| 发明名称 | Method for detecting phishing website without depending on samples | ||
| 摘要 | A method for detecting a phishing website includes extracting a domain name from a target URL of a web page under investigation, and querying PageRank and/or Alexa ranking of the domain name; extracting a title character string from the title of the web page and matching the character string to phishing sensitive words; using the title of web page as a keyword to search on a search engine; querying whether Target URL and the web page in the search result with a same title as the web page under investigation have the same domain name server NS and server IP address to determine whether the website is a phishing website. The disclosed method utilizes common features of phishing websites and public resources on the Internet, and overcomes the difficulty in collecting phishing website samples, and is well adapted to detecting phishing aimed at new target websites. | ||
| 申请公布号 | US9276956(B2) | 申请公布日期 | 2016.03.01 |
| 申请号 | US201214413476 | 申请日期 | 2012.12.20 |
| 申请人 | Computer Network Information Center Chinese Academy of Sciences | 发明人 | Geng Guanggang;Hong Bo |
| 分类号 | H04L29/06;G06F21/51;G06F21/55;G06F17/30 | 主分类号 | H04L29/06 |
| 代理机构 | SV Patent Service | 代理人 | SV Patent Service |
| 主权项 | 1. A method for detecting a phishing website without relying on samples of phishing websites, comprising the steps of: extracting a domain name from a target uniform resource locator (Target URL) of a webpage at a website under investigation; matching a title character string of the webpage under investigation to different phishing sensitive words; if the title character string matches one of the phishing sensitive words, using the title character string as a query keyword to search on a search engine to produce a search result; if the search result does not include the Target URL and if the search result includes a webpage with a same title as that of the webpage under investigation, analyzing the webpage under investigation by a computer system to check if there exists in the search result a link to a domain name of a webpage that has the same title as the webpage under investigation; if the webpage under investigation includes a link to a domain name of a webpage that has the same title in the search result, determining the website associated with the webpage under investigation as a suspicious phishing site; crawling webpages at the website under investigation; extracting title character strings at the webpages; and analyzing the webpages to check if there exists a link to a domain name of a webpage that has the same title in the search result as the webpages under investigation. | ||
| 地址 | Beijing CN | ||