CN103795679A - Rapid detection method and system for phishing website - Google Patents
Rapid detection method and system for phishing website Download PDFInfo
- Publication number
- CN103795679A CN103795679A CN201210418201.4A CN201210418201A CN103795679A CN 103795679 A CN103795679 A CN 103795679A CN 201210418201 A CN201210418201 A CN 201210418201A CN 103795679 A CN103795679 A CN 103795679A
- Authority
- CN
- China
- Prior art keywords
- website
- client
- url
- server end
- inquiry
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 15
- 238000000034 method Methods 0.000 claims abstract description 17
- 230000005540 biological transmission Effects 0.000 claims description 3
- 230000007123 defense Effects 0.000 abstract description 2
- 238000013461 design Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000007630 basic procedure Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000003203 everyday effect Effects 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000003612 virological effect Effects 0.000 description 1
Images
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The invention belongs to the technical field of computer defense, and particularly discloses a method and a system for quickly detecting a phishing website. The method comprises the following steps: the URL of the website currently accessed by the client is transmitted to the server for website security query, and a query result is fed back to the client; instructing the client to upload the webpage content corresponding to the URL to the server for the website which cannot be identified by query; and instructing the server to judge the safety property of the website according to the webpage content. The invention combines two advantages of the existing website security property detection, and also overcomes the problems brought by web crawlers, thereby leading the detection of the invention to be quicker and more accurate.
Description
Technical field
The invention belongs to computer defense technique field, be specifically related to a kind of method for quick and system of fishing website.
Background technology
Fishing website is a kind of network fraud behavior, refer to that lawless person utilizes various means, URL address and the content of pages of counterfeit true website, or utilize the leak in true Website server program to insert dangerous HTML code in some webpage of website, gain user bank or the private data such as credit card account, password by cheating or allow consumer directly money be imported in cheat's bank account in the mode paying with this, seriously affect the development of on-line finance service, ecommerce, endanger public interest, affect the confidence of public's applying Internet.
In order to prevent the harm of fishing website, conventionally there are at present two kinds of ways:
One, check fishing website according to web site contents feature device, such as recognition methods and device, the method for No. 200710072997.1 patent of China based on gateway, bridge guarding phishing website etc. of the detection method of No. 200910106659 a kind of fishing websites of patent of China and device, No. 201110172952.8 patent fishing websites of China.These schemes all attempt to find a kind of rule according to the feature of fishing website content, and then formulate certain detection rule and remove to detect fishing website.These methods or device, have the effect of fast detecting, but along with fishing website producer is for detecting being familiar with and understanding of rule, the new fishing website that they make just easily escapes from their detection.Therefore, the fishing website recall rate of this type of precautionary scheme can slowly reduce, and needs constantly to upgrade detection rule and could adapt to viral development.
Two, set up fishing website database, find that a fishing website is just by the URL(URL(uniform resource locator) of this fishing website, be web page address) add in this database, in local client and server, set up black and white lists database, in blacklist database, store the URL of fishing website, the URL of storage security website in white list, the URL storing in the URL of user's current accessed website and black and white lists database is compared, to judge that the security property of this website is fishing website, or security website, or (its URL is not in database in grey website, the station address of None-identified).This kind of mode Detection accuracy is high, but this kind of mode is helpless for the website of new generation.
In order further to promote fishing website recall rate, common way is that above two kinds of modes are combined, and its basic procedure is as follows:
The URL of current accessed website is transferred to server end by client;
Server end is inquired about this URL in its black and white lists database;
Query Result is black, is expressed as fishing website, feedback Client-Prompt user;
Query Result is white, is expressed as security website, allows user to continue to access current site;
Query Result is ash, represents this website of None-identified, the URL of this website is transferred to background authentication system and verifies;
Background authentication system, downloads web page contents by web crawlers, then automatically judges according to first rule of mentioning.
Although above-mentioned detection method, combine the advantage of two kinds of modes, but new problem also having produced, is exactly that some fishing websites start to improve for web crawlers, make the web crawlers cannot downloading web pages content or web page contents accurately, detect rule thereby escape from.
Because the new Websites quantity that produce every day is huge, can not dependence manually download and judge, this has become fishing website and has detected the new difficult problem occurring.
Summary of the invention
In order to address the above problem, the object of the present invention is to provide a kind of method for quick and system of fishing website, can detect more fast and exactly the security property of website.
