CN113779478A - Abnormal ICP filing website detection method based on multivariate features - Google Patents
Abnormal ICP filing website detection method based on multivariate features Download PDFInfo
- Publication number
- CN113779478A CN113779478A CN202111078456.6A CN202111078456A CN113779478A CN 113779478 A CN113779478 A CN 113779478A CN 202111078456 A CN202111078456 A CN 202111078456A CN 113779478 A CN113779478 A CN 113779478A
- Authority
- CN
- China
- Prior art keywords
- website
- abnormal
- filing
- record
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/958—Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/951—Indexing; Web crawling techniques
Landscapes
- Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
本发明涉及一种基于多元特征的异常ICP备案网站检测方法,其解决了现有互联网中存在大量异常ICP备案的网站但无有效检测方法的技术问题,其包括以下步骤:步骤一.获取网站备案检测所需信息;步骤二.检测ICP备案网站的多元异常特征;步骤三.统计并保存异常特征信息。本发明可广泛应用于批量检测异常ICP备案的网站。
The invention relates to a method for detecting abnormal ICP filing websites based on multiple features, which solves the technical problem that there are a large number of abnormal ICP filing websites in the existing Internet but there is no effective detection method. The method includes the following steps: Step 1. Obtain website filing Detect the required information; Step 2. Detect the multiple abnormal features of the ICP filing website; Step 3. Count and save the abnormal feature information. The present invention can be widely used in batch detection of abnormal ICP filing websites.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method for detecting an abnormal ICP (inductively coupled plasma) filing website based on multivariate characteristics.
Background
ICP filing, also known as domain name filing, means that as long as the server is installed in a non-commercial website in the people's republic of china, the filing procedure needs to be performed in compliance. The method can not be used for doing business internet information service in the people's republic of China without recording. The purpose is to prevent illegal website operation activities from being carried out on the network and attack the spread of bad internet information.
But a plurality of abnormal ICP record websites exist at present, for example, some websites do not record and steal record information of others; some uses are false record numbers, illegal activities such as pornography and gambling. These websites with abnormal records are often difficult to supervise, and are not good for the healthy development of the internet. However, there is no clear detection method for detecting the websites with abnormal ICP records effectively and finding the bad websites in time.
Disclosure of Invention
The invention provides a method for detecting an abnormal ICP record website based on multiple characteristics, which can effectively detect the abnormal ICP record website and aims to solve the technical problem that a website with a large number of abnormal ICP records but no effective detection method exists in the existing internet.
The invention provides an abnormal ICP filing website detection method based on multivariate characteristics, which comprises the following steps:
acquiring information required by website record detection;
detecting the multivariate abnormal characteristics of the ICP filing website;
and step three, counting and storing abnormal characteristic information.
Preferably, the step one comprises the following specific steps:
step 1): crawling the content of the website by a web crawler, and mainly acquiring the title of a website homepage, key words of important content, ICP record number at the bottom of the homepage and URL pointed by a hyperlink of the ICP record number;
step 2): taking the registered domain name of the website to be detected as a query condition, and querying and acquiring authoritative record data of the website through an ICP information record management system provided by an industrial and informatization department, wherein the authoritative record data comprises record main body information and record website information;
step 3): acquiring an IP address recorded by a website domain name A through DNS domain name resolution, and acquiring the position of a website server through an IP positioning technology;
step 4): and acquiring the registration time of the domain name and the registrar information of the domain name by inquiring the WHOIS information of the domain name of the website.
Preferably, the multivariate abnormal characteristics in the step two comprise ICP filing flow detection and filing content detection; the ICP filing flow detection comprises the steps of whether a website is filed, filing updating exception and filing cancellation exception, and the ICP filing content detection comprises ICP filing main information, filing website information and website content exception.
Preferably, the specific steps of the multivariate abnormal characteristic detection comprise:
step 1: judging whether ICP record information exists in the domestic website, and if the ICP record information does not exist in the domestic website, directly judging the domestic website to be an abnormal website; if yes, carrying out the next step;
step 2: and carrying out record updating detection, cancellation abnormity detection and record content abnormity detection, and judging whether the website is abnormal or not.
Preferably, the record updating detection in step 2 means that the user of the website domain name has changed to detect whether the record information is updated.
Preferably, the pin-out anomaly detection in step 2 comprises:
A. if the domain name is overdue and not registered, whether the corresponding filing information is cancelled or not is judged;
B. the website server is shifted from home to abroad, and whether the filing information is cancelled or not is judged;
C. the domain name registrant is changed from an authorized registrant to an unauthorized registrant when the domain name registrant records, and whether the record information is cancelled or not is judged.
