[go: up one dir, main page]

WO2019109529A1 - Procédé d'identification d'une page web, dispositif, appareil informatique et support d'informations informatique - Google Patents

Procédé d'identification d'une page web, dispositif, appareil informatique et support d'informations informatique Download PDF

Info

Publication number
WO2019109529A1
WO2019109529A1 PCT/CN2018/077064 CN2018077064W WO2019109529A1 WO 2019109529 A1 WO2019109529 A1 WO 2019109529A1 CN 2018077064 W CN2018077064 W CN 2018077064W WO 2019109529 A1 WO2019109529 A1 WO 2019109529A1
Authority
WO
WIPO (PCT)
Prior art keywords
domain name
webpage
identified
data
website
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2018/077064
Other languages
English (en)
Chinese (zh)
Inventor
王元铭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Publication of WO2019109529A1 publication Critical patent/WO2019109529A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/951Indexing; Web crawling techniques
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Definitions

  • the present application relates to the field of network security, and in particular, to a webpage identification method, apparatus, computer device, and storage medium.
  • a web page identification method, apparatus, computer apparatus, and computer storage medium are provided, which solve one or more problems involved in the background art.
  • a website identification method includes:
  • a webpage identification device comprising:
  • a first acquiring module configured to acquire a webpage whose identified risk level is greater than a preset level, and extract a website domain name corresponding to the webpage;
  • a second obtaining module configured to obtain a network address corresponding to the website according to the website domain name
  • a search module configured to search for a domain name associated with the network address, and when the domain name associated with the network address is found, the associated domain name is used as the domain name to be identified;
  • a third obtaining module configured to acquire webpage data in a website corresponding to the domain name to be identified
  • the identification module is configured to obtain, according to the acquired webpage data, a webpage whose risk level corresponding to the domain name to be identified is greater than a preset level.
  • a computer apparatus comprising a memory and a processor, the memory storing computer readable instructions, wherein the processor, when executing the computer readable instructions, implements the step of: computer readable instructions
  • One or more non-transitory computer readable storage media storing computer readable instructions, when executed by one or more processors, cause one or more processors to perform the steps of: obtaining Identifying a webpage whose risk level is greater than a preset level, and extracting a website domain name corresponding to the webpage;
  • 1 is an application scenario diagram of a webpage identification method in an embodiment
  • FIG. 2 is a flow chart of a webpage identification method in an embodiment
  • FIG. 3 is a schematic structural diagram of a webpage identification device in an embodiment
  • FIG. 4 is a schematic structural diagram of a computer device in an embodiment.
  • FIG. 1 is an application scenario diagram of a webpage identification method according to an embodiment, which includes a webpage recognition platform and a server.
  • the webpage identification platform acquires, from a server, a stored webpage whose detected risk level is greater than a preset level. Obtaining a webpage address on a webpage with a risk level greater than a preset level, and extracting a webpage domain name corresponding to the webpage from the webpage address, the webpage identification platform obtains a webpage address corresponding to the webpage according to the website domain name, and the webpage identification platform according to the network address The domain name associated with the network address is searched in the address association database of the webpage identification platform.
  • the webpage identification platform obtains the domain name corresponding to the domain to be identified.
  • the webpage data on the webpage included in the website obtains a webpage whose risk level corresponding to the domain name to be identified is greater than a preset level according to the obtained webpage data.
  • a flowchart of a webpage identification method is provided.
  • the method is applied to the webpage identification platform in FIG. 1 to illustrate that the webpage runs on the platform.
  • the recognition program implements the web page recognition processing by the web page recognition program. The method comprises the following steps:
  • S202 Acquire a webpage whose identified risk level is greater than a preset level, and extract a website domain name corresponding to the webpage.
  • the risk level refers to a security indicator for evaluating whether the webpage is secure, and the risk level may be a different level of whether the predetermined evaluation webpage is secure.
  • the risk level may be set from low to high according to the level, and the risk level is higher. It means that the corresponding webpage has a higher risk.
  • the risk level is set to level 1 to level 5, indicating that the risk corresponding to the webpage is getting higher and higher.
  • the website domain name refers to the logo of the relevant website. There may be multiple web pages under the same website domain name. For example, the website name of the website "Baidu” is "baidu.com", and there are multiple web pages under the domain name of the website, such as the "Baidu Encyclopedia" webpage. Wait.
  • the server is provided with a risk database
  • the risk database stores a webpage with a risk level greater than a preset level
  • the webpage with a risk level greater than a preset level indicates a webpage with high risk
  • the webpage recognition platform obtains the identified webpage from the server. If the webpage whose risk level is greater than the preset level is obtained, the webpage address corresponding to the webpage is obtained according to the obtained webpage, and the webpage identification platform extracts the webpage according to the webpage address.
  • the webpage address of the webpage refers to a corresponding unique identifier of each webpage in the network, and the webpage address may be a URL (Uniform Resoure Locator) address.
  • a risk database is a database that stores web pages with a risk level greater than a preset value.
  • the network address refers to a communicable identifier when the computer network is connected to each other or communicates, and may be a network address of a computer in a network, the network address may uniquely identify the computer device in the network, the computer When communicating with other computers, the network address can be used as the communication identifier.
  • the network address can be an IP (Internet Protocol) address, and different website domain names have corresponding network addresses.
  • the webpage identification platform queries the web address corresponding to the website according to the website domain name, and the webpage identification platform sends corresponding test data to the webpage server corresponding to the website according to the obtained website domain name, and the corresponding web server returns a response. When the data is used, the webpage identification platform extracts the corresponding network address from the response data sent by the web server.
  • S206 Search for a domain name associated with the network address. When the domain name associated with the network address is found, the associated domain name is used as the domain name to be identified.
  • the associated domain name refers to a domain name that can share the same network address.
  • sites corresponding to different website domain names are stored in the same website server, the same network address can be shared, and the website corresponding to different website domain names is in the website server.
  • the webpage identification platform pre-stores different network addresses and corresponding website domain names, and the webpage identification platform queries the domain name associated with the network address according to the obtained network address, and the associated domain name and the identified risk level are greater than the pre- If the domain name of the website is different, if the domain name associated with the network address corresponding to the website with the risk level greater than the preset level is found, the associated domain name is used as the domain name to be identified.
  • the webpage data refers to content displayed on a webpage page
  • the webpage data may be text data, image data, digital data, and the like.
  • the website may include different web pages
  • the webpage identification platform is based on the obtained domain name that is found by the webpage corresponding to the network address corresponding to the preset level of the website.
