面向高速网络流量的恶意镜像网站识别方法

doi:10.11959/j.issn.1000-436x.2019089

Abstract

Abstract:

Aiming at the problem that some information causing harm to the network environment was transmitted through the mirror website so as to bypass the detection,an identification method of malicious mirror website for high-speed network traffic was proposed.At first,fragmented data from the traffic was extracted,and the source code of the webpage was restored.Next,a standardized processing module was utilized to improve the accuracy.Additionally,the source code of the webpage was divided into blocks,and the hash value of each block was calculated by the simhash algorithm.Therefore,the simhash value of the webpage source codes was obtained,and the similarity between the webpage source codes was calculated by the Hamming distance.The page snapshot was then taken and SIFT feature points were extracted.The perceptual hash value was obtained by clustering analysis and mapping processing.Finally,the similarity of webpages was calculated by the perceptual hash values.Experiments under real traffic show that the accuracy of the method is 93.42%,the recall rate is 90.20%,the F value is 0.92,and the processing delay is 20 μs.Through the proposed method,malicious mirror website can be effectively detected in the high-speed network traffic environment.

Key words: malicious mirror website, simhash algorithm, webpage similarity

CLC Number:

TP309

Lei ZHANG,Peng ZHANG,Wei SUN,Xingdong YANG,Lichao XING. IMM4HT:an identification method of malicious mirror website for high-speed network traffic[J]. Journal on Communications, 2019, 40(7): 87-94.

Figures/Tables 11

References 15

[1]	CINIC.The 41st China statistical report on internet development[R]. Beijing:China Internet Network Information Center, 2018.
[2]	QIN Z , YAN J , REN K ,et al. SecSIFT:secure image SIFT feature extraction in cloud computing[J]. ACM Transactions on Multimedia Computing,Communications and Applications, 2016,12(4s):65.
[3]	GOMEZ-NIETO E , SAN ROMAN F , PAGLIOSA P ,et al. Similarity preserving snippet-based visualization of Web search results[J]. IEEE Transactions on Visualization and Computer Graphics, 2014,20(3): 457-470.
[4]	HOFMANN T , . Probabilistic latent semantic indexing[C]// ACM SIGIR Forum. ACM, 2017: 211-218.
[5]	SADOWSKI C , LEVIN G . Simhash:hash-based similarity detection[R]. Google, 2007.
[6]	KO?CZ A , CHOWDHURY A . Lexicon randomization for near-duplicate detection with I-match[J]. The Journal of Supercomputing, 2008,45(3): 255-276.
[7]	SHIVAKUMAR N , GARCIA-MOLINA H , . Finding near-replicas of documents on the Web[C]// International Workshop on the World Wide Web and Databases. Springer , 1998: 204-212.
[8]	KAPOOR A , ARORA V . Application of bloom filter for duplicate URL detection in a web crawler[C]// IEEE International Conference on Collaboration and Internet Computing. IEEE, 2016: 246-255.
[9]	JIANG J , CHEN J , CHOO K K R ,et al. A deep learning based online malicious URL and DNS detection scheme[C]// International Conference on Security and Privacy in Communication Systems. Springer, 2017: 438-448.
[10]	LIU W , DENG X , HUANG G ,et al. An antiphishing strategy based on visual similarity assessment[J]. IEEE Internet Computing, 2006,10(2): 58-65.
[11]	MAO J , TIAN W , LI P ,et al. Phishing-alarm:robust and efficient phishing detection via page component similarity[J]. IEEE Access, 2017(5): 17020-17030.
[12]	ZHANG H , LIU G , CHOW T W S ,et al. Textual and visual content-based anti-phishing:a Bayesian approach[J]. IEEE Transactions on Neural Networks, 2011,22(10): 1532-1546.
[13]	CHEN Z , ZHANG P , ZHENG C ,et al. CookieMiner:towards real-time reconstruction of web-downloading chains from network traces[C]// IEEE International Conference on Communications. IEEE, 2016: 1-6.
[14]	BOBBARJUNG D R , JAGANNATHAN S , DUBNICKI C . Improving duplicate elimination in storage systems[J]. ACM Transactions on Storage, 2006,2(4): 424-448.
[15]	MIKOLAJCZYK K , SCHMID C . A performance evaluation of local descriptors[J]. IEEE transactions on pattern analysis and machine intelligence, 2005,27(10): 1615-1630.

