瑞星安全专家教您认识短链接安全

随着微博的盛行,短链接也渐渐被广大网民们所熟识。但是,短链接是通过什么原理实现的呢?在短链接带来便利的同时又是否会带来安全隐患呢?为此,瑞星安全专家唐威提醒用户,要注意短链接安全。通俗地讲,短链接就是将较长的URL地址,通过特定的算法转换为简短的网址字符串。早期,短链接并没有像现在网络环境中这么流行,当时它主要应用在图片上传网     

短网址服务系统的实现及相关技术研究

随着微博等网络社交产品的火爆发展,普通网址由于过长,在网络上传播很不方便,容易出错,在一些限制字数的场合还会严重影响正常的语言表达。因此,短网址服务逐渐兴起了。短网址网络社交平台几乎是不可或缺的,因而无论新浪微博、人人网等国内社交网络及Facebook,twitter等国外社交网络都有自己的短网址服务。同时,一批开源短网址服务项目如Phurl等也纷纷出现。短网址服务一般依附于社交网络等其他服务存在,由于使用方便,独立的短网址服务系统也有存在的价值。本文主要研究了短网址及相关技术,总结了主要的短网址转换算法,并用PHP+Apache+My SQL实现了一个局域网短网址系统。     

一种基于增广网络的快速微博社区检测算法

微博是当前最流行的在线社交媒体之一,有效地检测出微博用户的社区结构,能够帮助人们理解微博社交网络的结构和用户的行为特征,从而为用户提供个性化的服务。然而,现有社区检测算法大多只考虑社交网络节点之间的直接链接关系,忽略节点自身的内容特征。针对此问题,提出一种基于增广网络的快速微博社区检测算法。该算法通过融合社交网络的链接信息以及用户在微博上所发布的博文内容信息构建增广网络,然后以模块度为目标函数快速挖掘增广网络中的主题社区。通过真实微博社交网络的实验表明,提出的算法能够高效地检测出社交网络的主题社区。
     

巧用短网址发动DDoS攻击

大家在写微博或短消息时,对它们的字数限制一定深有印象吧？而这也就促进了短网址（Short URL）服务的发展。譬如我们想在微博中分享一个网址链按时,最好先把长长的链接转换成短网址,     

Google短网址趣味玩

最近不知道各商家都在抽什么疯,不但是网络服务商在提供短网址服务,就是安全厂商也要来插一腿。据不完全猜测,这种现状都是微博惹的祸,每条微博最多140个字符的限制,让大家都必须把网址转换为短网址才好发上去。而微博的火热又促使大家竞相公布自己的短网址……     

一种基于用户兴趣的微博实体链接方法*

本文针对微博内容较短、歧义较大的问题,利用概率主题模型对用户的兴趣进行建模,提出了一种基于用户兴趣的微博实体链接方法。具体地,本文首先利用现有的主题模型从知识库的大量数据中训练实体与上下文词汇的语义关联,然后提出用户兴趣主题模型来建模用户对实体的兴趣以及微博的语义,并完成实体链接的任务。此外,本文在真实数据集上进行了大量实验和分析,取得了87.6%的实体链接准确率,实验结果表明,与现有方法相比,该方法通过用户兴趣的建模更好地刻画了微博的语义,因而也取得了更高的实体链接准确率。     

"黑"语浅议

一、网络钓鱼 "网络钓鱼"(英文名Phishing)一词非常形象地描绘出实施攻击的方式,即黑客利用欺骗性的电子邮件、伪造的网站(网络骗子多会选择伪造网上银行、知名电子商务网站及其它在线交易系统)来进行网络诈骗活动,以骗取目标用户的信用卡号等私人财务信息.有道是"姜太公钓鱼,愿者上钩",那些未能及时分辨出网站真伪的网友,就会中了圈套,进而蒙受或多或少的经济损失.更令人防不胜防的是,目前采用最新技术的"网络钓鱼"攻击方式,最终能够使访问者浏览到指定的合法网站.例如,在一条即时通讯工具的消息或一封电子邮件中,包含有指向钓鱼式网站的链接,该网站能够记录当前访问用户的ID和密码,而后再将用户引导到真正的目标网站.     

玩微博谨防“被钓鱼

毫无疑问,微博的影响力已经日益超过各类传统媒体,并凭借其传递信息的快捷性和使用上的趣味性成为今日网民网上冲浪行为的重要组成部分。而在众多的微博网站中,新浪微博则凭借超过1.4亿的用户数量抢占了领头羊的位置。但是,互联网界树大招风的惯例又一次在新浪微博身上应验了,连日来,不少新生ID开始在新浪微博上频繁发送可疑链接,并以中奖等信息诱使用户进行点击,6月28日大规模爆发的新浪微博V字认证用户大量中毒并转发钓鱼链接即是这种情况的集中体现。     

