CN103440454B - A kind of active honeypot detection method based on search engine keywords - Google Patents
A kind of active honeypot detection method based on search engine keywords Download PDFInfo
- Publication number
- CN103440454B CN103440454B CN201310332730.7A CN201310332730A CN103440454B CN 103440454 B CN103440454 B CN 103440454B CN 201310332730 A CN201310332730 A CN 201310332730A CN 103440454 B CN103440454 B CN 103440454B
- Authority
- CN
- China
- Prior art keywords
- search engine
- honeypot
- malicious
- webpage
- keywords
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 15
- 238000005516 engineering process Methods 0.000 claims abstract description 16
- 238000007418 data mining Methods 0.000 claims abstract description 8
- 238000000034 method Methods 0.000 claims description 12
- 238000005457 optimization Methods 0.000 claims description 8
- 239000000284 extract Substances 0.000 claims description 3
- 230000008685 targeting Effects 0.000 abstract description 6
- 230000007547 defect Effects 0.000 abstract description 2
- 230000000694 effects Effects 0.000 description 3
- 238000010224 classification analysis Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000003203 everyday effect Effects 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
本发明公开了一种基于搜索引擎关键词的主动式蜜罐检测方法,首先利用已知的恶意搜索引擎关键词库,自动构造相应的蜜罐网页:对于针对URL路径的恶意搜索引擎关键词,利用Appache?HTTP?Server引擎的地址重写技术构造相应的蜜罐网页;对于针对网页内容的恶意搜索引擎关键词,把关键词重新输入到搜索引擎中,将返回的网页结果作为蜜罐网页。其次将蜜罐网页收录到搜索引擎中。最后根据蜜罐网页的恶意访问记录采用数据挖掘算法提取新的恶意搜索引擎关键词,并将其并入到恶意搜索引擎关键词库,重新构造新的蜜罐网页。本发明大大提升蜜罐的检测效率,弥补传统蜜罐的被动性缺点;并且动态更新蜜罐网页,以获取最新的黑客攻击漏洞信息。
The invention discloses an active honeypot detection method based on search engine keywords. First, a known malicious search engine keyword database is used to automatically construct a corresponding honeypot web page: for malicious search engine keywords targeting URL paths, Use Apache? HTTP? The address rewriting technology of the server engine constructs the corresponding honeypot webpage; for malicious search engine keywords targeting the webpage content, re-enter the keywords into the search engine, and use the returned webpage results as the honeypot webpage. Secondly, include the honeypot webpage in the search engine. Finally, according to the malicious access records of honeypot webpages, data mining algorithms are used to extract new malicious search engine keywords, and incorporate them into the malicious search engine keyword database to reconstruct new honeypot webpages. The invention greatly improves the detection efficiency of the honeypot, makes up for the passive defect of the traditional honeypot; and dynamically updates the webpage of the honeypot to obtain the latest hacker attack vulnerability information.
Description
技术领域technical field
本发明涉及一种主动式蜜罐检测方法,尤其涉及一种基于搜索引擎关键词的主动式蜜罐检测方法。The invention relates to an active honeypot detection method, in particular to an active honeypot detection method based on search engine keywords.
背景技术Background technique
黑客攻击往往是在发现了系统或网络某些漏洞的基础上,针对新的漏洞总会不断产生新的攻击方法。为了测试新的漏洞和攻击方法,黑客往往要利用搜索引擎在互联网上搜索可能存在某种漏洞的网站,对其进行攻击。还有黑客针对某种漏洞,写出了某种特定的扫描和自动入侵的工具,通过搜索引擎,对互联网上可能存在这种漏洞的所有网站进行大规模的扫描和入侵。这几年,利用搜索引擎的黑客攻击已经成为了一种重要的黑客攻击手段。Hacker attacks are often based on the discovery of certain loopholes in the system or network, and new attack methods will always be generated for new loopholes. In order to test new loopholes and attack methods, hackers often use search engines to search for websites that may have certain loopholes on the Internet and attack them. There are also hackers who have written a specific scanning and automatic intrusion tool for a certain vulnerability, and conduct large-scale scanning and intrusion on all websites on the Internet that may have such a vulnerability through search engines. In recent years, hacking using search engines has become an important means of hacking.
蜜罐是一个包含漏洞的诱骗系统,其是专门为吸引并诱骗那些黑客而设计的,通过模拟一个或多个易受攻击的主机,给黑客提供一个容易攻击的目标。由于蜜罐没有向外界提供真正有价值的服务,所以所有对蜜罐的尝试都被视为可疑。蜜罐的另一个用途是拖延攻击中对真正目标的攻击,让黑客在蜜罐上浪费时间。A honeypot is a decoy system containing vulnerabilities, which is specially designed to attract and entrap those hackers. By simulating one or more vulnerable hosts, it provides hackers with an easy target to attack. Since the honeypot does not provide a truly valuable service to the outside world, all attempts at honeypots are considered suspicious. Another use of honeypots is to delay the attack on the real target in an attack, allowing hackers to waste time on honeypots.
蜜罐分为实系统蜜罐和伪系统蜜罐。实系统蜜罐是真正的蜜罐,它运行着真实的系统,并且带着真实可入侵的漏洞,这种漏洞属于最危险的漏洞;而且它记录下的入侵信息是最真实的。伪系统蜜罐同样也是建立在真实系统的基础上,它利用一些工具程序的强大模仿能力,伪造出不属于自己的漏洞。入侵这样的漏洞,只是在一个程序框架里打转。蜜罐可以最大程度防止入侵者破坏,也能模拟不存在的漏洞以迷惑黑客。Honeypots are divided into real system honeypots and pseudo system honeypots. A real system honeypot is a real honeypot, which runs a real system and has real hackable loopholes, which are the most dangerous loopholes; and the intrusion information it records is the most authentic. The fake system honeypot is also based on the real system. It uses the powerful imitation ability of some tool programs to forge vulnerabilities that do not belong to it. Invading such a loophole is just going around in a program framework. Honeypots can prevent intruders from damaging to the greatest extent, and can also simulate non-existent vulnerabilities to confuse hackers.
如果能根据黑客的搜索关键词模拟相应的蜜罐,部署于互联网上,并且让知名的搜索引擎搜索到,结合搜索引擎算法优化技术,将蜜罐展现给黑客,引诱黑客攻击,则可以达到主动吸引黑客攻击的目的,大大提升了蜜罐的检测效果,而且这样还可以根据每天出现的新的黑客搜索关键词不断更新蜜罐,保证蜜罐的内容与黑客的攻击手段同步的目的。If the corresponding honeypot can be simulated according to the hacker's search keywords, deployed on the Internet, and searched by well-known search engines, combined with search engine algorithm optimization technology, the honeypot can be displayed to the hacker to lure the hacker to attack, then the initiative can be achieved. The purpose of attracting hackers' attacks greatly improves the detection effect of the honeypot, and in this way, the honeypot can be continuously updated according to the new hacker search keywords that appear every day, so as to ensure that the content of the honeypot is synchronized with the hacker's attack methods.
因此,本领域的技术人员致力于开发一种基于搜索引擎关键词的主动式蜜罐检测方法,以弥补传统蜜罐的被动等待的缺点,并且更好的主动引诱黑客攻击,来不断更新蜜罐的内容,使其与最新的黑客技术同步。Therefore, those skilled in the art are committed to developing an active honeypot detection method based on search engine keywords to make up for the passive waiting shortcomings of traditional honeypots, and to better actively lure hackers to attack and continuously update honeypots content to keep it up to date with the latest hacking techniques.
发明内容Contents of the invention
有鉴于现有技术的上述缺陷,本发明所要解决的技术问题是提供一种基于搜索引擎关键词的主动式木管检测方法。In view of the above-mentioned defects in the prior art, the technical problem to be solved by the present invention is to provide an active woodwind detection method based on search engine keywords.