  • the obtained domain name to be identified finds the website corresponding to the domain name to be identified, thereby obtaining webpage data of different webpages included in the website corresponding to the domain name to be identified, such as obtaining text data displayed on different webpages.
  • S210 Obtain a webpage whose risk level corresponding to the domain name to be identified is greater than a preset level according to the acquired webpage data.
  • the webpage identification platform identifies the webpage data according to the obtained webpage data, and when there is suspicious data in the obtained webpage data, the webpage including the webpage data is further used as a webpage whose risk level is greater than a preset level.
  • the webpage recognition platform may identify the characters in the text data one by one according to the text data of the obtained webpage data.
  • the webpage including the text data is a risk corresponding to the domain name to be identified.
  • the suspicious data may be preset data.
  • the webpage includes the preset data
  • the webpage is a webpage whose risk level is greater than a preset level
  • the suspicious data may be text data, image data, digital data, etc.
  • the data can be set to the words "bank", "point” or “prize” and the like.
  • the webpage identification platform queries the other associated domain names through a recognized webpage whose risk level is greater than the preset level, and obtains other risk levels greater than the preset level according to the webpage data in the website corresponding to the associated domain name.
  • a webpage with a risk level greater than a preset level can be associated with a webpage with a different risk level than a preset level to improve query efficiency.
  • step S206 may include the following process, step S206, that is, the step of searching for a domain name associated with the network address, including:
  • the network address is matched to the pre-stored network address in the address association library.
  • the address association library refers to a database in which different network addresses and domain names corresponding to different network addresses are stored.
  • the webpage recognition platform obtains a webpage with a risk level greater than a preset level, and obtains a webpage address of a webpage whose risk level is greater than a preset level, extracts a webpage domain name corresponding to the webpage according to the webpage address, and obtains the risk level greater than the pre-requisite according to the webpage domain name.
  • the network address corresponding to the graded website is further matched, and the network address corresponding to the website with the identified risk level greater than the preset level is matched with all the network addresses pre-stored in the address association library, and the matching address is traversed one by one. All network addresses stored in the repository.
  • the domain name to be matched refers to a domain name associated with a network address pre-stored in the address association library, and the domain name may be an identifier of a related website, and may be associated when the network address is obtained in the address association repository.
  • the webpage identification platform matches the network address with the identified risk level greater than the preset level and all the network addresses stored in the address association library one by one, and the webpage identification platform selects the identified network address with the risk level greater than the preset level.
  • the network address that is successfully matched in the associated library is obtained, and the associated domain name to be matched associated with the successfully matched network address is obtained from the address association library.
  • the effective expiration time refers to the last valid time to be carried in the associated domain name to be matched
  • the effective expiration time may be the year time
  • the effective expiration time may be the specific month in the year
  • the effective deadline may be a specific detailed date, etc.
  • the effective deadline can be 2017, the effective deadline can be the specific month in the year is December 2017, and the effective deadline can be the specific detailed date is December 31, 2017.
  • the webpage identification platform successfully matches the network address corresponding to the webpage with the identified risk level greater than the preset level to the network address stored in the address association library, and the webpage identification platform obtains the to-be-matched associated domain name associated with the successfully matched network address.
  • the webpage identifying platform obtains the valid expiration time corresponding to the to-be-matched domain name according to the to-be-matched domain name in the address-associated database, that is, obtains the final effective time corresponding to the to-be-matched domain name according to the to-be-matched domain name in the address-associated database.
  • the associated domain name to be matched is extracted as the domain name to be identified.
  • the current time refers to the time when the associated domain name is to be matched, and the current time may be the system time.
  • the current time may be the year time
  • the current time may be the specific month in the year
  • the current time may also be a specific date. Wait.
  • the webpage identification platform obtains the associated domain name to be matched, and obtains the current time.
  • the current time may be the system time.
  • the webpage identification platform performs the current deadline and the valid deadline corresponding to the domain name to be matched according to the obtained current time.
  • the webpage identification platform will obtain The associated domain name to be matched is used as the associated domain name, and the associated domain name is used as the domain name to be identified.
  • the address association library may be a passive DNS (passive domain name system) database
  • the webpage identification platform obtains the network address of the website according to the obtained identified risk level that is greater than the preset level. Matches the network address stored in the passive DNS database. If the matching is successful, the domain name of the domain name to be matched in the passive DNS database is obtained. The current time of the domain name to be matched is less than or equal to the matching domain name. When the valid deadline of the associated domain name is used, the associated domain name to be matched is used as the associated domain name.
  • passive DNS passive domain name system
  • a webpage with a risk level greater than a preset level may be a high-risk webpage disguised as a normal webpage.
  • the user's relevant bank card information is stolen, thereby threatening the user's property security, such as a phishing webpage;
  • It may also be other webpages that restrict access when risk management is required.
  • a webpage with a risk level greater than a preset level is an access right of a corresponding webpage in some enterprises, and a webpage that restricts access may be regarded as a risk level.
  • the webpage identification platform obtains the domain name to be matched according to the pre-stored network address that is successfully matched from the address association library, and compares the current time with the valid deadline of the domain name to be matched, when the current time is less than or equal to
  • the domain name to be matched is valid, that is, the associated domain name can be used as the domain name to be identified, and the domain name to be matched that is invalid according to the filtering of the current time and the valid deadline is directly operated, the efficiency is improved, and the pair is invalid.
  • the domain name to be matched is directly filtered to improve the accuracy of selecting the associated domain name.
  • the webpage identification method may further include the following steps.
  • the step may be performed after the step S206, that is, after searching for the domain name associated with the network address, the step may include:
  • the registration data corresponding to the domain name of the website is obtained, and the corresponding domain name is queried according to the registration data as the domain name to be identified.
  • the registration data refers to data indicating the detailed information of the user who registered the domain name of the website.
  • the registration data may be text data, picture data, or digital data.
  • the registration data may be a personal name, and the registration data may be a personal mailbox.
  • the registration data can be a personal phone, and the registration data can also be a personal photo or the like. If the webpage identification platform does not match the pre-stored network address in the address association library, the domain identification platform acquires the identified risk level greater than the preset level.
  • the registration data corresponding to the domain name of the website, and the webpage identification platform queries the domain name corresponding to the registration data according to the registered registration data, and the domain name corresponding to the registration data is different from the domain name of the website whose risk level is greater than the preset level. Further, the queried domain name different from the domain name of the website whose risk level is greater than the preset level is used as the domain name to be identified.
  • the step of obtaining the registration data corresponding to the domain name of the website and querying the corresponding domain name as the domain name to be identified according to the registration data may include the following processes:
  • the conversion logic library is a database that stores conversion logic for converting registration data into a fixed format registration data.
  • the conversion logic refers to a rule for converting registration data.
  • the conversion logic may replace characters in the registration data with preset characters, and the conversion logic may delete invalid characters or the like.
  • the webpage recognition platform obtains the recognized webpage with a risk level greater than the preset level, the website domain name corresponding to the webpage whose detected risk level is greater than the preset level is extracted according to the webpage address of the webpage, and is extracted by the webpage recognition platform.
  • the registration data corresponding to the webpage whose detected risk level is greater than the preset level is obtained according to the domain name of the website, and the obtained registration data is not displayed according to the specified format, and the conversion is performed according to the type of the registration data.
  • the conversion logic corresponding to the registration data is selected in the logic library, and the acquired registration data is further according to a prescribed display format.
  • the webpage identification platform extracts the registration data corresponding to the domain name according to the domain name of the website, such as the registered name, the registered email address, the registered telephone number, etc. according to the extracted domain name of the website whose authorized risk level is greater than the preset level, and the registered name contains a space in the middle.
  • the registration phone contains a connector
  • the registration data type that is, the webpage identification selects the registration name from the logical conversion library according to the registered name, and the conversion logic displayed according to the display rule is deleted, and the space in the registered name is deleted, and then converted according to the registered phone.
  • the conversion logic displayed by the registration phone according to the display rule is selected, and the connector in the registered phone is deleted.
  • the registration data is converted according to the conversion logic to obtain the converted registration data.
  • the webpage recognition platform selects the conversion logic, that is, the webpage identification adds the rules to convert the registration data, such as replacing the characters in the registration data with the preset characters, deleting invalid characters, etc.
  • the webpage The recognition platform converts the registration data to the converted registration data according to the conversion logic, and the converted registration data may be displayed according to a prescribed display format.
  • the registration data has a registered name, a registered email address, a registered telephone number, etc.
  • the webpage identification platform selects the conversion logic of the registered name and the registered telephone, and then deletes the invalid space character according to the conversion logic in the registered name, and can also follow the registration telephone.
  • the conversion logic in the registration phone deletes the connector.
  • the converted registration data is matched with the information data stored in the information repository.
  • the information repository refers to a database storing different registration information and a domain name associated with the registration information, and the information repository may store a registered name, a registered email address, a registered telephone, etc., a registered name, a registered email address, and the stored in the information database.
  • the registration phones may correspond to each other, and the information repository may store the website domain name associated with the registration information.
  • the information data refers to data showing the detailed information of the registrant of the related domain name, and the information data may be text data, and the information data may be digital data or image data, for example, the information data may be a name, a phone, a mailbox, or a photo. Wait.
  • the webpage identification platform matches the acquired registration data with the information data stored in the information repository one by one, and the registration data acquired by the webpage identification platform is a registered name, a registered email address, and a registration phone, and the webpage identification platform is based on The conversion rule converts the registered name, registered email address and registered telephone to obtain the converted registered name, the converted registered email address and the converted registration telephone, and the webpage identification platform performs the converted registered name and the name stored in the information repository.
  • the matching, the webpage identification platform matches the converted registration phone with the phone stored in the information repository, and the webpage identification platform matches the converted registration mailbox with the mailbox stored in the information repository.
  • the domain name associated with the successfully matched information data is obtained as the domain name to be identified.
  • the webpage identification platform matches the converted registration data with the information data stored by the information repository one by one, when the corresponding information data is matched in the information repository, the domain name associated with the successfully matched information data is obtained.
  • the associated domain name is used as the domain name to be identified.
  • the webpage identification platform may match each of the data in the registration data with the information data stored in the information data, and when each data in the registration data is successfully matched with the information data stored in the information database, the webpage identification platform acquires The domain name associated with the information data.
  • the webpage identification platform matches the converted registered name with the name stored in the information database.
  • the registered mailbox is matched with the mailbox corresponding to the name stored in the information database, and when the registered mailbox matches successfully, then Matching the registration phone with the phone number corresponding to the name and the mailbox stored in the information database, and when the registration phone is also successfully matched, the matching name, the phone number, and the domain name associated with the mailbox stored in the information repository are extracted, thereby The extracted domain name is used as the domain name to be identified.
  • the webpage identification platform only uses any registration data in the registration data to match the data stored in the information data.
  • the domain name associated with the matching success information data is used as the domain name to be identified. If the converted registered name is matched with the name stored in the information database, the domain name associated with the successfully matched name is directly extracted as the domain name to be identified.
  • the information storage database may be a whois database
  • the webpage identification platform obtains the domain name of the website whose identified risk level is greater than the preset level, and obtains the registration data corresponding to the website according to the domain name.
  • the registration data may be matched with the information data stored in the whois database. When the matching is successful, the domain name associated with the information data is obtained as the domain name to be identified.
  • the webpage identification platform first converts the acquired registration data according to the conversion logic, and obtains the converted registration data that can be displayed according to the display rule, thereby improving the accuracy of identifying the associated domain name to be identified, and further, according to the conversion.
  • the registration data is matched with the information data stored in the information repository.