In order to realize foregoing invention object, find based on above-mentioned research, obtain following technical scheme:
A method for quick for fishing website, comprises the following steps:
The URL of client current accessed website is transferred to server end and carry out the inquiry of web portal security character, and Query Result is fed back to client;
For the website of inquiry None-identified, instruction client is by the web page contents corresponding described URL end that uploads onto the server;
Commander server end is judged this web portal security character according to described web page contents.
Further, the URL of client current accessed website is transferred to server end and carry out the inquiry of web portal security character, and Query Result is fed back to client, specifically:
The URL of current accessed website is transferred to server end by instruction client;
Commander server end is inquired about in its black and white lists database according to this URL, stores the URL of confirmed fishing website in described blacklist database, the URL of the security website that in described white list database, storage has been verified;
As described in blacklist database, feed back client and carry out fishing website interception or prompting;
If in described white list database, feed back client and allow user to continue to access current site;
If inquiry None-identified, order is carried out subsequent step.
Further, described web page contents comprises title, description, keyword and main body.
A rapid detection system for fishing website, comprises with lower module:
Quick search module, transfers to server end by the URL of client current accessed website and carries out the inquiry of web portal security character, and Query Result is fed back to client;
Transmission module on web page contents, for the website of inquiry None-identified, instruction client is by the web page contents corresponding described URL end that uploads onto the server;
Judge module fast, commander server end is judged this web portal security character according to described web page contents.
Further, described quick search module specifically comprises following submodule:
Client upload submodule, the URL of current accessed website is transferred to server end by instruction client;
Server end inquiry submodule, commander server end is inquired about in its black and white lists database according to this URL, stores the URL of confirmed fishing website in described blacklist database, the URL of the security website that in described white list database, storage has been verified; As described in blacklist database, feed back client and carry out fishing website interception or prompting; If in described white list database, feed back client and allow user to continue to access current site; If inquiry None-identified, order is carried out subsequent step.
Further, described web page contents comprises title, description, keyword and main body.
The present invention is directed to the website of inquiry None-identified, with regard to instruction client, by the web page contents corresponding described URL end that uploads onto the server, then commander server end is judged this web portal security character according to described web page contents.During due to client-access current site, fishing website is also to show its web page contents to user certainly, since client has been obtained these web page contents, the end that so directly uploaded onto the server judges, just make fishing website to be stealthy, be easy to just avoid the problem that relies on web crawlers to bring.
Therefore, the present invention combines two kinds of advantages that website using security property detects, and has also overcome the problem that web crawlers brings, thereby the present invention is detected more fast and accurately.
Accompanying drawing explanation
The picture that the explanation of this accompanying drawing provides is used for assisting a further understanding of the present invention, forms the application's a part, does not form inappropriate limitation of the present invention, in the accompanying drawings:
Fig. 1 is flow chart corresponding to the inventive method;
Fig. 2 is block diagram corresponding to system of the present invention.
Embodiment
As shown in Figure 1, the present embodiment discloses a kind of method for quick of fishing website, it is characterized in that comprising the following steps:
Step1: the URL of current accessed website is transferred to server end by instruction client;
Step2: commander server end is inquired about in its black and white lists database according to this URL, stores the URL of confirmed fishing website in described blacklist database, the URL of the security website that in described white list database, storage has been verified;
Step3A: as described in blacklist database, feed back client and carry out fishing website interception or prompting, be if Query Result is fishing website, access behavior or prompting this website of user of just tackling user's continuation are that fishing website determines whether to continue access by user;
Step3B: if in described white list database, feeding back client allows user to continue to access current site, be if Query Result is security website, so-called security website is such as some common government website, portal website etc., and they are that the possibility of fishing website is very little;
Step3C: if inquiry None-identified, instruction client is by the web page contents corresponding described URL end that uploads onto the server, and described web page contents comprises title (title), describes (description), keyword (keywords) and main body (body);
Step4: commander server end is judged this web portal security character according to described web page contents, its concrete decision rule can adopt existing judgment rule, such as the scheme of mentioning in background technology, from web page contents, extract some characteristics, the rule pre-establishing according to these and the characteristic of extraction are judged, owing to there being a lot of existing technological means, the present invention is not just this tired stating.