Android平台上基于WebKit引擎的安全浏览器的设计与实现

文章针对当前网络攻击技术尤其是网络钓鱼攻击的技术,提出并建立了攻击模型。针对攻击模型,文章设计了移动终端安全浏览服务的模型和恶意网址黑名单更新策略,对安全浏览服务及其客户端/服务器端的通信协议及相关数据结构进行了详细的阐述。在安全浏览服务协议的基础上,文章设计并实现了Android平台上的安全浏览器,为Android平台用户提供了有价值的安全浏览应用服务。     

“黑”语浅议

“网络钓鱼”（英文名Phishing）一词非常形象地描绘出实施攻击的方式，即黑客利用欺骗性的电子邮件、伪造的网站（网络骗子多会选择伪造网上银行、知名电子商务网站及其它在线交易系统）来进行网络诈骗活动．以骗取目标用户的信用卡号等私人财务信息。有道是“姜太公钓鱼，愿者上钩”，那些未能及时分辨出网站真伪的网友．就会中了圈套，进而蒙受或多或少的经济损失。更令人防不胜防的是。目前采用最新技术的“网络钓鱼”攻击方式．最终能够使访问者浏览到指定的合法网站。例如，在一条即时通讯工具的消息或一封电子邮件中．包含有指向钓鱼式网站的链接．该网站能够记录当前访问用户的ID和密码．而后再将用户引导到真正的目标网站。     

Deep belief network based detection and categorization of malicious URLs

The Internet, web consumers and computing systems have become more vulnerable to cyber-attacks. Malicious uniform resource locator (URL) is a prominent cyber-attack broadly used with the intention of data, money or personal information stealing. Malicious URLs comprise phishing URLs, spamming URLs, and malware URLs. Detection of malicious URL and identification of their attack type are important to thwart such attacks and to adopt required countermeasures. The proposed methodology for detection and categorization of malicious URLs uses stacked restricted Boltzmann machine for feature selection with deep neural network for binary classification. For multiple classes, IBK-kNN, Binary Relevance, and Label Powerset with SVM are used for classification. The approach is tested with 27700 URL samples and the results demonstrate that the deep learning-based feature selection and classification techniques are able to quickly train the network and detect with reduced false positives.     

基于深度学习的恶意URL识别

网络攻击日益成为一个严重的问题.在这些攻击中,恶意URLs经常扮演着重要角色,并被广泛应用到各种类型的攻击,比如钓鱼、垃圾邮件以及恶意软件中.检测恶意链接对于阻止这些攻击具有重要意义.多种技术被应用于恶意URLs的检测,而近年来基于机器学习的方法得到越来越多的重视.但传统的机器学习算法需要大量的特征预处理工作,非常耗时耗力.在本文中,我们提出了一个完全基于词法特征的检测方法.首先,我们训练一个2层的神经网络,得到URLs中的字符的分布表示,然后训练对URL的分布表示生成的特征图像进行分类.在我们的试验中,使用真实数据,取得了精度为0.973和F1为0.918的结果.     

基于异常特征的钓鱼网站URL检测技术

典型的网络钓鱼是采用群发垃圾邮件,欺骗用户点击钓鱼网站URL地址,登录并输入个人机密信息的一种攻击手段。文章通过分析钓鱼网站URL地址的结构和词汇特征,提出一种基于异常特征的钓鱼网站URL检测方法。抽取钓鱼网站URL地址中4个结构特征、8个词汇特征,组成12个特征的特征向量,用SVM进行训练和分类。对PhishTank上7291条钓鱼网站URL分类实验,检测出7134条钓鱼网站URL,准确率达到97.85%。     

Fraudulent and malicious sites on the web

Fraudulent and malicious web sites pose a significant threat to desktop security, integrity, and privacy. This paper examines the threat from different perspectives. We harvested URLs linking to web sites from different sources and corpora, and conducted a study to examine these URLs in-depth. For each URL, we extract its domain name, determine its frequency, IP address and geographic location, and check if the web site is accessible. Using 3 search engines (Google, Yahoo!, and Windows Live), we check if the domain name appears in the search results; and using McAfee SiteAdvisor, we determine the domain name’s safety rating. Our study shows that users can encounter URLs pointing to fraudulent and malicious web sites not only in spam and phishing messages but in legitimate email messages and the top search results returned by search engines. To provide better countermeasures against these threats, we present a proxy-based approach to dynamically block access to fraudulent and malicious web sites based on the safety ratings set by McAfee SiteAdvisor.     

Phish Block: A Blockchain Framework for Phish Detection in Cloud

The data in the cloud is protected by various mechanisms to ensure security aspects and user’s privacy. But, deceptive attacks like phishing might obtain the user’s data and use it for malicious purposes. In Spite of much technological advancement, phishing acts as the first step in a series of attacks. With technological advancements, availability and access to the phishing kits has improved drastically, thus making it an ideal tool for the hackers to execute the attacks. The phishing cases indicate use of foreign characters to disguise the original Uniform Resource Locator (URL), typosquatting the popular domain names, using reserved characters for re directions and multi-chain phishing. Such phishing URLs can be stored as a part of the document and uploaded in the cloud, providing a nudge to hackers in cloud storage. The cloud servers are becoming the trusted tool for executing these attacks. The prevailing software for blacklisting phishing URLs lacks the security for multi-level phishing and expects security from the client’s end (browser). At the same time, the avalanche effect and immutability of block-chain proves to be a strong source of security. Considering these trends in technology, a block-chain based filtering implementation for preserving the integrity of user data stored in the cloud is proposed. The proposed Phish Block detects the homographic phishing URLs with accuracy of 91% which assures the security in cloud storage.     

基于威胁情报平台的恶意URL检测研究

互联网应用已经渗透到人们日常生活的方方面面,恶意URL防不胜防,给人们的财产和隐私带来了严重威胁。当前主流的防御方法主要依靠黑名单机制, 难以检测 黑名单以外的URL。因此,引入机器学习来优化恶意URL检测是一个主要的研究方向,但其主要受限于URL的短文本特性,导致提取的特征单一,从而使得检测效果较差。针对上述挑战,设计了一个基于威胁情报平台的恶意URL检测系统。该系统针对URL字符串提取了结构特征、情报特征和敏感词特征3类特征来训练分类器,然后采用多分类器投票机制来判断类别,并实现威胁情报的自动更新。实验结果表明,该方法对恶意URL进行检测 的准确率 达到了96%以上。     

Malicious URL detection by dynamically mining patterns without pre-defined elements

Detecting malicious URLs is an essential task in network security intelligence. In this paper, we make two new contributions beyond the state-of-the-art methods on malicious URL detection. First, instead of using any pre-defined features or fixed delimiters for feature selection, we propose to dynamically extract lexical patterns from URLs. Our novel model of URL patterns provides new flexibility and capability on capturing malicious URLs algorithmically generated by malicious programs. Second, we develop a new method to mine our novel URL patterns, which are not assembled using any pre-defined items and thus cannot be mined using any existing frequent pattern mining methods. Our extensive empirical study using the real data sets from Fortinet, a leader in the network security industry, clearly shows the effectiveness and efficiency of our approach.     

A lightweight and proactive rule-based incremental construction approach to detect phishing scam

The development of digitization over the globe has made digital security inescapable. As every single article on this planet is being digitalized quickly, it is more important to protect those items. Numerous cyber threats effectively deceive ordinary individuals to take away their identifications. Phishing is a kind of social engineering attack where the hackers are using this kind of attack in modern days to steal the user's credentials. After a systematic research analysis of phishing technique and email scam, an intrusion detection system in chrome extension is developed. This technique is used to detect real-time phishing by examining the URL, domain, content and page attributes of an URL prevailing in an email and any web page portion. Considering the reliability, robustness and scalability of an efficient phishing detection system, we designed a lightweight and proactive rule-based incremental construction approach to detect any unknown phishing URLs. Due to the computational intelligence and nondependent of the blacklist signatures, this application can detect the zero-day and spear phishing attacks with a detection rate of 89.12% and 76.2%, respectively. The true positive values acquired in our method is 97.13% and it shows less than 1.5% of false positive values. Thus the application shows the precision level higher than the previous model developed and other phishing techniques. The overall results indicate that our framework outperforms the existing method in identifying phishing URLs.

     

QR二维码防钓鱼的研究

QR码(quick response code)是一种简单易用的矩阵条码。随着移动互联网的崛起和繁荣,已经广泛应用于人们的日常活动中。它给人们带来便利的同时,还伴有钓鱼网站、病毒软件、信息泄漏等网络安全风险和恶意攻击。越来越多的钓鱼攻击由传统的诱导式电子邮件转变为一扫即开的二维码,堂而皇之地在移动互联网世界里游荡。新闻稿中也屡见各种伪造二维码、钓鱼二维码导致人们的信息和财产受到损失的报道。目前流行的具有支持扫码功能的App如微信、支付宝等均无法有效甄别钓鱼网站。文中分析了QR码的基本结构和原理,钓鱼网站以及防范钓鱼的传统技术,从URL结构和网页内容两个方面分析钓鱼网站的异常特征,并且相应地给出检测方法和数学模型,设计并实现Android平台的QR码钓鱼网站识别技术。     

基于AdaCostBoost算法的网络钓鱼检测

针对日益严重的网络钓鱼攻击, 提出机器学习的方法进行钓鱼网站的检测和判断. 首先, 根据URL提取敏感特征, 然后, 采用AdaBoost算法进行训练出分类器, 再用训练好的分类器对未知URL检测识别. 最后, 针对非平衡代价问题, 采用了改进后的AdaBoost算法--AdaCostBoost, 加入代价因子的计算. 实验结果表明, 文中提出的网络钓鱼检测方法, 具有较优的检测性能.