Preferably, the detecting of the content exception in step 2 includes: detecting the abnormal information of the record main body, detecting the abnormal information of the record website and judging whether illegal contents exist in the website contents.
Preferably, the docket body information abnormality detection includes:
A) whether the website content is consistent with the property of the record unit;
B) whether a large number of filing websites exist under the filing main body;
C) the record main body is an enterprise and is logged off, and at the moment, whether a record website still exists under the record main body or not is judged.
Preferably, the detecting of the abnormal information of the docketing website comprises:
(A) whether the website title is consistent with the name of the record website or not;
(B) whether the website displays the filing number and whether the hyperlink of the filing number points to an ICP filing management system of an industrial and informatization department;
(C) the website displays whether the filing number is consistent with the query result of the ICP filing management system of the industrial and informatization department.
Preferably, the specific steps of step three include:
step (1): counting the number of abnormal features of each website and the detailed information of each abnormal feature by detecting the features of the filing process and the filing content, wherein the number of the abnormal features can be used for feeding back the abnormal risk degree of the website;
step (2): and finally, persistently storing the statistical information to construct an abnormal ICP filing website information base.
The invention has the beneficial effects that:
the invention provides a method for effectively detecting an abnormal ICP filing website. The method is characterized in that anomaly analysis is carried out based on multiple features of website record information, counting statistics is carried out when one anomaly feature is detected, the counting statistics is used for describing the degree of the website record anomaly danger, the anomaly features are stored in an anomaly set of a corresponding website, and finally an abnormal ICP record website information base is formed. Through the information base, which websites have abnormal records can be definitely known, and which specific abnormalities and abnormal degrees exist in each website, so that the actual abnormal conditions of website records can be relatively comprehensively reflected, abnormal record websites can be effectively found from the abnormal record websites, a network supervision department can be assisted to more effectively supervise bad websites, website operators can also be helped to find out which abnormalities exist in website records of the website operators, and then the abnormal record websites can be corrected in time, and the potential hidden dangers of the website can be avoided.
The invention can reduce the occurrence of network safety hidden danger to a certain extent and is beneficial to maintaining the healthy development of the Internet.
Drawings
Fig. 1 is a schematic structural diagram of an embodiment of the present invention.
Description of the symbols of the drawings:
1. website domain name: detecting a domain name corresponding to a website;
2. an information acquisition module: four contents, namely website content, website ICP filing information, domain name DNS analysis data and domain name WHOIS information, need to be acquired. Website content, namely a title of a website, a keyword of the website content, an ICP filing number displayed at the bottom of the website and a URL of a hyperlink of the ICP filing number; the method comprises the following steps that website ICP filing information needs to obtain filing main body information and filing website information; analyzing data by a Domain Name System (DNS), and acquiring an IP address in a domain name A record; domain name WHOIS information, registration time and registrant of the domain name are required to be acquired;
3. record flow characteristic anomaly detection module: firstly, determining whether a website is already recorded, if not, determining that the website is an abnormal website, and subsequent feature detection does not need to be carried out, and ending the whole detection process; if the website has the filing information, performing filing updating, canceling abnormal detection and filing content abnormal detection;
4. record content characteristic anomaly detection module: detecting specific record information of the website and the content of the website, wherein the detection comprises 9 feature detections of a record main body, a record website and website content;
5. an abnormal characteristic information statistic module: counting the number of the abnormal features of the website, and preprocessing the detailed information of the abnormal features for subsequent storage;
6. the information storage module: and storing the information of the abnormal characteristic information statistical module to finally form an abnormal ICP filing website information base.
Detailed Description
The present invention is further described below with reference to the drawings and examples so that those skilled in the art can easily practice the present invention.
Example (b):
as shown in fig. 1, the specific process of detecting the abnormal ICP filing website mainly includes the following steps:
step one, a concrete acquisition process of information required by website record abnormity detection comprises the following steps:
step 1): the method comprises the steps of crawling the content of a website through a web crawler, and mainly obtaining the title of a website homepage, key words of important content, ICP record number at the bottom of the homepage and URL pointed by a hyperlink of the ICP record number.
Step 2): the domain name of the website to be detected is used as a query condition (the domain name of the website to be detected is a registered domain name, but not a full domain name FQDN, such as www.sohu.com, which needs to be input, sohu.com), and authority record data of the website, including record main body information and record website information, is queried and obtained through an ICP information record management system (https:// beian.
Step 3): and acquiring the IP address recorded by the website domain name A through DNS domain name resolution, and acquiring the position of the website server through an IP positioning technology.
Step 4): and acquiring information such as the registration time of the domain name, the registrant of the domain name and the like by inquiring the WHOIS information of the domain name of the website.
Step two, the process of detecting the multivariate abnormal characteristics of the abnormal ICP filing website comprises the following specific steps:
step 1: recording process abnormity detection, which comprises the following specific detection contents:
(1) firstly, whether the website needs to be put on record or not is judged according to the geographical position erected by the website server. If the server is out of the country, the website does not need to be recorded, and the recording information of the website is not inquired, the website is normal, the detection is finished, and the detection of the next website is circularly entered. If the website server is installed in China, ICP filing must be conducted according to law, and the method is divided into two different detection processes:
a. if the website is not recorded, the website can be directly judged to be an abnormal website, the abnormal risk degree can be set to be the highest, and the detection is finished at the same time to carry out the abnormal detection of the next website;
b. if the website has a record, the subsequent feature detection is continuously and sequentially carried out.
(2) And (4) abnormal record updating detection, namely respectively determining the record time of the website and the registration time of the domain name through the record information of the website and the WHOIS information of the domain name, and if the record time is earlier than the registration time of the domain name, indicating that a domain name user has changed, but the current record information is the previous information and is not updated. In this case, if the current domain name user is engaged in illegal activities, the domain name user cannot perform supervision and tracing through the website record information, which has a certain potential safety hazard and may bring unnecessary trouble to the current website record subject.
(3) The method for detecting the record cancellation abnormity comprises the following three aspects:
A. and checking whether the domain name is overdue and logged off or not based on domain name WHOIS information, and if the domain name is logged off but the website record information is not logged off, determining that the website is an abnormal record website.
B. Based on the website IP address obtained by domain name DNS analysis, the geographic position of the current website server is further determined by IP positioning, if the server is overseas, the server is in China when the website is recorded, but the server is transferred to the overseas in the later period, and the application for logging out the recorded information should be carried out at the moment. If the record information still exists, the record information is an abnormal record website.
C. And acquiring the name of the registrar of the domain name based on domain name WHOIS information, matching the name with an authorized registrar published by the Ministry of industry and communications, and checking whether the name is the authorized registrar. If the domain name of the website is used by an unauthorized registrar, the domain name of the website is used by an authorized registrar, the domain name of the website is changed into the unauthorized registrar after being filed, and the unauthorized registrar is actively applied to log out the filed information at the moment, if the domain name of the website is not logged out, the domain name of the website is indicated to be abnormal, and the domain name of the website is regarded as the abnormal filed website.
Step 2: detecting abnormal record content, wherein the specific detection content is as follows:
(1) the record main body information abnormity detection comprises the following three aspects:
A) detecting abnormal unit property of the record main body, if the unit property of the record main body is 'individual', judging whether the record main body is consistent with record information or not through a website content keyword, for example, some website record property is 'individual', but the website is actually company or community content; if the record unit property is the content of a company, a business unit, a community, etc., the actual unit property of the website should be determined comprehensively by combining with enterprise databases such as a sky-eye inspection, etc. (these databases contain the operation state, the unit property, the record information, etc. of the enterprise) in addition to the website content keywords, and then judging whether the unit property is abnormal or not.
B) Acquiring the name of a main unit through website record main body information, and inquiring whether a large number of domain name records are applied under the record main body through an ICP information record management system provided by the Ministry of industry and communications by taking the name of the main unit as an inquiry condition, for example, hundreds or even thousands of record domain names exist under a certain person or a company main body, which is an abnormal phenomenon and can cause the situations of malicious domain name rush notes and private business.
C) And determining the operation state of the website record main body through the enterprise database such as sky eye inspection and the like, and whether the operation state is cancelled. When the record main body is logged off, the named record website is an abnormal record website.
(2) The record website information abnormity detection comprises the following three aspects:
(A) and acquiring a title attribute field value of the website homepage through a web crawler, matching and comparing the title attribute field value with the website name in the recorded website information, checking whether similarity exists or not, and if the similarity does not exist, judging that the recorded website is abnormal.
(B) Checking whether the bottom of the website homepage has a display website record number and whether a hyperlink URL corresponding to the record number points to the ICP information record management system of the Ministry of industry and communications, if not, the website has abnormal record information display. According to the regulation of 'non-commercial Internet information service filing management method', the filing website should mark the filing number at the central position of the bottom of the homepage, and link the website of the filing management system of the Ministry of industry and communications under the filing number as required for the public to check.
(C) Acquiring the recorded serial number displayed at the bottom of the website homepage, comparing the recorded serial number with the serial number in the recorded website information, and checking whether the recorded serial number is consistent with the serial number in the recorded website information. If the information is inconsistent, the website record information is abnormal, and the situation of counterfeit use may exist.
(3) And detecting the abnormal content of the website, namely detecting whether illegal content such as yellow gambling poison exists in the content of the analyzed website through a website content keyword and a third-party abnormal domain name detection interface (such as Google safe browsing, Baidu website security center and the like). If the website exists, the website is an illegal abnormal website.
Step three, the abnormal characteristic information statistics and information storage process specifically comprises the following steps:
step (1): counting the number of abnormal features of each website and the detailed information of each abnormal feature by detecting the features of the filing process and the filing content, wherein the number of the abnormal features can be used for feeding back the abnormal risk degree of the website;
step (2): and finally, persistently storing the statistical information to construct an abnormal ICP filing website information base.
The above description is only for the purpose of illustrating preferred embodiments of the present invention and is not to be construed as limiting the present invention, and it is apparent to those skilled in the art that various modifications and variations can be made in the present invention. All changes, equivalents, modifications and the like which come within the scope of the invention as defined by the appended claims are intended to be embraced therein.
Claims (10)
1. A method for detecting an abnormal ICP filing website based on multivariate characteristics is characterized by comprising the following steps:
acquiring information required by website record detection;
detecting the multivariate abnormal characteristics of the ICP filing website;
and step three, counting and storing abnormal characteristic information.
2. The method for detecting the abnormal ICP docketing website based on the multivariate features as recited in claim 1, wherein the step one comprises the following steps:
step 1): crawling the content of the website by a web crawler, and mainly acquiring the title of a website homepage, key words of important content, ICP record number at the bottom of the homepage and URL pointed by a hyperlink of the ICP record number;
step 2): taking the registered domain name of the website to be detected as a query condition, and querying and acquiring authoritative record data of the website through an ICP information record management system provided by an industrial and informatization department, wherein the authoritative record data comprises record main body information and record website information;
step 3): acquiring an IP address recorded by a website domain name A through DNS domain name resolution, and acquiring the position of a website server through an IP positioning technology;
step 4): and acquiring the registration time of the domain name and the registrar information of the domain name by inquiring the WHOIS information of the domain name of the website.
3. The abnormal ICP filing website detecting method based on the multivariate features as recited in claim 1, wherein the multivariate features in the second step comprise ICP filing process detection and filing content detection; the ICP filing flow detection comprises the steps of whether a website is filed, filing updating exception and filing cancellation exception, and the ICP filing content detection comprises ICP filing main information, filing website information and website content exception.
4. The abnormal ICP docketing website detection method based on multivariate features as claimed in claim 3, wherein the specific steps of the multivariate abnormal feature detection comprise:
step 1: judging whether ICP record information exists in the domestic website, and if the ICP record information does not exist in the domestic website, directly judging the domestic website to be an abnormal website; if yes, carrying out the next step;
step 2: and carrying out record updating detection, cancellation abnormity detection and record content abnormity detection, and judging whether the website is abnormal or not.
5. The method as claimed in claim 4, wherein the detecting of the abnormal ICP records website based on multiple characteristics, wherein the record updating in step 2 is to detect whether the record information is updated or not, that is, the user whose website domain name has been changed.
6. The abnormal ICP docket website detection method based on multivariate features as claimed in claim 4, wherein the step 2 of injecting abnormal detection comprises:
A. if the domain name is overdue and not registered, whether the corresponding filing information is cancelled or not is judged;
B. the website server is shifted from home to abroad, and whether the filing information is cancelled or not is judged;
C. the domain name registrant is changed from an authorized registrant to an unauthorized registrant when the domain name registrant records, and whether the record information is cancelled or not is judged.
7. The abnormal ICP filing website detecting method based on multivariate features as claimed in claim 4, wherein the filing content abnormal detection in the step 2 comprises: detecting the abnormal information of the record main body, detecting the abnormal information of the record website and judging whether illegal contents exist in the website contents.