为实现上述目的,本发明提供了一种基于搜索引擎关键词的主动式蜜罐检测方法,其特征在于,包括以下步骤:To achieve the above object, the invention provides a kind of active honeypot detection method based on search engine keywords, it is characterized in that, comprises the following steps:
步骤(101)利用已经搜集到并被识别的恶意搜索引擎关键词库自动构造蜜罐网页;Step (101) utilizing the collected and identified malicious search engine keyword database to automatically construct a honeypot webpage;
步骤(102)通过搜索引擎排名优化技术将构造的所述蜜罐网页收录到搜索引擎,并提高所述蜜罐网页在所述搜索引擎中的排名以主动吸引黑客访问;Step (102) including the constructed honeypot webpage in a search engine through search engine ranking optimization technology, and improving the ranking of the honeypot webpage in the search engine to actively attract hackers to visit;
步骤(103)从所述蜜罐网页的访问记录中使用数据挖掘算法来提取新恶意搜索引擎关键词,并将提取到的所述新恶意搜索引擎关键词并入所述恶意搜索引擎关键词库,重新跳转回步骤(101)。Step (103) using a data mining algorithm to extract new malicious search engine keywords from the access records of the honeypot webpage, and incorporating the extracted new malicious search engine keywords into the malicious search engine keyword database , jump back to step (101).
进一步地,在所述步骤(101)中,所述恶意搜索引擎关键词库包括针对URL路径的恶意搜索引擎关键词和针对网页内容的恶意搜索引擎关键词。Further, in the step (101), the malicious search engine keyword database includes malicious search engine keywords for URL paths and malicious search engine keywords for web page content.
进一步地,对于针对URL路径的所述恶意搜索引擎关键词,所述蜜罐网页采用地址重写技术来构造。Further, for the malicious search engine keyword for the URL path, the honeypot webpage is constructed by using address rewriting technology.
进一步地,其中,所述地址重写技术使用ApacheHTTPServer引擎。Further, wherein, the address rewriting technology uses ApacheHTTPServer engine.
进一步地,对于针对网页内容的所述恶意搜索引擎关键词,在搜索引擎上再次搜索所述恶意搜索引擎关键词,将搜索出的网页做处理后作为所述蜜罐网页。Further, for the malicious search engine keyword for the webpage content, the malicious search engine keyword is searched again on the search engine, and the searched webpage is processed as the honeypot webpage.
进一步地,所述搜索引擎排名优化技术包括注册高信誉域名,增加链接和优化网页内容。Further, the search engine ranking optimization technology includes registering high-reputation domain names, increasing links and optimizing web page content.
进一步地,所述步骤(103)还包括区分所述网页访问记录中的正常访问和恶意攻击。Further, the step (103) also includes distinguishing between normal access and malicious attack in the web page access records.
进一步地,所述蜜罐网页的访问记录分为引擎爬虫、所述正常访问和所述恶意攻击;其中所述引擎爬虫同样属于所述恶意攻击。Further, the access records of the honeypot webpage are divided into engine crawlers, the normal access and the malicious attacks; wherein the engine crawlers also belong to the malicious attacks.
进一步地,在所述步骤(103)中,还将所有HTTP响应代码不为200的访问全部作为所述恶意攻击。Further, in the step (103), all accesses whose HTTP response code is not 200 are taken as the malicious attack.
进一步地,所述数据挖掘算法是通过HTTPReferrer信息来提取所述新恶意搜索引擎关键词。Further, the data mining algorithm extracts the new malicious search engine keywords through HTTPReferrer information.
