. Such web pages either automatically install malicious codes into the user's computer without the user's knowledge, or ass...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/1416H04L63/1425H04L63/145H04L63/1483H04L61/4511
Inventor 李睿杜翠兰李鹏霄张鹏陈志鹏杨兴东
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap