CN102710645B - Phishing website detection method and detection system thereof - Google Patents
Phishing website detection method and detection system thereof Download PDFInfo
- Publication number
- CN102710645B CN102710645B CN201210185538.5A CN201210185538A CN102710645B CN 102710645 B CN102710645 B CN 102710645B CN 201210185538 A CN201210185538 A CN 201210185538A CN 102710645 B CN102710645 B CN 102710645B
- Authority
- CN
- China
- Prior art keywords
- list database
- url
- website
- white list
- system server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 30
- 238000012795 verification Methods 0.000 claims abstract description 9
- 238000004891 communication Methods 0.000 claims description 6
- 230000002452 interceptive effect Effects 0.000 claims description 6
- 238000000034 method Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 3
- 238000012790 confirmation Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000007689 inspection Methods 0.000 description 2
- 240000004859 Gamochaeta purpurea Species 0.000 description 1
- 230000000116 mitigating effect Effects 0.000 description 1
- 230000000644 propagated effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The invention belongs to the technical field of network security, and particularly discloses a phishing website detection method and a phishing website detection system. The detection method and the system specifically comprise the following steps: acquiring the URL of the current access website in real time; inquiring whether the URL is in a relative white list database arranged at a system client, wherein the relative white list database stores URLs of security websites which are verified in a system server within a preset time threshold range; if so, allowing the user to access the current website; if not, uploading the URL to a system server for verification. The invention avoids repeated black and white verification in the system server at a plurality of places within a period of time by setting the relative white list database at the client, thereby not only improving the black and white verification speed, but also reducing the operation load of the system server.
Description
Technical field
The invention belongs to technical field of network security, be specifically related to a kind of detection method and detection system thereof of fishing website.
Background technology
So-called " fishing website " is a kind of network fraud behavior, refer to that lawless person utilizes various means, the URL (web page address) of counterfeit actual site and content of pages, or utilize the leak on actual site server program in some webpage of website, insert dangerous HTML code, gain user bank or the private data such as credit card account, password by cheating with this.Fishing website, usual camouflage becomes website of bank or the shopping online of counterfeit bank formerly pays webpage, steals account and the encrypted message of visitor's submission.It is generally propagated by Email, and in this type of mail, addressee is linked to fishing website through the link of camouflage by one.The page and the actual site interface of fishing website are completely the same, require that visitor submits account and password to.In general fishing website structure is very simple, and only have one or several page, URL and actual site have nuance.
At present, in order to the Main Means taking precautions against fishing website send the black and white lists database of server end to inquire about the URL of website in client, namely so-called black list database is the url database of the fishing website having audited confirmation, and namely so-called white list database is the URL of the security website having audited confirmation.Such as China's application number a kind of safety of network trade system and method disclosed in 201110191152.0, this technology is exactly that the URL of current site is delivered to system server, in the monochrome data library name list of system server, inquire about it be black (fishing website), be white (security website) or ash (be namely not in monochrome data storehouse, be in the website of unknown state), then Query Result is fed back to system client.
In summary, user often accesses a website and will carry out one query could confirm whether it can access to server, and the required corresponding time is relatively long.And a large number of users is access services device all simultaneously, and the load of server will be very large.
Summary of the invention
In order to accelerate user's current accessed website black and white Property Verification speed and reduce server load, the object of the present invention is to provide a kind of detection method and detection system thereof of new fishing website.
Find through research, user is repeated accesses same web site within a period of time of being everlasting.Therefore, to achieve these goals, technical scheme that the present invention adopts is as follows:
Whether the invention provides a kind of detection method of fishing website, be fishing website for fast verification user current accessed website, this inspection method comprises:
The URL of current accessed website described in Real-time Collection;
Inquire about described URL whether in the relative white list database being arranged at system client, in described relative white list database, store the URL obtaining the security website of checking in preset time threshold scope built-in system server;
If, then allow user to access current site and no longer to server, carry out repeated authentication to make it;
If do not exist, then described URL uploading system server is carried out verifying to ensure its fail safe.
Further, described URL uploading system server is verified, specifically:
Inquire about described URL whether in the black list database or white list database of system server;
If in described black list database, then user's current accessed website is pointed out to be fishing website;
If in described white list database, then user is allowed to continue to access current site;
If do not exist, then upload background authentication system and verify further.
Further, if described in described white list database, then, after permission user continues access current site, also comprise: the URL of current accessed website is updated in described relative white list database.
Further, described time threshold is 2-7 hour.
Further, described time threshold is 5 hours.