在本发明的较佳实施方式中,首先通过已识别的最近网络流行的恶意搜索引擎关键词库,采用两种方法构造出虚拟蜜罐网页:对于针对URL路径的恶意搜索引擎关键词,利用ApacheHTTPServer引擎采用地址重写技术构造蜜罐网页;对于针对网页内容的恶意搜索引擎关键词,在搜索引擎上再次查询这些关键词,将返回的网页做处理后作为相应的蜜罐网页。其次,通过搜索引擎排名优化技术让这些模拟出来的蜜罐网页被搜索引擎索引,并提高他们的排名,主动地吸引黑客。最后使用数据挖掘算法区分流量中不同恶意攻击和正常访问的记录,从而分析黑客最新的攻击行为的目的与步骤,并提取出新恶意搜索引擎关键词,并将新恶意搜索引擎关键词并入恶意搜索引擎关键词库,以动态更新恶意搜索引擎关键词,然后根据动态更新的恶意搜索引擎关键词库可以动态更新蜜罐网页,如此往复运行。In a preferred embodiment of the present invention, at first, adopt two kinds of methods to construct the virtual honeypot webpage by the recently identified malicious search engine keyword library that is popular on the Internet: for the malicious search engine keyword aiming at the URL path, utilize The engine uses address rewriting technology to construct honeypot webpages; for malicious search engine keywords targeting webpage content, query these keywords again on the search engine, and process the returned webpages as corresponding honeypot webpages. Secondly, through search engine ranking optimization technology, these simulated honeypot webpages are indexed by search engines, and their rankings are improved to actively attract hackers. Finally, data mining algorithms are used to distinguish different malicious attacks and normal access records in the traffic, so as to analyze the purpose and steps of the latest attack behavior of hackers, extract new malicious search engine keywords, and incorporate new malicious search engine keywords into malicious The search engine keyword database is used to dynamically update the malicious search engine keywords, and then the honeypot webpage can be dynamically updated according to the dynamically updated malicious search engine keyword database, and so on and on.
本发明的一种基于搜索引擎关键词的主动式蜜罐检测方法,通过主动地吸引黑客攻击,大大提升蜜罐的检测效率,弥补传统蜜罐的被动性缺点;并且本发明方法采用动态更新蜜罐网页,获取最新的黑客攻击漏洞信息,以挖掘数据流量中的恶意攻击行为,分析黑客最新的攻击行为的特征。An active honeypot detection method based on search engine keywords of the present invention greatly improves the detection efficiency of honeypots by actively attracting hackers to attack, and makes up for the passive shortcomings of traditional honeypots; and the method of the present invention uses dynamically updated honeypots. Jar webpage to obtain the latest hacker attack vulnerability information to mine malicious attack behavior in data traffic and analyze the characteristics of the latest hacker attack behavior.
以下将结合附图对本发明的构思、具体结构及产生的技术效果作进一步说明,以充分地了解本发明的目的、特征和效果。The idea, specific structure and technical effects of the present invention will be further described below in conjunction with the accompanying drawings, so as to fully understand the purpose, features and effects of the present invention.
附图说明Description of drawings
图1是本发明的一种基于搜索引擎关键词的主动式蜜罐检测方法的流程图;Fig. 1 is a kind of flow chart of the active type honeypot detection method based on search engine keyword of the present invention;
图2是本发明的一种基于搜索引擎关键词的主动式蜜罐检测方法的蜜罐系统架构图。Fig. 2 is a honeypot system architecture diagram of an active honeypot detection method based on search engine keywords in the present invention.
具体实施方式detailed description
下面结合附图对本发明的实施例作详细说明:本实施例在以本发明技术方案前提下进行实施,给出了详细的实施方式和具体的操作过程,但本发明的保护范围不限于下述的实施例。Below in conjunction with accompanying drawing, the embodiment of the present invention is described in detail: present embodiment implements under the premise of the technical scheme of the present invention, has provided detailed implementation and specific operation process, but protection scope of the present invention is not limited to the following the embodiment.
在本实施例中,如图1所示,本发明的一种基于搜索引擎关键词的主动式蜜罐检测方法包括以下步骤:In the present embodiment, as shown in Figure 1, a kind of active honeypot detection method based on search engine keyword of the present invention comprises the following steps:
步骤101:利用已经搜集到并被识别的恶意搜索引擎关键词库,自动构造蜜罐网页,如图2所示:Step 101: Utilize the collected and identified malicious search engine keyword database to automatically construct a honeypot webpage, as shown in Figure 2:
分类识别已搜索到并被识别的恶意搜索引擎关键词库:恶意搜索引擎关键词分为针对网页地址URL(UniformResourceLocator)路径的恶意搜索引擎关键词和针对网页内容的恶意搜索引擎关键词。Classify and identify the searched and identified malicious search engine keyword database: malicious search engine keywords are divided into malicious search engine keywords targeting the URL (UniformResourceLocator) path of the webpage and malicious search engine keywords targeting webpage content.