  • the domain name associated with the successfully matched information data is obtained as the domain name to be identified, and different domain names to be identified can be obtained according to the registration information, thereby improving the recognition efficiency. .
  • the step of obtaining a webpage whose risk level corresponding to the domain name to be identified is greater than a preset level according to the obtained webpage data may include:
  • the webpage data is matched with the first filtering data stored in the preset blacklist.
  • the suspicious label is added to the domain name to be identified.
  • the blacklist refers to storing data having a risk level greater than a preset level
  • the data with a risk level greater than a preset level may be text data, picture data, digital data, etc., for example, characters such as “bank” may be stored. "Points" and so on.
  • the first filtered data refers to data whose risk level is greater than a preset level.
  • the website may be a webpage whose risk level is greater than a preset level
  • the first filtered data may be text data, image data, Digital data, etc.
  • a suspicious tag means that the domain name to be identified may be a tag whose risk level is greater than a preset level.
  • the webpage identification platform extracts all the webpages included in the website corresponding to the domain name to be identified to the webpage data
  • the webpage data extracted is matched with the first filtering data stored in the preset blacklist one by one.
  • the webpage identifying platform adds the to-be-identified domain name corresponding to the webpage associated with the webpage of the source of the webpage data to the label.
  • the matching quantity threshold may be set, that is, the webpage identification platform matches all the webpage data acquired by the webpage identification platform with the first filtering data stored in the blacklist one by one, when the storage with the preset quantity is black. If the first filtering data in the list is successfully matched, the suspicious label is added to the domain name to be identified corresponding to the website associated with the webpage to which the webpage data originates.
  • the threshold of the matching quantity may be preset to 1, preset to 3, and preset to 4 Wait.
  • the suspicious tag may be added to the to-be-identified domain name when the webpage data of the webpage included in the website corresponding to the obtained domain name to be identified has been successfully matched with the first filtering data in the blacklist.
  • the whitelist refers to a database in which trusted data is stored, and the trusted data refers to data whose risk level is less than or equal to a preset level.
  • the trusted data may be text data, image data, digital data, etc., for example, may be stored. Characters such as "gaming" and so on.
  • the second filtered data refers to data whose risk level is less than or equal to the preset level, that is, trusted data.
  • the website may be a trusted website, and the second filtered data may be text data. , picture data, digital data, etc.
  • the webpage identification platform extracts the to-be-identified domain name to which the suspicious tag is added, and the webpage data on all the webpages included in the website of the to-be-identified domain name to which the suspicious tag is added and the second filtering data stored in the preset whitelist. Matching one by one, when the webpage data on all the webpages included in the website corresponding to the domain name to be identified with the suspicious label is matched with the second filtering data pre-stored in the whitelist, the suspiciously carried on the domain to be identified is carried. The label is deleted. It should be noted that, when the webpage data on the webpage included in the website of the preset number of the domain name to be identified with the suspicious label is matched with the second filtering data stored in the preset whitelist, Delete the suspicious tag carried on the domain to be identified.
  • the domain name to be identified carrying the suspicious label is extracted, and the webpage in the website corresponding to the domain name to be identified is obtained as a webpage whose risk level is greater than the preset level.
  • the webpage identification platform extracts The domain name to be identified with the suspicious tag is still carried, and the website corresponding to the domain name to be identified is obtained, and the webpage included in the corresponding website is extracted as a webpage with a risk level greater than a preset level.
  • the webpage data is filtered by the first filtering data stored in the blacklist and the second filtering data stored in the whitelist, thereby obtaining a webpage with a required risk level greater than a preset level, thereby preventing occurrence of carrying
  • the webpage data with a risk level greater than the preset level is actually a trusted webpage, and after two levels of filtering, the accuracy of identifying a webpage with a risk level greater than a preset level is improved.
  • the webpage identification method may further include:
  • the identifier corresponding to the domain to be identified is obtained.
  • the identifier refers to a website-specific identifier corresponding to the domain name to be identified, and the identifier may be an enterprise identifier.
  • the identifier may be a corporate logo or the like.
  • the webpage identification platform performs data identification according to the preset blacklist and the preset whitelist according to the webpage data on the webpage included in the website corresponding to the domain name to be identified, the domain name to be identified is not carried.
  • the webpage identification platform obtains an identifier corresponding to the domain name to be identified after the webpage data identifies that the webpage whose risk level is greater than the preset level is not recognized.
  • the identifier is matched to a security identifier pre-stored in the security identity store.
  • the security identity repository refers to a database that stores an identifier of a trusted website and a website domain name corresponding to the identifier.
  • the security identifier refers to the logo of the trusted website.
  • the security identifier can be the logo of the enterprise of the secure webpage.
  • the security identifier is the logo of the ICBC webpage, and the logo of the Ping An Group webpage.
  • the webpage identification platform matches the obtained identifier with the security identifier stored in the security identifier repository one by one, and the identifier corresponding to the domain name to be identified obtained by the webpage identification platform is the Pingguo Group logo.
  • the acquired identifier corresponding to the domain name to be identified that is, the Ping An Group logo, is matched with the security identifier stored in the security identifier storage.
  • the secure domain name associated with the security identifier stored in the security identifier repository is obtained, and the secure domain name is matched with the domain name to be identified.
  • the webpage identification platform matches the identifier corresponding to the domain name to be identified with the security identifier stored in the security repository, and the domain name to be identified corresponding to the security identifier corresponding to the domain name to be identified may be a secure domain name, and thus needs to be performed. Further matching and identifying, the webpage identification platform obtains the secure domain name associated with the security identifier stored in the former security identifier repository, and matches the secure domain name associated with the security identifier stored in the security identifier repository.
  • the secure domain name with the domain name to be identified For example, if the identifier of the to-be-identified domain name corresponding to the domain name obtained by the webpage matches the Ping An Group logo stored in the secure repository, the domain name associated with the Ping An Group logo stored in the security identity repository is obtained. “pingan.com” ", and match the domain name to be identified with the associated domain name "pingan.com”.
  • the webpage in the website corresponding to the domain name to be identified is used as a webpage with a risk level greater than a preset level.
  • the webpage identification platform matches the domain name to be identified with the security domain name
  • the identifier corresponding to the domain name to be identified is a forged security identifier
  • the webpage included in the website corresponding to the domain name to be identified is regarded as a risk level greater than A web page with a preset level.
  • the identifier of the domain name to be identified obtained by the webpage recognition platform is the Pingan Group logo. When the security logo stored in the security group store and the security identity store is successfully matched, the domain name associated with the security identity store is obtained.