The present invention also provides a kind of detection system of fishing website, whether be fishing website for fast verification user current accessed website, this detection system comprise the system client be installed in subscriber terminal equipment, with the system server of described system client interactive communication and the background authentication system with described system server interactive communication, in described system server, be provided with black list database and white list database; Described system client is provided with a relative white list database, for storing the URL obtaining the security website of checking in preset time threshold scope built-in system server; Described system client is provided with an acquisition module, for the URL of current accessed website described in Real-time Collection; Described system client is provided with an enquiry module, for inquiring about described URL whether in described relative white list database, if, then allow user to access current site and no longer to server, carry out repeated authentication to make it, if do not exist, then described URL uploading system server is carried out verifying to ensure its fail safe.
Further, described URL uploading system server is verified, specifically:
An enquiry module is provided with in described system server, for inquiring about described URL whether in the black list database or white list database of system server, if in described black list database, then user's current accessed website is pointed out to be fishing website, if in described white list database, then allow user to continue to access current site, if do not exist, then upload background authentication system and verify further.
Further, in described system server, be also provided with a data update module, for being updated in described relative white list database by the URL of the current accessed website of Query Result in white list database.
Further, described time threshold is 2-7 hour.
Further, described time threshold is 5 hours.
The present invention is by (within the scope of namely described preset time threshold) in a period of time, the URL having obtained the security website of checking exists in a relative white list database, the possibility being converted into fishing website due to security website is at short notice not high, as long as so the website of user's access is in described relative list data storehouse, then directly be judged as security website, no longer to server, carry out repeated authentication.Meanwhile, exist because security website still exists the possibility being converted into fishing website, so the present invention only stores the authenticated security website within the scope of preset time threshold relative to white list database, and then ensure its fail safe while quickening verifying speed.
Accompanying drawing explanation
This accompanying drawing illustrates that the picture provided is used for auxiliary a further understanding of the present invention, forms a application's part, does not form inappropriate limitation of the present invention, in the accompanying drawings:
Fig. 1 is the structural representation of prior art;
Fig. 2 is the operating process schematic diagram of prior art;
Fig. 3 is testing process schematic diagram of the present invention;
Fig. 4 is structural representation of the present invention.
In figure:
1, existing structure schematic diagram
11, system client 12, system server
111, module 112, judge module is monitored
113, reminding module 121, black and white lists storehouse
2, structural representation of the present invention
21, system client 22, system server
23, background authentication system 211, acquisition module
212, enquiry module 213, relatively white list database
221, black and white lists database 222, enquiry module
223, data update module 231, feedback module
Embodiment
Describe the present invention in detail below in conjunction with accompanying drawing and specific implementation method, be used for explaining the present invention in exemplary embodiment and description of the present invention, but not as a limitation of the invention.
Embodiment 1:
Whether as shown in Figure 3, present embodiment discloses a kind of detection method of fishing website, be fishing website for fast verification user current accessed website, this inspection method comprises:
The URL of current accessed website described in Real-time Collection;
Inquire about described URL whether in the relative white list database being arranged at system client, in described relative white list database, store the URL obtaining the security website of checking in preset time threshold scope built-in system server; Described time threshold is 2-7 hour, more preferably 5 hours;
If, then allow user to access current site;
If do not exist, then described URL uploading system server is verified;
System server inquires about described URL whether in the black list database or white list database of system server;
If in described black list database, then user's current accessed website is pointed out to be fishing website;
If in described white list database, then allow user to continue to access current site, and the URL of current accessed website is updated in described relative white list database;
If do not exist, then upload background authentication system and verify further.
It is 2-7 hour that the present embodiment arranges described time threshold, that is to say security website 2-7 hour built-in system server having obtained checking, do not need to server, to carry out repeated authentication again, thus shorten the proving time, the load of server can also be alleviated simultaneously.
Suppose that the time threshold arranged is 3 hours, a certain website in the afternoon 1 in system server, be just verified as security website (during checking, namely be that its URL is in the white list database of system server), between afternoon 1-4 point, any one time accesses this website again, to directly be judged as that security website is (because of this website once after being verified as security website, its URL will be stored in relative white list database), do not need to arrive system server again and verify.
As shown in Figure 4, the present embodiment is detection system corresponding to aforementioned detection method, this detection system comprise the system client 21 be installed in subscriber terminal equipment, with the system server 22 of described system client 21 interactive communication and the background authentication system 23 with described system server 22 interactive communication; Black list database and white list database 221 (being called for short black and white lists database) is provided with in described system server 22; Described system client is provided with a relative white list database 213, and for storing the URL obtaining the security website of checking in preset time threshold scope built-in system server, described time threshold is 2-7 hour, more preferably 5 hours; Described system client 21 is provided with an acquisition module 211, for the URL of current accessed website described in Real-time Collection; Described system client is provided with an enquiry module 212, for inquiring about described URL whether in described relative white list database 213, if, then allow user to access current site, if do not exist, then described URL uploading system server is verified.