对于是针对URL路径的恶意搜索引擎关键词,利用ApacheHTTPServer的搜索引擎采用URLRewrite技术,即地址重写技术构造蜜罐网页。URLRewrite也就是地址的重新定向,URLRewrite技术是截取传入的用户请求,并自动将该请求重定向到其他资源的过程。服务器在处理用户请求时的工作方式没有改变,只是增加了对请求进行重新定向的处理过程。在本发明中,URLRewrite技术根据已有的URL路径的恶意搜索引擎关键词,把它重新定向到相应的蜜罐网页。For malicious search engine keywords targeting the URL path, the search engine using Apache HTTP Server adopts URLRewrite technology, that is, address rewriting technology to construct honeypot web pages. URLRewrite is also the redirection of addresses. URLRewrite technology is the process of intercepting incoming user requests and automatically redirecting the requests to other resources. The way the server works when handling user requests has not changed, only the process of redirecting requests has been added. In the present invention, the URLRewrite technology redirects it to the corresponding honeypot webpage according to the malicious search engine keywords of the existing URL path.
对于针对网页内容的恶意搜索引擎关键词,再次查询这些恶意搜索引擎关键词,并将搜索结果的网页内容存放在本地ApacheWEB服务器作为相应的蜜罐网页。For malicious search engine keywords aimed at webpage content, query these malicious search engine keywords again, and store the webpage content of the search results in the local Apache WEB server as the corresponding honeypot webpage.
步骤102:通过搜索引擎排名优化技术将构造的所述蜜罐网页收录到搜索引擎:提高所述蜜罐网页在所述搜索引擎中的排名以主动吸引黑客访问。利用注册高信誉域名,增加链接和优化网页内容等搜索引擎优化技术来使蜜罐网页被搜索引擎索引,并进一步提升其排名,使之能够更好的吸引黑客。Step 102: Include the constructed honeypot webpage in a search engine through search engine ranking optimization technology: improve the ranking of the honeypot webpage in the search engine to actively attract hackers to visit. Use search engine optimization techniques such as registering high-reputation domain names, increasing links, and optimizing web content to make honeypot web pages indexed by search engines and further improve their rankings, making them more attractive to hackers.
步骤103:从网页访问记录中采如下算法来提取恶意搜索引擎关键词:Step 103: adopt the following algorithm to extract malicious search engine keywords from the webpage access records:
第一步,对网页记录的正常访问和恶意攻击进行区分:当蜜罐网页被搜索引擎收录后,黑客可以通过恶意搜索引擎关键词搜索到这些蜜罐网页,并对其进行攻击。记录所有对蜜罐网页的访问,并从中挖掘出黑客的攻击。由于蜜罐网页的链接在网站中全部为隐藏链接,用户无法看到,但是对于黑客的攻击工具来说,这样的链接是可以被发现的。在蜜罐的访问记录中,如图2所示,除了正常访问外,还包括两类访问:即攻击201和恶意搜索203;此外,还有利用搜索引擎特有的用户代理(UserAgent)和源IP地址识别来自知名搜索引擎的爬虫202。因此,所有针对蜜罐网页的除正常访问外的所有情况将被识别为恶意攻击。并且,针对攻击者可能尝试访问一些系统敏感资源路径的现象,由于HTTP响应代码为200的访问都是正常的,所以将所有HTTP响应代码不为200的访问全部列为恶意攻击。The first step is to distinguish between normal visits and malicious attacks recorded on webpages: when honeypot webpages are indexed by search engines, hackers can search for these honeypot webpages through malicious search engine keywords and attack them. Record all visits to honeypot web pages, and dig out hacker attacks from them. Because the links of the honeypot web pages are all hidden links in the website, users cannot see them, but such links can be found for hackers' attack tools. In the honeypot access records, as shown in Figure 2, in addition to normal access, it also includes two types of access: attack 201 and malicious search 203; in addition, there are search engine-specific User Agent (UserAgent) and source IP The address identifies crawlers 202 from well-known search engines. Therefore, all situations other than normal visits to honeypot webpages will be identified as malicious attacks. In addition, in view of the phenomenon that attackers may try to access some system sensitive resource paths, since the access with HTTP response code 200 is normal, all accesses with HTTP response code not 200 are listed as malicious attacks.