  • the identifier is further identified according to the identifier carried by the domain name to be identified, so that the webpage included in the website corresponding to the domain name to be identified is greater than the preset value.
  • the webpage adopts a multi-identification method to improve the accuracy of identifying a webpage whose risk level is greater than a preset level.
  • the method further includes the following steps: Step S210, after the step of obtaining the webpage with the risk level corresponding to the domain name to be identified that is greater than the preset level according to the acquired website data, the method further includes:
  • the keywords of the webpage data whose risk level is greater than the preset level webpage are extracted, and the corresponding category label is added according to the keyword to the domain name to be identified whose risk level is greater than the preset level.
  • the category label refers to an identifier of a type of webpage data
  • the category label may be a label of a different risk category.
  • the category label may be a bank category label, may be a shopping category label, or the like.
  • the webpage recognition platform identifies a webpage whose risk level is greater than a preset level, and further, the webpage recognition platform extracts keywords of the webpage data, and the webpage recognition platform selects the keyword of the webpage data according to the key of the extracted webpage data.
  • the corresponding category label is added to the domain name to be identified associated with the website corresponding to the webpage containing the webpage data.
  • the webpage identification platform identifies the webpages whose risk level is greater than the preset level, and then extracts keywords from the webpage recognition platform from different webpages as “points” and “banks” respectively, and the webpage recognition platform is based on the extracted webpage data.
  • the keyword "point” and “bank” add a "bank tag” or "point tag” when adding a corresponding category tag to the domain name to be identified associated with the website corresponding to the webpage containing the webpage data.
  • the category label of the domain name to be identified whose risk level is greater than the preset level is matched with the stored category label.
  • the webpage identification platform matches the category labels of the stored webpage recognition platform one by one according to the category label of the domain name to be added until all the stored category labels are traversed.
  • the tags to be added to the domain name to be identified are "bank” and "points”, and the tag "bank” added to the domain to be identified is matched one by one with the stored category tags, and then the category tag "integration" added to the domain name to be identified is The stored category labels are matched one by one.
  • the category label of the domain name to be identified whose risk level is greater than the preset level is added, and the webpage whose risk level is greater than the preset level is stored under the category label.
  • the added category label does not match the stored category label successfully, the added category label is a new category label, and the category label of the domain name to be identified whose risk level is not matched is greater than the preset level.
  • the category labels added to the domain name to be identified are “bank” and “point” respectively, and the category label “bank” is matched with the stored category labels one by one, and the category label “integration” added to the domain name to be identified is stored.
  • the category labels are matched one by one.
  • the category label "Bank” does not match successfully, the category label "Bank” is added to the stored category label, and the website corresponding to the domain to be identified with the "Bank” category label added A web page containing a risk level greater than a preset level is added to the category label.
  • the webpage recognition platform may preset the time, and send the updated category label and the webpage with the risk level corresponding to the category label greater than the preset level to the server for storage.
  • the preset category label and the webpage corresponding to the risk level corresponding to the preset level of the category label are sent to the server for storage by one hour at a preset interval.
  • the keywords of the webpage data in the webpage with the risk level greater than the preset level are extracted, and the corresponding category label is added according to the keyword to the domain name to be identified whose risk level is greater than the preset level, and then the category label is added. If the matching category label does not match successfully, the added category label is added to the stored category label, and the webpage with the risk level greater than the preset level is stored in the added category label, and the stored category is gradually expanded. Labels for enhanced applicability.
  • the webpage whose risk level is greater than the preset level is a phishing webpage
  • the webpage identifying platform obtains the identified phishing webpage
  • the webpage domain name corresponding to the phishing webpage is extracted, and then the webpage domain name is further Obtaining a network address of the website corresponding to the phishing webpage
  • the webpage identifying platform searches for the domain name associated with the network address according to the queried network address, and searching for the domain name associated with the network address may be the website corresponding to the phishing webpage that the webpage identification platform will query
  • the network address and the address association library are matched with the stored network address.
  • the network address associated with the pre-stored network address is obtained. Matching the associated domain name, and determining whether the associated domain name to be matched is valid according to the effective time of the domain name to be matched, that is, when the current time is less than or equal to the effective deadline, the domain name to be matched is extracted as the domain name to be identified, and then the webpage is identified.
  • the platform finds the network address When the domain name is linked, the associated domain name is used as the domain name to be identified.
  • the registration data corresponding to the domain name of the website is obtained, and the corresponding domain name is used as the domain name to be identified according to the registration data, and the domain name corresponding to the registration data is used as the to-be-identified domain name.
  • the domain name may be: the webpage identification platform obtains the registration data corresponding to the domain name of the website corresponding to the phishing website, and further selects the conversion logic corresponding to the registration data from the conversion logic library, and then converts the registration data according to the conversion logic to obtain the converted registration data. And matching the converted registration data with the information data stored in the information repository.
  • the domain name associated with the successfully matched information data is obtained as Identify the domain name.
  • the domain name associated with the network address of the website corresponding to the identified phishing website is used to query the domain name to be identified, and when not found, the registration data corresponding to the network address of the website corresponding to the identified phishing website is used to query the domain name to be identified. Query by means of two queries to ensure that the query will not be missed.
  • the webpage identification platform obtains the domain name to be identified
  • the webpage data of the webpage included in the website corresponding to the domain name to be identified is obtained, and the webpage data is matched with the first data stored in the preset blacklist, and when the matching is successful, Adding a suspicious tag to the domain to be identified corresponding to the website from which the webpage corresponding to the webpage data is added, and further adding the webpage data in the website corresponding to the domain to be identified with the suspicious tag and the second filtering data stored in the preset whitelist. If the matching does not match the second filtering data, the domain name to be identified carrying the suspicious tag is extracted, so that the webpage in the website corresponding to the domain name to be identified carrying the suspicious tag is used as the phishing webpage.
  • the identifier corresponding to the domain name to be identified such as the enterprise logo
  • the obtained logo is matched with the security identifier pre-stored in the security identifier store.
  • the secure domain name associated with the secure identifier stored in the security identifier database is obtained, and the secure domain name and the domain name to be identified are obtained.
  • the domain name to be identified is masqueraded as a secure domain name