As shown in Figure 4, an enquiry module 222 is provided with in described system server 22, for inquiring about described URL whether in the black list database or white list database 221 of system server 22, if in described black list database, then point out user's current accessed website to be fishing website, if in described white list database, then allow user to continue to access current site, if do not exist, then upload background authentication system and verify further.
As shown in Figure 4, in described system server, be also provided with a data update module 223, for the URL of the current accessed website of Query Result in white list database being updated in described relative white list database 213.
To sum up, the present invention, by arranging the mode of relative white list database in client, avoids many places in a period of time to repeat in system server and verifies black and white, not only can improve its black and white verifying speed, can also the operating load of mitigation system server.
Above the technical scheme that the embodiment of the present invention provides is described in detail, apply specific case herein to set forth the principle of the embodiment of the present invention and execution mode, the explanation of above embodiment is only applicable to the principle helping to understand the embodiment of the present invention; Meanwhile, for one of ordinary skill in the art, according to the embodiment of the present invention, embodiment and range of application all will change, and in sum, this description should not be construed as limitation of the present invention.
Claims (10)
1. a detection method for fishing website, whether be fishing website for fast verification user current accessed website, it is characterized in that, this detection method comprises:
The URL of current accessed website described in Real-time Collection;
Inquire about described URL whether in the relative white list database being arranged at system client, in described relative white list database, store the URL obtaining the security website of checking in preset time threshold scope built-in system server;
If, then allow user to access current site and no longer to server, carry out repeated authentication to make it;
If do not exist, then described URL uploading system server is carried out verifying to ensure its fail safe.
2. detection method according to claim 1, is characterized in that, is verified by described URL uploading system server, specifically:
Inquire about described URL whether in the black list database or white list database of system server;
If in described black list database, then user's current accessed website is pointed out to be fishing website;
If in described white list database, then user is allowed to continue to access current site;
If do not exist, then upload background authentication system and verify further.
3. detection method according to claim 2, is characterized in that, if described in described white list database, then, after permission user continues access current site, also comprises:
The URL of current accessed website is updated in described relative white list database.
4. detection method according to claim 1, is characterized in that:
Described time threshold is 2-7 hour.
5. detection method according to claim 1, is characterized in that:
Described time threshold is 5 hours.
6. the detection system of a fishing website, whether be fishing website for fast verification user current accessed website, this detection system comprise the system client be installed in subscriber terminal equipment, with the system server of described system client interactive communication and the background authentication system with described system server interactive communication, in described system server, be provided with black list database and white list database, it is characterized in that:
Described system client is provided with a relative white list database, for storing the URL obtaining the security website of checking in preset time threshold scope built-in system server;
Described system client is provided with an acquisition module, for the URL of current accessed website described in Real-time Collection;
Described system client is provided with an enquiry module, for inquiring about described URL whether in described relative white list database, if, then allow user to access current site and no longer to server, carry out repeated authentication to make it, if do not exist, then described URL uploading system server is carried out verifying to ensure its fail safe.
7. detection system according to claim 1, is characterized in that, is verified by described URL uploading system server, specifically:
An enquiry module is provided with in described system server, for inquiring about described URL whether in the black list database or white list database of system server, if in described black list database, then user's current accessed website is pointed out to be fishing website, if in described white list database, then allow user to continue to access current site, if do not exist, then upload background authentication system and verify further.
8. detection system according to claim 7, is characterized in that:
A data update module is also provided with, for being updated in described relative white list database by the URL of the current accessed website of Query Result in white list database in described system server.
9. detection system according to claim 6, is characterized in that:
Described time threshold is 2-7 hour.
10. detection system according to claim 6, is characterized in that:
Described time threshold is 5 hours.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210185538.5A CN102710645B (en) | 2012-06-06 | 2012-06-06 | Phishing website detection method and detection system thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210185538.5A CN102710645B (en) | 2012-06-06 | 2012-06-06 | Phishing website detection method and detection system thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102710645A CN102710645A (en) | 2012-10-03 |
| CN102710645B true CN102710645B (en) | 2015-10-21 |
Family
ID=46903201
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210185538.5A Active CN102710645B (en) | 2012-06-06 | 2012-06-06 | Phishing website detection method and detection system thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102710645B (en) |
Families Citing this family (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102957694B (en) | 2012-10-25 | 2016-08-31 | 北京奇虎科技有限公司 | A kind of method and device judging fishing website |
| CN102957693B (en) * | 2012-10-25 | 2015-09-30 | 北京奇虎科技有限公司 | Fishing website determination methods and device |
| CN103795679A (en) * | 2012-10-26 | 2014-05-14 | 珠海市君天电子科技有限公司 | Rapid detection method and system for phishing website |
| CN103581162A (en) * | 2012-12-27 | 2014-02-12 | 哈尔滨安天科技股份有限公司 | System and method for continuously updating event results and statistical information based on cloud |
| CN103067387B (en) * | 2012-12-27 | 2016-01-27 | 中国建设银行股份有限公司 | A kind of anti-phishing monitoring system and method |
| CN103914651A (en) * | 2012-12-31 | 2014-07-09 | 腾讯科技(武汉)有限公司 | Malice webpage address detection method and device |
| CN103150378B (en) * | 2013-03-13 | 2016-04-06 | 珠海市君天电子科技有限公司 | A kind of method identifying false favorable comment in microblogging advertisement |
| CN104158789A (en) * | 2013-05-13 | 2014-11-19 | 腾讯科技(深圳)有限公司 | Method and device for detecting security of payment type website |
| CN103491101A (en) * | 2013-09-30 | 2014-01-01 | 北京金山网络科技有限公司 | Phishing website detecting method and device and client-side |
| CN104123498B (en) * | 2014-07-18 | 2017-12-05 | 广州猎豹网络科技有限公司 | A kind of Android system Activity security determines method and device |
| CN104601557B (en) * | 2014-12-29 | 2018-12-21 | 广东顺德中山大学卡内基梅隆大学国际联合研究院 | A kind of malicious websites means of defence and system based on software defined network |
| CN105991580B (en) * | 2015-02-12 | 2019-09-17 | 腾讯科技(深圳)有限公司 | Network address safety detection method and device |
| CN104954372B (en) * | 2015-06-12 | 2018-07-24 | 中国科学院信息工程研究所 | A kind of evidence obtaining of fishing website and verification method and system |
| CN105939370A (en) * | 2015-09-15 | 2016-09-14 | 杭州迪普科技有限公司 | Method and device for updating URL library |
| CN108023863A (en) * | 2016-11-03 | 2018-05-11 | 北京国双科技有限公司 | Differentiate the method and device whether website forges |
| CN109840413B (en) * | 2017-11-28 | 2020-12-22 | 中国移动通信集团浙江有限公司 | Phishing website detection method and device |
| CN109697359A (en) * | 2018-12-19 | 2019-04-30 | 惠州Tcl移动通信有限公司 | A kind of message prompt method, device, storage medium and electronic equipment |
| CN109862025B (en) * | 2019-02-28 | 2021-10-01 | 北京安护环宇科技有限公司 | Access control method, device and system based on black and white lists |
| CN110035075A (en) * | 2019-04-03 | 2019-07-19 | 北京奇安信科技有限公司 | Detection method, device, computer equipment and the storage medium of fishing website |
| CN113205343A (en) * | 2021-06-07 | 2021-08-03 | 中国银行股份有限公司 | Method, equipment and system for recognizing and protecting fraud messages based on biological recognition |
| CN113992390A (en) * | 2021-10-26 | 2022-01-28 | 上海斗象信息科技有限公司 | Phishing website detection method and device and storage medium |
| CN114238970A (en) * | 2021-12-06 | 2022-03-25 | 北京天融信网络安全技术有限公司 | Malicious behavior detection optimization method and device, intrusion prevention equipment and storage medium |
| CN114760124B (en) * | 2022-04-07 | 2022-10-04 | 呀邦管理科技(北京)有限责任公司 | Big data based computer network security intelligent analysis system and method |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101534306A (en) * | 2009-04-14 | 2009-09-16 | 深圳市腾讯计算机系统有限公司 | Detecting method and a device for fishing website |
| CN101741862A (en) * | 2010-01-22 | 2010-06-16 | 西安交通大学 | System and method for detecting IRC bot network based on data packet sequence characteristics |
-
2012
- 2012-06-06 CN CN201210185538.5A patent/CN102710645B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101534306A (en) * | 2009-04-14 | 2009-09-16 | 深圳市腾讯计算机系统有限公司 | Detecting method and a device for fishing website |
| CN101741862A (en) * | 2010-01-22 | 2010-06-16 | 西安交通大学 | System and method for detecting IRC bot network based on data packet sequence characteristics |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102710645A (en) | 2012-10-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102710645B (en) | Phishing website detection method and detection system thereof | |
| CN102724186B (en) | Phishing website detection system and detection method | |
| CN102891897B (en) | Webpage sharing method and server and client | |
| CN104021333B (en) | Mobile security watch bag | |
| JP6533871B2 (en) | System and method for controlling sign-on to web applications | |
| US20180374097A1 (en) | A distributed user profile identity verification system for e-commerce transaction security | |
| CN103020826B (en) | Payment processing method and server | |
| CN103024740B (en) | Method and system for accessing internet by mobile terminal | |
| CN102710646A (en) | Method and system for collecting phishing websites | |
| CN110765112B (en) | Energy equipment data association method and system based on Internet of things identification technology | |
| CN104092811A (en) | Mobile terminal information download method, system, terminal device and server | |
| CN102638448A (en) | Method for judging phishing websites based on non-content analysis | |
| CN102682009A (en) | Method and system for logging in webpage | |
| CN104378376A (en) | SOA-based single-point login method, authentication server and browser | |
| CN103986584A (en) | Double-factor identity verification method based on intelligent equipment | |
| CN105827706A (en) | Information push device and method | |
| CN102571846A (en) | Method and device for forwarding hyper text transport protocol (HTTP) request | |
| CN104270395A (en) | Method, device and system for checking input data | |
| CN108259457B (en) | WEB authentication method and device | |
| CN103024706A (en) | Short message based device and short message based method for bidirectional multiple-factor dynamic identity authentication | |
| CN102801713A (en) | Website logging-in method and system as well as accessing management platform | |
| CN109726545B (en) | Information display method, equipment, computer readable storage medium and device | |
| CN107786343A (en) | A kind of access method and system in privately owned mirror image warehouse | |
| CN106549909A (en) | A kind of authority checking method and apparatus | |
| CN102946396B (en) | User agent's device, host web server and user authen method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: KINGSOFT CORPORATION LIMITED BEIKE INTERNET (BEIJI Effective date: 20130503 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20130503 Address after: Jingshan Hill Road, Lane 519015 Lianshan Jida Guangdong province Zhuhai City No. 8 Applicant after: ZHUHAI JUNTIAN ELECTRONIC TECHNOLOGY Co.,Ltd. Applicant after: BEIJING KINGSOFT INTERNET SECURITY SOFTWARE Co.,Ltd. Applicant after: SHELL INTERNET (BEIJING) SECURITY TECHNOLOGY Co.,Ltd. Applicant after: BEIJING KINGSOFT NETWORK TECHNOLOGY Co.,Ltd. Address before: Jingshan Hill Road, Lane 519015 Lianshan Jida Guangdong province Zhuhai City No. 8 Applicant before: Zhuhai Juntian Electronic Technology Co.,Ltd. |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 519015 8 Lanshan lane, Jida Jingshan Hill Road, Zhuhai, Guangdong Co-patentee after: BEIJING KINGSOFT INTERNET SECURITY SOFTWARE Co.,Ltd. Patentee after: ZHUHAI JUNTIAN ELECTRONIC TECHNOLOGY Co.,Ltd. Co-patentee after: Beijing Cheetah Mobile Technology Co.,Ltd. Co-patentee after: Beijing Cheetah Network Technology Co.,Ltd. Address before: 519015 8 Lanshan lane, Jida Jingshan Hill Road, Zhuhai, Guangdong Co-patentee before: BEIJING KINGSOFT INTERNET SECURITY SOFTWARE Co.,Ltd. Patentee before: Zhuhai Juntian Electronic Technology Co.,Ltd. Co-patentee before: SHELL INTERNET (BEIJING) SECURITY TECHNOLOGY Co.,Ltd. Co-patentee before: BEIJING KINGSOFT NETWORK TECHNOLOGY Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20191206 Address after: 519031 Room 105-53811, No. 6 Baohua Road, Hengqin New District, Zhuhai City, Guangdong Province Patentee after: Zhuhai Leopard Technology Co.,Ltd. Address before: Jingshan Hill Road, Lane 519015 Lianshan Jida Guangdong province Zhuhai City No. 8 Co-patentee before: BEIJING KINGSOFT INTERNET SECURITY SOFTWARE Co.,Ltd. Patentee before: Zhuhai Juntian Electronic Technology Co.,Ltd. Co-patentee before: Beijing Cheetah Mobile Technology Co.,Ltd. Co-patentee before: Beijing Cheetah Network Technology Co.,Ltd. |