第二步,针对恶意攻击的记录来记录其攻击来源,将记录的攻击来源作为数据库,利用数据挖掘算法对记录的攻击来源数据库创建数据挖掘模型,然后进行分类分析,并提取出新的恶意搜索引擎关键词:由于HTTPReferrer,即HTTP来源地址,是HTTP表头的一个字段,用来表示从哪儿链接到目前的网页,采用的格式是URL。借着HTTPReferrer,目前的网页可以检查访客从哪里而来;所以通过HTTPReferrer信息,能够提取出黑客访问蜜罐网页可能利用到的新恶意搜索引擎关键词。The second step is to record the source of the malicious attack, use the recorded source of the attack as a database, use the data mining algorithm to create a data mining model for the database of the recorded attack source, and then perform classification analysis to extract new malicious searches Engine keywords: HTTPReferrer, that is, the HTTP source address, is a field in the HTTP header, used to indicate where to link to the current web page, and the format used is URL. With HTTPReferrer, the current webpage can check where visitors come from; therefore, through HTTPReferrer information, new malicious search engine keywords that hackers may use to access honeypot webpages can be extracted.
提取出了新恶意搜索引擎关键词后,将提取出的新恶意搜索引擎关键词补充到恶意关键词库中,跳转到步骤101,重新构造新的蜜罐网页,以达到动态更新蜜罐网页的目的。After the new malicious search engine keywords are extracted, add the extracted new malicious search engine keywords to the malicious keyword database, jump to step 101, and reconstruct a new honeypot webpage, so as to dynamically update the honeypot webpage the goal of.
以上详细描述了本发明的较佳具体实施例。应当理解,本领域的普通技术无需创造性劳动就可以根据本发明的构思作出诸多修改和变化。因此,凡本技术领域中技术人员依本发明的构思在现有技术的基础上通过逻辑分析、推理或者有限的实验可以得到的技术方案,皆应在由权利要求书所确定的保护范围内。The preferred specific embodiments of the present invention have been described in detail above. It should be understood that those skilled in the art can make many modifications and changes according to the concept of the present invention without creative efforts. Therefore, all technical solutions that can be obtained by those skilled in the art based on the concept of the present invention through logical analysis, reasoning or limited experiments on the basis of the prior art shall be within the scope of protection defined by the claims.
Claims (1)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310332730.7A CN103440454B (en) | 2013-08-01 | 2013-08-01 | A kind of active honeypot detection method based on search engine keywords |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310332730.7A CN103440454B (en) | 2013-08-01 | 2013-08-01 | A kind of active honeypot detection method based on search engine keywords |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103440454A CN103440454A (en) | 2013-12-11 |
| CN103440454B true CN103440454B (en) | 2016-04-06 |
Family
ID=49694147
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310332730.7A Expired - Fee Related CN103440454B (en) | 2013-08-01 | 2013-08-01 | A kind of active honeypot detection method based on search engine keywords |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103440454B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104978519A (en) * | 2014-10-31 | 2015-10-14 | 哈尔滨安天科技股份有限公司 | Implementation method and device of application-type honeypot |
| CN108229166A (en) * | 2017-12-08 | 2018-06-29 | 重庆邮电大学 | A kind of webpage Trojan horse detecting system and method searched for using leading type |
| CN111917691A (en) * | 2019-05-10 | 2020-11-10 | 张长河 | WEB dynamic self-adaptive defense system and method based on false response |
| CN110677414A (en) * | 2019-09-27 | 2020-01-10 | 北京知道创宇信息技术股份有限公司 | Network detection method and device, electronic equipment and computer readable storage medium |
| CN110971605B (en) * | 2019-12-05 | 2022-03-08 | 福建天晴在线互动科技有限公司 | Method for acquiring pirated game server information by capturing data packet |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1567118A (en) * | 2004-03-29 | 2005-01-19 | 四川大学 | Computer viruses detection and identification system and method |
| CN101060444A (en) * | 2007-05-23 | 2007-10-24 | 西安交大捷普网络科技有限公司 | Bayesian statistical model based network anomaly detection method |