As shown in Figure 2, the present embodiment also discloses the rapid detection system of the fishing website that a kind of said method is corresponding, and it comprises with lower module:
Quick search module 1, carries out the inquiry of web portal security character for the URL of client current accessed website is transferred to server end, and Query Result is fed back to client;
Wherein, quick search module specifically comprises following submodule:
Server end inquiry submodule 12, commander server end is inquired about in its black and white lists database according to this URL, in described blacklist database, store the URL of confirmed fishing website, the URL of the security website that in described white list database, storage has been verified; As described in blacklist database, feed back client and carry out fishing website interception or prompting; If in described white list database, feed back client and allow user to continue to access current site; If inquiry None-identified, order is carried out subsequent step.
Wherein, described web page contents comprises title, description, keyword and main body.
Adopt method or the system of the present embodiment, can utilize the judgement of black and white lists database quick search for the fishing website of having confirmed and security website, can make client that its web page contents is uploaded onto the server to hold for the website of new generation and judge fast according to existing rule, thereby improve detection efficiency of the present invention and accuracy rate.
More than describe preferred embodiment of the present invention in detail, should be appreciated that the ordinary skill of this area just can design according to the present invention be made many modifications and variations without creative work.Therefore, all technical staff in the art according to the present invention design on prior art basis by logic analysis, reasoning or according to the available technical scheme of limited experiment, all should be among by the determined protection range of these claims.
Claims (6)
1. a method for quick for fishing website, is characterized in that comprising the following steps:
The URL of client current accessed website is transferred to server end and carry out the inquiry of web portal security character, and Query Result is fed back to client;
For the website of inquiry None-identified, instruction client is by the web page contents corresponding described URL end that uploads onto the server;
Commander server end is judged this web portal security character according to described web page contents.
2. the method for quick of fishing website according to claim 1, is characterized in that the URL of client current accessed website is transferred to server end carries out the inquiry of web portal security character, and Query Result is fed back to client, specifically:
The URL of current accessed website is transferred to server end by instruction client;
Commander server end is inquired about in its black and white lists database according to this URL, stores the URL of confirmed fishing website in described blacklist database, the URL of the security website that in described white list database, storage has been verified;
As described in blacklist database, feed back client and carry out fishing website interception or prompting;
If in described white list database, feed back client and allow user to continue to access current site;
If inquiry None-identified, order is carried out subsequent step.
3. the method for quick of fishing website according to claim 1, is characterized in that:
Described web page contents comprises title, description, keyword and main body.
4. a rapid detection system for fishing website, is characterized in that comprising with lower module:
Quick search module, transfers to server end by the URL of client current accessed website and carries out the inquiry of web portal security character, and Query Result is fed back to client;
Transmission module on web page contents, for the website of inquiry None-identified, instruction client is by the web page contents corresponding described URL end that uploads onto the server;
Judge module fast, commander server end is judged this web portal security character according to described web page contents.
5. the rapid detection system of fishing website according to claim 4, is characterized in that described quick search module specifically comprises following submodule:
Client upload submodule, the URL of current accessed website is transferred to server end by instruction client;
Server end inquiry submodule, commander server end is inquired about in its black and white lists database according to this URL, stores the URL of confirmed fishing website in described blacklist database, the URL of the security website that in described white list database, storage has been verified; As described in blacklist database, feed back client and carry out fishing website interception or prompting; If in described white list database, feed back client and allow user to continue to access current site; If inquiry None-identified, order is carried out subsequent step.