  • the webpage in the website corresponding to the domain name to be identified is used as a phishing webpage
  • the webpage data in the webpage included in the website corresponding to the domain name to be recognized is The webpage identifier is queried to determine whether the webpage included in the website corresponding to the domain name to be identified is a phishing webpage, and the webpage data and the webpage identifier are used for secondary detection, thereby improving the accuracy of detecting the phishing webpage.
  • the phishing webpage is identified, the key of the webpage data on the phishing webpage is extracted, and the category label is added to the domain name to be identified corresponding to the phishing webpage according to the keyword, and the category label does not match the stored category label.
  • the category label of the domain name to be identified corresponding to the phishing webpage is added, and the phishing webpage is added to the category label.
  • a phishing webpage can be associated with multiple to-be-identified domain names to improve the efficiency of the communication, enhance the applicability, and query the webpage data of the webpage in the website corresponding to the domain name, and the webpage identifier.
  • the query determines whether the corresponding webpage in the domain name to be identified is a phishing webpage, and the query is accurate, and the phishing webpages that are queried are classified according to categories, so as to facilitate subsequent query and push.
  • FIG. 3 is a schematic structural diagram of a webpage identification apparatus.
  • the webpage identification apparatus 300 may include:
  • the first obtaining module 310 is configured to obtain a webpage whose identified risk level is greater than a preset level, and extract a website domain name corresponding to the webpage.
  • the second obtaining module 320 is configured to obtain a network address corresponding to the website according to the website domain name.
  • the third obtaining module 340 is configured to obtain webpage data in a website corresponding to the domain name to be identified.
  • the identification module 350 is configured to obtain, according to the acquired webpage data, a webpage whose risk level corresponding to the domain name to be identified is greater than a preset level.
  • the lookup module 330 can include:
  • the first matching unit is configured to match the network address with a pre-stored network address in the address association library.
  • the domain name obtaining unit is configured to acquire the to-be-matched associated domain name associated with the pre-stored network address when the network address is successfully matched with the network address pre-stored in the address association library.
  • the time obtaining unit is configured to obtain an effective deadline for the associated domain name to be matched.
  • the extracting unit is configured to extract the domain name to be matched as the domain name to be identified if the current time is less than or equal to the effective deadline.
  • the webpage identification device may further include:
  • the query module is configured to obtain the registration data corresponding to the domain name of the website when the domain name associated with the network address is not found, and query the corresponding domain name as the domain name to be identified according to the registration data.
  • the selecting unit is configured to obtain registration data corresponding to the domain name of the website, and select a conversion logic corresponding to the registration data from the conversion logic library.
  • a conversion unit configured to convert the registration data according to the conversion logic to obtain the converted registration data.
  • the identification module 350 can further include:
  • the second filtering unit is configured to match the webpage data in the website corresponding to the to-be-identified domain name to which the suspicious tag is added, and the second filtering data stored in the preset whitelist.
  • the tag domain name obtaining unit is configured to: when the webpage data and the second filtering data are not successfully matched, extract the domain name to be identified carrying the suspicious tag, and obtain the webpage in the website corresponding to the domain name to be identified as the webpage whose risk level is greater than the preset level. .
  • the identifier obtaining module is configured to obtain an identifier corresponding to the domain name to be identified when the domain name to be identified carrying the suspicious tag does not exist after the data is identified by the preset blacklist and the preset whitelist.
  • An identifier matching module for matching the identifier with a security identifier pre-stored in the security identity store.
  • the secure domain name matching module is configured to: when the identifier corresponding to the domain name to be identified is successfully matched, obtain the secure domain name associated with the security identifier stored in the security identifier repository, and the secure domain name and the to-be-identified Domain name matching.
  • the suspicious domain name extraction module is configured to: when the matching of the secure domain name and the domain name to be identified is unsuccessful, the webpage in the website corresponding to the domain name to be identified is a webpage with a risk level greater than a preset level.
  • the webpage identification device 300 may further include:
  • the keyword extraction module is configured to extract a keyword of the webpage data of the webpage whose risk level is greater than the preset level, and add a corresponding category label to the to-be-identified domain name corresponding to the webpage whose risk level is greater than the preset level according to the keyword.
  • the label matching module is configured to match the category label of the domain name to be identified whose risk level is greater than the preset level with the stored category label.
  • Each of the above-described web page identification devices may be implemented in whole or in part by software, hardware, and combinations thereof.
  • Each of the above modules may be embedded in or independent of the processor in the computer device, or may be stored in a memory in the computer device in a software form, so that the processor invokes the operations corresponding to the above modules.
  • the processor can be a central processing unit (CPU), a microprocessor, a microcontroller, or the like.
  • the web page identification device described above can be implemented in the form of a computer readable instruction that can be executed on a web page data processing platform device as shown in FIG.
  • the embodiment of the present application provides a computer device, which may be a server, and an internal structure diagram thereof may be as shown in FIG. 4 .
  • the computer device includes a processor, memory, network interface, and database connected by a system bus.
  • the processor of the computer device is used to provide computing and control capabilities.
  • the memory of the computer device includes a non-volatile storage medium, an internal memory.
  • the non-volatile storage medium stores an operating system, computer readable instructions, and a database.
  • the internal memory provides an environment for operation of an operating system and computer readable instructions in a non-volatile storage medium.
  • the database of the computer device is used to store web page identification data.
  • the network interface of the computer device is used to communicate with an external terminal via a network connection.
  • the computer readable instructions are executed by a processor to implement a web page identification method.
  • the processor executes the following steps: obtaining a webpage whose identified risk level is greater than a preset level, and extracting a website domain name corresponding to the webpage. Get the web address corresponding to the website according to the website domain name. Find the domain name associated with the network address. When the domain name associated with the network address is found, the associated domain name is used as the domain name to be identified. Get the webpage data in the website corresponding to the domain name to be identified. And obtaining, according to the obtained webpage data, a webpage whose risk level corresponding to the domain name to be identified is greater than a preset level.
  • Non-volatile memory can include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory.
  • Volatile memory can include random access memory (RAM) or external cache memory.
  • RAM is available in a variety of formats, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronization chain.
  • SRAM static RAM
  • DRAM dynamic RAM
  • SDRAM synchronous DRAM
  • DDRSDRAM double data rate SDRAM
  • ESDRAM enhanced SDRAM
  • Synchlink DRAM SLDRAM
  • Memory Bus Radbus
  • RDRAM Direct RAM
  • DRAM Direct Memory Bus Dynamic RAM
  • RDRAM Memory Bus Dynamic RAM