| CN102571484A (en) * | 2011-12-14 | 2012-07-11 | 上海交通大学 | Method for detecting and finding online water army |
-
2013
- 2013-08-01 CN CN201310332730.7A patent/CN103440454B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1567118A (en) * | 2004-03-29 | 2005-01-19 | 四川大学 | Computer viruses detection and identification system and method |
| CN101060444A (en) * | 2007-05-23 | 2007-10-24 | 西安交大捷普网络科技有限公司 | Bayesian statistical model based network anomaly detection method |
| CN102571484A (en) * | 2011-12-14 | 2012-07-11 | 上海交通大学 | Method for detecting and finding online water army |
Non-Patent Citations (1)
| Title |
|---|
| 恶意的URL捕获分析系统;周佩颖;《中国优秀硕士学位论文全文数据库(电子期刊)信息科技辑》;20110415;I139-133页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103440454A (en) | 2013-12-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Jain et al. | A novel approach to protect against phishing attacks at client side using auto-updated white-list | |
| CN102801697B (en) | Malicious code detection method and system based on plurality of URLs (Uniform Resource Locator) | |
| US9723018B2 (en) | System and method of analyzing web content | |
| US7873635B2 (en) | Search ranger system and double-funnel model for search spam analyses and browser protection | |
| US9430577B2 (en) | Search ranger system and double-funnel model for search spam analyses and browser protection | |
| US8615800B2 (en) | System and method for analyzing web content | |
| US8667117B2 (en) | Search ranger system and double-funnel model for search spam analyses and browser protection | |
| Apruzzese et al. | Spacephish: The evasion-space of adversarial attacks against phishing website detectors using machine learning | |
| Kim et al. | Detecting fake anti-virus software distribution webpages | |
| CN104967628B (en) | A kind of decoy method of protection web applications safety | |
| WO2014000537A1 (en) | System and method for finding phishing website | |
| CN103440454B (en) | A kind of active honeypot detection method based on search engine keywords | |
| Dao et al. | CNAME cloaking-based tracking on the web: Characterization, detection, and protection | |
| CN106022126B (en) | A kind of web page characteristics extracting method towards WEB trojan horse detections | |
| Mansoori et al. | YALIH, yet another low interaction honeyclient | |
| CN109756467A (en) | Method and device for identifying a phishing website | |
| Tyagi et al. | Next generation phishing detection and prevention system using machine learning | |
| Zeng et al. | Hidden path: Understanding the intermediary in malicious redirections | |
| CN103561076A (en) | Webpage trojan-linking real-time protection method and system based on cloud | |
| McKenna | Detection and classification of Web robots with honeypots | |
| CN104506529A (en) | Website protection method and device | |
| Brites et al. | Phishfry-a proactive approach to classify phishing sites using scikit learn | |
| CN104008339A (en) | Active technology based malicious code capture method | |
| Wang et al. | Design and Implementation of Web Honeypot Detection System Based on Search Engine | |
| Tan et al. | Malfilter: A lightweight real-time malicious url filtering system in large-scale networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C53 | Correction of patent for invention or patent application | ||
| CB03 | Change of inventor or designer information |
Inventor after: Zou Futai Inventor after: Bai Wei Inventor after: Wang Jiahui Inventor after: Pan Daoxin Inventor after: Yi Ping Inventor before: Zou Futai Inventor before: Bai Wei Inventor before: Pan Daoxin Inventor before: Yi Ping |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: INVENTOR; FROM: ZOU FUTAI BAI WEI PAN DAOXIN YI PING TO: ZOU FUTAI BAI WEI WANG JIAHUI PAN DAOXIN YI PING |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20160406 Termination date: 20180801 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |