文档介绍:第 49 卷第 9 期
Vol. 49 No. 9
�山东大学学报( 理学版)
Journal of Shandong University( Natural Science)
�2014 年 9 月
Sep. 2014
文章编号: 1671-9352( 2014) 09-0090-07 DOI: 10. 6040 / j. issn. 1671-9352. 2. 2014. 337
支持页面特征伪造识别的钓鱼网页检测方法
王伟平,张兵
( 中南大学信息科学与工程学院,湖南长沙 410083)
摘要: 钓鱼网站是指伪装成合法网站,窃取用户提交的账号、密码等私密信息的网站。基于页面特征识别的钓鱼网站检测方法具有较好的识别准确性,但现有方法对页面特征伪造的情况识别较弱,容易漏判。首先分析了大量钓鱼网站的页面代码,总结了常见的 9 种页面特征伪造方式,并针对性地提出了支持页面特征伪造识别的钓鱼网站检测方法。该方法对页面渲染后再做特征提取识别,在页面渲染过程中检查 URL 地址跳转的伪装,通过直接操纵 DOM 提取 iframe 内嵌页面的内容,去除页面所有隐藏元素以防止钓鱼攻击者伪造页面关键词。测试结果表明该方法能够去除多种伪装,完成页面特征的准确提取,提高检测的准确率。
关键词: 钓鱼网页; 特征伪造; 检测
中图分类号: TP393 文献标志码: A
Detecting phishing webpage with spoofed specific features
WANG Wei-ping ,ZHANG Bing
( School of Information Science and Engineering,Central South University,Changsha 410083,Hunan,China)
Abstract: Phishing usually refers to websites masquerading as legitimate sites to steal users’accounts,passwords or other private information. The phishing webpage detection based on webpage specific features has a high accuracy rate. However,existing approaches cannot deal with the phishing webpage with spoofed specific features,w hich will lead to false negative results. Through analyzing a large number of phishing webpage,nine kinds of spoofing methods were concluded,w hich can conceal real page features or deliberately insert forged features. Based on this,a new detection method was proposed to deal wit