基于异常特征的钓鱼网站URL检测技术

典型的网络钓鱼是采用群发垃圾邮件,欺骗用户点击钓鱼网站URL地址,登录并输入个人机密信息的一种攻击手段。文章通过分析钓鱼网站URL地址的结构和词汇特征,提出一种基于异常特征的钓鱼网站URL检测方法。抽取钓鱼网站URL地址中4个结构特征、8个词汇特征,组成12个特征的特征向量,用SVM进行训练和分类。对PhishTank上7291条钓鱼网站URL分类实验,检测出7134条钓鱼网站URL,准确率达到97.85%。     

基于AdaCostBoost算法的网络钓鱼检测

针对日益严重的网络钓鱼攻击, 提出机器学习的方法进行钓鱼网站的检测和判断. 首先, 根据URL提取敏感特征, 然后, 采用AdaBoost算法进行训练出分类器, 再用训练好的分类器对未知URL检测识别. 最后, 针对非平衡代价问题, 采用了改进后的AdaBoost算法--AdaCostBoost, 加入代价因子的计算. 实验结果表明, 文中提出的网络钓鱼检测方法, 具有较优的检测性能.     

基于单词匹配和编辑距离的钓鱼贝叶斯检测器研究

网络钓鱼是目前信息安全领域的一个研究热点,基于域名信息的钓鱼检测是使用较为广泛的一种方法.文章利用编辑距离寻找与已知正常域名相近的域名,根据域名信息提取域名单词最大匹配特征、域名分割特征和URL分割特征,利用这些特征训练贝叶斯分类器,根据给定特征属于哪一类的概率来判断此URL是否为钓鱼URL,实验结果表明该方法能有效提高判断准确性.     

基于URL混淆技术识别的钓鱼网页检测方法

针对钓鱼URL常用的混淆技术,提出一种基于规则匹配和逻辑回归的钓鱼网页检测方法（RMLR）。首先,使用针对违反URL命名标准及隐藏钓鱼目标词等混淆技术所构建的规则库对给定网页分类,若可判定其为钓鱼网址,则省略后续的特征提取及检测过程,以满足实时检测的需要。若未能直接判定为钓鱼网址,则提取该URL的相关特征,并使用逻辑回归分类器进行二次检测,以提升检测的适应性和准确率,并降低因规则库规模不足导致的误报率。同时,RMLR引入基于字符串相似度的Jaccard随机域名识别方法来辅助检测钓鱼URL。实验结果表明,RMLR准确率达到98.7%,具有良好的检测效果。     

基于数据挖掘的钓鱼网站URL预测研究

钓鱼网站的主要手段是采用群发垃圾文件,欺骗用户在钓鱼网站URL地址,登陆并输入个人机密信息的一种攻击手段。本文通过分析钓鱼网站URL地址的结构和词汇特征,对出现异常的钓鱼网站URL进行预测。将钓鱼网站URL地址中抽取的结构特征,词汇特征等,采用数据挖掘的方法进行预测。本文使用四种分类算法,决策树、随机森林、KNN、SVM算法对数据进行分类预测。     

基于主辅特征和深度学习的钓鱼网页检测方法

为提升钓鱼网页检测的准确率和效率,提出基于主辅特征的混合式深度学习模型.从URL、HTML页面内容和文档对象模型(document object model,DOM)结构中提取39种特征来表示钓鱼网页的多样性,其中包括两种新特征,基于信息增益将这39种特征根据重要程度分为主要特征和辅助特征;将两种特征向量通过不同通道分别送入由卷积神经网络和双向长短时记忆网络组成的混合式深度学习网络进行训练,对两通道的输出进行加权融合实现分类.实验结果表明,所提模型能有效地检测钓鱼网页.     

基于集成学习的钓鱼网页深度检测系统

网络钓鱼是一种在线欺诈行为,它利用钓鱼网页仿冒正常合法的网页,窃取用户敏感信息从而达到非法目的.提出了基于集成学习的钓鱼网页深度检测方法,采用网页渲染来应对常见的页面伪装手段,提取渲染后网页的URL信息特征、链接信息特征以及页面文本特征,利用集成学习的方法,针对不同的特征信息构造并训练不同的基础分类器模型,最后利用分类集成策略综合多个基础分类器生成最终的结果.针对PhishTank钓鱼网页的检测实验表明,本文提出的检测方法具有较好的准确率与召回率.     

基于LVQ神经网络的反网络钓鱼技术研究简

随着网上金融和电子商务的迅速发展,在线购物、网上理财的用户数量急速上升,人们日益享受着互联网带来的便利,与此同时,以网上理财、在线购物等电子商务用户为主要攻击目标的网络钓鱼活动也迅速蔓延。网络钓鱼严重损害了网络用户以及网络服务提供商的利益,影响我国电子商务的发展。本文提出了一种基于LVQ神经网络的反钓鱼技术,通过综合分析钓鱼网址的URL特征和页面特征,并进行自动分类,取得了良好的检测效果。     

基于域名信息的钓鱼URL探测

提出一种基于域名信息的钓鱼URL探测方法。使用编辑距离寻找与已知正常域名相似的域名,根据域名信息提取域名单词最大匹配特征、域名分割特征和URL分割特征,利用上述特征训练分类器,由此判断其他URL是否为钓鱼URL。在真实数据集上的实验结果表明,该方法钓鱼URL正确检测率达94%。     

一种基于集成学习的钓鱼网站检测方法

针对钓鱼攻击者常用的伪造HTTPS网站以及其他混淆技术,借鉴了目前主流基于机器学习以及规则匹配的检测钓鱼网站的方法RMLR和PhishDef,增加对网页文本关键字和网页子链接等信息进行特征提取的过程,提出了Nmap-RF分类方法。Nmap-RF是基于规则匹配和随机森林方法的集成钓鱼网站检测方法。根据网页协议对网站进行预过滤,若判定其为钓鱼网站则省略后续特征提取步骤。否则以文本关键字置信度,网页子链接置信度,钓鱼类词汇相似度以及网页PageRank作为关键特征,以常见URL、Whois、DNS信息和网页标签信息作为辅助特征,经过随机森林分类模型判断后给出最终的分类结果。实验证明,Nmap-RF集成方法可以在平均9~10 μs的时间内对钓鱼网页进行检测,且可以过滤掉98.4%的不合法页面,平均总精度可达99.6%。     

Deep belief network based detection and categorization of malicious URLs

The Internet, web consumers and computing systems have become more vulnerable to cyber-attacks. Malicious uniform resource locator (URL) is a prominent cyber-attack broadly used with the intention of data, money or personal information stealing. Malicious URLs comprise phishing URLs, spamming URLs, and malware URLs. Detection of malicious URL and identification of their attack type are important to thwart such attacks and to adopt required countermeasures. The proposed methodology for detection and categorization of malicious URLs uses stacked restricted Boltzmann machine for feature selection with deep neural network for binary classification. For multiple classes, IBK-kNN, Binary Relevance, and Label Powerset with SVM are used for classification. The approach is tested with 27700 URL samples and the results demonstrate that the deep learning-based feature selection and classification techniques are able to quickly train the network and detect with reduced false positives.     

基于内容提取的短链接生成算法研究

短网址服务通过将较长的目标网址缩短,来方便人们记忆并分享。社交网络尤其是近年来微博的盛行,使短网址服务获得广泛的应用。然而,现在短网址服务同时被不法分子盯上,他们利用短网址来伪装恶意链接,尤其是钓鱼网站链接,利用微博平台进行快速传播,最终窃取用户敏感信息甚至诈骗钱财,危害互联网安全。本文提出了一种新的短链接生成算法,通过对链接进行分析并在短网址中插入简短的目的网址内容,使用户在点击链接前能够辨识短网址的链接目标,以达到防范网络钓鱼的目的。     

New rule-based phishing detection method

In this paper, we present a new rule-based method to detect phishing attacks in internet banking. Our rule-based method used two novel feature sets, which have been proposed to determine the webpage identity. Our proposed feature sets include four features to evaluate the page resources identity, and four features to identify the access protocol of page resource elements. We used approximate string matching algorithms to determine the relationship between the content and the URL of a page in our first proposed feature set. Our proposed features are independent from third-party services such as search engines result and/or web browser history. We employed support vector machine (SVM) algorithm to classify webpages. Our experiments indicate that the proposed model can detect phishing pages in internet banking with accuracy of 99.14% true positive and only 0.86% false negative alarm. Output of sensitivity analysis demonstrates the significant impact of our proposed features over traditional features. We extracted the hidden knowledge from the proposed SVM model by adopting a related method. We embedded the extracted rules into a browser extension named PhishDetector to make our proposed method more functional and easy to use. Evaluating of the implemented browser extension indicates that it can detect phishing attacks in internet banking with high accuracy and reliability. PhishDetector can detect zero-day phishing attacks too.     

A lightweight and proactive rule-based incremental construction approach to detect phishing scam

The development of digitization over the globe has made digital security inescapable. As every single article on this planet is being digitalized quickly, it is more important to protect those items. Numerous cyber threats effectively deceive ordinary individuals to take away their identifications. Phishing is a kind of social engineering attack where the hackers are using this kind of attack in modern days to steal the user's credentials. After a systematic research analysis of phishing technique and email scam, an intrusion detection system in chrome extension is developed. This technique is used to detect real-time phishing by examining the URL, domain, content and page attributes of an URL prevailing in an email and any web page portion. Considering the reliability, robustness and scalability of an efficient phishing detection system, we designed a lightweight and proactive rule-based incremental construction approach to detect any unknown phishing URLs. Due to the computational intelligence and nondependent of the blacklist signatures, this application can detect the zero-day and spear phishing attacks with a detection rate of 89.12% and 76.2%, respectively. The true positive values acquired in our method is 97.13% and it shows less than 1.5% of false positive values. Thus the application shows the precision level higher than the previous model developed and other phishing techniques. The overall results indicate that our framework outperforms the existing method in identifying phishing URLs.