一种基于网页关联性特征的钓鱼检测方法

发布时间：2019-06-26 21:10

【摘要】：钓鱼网站是指不法分子利用各种手段仿冒的银行、电子商务等网站,以此来骗取用户银行或信用卡账号、密码等私人信息。为了取得用户的信任,钓鱼袭击者通常会模拟合法网页来构建钓鱼网页,所以一个钓鱼网站与它的目标网站之间是有着很强的关联性的。本文提出一种基于网页关联性的钓鱼网页检测方法。网页关联性主要包括网页图像感知哈希关联性、搜索关联性、文字关联性和网页整体关联性,本文将这四种关联性用于钓鱼网页的检测以及特征库的构建与更新,主要的工作与贡献如下: 首先,研究基于图像感知哈希关联性的钓鱼网页检测方法。将网页以图片格式保存,提取图像的主要可视像素点,由这些像素点组成感知哈希序列,再进行图像的相似度匹配。该方法既克服了钓鱼网页存活时间短的问题,又能快速地与特征库进行匹配。实验结果表明,该方法在保证一定误判率和召回率的情况下大大提高了匹配速度。其次,研究特征库的构建。钓鱼网页更新速度是很快的,所以在进行反钓鱼袭击的工作中,除了要考虑钓鱼检测方法的优劣外,还需要考虑特征库的构建问题。本文提出一种新的由钓鱼网页查找目标网页的方法,用这些目标网页来构架特征库。该方法通过提取到的钓鱼网页中的关键词组成一个词汇签名,将词汇签名在多个搜索引擎上进行检索,综合搜索结果,最终找出钓鱼网页的目标网页。经过实验验证,该方法收集的数据确实提高了钓鱼检测方法的正确率。最后,研究特征库的更新。利用搜索引擎检索目标网页的方式来及时更新网页特征库。仿真实验证明,对特征库进行更新有助于降低误判率。
[Abstract]:Phishing website refers to the illegal use of various means to fake banks, e-commerce and other websites, in order to defraud users of bank or credit card accounts, passwords and other private information. In order to gain the trust of users, phishing attackers usually simulate legitimate pages to build phishing pages, so there is a strong correlation between a phishing site and its target site. In this paper, a phishing web page detection method based on web page correlation is proposed. Web page relevance mainly includes web page image aware hash correlation, search relevance, text relevance and web page overall relevance. In this paper, these four associations are used to detect phishing pages and the construction and updating of feature library. The main work and contributions are as follows: firstly, the phishing web page detection method based on image aware hash relevance is studied. The web page is saved in picture format, the main visual pixel points of the image are extracted, and the perceptual hash sequence is composed of these pixel points, and then the similarity matching of the image is carried out. This method can not only overcome the problem of short survival time of phishing pages, but also match the feature library quickly. The experimental results show that the matching speed is greatly improved under the condition of ensuring a certain misjudgment rate and recall rate. Secondly, the construction of feature library is studied. The updating speed of phishing web page is very fast, so in the work of anti-phishing attack, we should not only consider the advantages and disadvantages of phishing detection method, but also consider the construction of feature library. In this paper, a new method of finding target pages from phishing pages is proposed, and these target pages are used to construct feature libraries. In this method, a lexical signature is formed by extracting keywords from phishing pages, and the lexical signatures are searched on multiple search engines. The search results are synthesized, and finally the target web pages of phishing pages are found out. The experimental results show that the data collected by this method do improve the accuracy of phishing detection method. Finally, the update of feature library is studied. The search engine is used to retrieve the target web page to update the feature library of the web page in time. The simulation results show that updating the feature library is helpful to reduce the misjudgment rate.
【学位授予单位】：南京邮电大学
【学位级别】：硕士
【学位授予年份】：2012
【分类号】：TP393.08

【参考文献】