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

La présente invention concerne un procédé d'identification d'une page web, un dispositif, un appareil informatique et un support d'informations. Le procédé consiste : à acquérir une page web présentant un niveau de risque identifié supérieur à un niveau prédéterminé et à extraire un nom de domaine du site web correspondant au site web ; à acquérir une adresse réseau correspondant au site web et au nom de domaine du site web ; à rechercher un nom de domaine associé à l'adresse réseau et, lorsque le nom de domaine associé à l'adresse réseau est trouvé, à utiliser le nom de domaine associé en tant que nom de domaine à identifier ; à acquérir des données du site web dans un site web correspondant au nom de domaine à identifier ; et à obtenir, en fonction des données du site web acquises, une page web présentant un niveau de risque supérieur au niveau prédéterminé et correspondant au nom de domaine à identifier.
PCT/CN2018/077064 2017-12-08 2018-02-23 Procédé d'identification d'une page web, dispositif, appareil informatique et support d'informations informatique Ceased WO2019109529A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201711297266.7 2017-12-08
CN201711297266.7A CN108092963B (zh) 2017-12-08 2017-12-08 网页识别方法、装置、计算机设备及存储介质

Publications (1)

Publication Number Publication Date
WO2019109529A1 true WO2019109529A1 (fr) 2019-06-13

Family

ID=62174944

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/077064 Ceased WO2019109529A1 (fr) 2017-12-08 2018-02-23 Procédé d'identification d'une page web, dispositif, appareil informatique et support d'informations informatique

Country Status (2)

Country Link
CN (1) CN108092963B (fr)
WO (1) WO2019109529A1 (fr)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113098859A (zh) * 2021-03-30 2021-07-09 深圳市欢太科技有限公司 网页页面回退方法、装置、终端及存储介质
CN113923193A (zh) * 2021-10-27 2022-01-11 北京知道创宇信息技术股份有限公司 一种网络域名关联方法、装置、存储介质及电子设备
CN114065092A (zh) * 2021-11-10 2022-02-18 奇安信科技集团股份有限公司 网站识别方法、装置、计算机设备和存储介质
CN114900363A (zh) * 2022-05-18 2022-08-12 杭州安恒信息技术股份有限公司 一种恶意网站识别方法、装置、电子设备及存储介质
CN115694963A (zh) * 2022-10-25 2023-02-03 中国农业银行股份有限公司 网络钓鱼识别方法、装置、设备及存储介质
CN116708356A (zh) * 2023-08-02 2023-09-05 苏州迈科网络安全技术股份有限公司 Ip特征库生成方法
CN119814392A (zh) * 2024-12-16 2025-04-11 中电云计算技术有限公司 域名告警来源的分析方法、设备及存储介质

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110865818B (zh) * 2018-08-28 2023-07-28 阿里巴巴(中国)有限公司 应用关联域名的检测方法、装置及电子设备
CN110033092B (zh) * 2019-01-31 2020-06-02 阿里巴巴集团控股有限公司 数据标签生成、模型训练、事件识别方法和装置
CN110012030A (zh) * 2019-04-23 2019-07-12 北京微步在线科技有限公司 一种关联检测黑客的方法及装置
CN110266661B (zh) * 2019-06-04 2021-09-14 东软集团股份有限公司 一种授权方法、装置及设备
CN110958244A (zh) * 2019-11-29 2020-04-03 北京邮电大学 一种基于深度学习的仿冒域名检测方法及装置
CN111814643B (zh) * 2020-06-30 2024-07-05 杭州科度科技有限公司 黑灰url识别方法、装置、电子设备及介质
CN112543178B (zh) * 2020-10-26 2025-10-28 西安交大捷普网络科技有限公司 一种网页挂马的检测方法
CN115859139A (zh) * 2021-09-24 2023-03-28 中国移动通信集团广东有限公司 灰色网站识别方法及装置

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102523210A (zh) * 2011-12-06 2012-06-27 中国科学院计算机网络信息中心 钓鱼网站检测方法及装置
CN102663000A (zh) * 2012-03-15 2012-09-12 北京百度网讯科技有限公司 恶意网址数据库的建立方法、恶意网址的识别方法和装置
US8869269B1 (en) * 2008-05-28 2014-10-21 Symantec Corporation Method and apparatus for identifying domain name abuse
CN105718577A (zh) * 2016-01-22 2016-06-29 中国互联网络信息中心 一种针对新增域名自动检测网络钓鱼的方法与系统