Metrics

Recommended 0

No Suggested Reading articles found!

算法	准确率	召回率	F值
基于URL相似度^[9]	80.58%	75.32%	0.778 6
基于内容相似度^[5]	87.64%	84.65%	0.861 2
基于视觉相似度^[11]	91.71%	89.23%	0.904 5
IMM4HT	93.42%	90.20%	0.917 8

IMM4HT:an identification method of malicious mirror website for high-speed network traffic

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 11

References 15

Related Articles 15

Metrics

Recommended 0

[1]	Xiaoni DU, Xiangyu WANG, Lifang LIANG, Kaibin LI. Quantum cryptanalysis of lightweight block cipher Piccolo [J]. Journal on Communications, 2023, 44(6): 175-182.
[2]	Zhen ZHENG, Yingjian YAN, Juesong CAI, Yanjiang LIU. Non-specific TVLA method based on two-sample KS test [J]. Journal on Communications, 2023, 44(5): 137-147.
[3]	Tao FENG, Liqiu CHEN, Junli FANG, Jianming SHI. Blockchain data sharing scheme based on localized difference privacy and attribute-based searchable encryption [J]. Journal on Communications, 2023, 44(5): 224-233.
[4]	Dacheng ZHOU, Hongchang CHEN, Weizhen HE, Guozhen CHENG, Hongchao HU. Research on multidimensional dynamic defense strategy for microservice based on deep reinforcement learning [J]. Journal on Communications, 2023, 44(4): 50-63.
[5]	Ming TANG, Yifan HU. Load-to-store: exploit the time leakage of store buffer transient window [J]. Journal on Communications, 2023, 44(4): 64-77.
[6]	Wei LI, Chun LIU, Dawu GU, Wenqian SUN, Jianning GAO, Mengyang QIN. Statistical ineffective fault analysis of the lightweight authenticated cipher algorithm Saturnin-Short [J]. Journal on Communications, 2023, 44(4): 167-175.
[7]	Yuling LIU, Cuilin WANG, Zhangjie FU. Generative text steganography method based on emotional expression in semantic space [J]. Journal on Communications, 2023, 44(4): 176-186.
[8]	Baiji HU, Xiaojuan ZHANG, Yuancheng LI, Rongxin LAI. Multi-function supported privacy protection data aggregation scheme for V2G network [J]. Journal on Communications, 2023, 44(4): 187-200.
[9]	Wei FAN, Cheng PENG, Dali ZHU, Yuqing WANG. Research on intrusion response strategy based on static Bayesian game in mobile edge computing network [J]. Journal on Communications, 2023, 44(2): 70-81.
[10]	Dongyan HUANG, Kun LI. Research on multi-address time-based blockchain covert communication method [J]. Journal on Communications, 2023, 44(2): 148-159.
[11]	Shufen ZHANG, Yanling DONG, Jingcheng XU, Haoshi WANG. AdaBoost algorithm based on target perturbation [J]. Journal on Communications, 2023, 44(2): 198-209.
[12]	Shengbao WANG, Xin ZHOU, Kang WEN, Bosen WENG. Tripartite authenticated key exchange protocol for smart grid [J]. Journal on Communications, 2023, 44(2): 210-218.
[13]	Yiliang HAN, Kaiyang GUO, Riming WU, Kai LIU. Attribute-based encryption scheme against key abuse based on OBDD access structure from lattice [J]. Journal on Communications, 2023, 44(1): 75-88.
[14]	Chao XIA, Yaqi LIU, Qingxiao GUAN, Xin JIN, Yanshuo ZHANG, Shengwei XU. Steganalysis of JPEG images using non-linear residuals [J]. Journal on Communications, 2023, 44(1): 142-152.
[15]	Xiaodong FU, Xinxin QI, Li LIU, Wei PENG, Jiaman DING, Fei DAI. Detecting and preventing collusion attack in DPoS based on power index [J]. Journal on Communications, 2022, 43(12): 123-133.