基于页面布局相似性的钓鱼网页发现方法

doi:10.11959/j.issn.1000-436x.2016257

通信学报 ›› 2016, Vol. 37 ›› Issue (Z1): 116-124.doi: 10.11959/j.issn.1000-436x.2016257

基于页面布局相似性的钓鱼网页发现方法

邹学强^1,²,张鹏¹,黄彩云,陈志鹏¹,孙永¹,刘庆云¹

¹ 中国科学院信息工程研究所，北京 100093
² 国家计算机网络应急技术处理协调中心，北京 100029

出版日期:2016-10-25 发布日期:2017-01-17
基金资助:
国家自然科学基金资助项目;国家自然科学基金资助项目;国家自然科学基金资助项目;国家高技术研究发展计划（“863”计划）基金资助项目

Phishing attacks discovery based on HTML layout similarity

Xue-qiang ZOU^1,²,Peng ZHANG¹,Cai-yun HUANG,Zhi-peng CHEN¹,Yong SUN¹,Qing-yun LIU¹

¹ Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China
² National Computer Network Emergency Response and Coordination Center,Beijing 100029,China

Online:2016-10-25 Published:2017-01-17
Supported by:
The National Natural Science Foundation of China;The National Natural Science Foundation of China;The National Natural Science Foundation of China;The National High Technology Research and Development Program of China (863 Program)

摘要/Abstract

摘要：

针对钓鱼网页与真实网页布局结构相似的特点，提出了基于页面布局相似性的钓鱼网页发现方法，该方法首先抽取出网页中带链接属性的标签作为特征，然后基于该特征提取网页标签序列分支来标识网页；接着通过网页标签序列树对齐算法将网页标签序列树的对齐转换成网页标签序列分支的对齐，使二维的树结构转换成一维的字符串结构，最后通过生物信息学 BLOSUM62编码的替换矩阵快速计算对齐分值，从而提高钓鱼网页的检测效果，仿真实验表明该方法可行，并具有较高的准确率和召回率。

关键词: 页面布局, 钓鱼网页, 标签序列树

Abstract:

Based on the similarity of the layout structure between the phishing sites and real sites,an approach to discover phishing sites was presented.First,the tag with link attribute as a feature was extracted,and then based on the feature,the page tag sequence branch to identify website was extracted,followed by the page layout similarity-HTMLTagAntiPhish,the alignment of page tag sequence tree into the alignment of page tag sequence branches was converted,this converted two-dimention tree structure into one-dimention string structure,and finally through the substitution matrix of bioinfor-matics BLOSUM62 coding,alignment score quickly to improve the phishing sites detection efficiency was computed.A series of simulation experiments show that this approach is feasible and has higher precision and recall rates.

Key words: layout similarity, phishing attack, tag sequence tree

邹学强,张鹏,黄彩云,陈志鹏,孙永,刘庆云. 基于页面布局相似性的钓鱼网页发现方法[J]. 通信学报, 2016, 37(Z1): 116-124.

Xue-qiang ZOU,Peng ZHANG,Cai-yun HUANG,Zhi-peng CHEN,Yong SUN,Qing-yun LIU. Phishing attacks discovery based on HTML layout similarity[J]. Journal on Communications, 2016, 37(Z1): 116-124.

图/表 9

图1

图2

图3

表1

图4

图5

图6

表2

图7

参考文献 9

[1]	LI Z , ALRWAIS S , XIE Y , et al. Finding the linchpins of the dark Web:a study on topologically dedicated hosts on malicious web infrastruc-tures[C]//IEEE Symposium on Security and Privacy (SP). 2013:112-126.
[2]	CANALI D , COVA M , VIGNA G , et al. Prophiler:a fast filter for the large-scale detection of malicious web pages[C]//The 20th Interna-tional Conference on World Wide Web. 2011:197-206.
[3]	ESHETE B , VILLAFIORITA A , WELDEMARIAM K . Binspect:holis-tic analysis and detection of malicious web pages[J]. Security and Pri-vacy in Communication Networks, 2013,106: 149-166.
[4]	PRAKASH P , KUMAR M , KOMPELLA R R , et al. Phishnet:predictive blacklisting to detect phishing attacks[C]//The 29th IEEE International Conference on Computer Communications (INFOCOM). 2010:1-5.
[5]	SHENG S , WARDMAN B , WARNER G , et al. An empirical analysis of phishing blacklists[C]//The 6th Conference in Email and Anti-Spam (CEAS). 2009.
[6]	LIU G , QIU B , LIU Y . Automatic detection of phishing target from phishing webpage[C]//The 20th International Conference on Pattern Recognition (ICPR). 2010:4153-4156.
[7]	BLOSUM62 substitution matrix[EB/OL]. .
[8]	OpenDNS PhishTank[EB/OL]. . 2014.
[9]	URoulette.Home Page[EB/OL]. , 2007.

标签	编码	标签	编码
a	A	img	M
div	C	p	N
input	D	body	P
script	E	form	Q
link	F	head	R
span	G	HTML	S
style	H	noscript	T
li	I	pre	V
meta	K	title	W
i	L	ul	Y

阈值	TagsAlignment	TagsAlignment	TagsMatchi	TagsMatching
阈值	误报率	漏报率	误报率	漏报率
0	100%	0	100%	0
0.1	88.31%	0	90.86%	0
0.2	62.19%	0	75.96%	0
0.3	45.20%	0	55.29%	0
0.4	30.16%	0	40.86%	0
0.5	16.89%	0	30.29%	0
0.6	7.54%	0.03%	18.27%	0
0.7	0	18.42%	12.5%	0
0.8	0	39.47%	5.29%	21.05%
0.9	0	73.68%	0.48%	50%
1.0	0	100%	0	100%

基于页面布局相似性的钓鱼网页发现方法

Phishing attacks discovery based on HTML layout similarity

在线阅读

PDF下载

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 9

参考文献 9

相关文章 0

Metrics

推荐阅读 0