6. the rapid detection system of fishing website according to claim 4, is characterized in that:
Described web page contents comprises title, description, keyword and main body.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210418201.4A CN103795679A (en) | 2012-10-26 | 2012-10-26 | Rapid detection method and system for phishing website |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210418201.4A CN103795679A (en) | 2012-10-26 | 2012-10-26 | Rapid detection method and system for phishing website |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103795679A true CN103795679A (en) | 2014-05-14 |
Family
ID=50670972
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210418201.4A Pending CN103795679A (en) | 2012-10-26 | 2012-10-26 | Rapid detection method and system for phishing website |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103795679A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105320885A (en) * | 2014-06-04 | 2016-02-10 | 腾讯科技(深圳)有限公司 | Method and device for detecting malicious website |
| CN105574036A (en) * | 2014-10-16 | 2016-05-11 | 腾讯科技(深圳)有限公司 | Web page data processing method and device |
| CN106357603A (en) * | 2016-08-18 | 2017-01-25 | 乐视控股(北京)有限公司 | Web page security detection processing method and device |
| CN107004088A (en) * | 2014-12-09 | 2017-08-01 | 日本电信电话株式会社 | Determining device, determine method and determination program |
| CN110535815A (en) * | 2018-05-25 | 2019-12-03 | 网宿科技股份有限公司 | A kind of method and apparatus identifying URL |
| CN110968897A (en) * | 2019-12-28 | 2020-04-07 | 辽宁振兴银行股份有限公司 | Routing forwarding based on nginx and vx-api-gatway |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080244715A1 (en) * | 2007-03-27 | 2008-10-02 | Tim Pedone | Method and apparatus for detecting and reporting phishing attempts |
| CN102710645A (en) * | 2012-06-06 | 2012-10-03 | 珠海市君天电子科技有限公司 | Method and system for detecting phishing website |
| CN102724186A (en) * | 2012-06-06 | 2012-10-10 | 珠海市君天电子科技有限公司 | System and method for detecting phishing websites |
-
2012
- 2012-10-26 CN CN201210418201.4A patent/CN103795679A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080244715A1 (en) * | 2007-03-27 | 2008-10-02 | Tim Pedone | Method and apparatus for detecting and reporting phishing attempts |
| CN102710645A (en) * | 2012-06-06 | 2012-10-03 | 珠海市君天电子科技有限公司 | Method and system for detecting phishing website |
| CN102724186A (en) * | 2012-06-06 | 2012-10-10 | 珠海市君天电子科技有限公司 | System and method for detecting phishing websites |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105320885A (en) * | 2014-06-04 | 2016-02-10 | 腾讯科技(深圳)有限公司 | Method and device for detecting malicious website |
| CN105574036A (en) * | 2014-10-16 | 2016-05-11 | 腾讯科技(深圳)有限公司 | Web page data processing method and device |
| CN107004088A (en) * | 2014-12-09 | 2017-08-01 | 日本电信电话株式会社 | Determining device, determine method and determination program |
| US10853483B2 (en) | 2014-12-09 | 2020-12-01 | Nippon Telegraph And Telephone Corporation | Identification device, identification method, and identification program |
| CN106357603A (en) * | 2016-08-18 | 2017-01-25 | 乐视控股(北京)有限公司 | Web page security detection processing method and device |
| CN110535815A (en) * | 2018-05-25 | 2019-12-03 | 网宿科技股份有限公司 | A kind of method and apparatus identifying URL |
| CN110968897A (en) * | 2019-12-28 | 2020-04-07 | 辽宁振兴银行股份有限公司 | Routing forwarding based on nginx and vx-api-gatway |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11128621B2 (en) | Method and apparatus for accessing website | |
| CN104320262B (en) | The method and system of client public key address binding, retrieval and the verification of account book technology are disclosed based on encryption digital cash | |
| CN103795679A (en) | Rapid detection method and system for phishing website | |
| CN102647408A (en) | Method for judging phishing website based on content analysis | |
| CN102769632A (en) | Method and system for grading detection and prompt of fishing website | |
| CN102891826B (en) | The control method of web page access, equipment and system | |
| CN102638448A (en) | Method for judging phishing websites based on non-content analysis | |
| CN106789939B (en) | A kind of detection method for phishing site and device | |
| CN102710646B (en) | Method and system for collecting phishing websites | |
| US9147067B2 (en) | Security method and apparatus | |
| CN103685308A (en) | Detection method and system of phishing web pages, client and server | |
| CN105991589A (en) | Method, apparatus, and system for redirection | |
| CN102724186A (en) | System and method for detecting phishing websites | |
| CN102375952B (en) | Method for displaying whether website is credibly checked in search engine result | |
| CN107016074B (en) | Webpage loading method and device | |
| CN105635064B (en) | CSRF attack detection method and device | |
| CN104519070A (en) | Method and system for detecting website permission vulnerabilities | |
| CN103986731A (en) | Method and device for detecting phishing web pages through image matching | |
| CN106330817A (en) | Webpage access method, device and terminal | |
| CN106126707A (en) | Information identifying method and information recognition device | |
| CN102902722B (en) | A kind of disposal route of Information Security and system | |
| CN104050257A (en) | Detection method and device for phishing webpage | |
| CN105577619A (en) | Method and system for logging in client and client | |
| CN104484609A (en) | Website bug detection method and system | |
| CN102984117A (en) | Authentication method and authentication server and authentication system of webpage assembly |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140514 |