8. The abnormal ICP docketing website detection method based on multivariate features as in claim 7, wherein the docket body information abnormal detection comprises:
A) whether the website content is consistent with the property of the record unit;
B) whether a large number of filing websites exist under the filing main body;
C) the record main body is an enterprise and is logged off, and at the moment, whether a record website still exists under the record main body or not is judged.
9. The abnormal ICP docket website detection method based on multivariate features as in claim 7, wherein the docket website information abnormal detection comprises:
(A) whether the website title is consistent with the name of the record website or not;
(B) whether the website displays the filing number and whether the hyperlink of the filing number points to an ICP filing management system of an industrial and informatization department;
(C) the website displays whether the filing number is consistent with the query result of the ICP filing management system of the industrial and informatization department.
10. The abnormal ICP docketing website detection method based on multivariate features as recited in claim 1, wherein the specific steps of said step three comprise:
step (1): counting the number of abnormal features of each website and the detailed information of each abnormal feature by detecting the features of the filing process and the filing content, wherein the number of the abnormal features can be used for feeding back the abnormal risk degree of the website;
step (2): and finally, persistently storing the statistical information to construct an abnormal ICP filing website information base.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111078456.6A CN113779478A (en) | 2021-09-15 | 2021-09-15 | Abnormal ICP filing website detection method based on multivariate features |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111078456.6A CN113779478A (en) | 2021-09-15 | 2021-09-15 | Abnormal ICP filing website detection method based on multivariate features |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113779478A true CN113779478A (en) | 2021-12-10 |
Family
ID=78843999
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111078456.6A Pending CN113779478A (en) | 2021-09-15 | 2021-09-15 | Abnormal ICP filing website detection method based on multivariate features |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113779478A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116055180A (en) * | 2023-01-28 | 2023-05-02 | 北京亿赛通科技发展有限责任公司 | Internet resource record information inquiry verification method and device based on gateway |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060218303A1 (en) * | 2005-03-25 | 2006-09-28 | The Go Daddy Group, Inc. | Creation of a database storing domain names and business operational areas |
| CN102739675A (en) * | 2012-06-28 | 2012-10-17 | 奇智软件(北京)有限公司 | Detection method and device of website security |
| CN102882716A (en) * | 2012-09-25 | 2013-01-16 | 杭州安恒信息技术有限公司 | Ministry of industry and information technology recording detecting method and system |
| US20160370962A1 (en) * | 2004-02-12 | 2016-12-22 | International Business Machines Corporation | Automated Electronic Message Filing System |
| CN107846482A (en) * | 2017-11-03 | 2018-03-27 | 赛尔网络有限公司 | Domain name put on record subsystem and apply its DNS management system |
| CN108111526A (en) * | 2017-12-29 | 2018-06-01 | 哈尔滨工业大学(威海) | A kind of illegal website method for digging based on abnormal WHOIS information |
| CN108737589A (en) * | 2018-05-04 | 2018-11-02 | 哈尔滨工业大学(威海) | The method drawn a portrait to domain name based on geography information |
| CN109522504A (en) * | 2018-10-18 | 2019-03-26 | 杭州安恒信息技术股份有限公司 | A method of counterfeit website is differentiated based on threat information |
| KR20190085661A (en) * | 2018-01-11 | 2019-07-19 | 주식회사 케이티 | Method of web site verification |
| JP2019185624A (en) * | 2018-04-16 | 2019-10-24 | 株式会社構造計画研究所 | Malicious website detector, method for detecting malicious website, and malicious website detection program |
| US20190385254A1 (en) * | 2018-06-19 | 2019-12-19 | Thomson Reuters Global Resources Unlimited Company | Systems and methods for identifying and linking events in structured proceedings |
| CN113098887A (en) * | 2021-04-14 | 2021-07-09 | 西安工业大学 | Phishing website detection method based on website joint characteristics |
-
2021
- 2021-09-15 CN CN202111078456.6A patent/CN113779478A/en active Pending
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160370962A1 (en) * | 2004-02-12 | 2016-12-22 | International Business Machines Corporation | Automated Electronic Message Filing System |
| US20060218303A1 (en) * | 2005-03-25 | 2006-09-28 | The Go Daddy Group, Inc. | Creation of a database storing domain names and business operational areas |