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102096781B (zh) * 2011-01-18 2012-11-28 南京邮电大学 一种基于网页关联性的钓鱼检测方法
CN102724187B (zh) * 2012-06-06 2016-05-25 北京奇虎科技有限公司 一种针对网址的安全检测方法及装置
CN102739653B (zh) * 2012-06-06 2015-05-20 北京奇虎科技有限公司 一种针对网址的检测方法及装置
CN105338001A (zh) * 2015-12-04 2016-02-17 北京奇虎科技有限公司 识别钓鱼网站的方法及装置
CN106302438A (zh) * 2016-08-11 2017-01-04 国家计算机网络与信息安全管理中心 一种多渠道的基于行为特征的主动监测钓鱼网站的方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8869269B1 (en) * 2008-05-28 2014-10-21 Symantec Corporation Method and apparatus for identifying domain name abuse
CN102523210A (zh) * 2011-12-06 2012-06-27 中国科学院计算机网络信息中心 钓鱼网站检测方法及装置
CN102663000A (zh) * 2012-03-15 2012-09-12 北京百度网讯科技有限公司 恶意网址数据库的建立方法、恶意网址的识别方法和装置
CN105718577A (zh) * 2016-01-22 2016-06-29 中国互联网络信息中心 一种针对新增域名自动检测网络钓鱼的方法与系统

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113098859A (zh) * 2021-03-30 2021-07-09 深圳市欢太科技有限公司 网页页面回退方法、装置、终端及存储介质
CN113098859B (zh) * 2021-03-30 2023-03-31 深圳市欢太科技有限公司 网页页面回退方法、装置、终端及存储介质
CN113923193A (zh) * 2021-10-27 2022-01-11 北京知道创宇信息技术股份有限公司 一种网络域名关联方法、装置、存储介质及电子设备
CN113923193B (zh) * 2021-10-27 2023-11-28 北京知道创宇信息技术股份有限公司 一种网络域名关联方法、装置、存储介质及电子设备
CN114065092A (zh) * 2021-11-10 2022-02-18 奇安信科技集团股份有限公司 网站识别方法、装置、计算机设备和存储介质
CN114900363A (zh) * 2022-05-18 2022-08-12 杭州安恒信息技术股份有限公司 一种恶意网站识别方法、装置、电子设备及存储介质
CN114900363B (zh) * 2022-05-18 2024-05-14 杭州安恒信息技术股份有限公司 一种恶意网站识别方法、装置、电子设备及存储介质
CN115694963A (zh) * 2022-10-25 2023-02-03 中国农业银行股份有限公司 网络钓鱼识别方法、装置、设备及存储介质
CN116708356A (zh) * 2023-08-02 2023-09-05 苏州迈科网络安全技术股份有限公司 Ip特征库生成方法
CN116708356B (zh) * 2023-08-02 2023-11-14 苏州迈科网络安全技术股份有限公司 Ip特征库生成方法
CN119814392A (zh) * 2024-12-16 2025-04-11 中电云计算技术有限公司 域名告警来源的分析方法、设备及存储介质

Also Published As

Publication number Publication date
CN108092963A (zh) 2018-05-29
CN108092963B (zh) 2020-05-08

Similar Documents

Publication Publication Date Title
WO2019109529A1 (fr) Procédé d'identification d'une page web, dispositif, appareil informatique et support d'informations informatique
JP6599906B2 (ja) ログインアカウントのプロンプト
WO2019127881A1 (fr) Procédé et dispositif de traitement de données de page web, dispositif informatique et support d'informations d'ordinateur
CN109768992B (zh) 网页恶意扫描处理方法及装置、终端设备、可读存储介质
CN103973651B (zh) 基于加盐密码库的账户密码标识设置、查询方法及装置
WO2019134334A1 (fr) Procédé et appareil de détection de données anormales de réseau, dispositif informatique et support de stockage
CN108566399B (zh) 钓鱼网站识别方法及系统
CN103617267B (zh) 社交化扩展搜索方法及装置、系统
US12039084B2 (en) Systems and methods for detecting and remedying theft of data
GB2555801A (en) Identifying fraudulent and malicious websites, domain and subdomain names
CN116366338B (zh) 一种风险网站识别方法、装置、计算机设备及存储介质
CN113992625B (zh) 域名源站探测方法、系统、计算机及可读存储介质
CN115840964A (zh) 数据处理方法、装置、电子设备及计算机存储介质
CN110035075A (zh) 钓鱼网站的检测方法、装置、计算机设备及存储介质
WO2019148712A1 (fr) Procédé de détection de site web d'hameçonnage, dispositif, équipement informatique et support de stockage
WO2018113730A1 (fr) Procédé et appareil de détection de sécurité réseau
CN103067347A (zh) 侦测钓鱼网站方法以及其网络装置
CN107241300B (zh) 用户请求的拦截方法和装置
CN115794780A (zh) 网络空间资产的采集方法、装置、电子设备及存储介质
WO2018188373A1 (fr) Procédé et appareil de partage de page, serveur et support de stockage
CN108900554A (zh) Http协议资产检测方法、系统、设备及计算机介质
CN115001724B (zh) 网络威胁情报管理方法、装置、计算设备及计算机可读存储介质
CN114866277A (zh) 一种应用访问方法、装置、设备及存储介质
CN112217815B (zh) 钓鱼网站的识别方法、装置和计算机设备
WO2019153586A1 (fr) Procédé et appareil de traitement de données de dialogue en ligne, dispositif informatique et support d'informations

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18886146

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC , EPO FORM 1205A DATED 15.09.2020.

122 Ep: pct application non-entry in european phase

Ref document number: 18886146

Country of ref document: EP

Kind code of ref document: A1