| CN102739675A (en) * | 2012-06-28 | 2012-10-17 | 奇智软件(北京)有限公司 | Detection method and device of website security |
| CN102882716A (en) * | 2012-09-25 | 2013-01-16 | 杭州安恒信息技术有限公司 | Ministry of industry and information technology recording detecting method and system |
| CN107846482A (en) * | 2017-11-03 | 2018-03-27 | 赛尔网络有限公司 | Domain name put on record subsystem and apply its DNS management system |
| CN108111526A (en) * | 2017-12-29 | 2018-06-01 | 哈尔滨工业大学(威海) | A kind of illegal website method for digging based on abnormal WHOIS information |
| KR20190085661A (en) * | 2018-01-11 | 2019-07-19 | 주식회사 케이티 | Method of web site verification |
| JP2019185624A (en) * | 2018-04-16 | 2019-10-24 | 株式会社構造計画研究所 | Malicious website detector, method for detecting malicious website, and malicious website detection program |
| CN108737589A (en) * | 2018-05-04 | 2018-11-02 | 哈尔滨工业大学(威海) | The method drawn a portrait to domain name based on geography information |
| US20190385254A1 (en) * | 2018-06-19 | 2019-12-19 | Thomson Reuters Global Resources Unlimited Company | Systems and methods for identifying and linking events in structured proceedings |
| CN109522504A (en) * | 2018-10-18 | 2019-03-26 | 杭州安恒信息技术股份有限公司 | A method of counterfeit website is differentiated based on threat information |
| CN113098887A (en) * | 2021-04-14 | 2021-07-09 | 西安工业大学 | Phishing website detection method based on website joint characteristics |
Non-Patent Citations (2)
| Title |
|---|
| ZHAOXIN ZHANG: "A new adaptive hierarchical routing protocol in Wireless Sensor Network", 《IEEE》 * |
| 程亚楠: "恶意域名挖掘与分析系统的设计与实现", 《中国优秀硕士学位论文全文数据库》, no. 2 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116055180A (en) * | 2023-01-28 | 2023-05-02 | 北京亿赛通科技发展有限责任公司 | Internet resource record information inquiry verification method and device based on gateway |
| CN116055180B (en) * | 2023-01-28 | 2023-06-16 | 北京亿赛通科技发展有限责任公司 | Internet resource record information inquiry verification method and device based on gateway |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9276956B2 (en) | Method for detecting phishing website without depending on samples | |
| AU2019219712B2 (en) | System and methods for identifying compromised personally identifiable information on the internet | |
| US11630918B2 (en) | Systems and methods of determining compromised identity information | |
| CN114021040B (en) | Method and system for alarming and protecting malicious event based on service access | |
| US10769290B2 (en) | Systems and methods for fraud detection via interactive link analysis | |
| Thelwall | Extracting accurate and complete results from search engines: Case study Windows Live | |
| US11089055B1 (en) | Method for detecting a web skimmer on a “payment page” | |
| US20170091680A1 (en) | Discovery of sensitive data location in data sources using business/ enterprise application data flows | |
| Haller et al. | What are links in linked open data? A characterization and evaluation of links between knowledge graphs on the web | |
| CN106302440B (en) | Method for acquiring suspicious phishing websites through multiple channels | |
| US20170134407A1 (en) | Identifying Attack Patterns in Requests Received by Web Applications | |
| US20120030080A1 (en) | Systemic Risk Monitoring System And Method For Revenue Agencies | |
| CN112804210B (en) | Data association method and device, electronic equipment and computer-readable storage medium | |
| RU2722693C1 (en) | Method and system for detecting the infrastructure of a malicious software or a cybercriminal | |
| US20180131708A1 (en) | Identifying Fraudulent and Malicious Websites, Domain and Sub-domain Names | |
| CN102546641B (en) | Method and system for carrying out accurate risk detection in application security system | |
| CN112887341B (en) | An External Threat Monitoring Method | |
| US8621623B1 (en) | Method and system for identifying business records | |
| CN108292408A (en) | The method for detecting WEB follow-up services | |
| KR101942576B1 (en) | System for integrally analyzing and auditing heterogeneous personal information protection products | |
| KR101200907B1 (en) | System for prenventing inner users from leaking the personal information by returnning results and the detection of anomaly pattern | |
| CN113779478A (en) | Abnormal ICP filing website detection method based on multivariate features | |
| CN115567316B (en) | Method and device for detecting abnormality in access data | |
| CN115001724A (en) | Network threat intelligence management method, device, computing equipment and computer readable storage medium | |
| CN117725575A (en) | Asset management method based on middleware access log |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20211210 |