本文纯属笔记。

1.APWG : 国际反钓鱼组织,每季度有关于全球钓鱼攻击方面的统计和分析信息;
2.Microsoft Computing Safer Index Report:介绍了每年因钓鱼攻击造成的财产损失情况。
3. Phishing URL Detection with ML

An phisher has full control over the sub-domain portions and can set any value to it. The URL may also have a path and file components which, too, can be changed by the phisher at will. The sub-domain name and path are fully controllable by the phisher.

攻击方式:
1)The sub-domain portions of URL can be control and set any value to it.
2)The path and file components of URL can be changed by the phisher at will. 
3)The attacker can register any domain name that has not been registered before. The phisher can change FreeURL at any time to create a new URL. The reason security defenders struggle to detect phishing domains is because of the unique part of the website domain. 
4)The phisher tried to make the domain look like the domain of the legal URL. 
5)Other methods that are often used by attackers are Cybersquatting and Typosquatting.
Cybersquatting (also known as domain squatting), is registering, trafficking in ,or using a domain name with bad faith intent to profit from the goodwill of a trademark belonging to someone else. 
That is to say, the phisher can register the similarity of your company’s URL.(For example, the name of your company is “abcompany” and you register as abcompany.com. Then phishers can register abcompany.net, abcompany.org, abcompany.biz and they can use it for fraudulent purpose.)
Typosquatting, also called URL hijacking, is a form of cybersquatting which relies on mistakes such as typographical errors made by Internet users when inputting a website address into a web browser or based on typographical errors that are hard to notice while quick reading.

Features Used for Phishing Domain Detection
1)URL-Based Features
2)Domain-Based Features
3)Page-Based Features
4)Content-Based Features

URL-Based Features
    Digit count in the URL
    Total length of URL
    Checking whether the URL is Typosquatted or not
    Checking whether it includes a legitimate brand name or not
    Number of sub-domains in URL 
    Is top Level Domain (TLD) one of the commonly used one
Domain-Based Features
    Its domain name or its IP address in blacklists of well-known reputation services?
    How many days passed since the domain was registered?
    Is the registrant name hidden
Page-Based Features    Global Page rank
    Country Page rank
    Position at the Alexa Top 1 Million Site
    Estimated Number of Visits for the domain on a daily, weekly, or monthly basis
    Average Page views per visit
    Average Visit Duration
    Web traffic share per country
    Count of reference from Social Networks to the given domain
    Category of the domain
    Similar websites etc.

Content-Based Features    Page Titles
    Meta Tags
    Hidden Text
    Text in the Body
    Images etc

What is URL Filtering?

cyber security and phish detection相关推荐

  1. 网络安全立法探讨(Cyber Security Laws discussion):立法是否应该更严格?

    网络时代,网络犯罪如影随形. 网络安全通常被认为是学术性很强的一个领域,充斥着各种术语.行话.天才:黑客.病毒.木马.后门.钓鱼.破解.零日漏洞.社交工程- 媒体描述下的网络犯罪简直跟科幻电影一样:不 ...

  2. Cyber Security 和 Network Security

    网络范围区分: 1. Network Security: 主要对应于内部使用网络,主要用于管理公司内的网络行为,监控公司内部的重要信息,员工的上网行为等等. 2. Cyber Security: 主要 ...

  3. Cyber security和Network security的区别

    由于近期关注中国网络安全法,英文叫法为China Cyber Security Law, 但是印象中网络安全有Network Security, 哪么这两种有什么区别呢. 网上有很多种解释,总感觉不太 ...

  4. 浅谈汽车网络安全(Cyber Security)-MCU

    为何要引入汽车网络安全 随着汽车新四化的发展,尤其是网联化及自动驾驶的推进,汽车网络信息安全显得越来越重要. 一方面,汽车在使用过程中会产生大量用户数据,比如你什么时间去了什么地方,以及日常车辆行驶路 ...

  5. 论文阅读|AIT Cyber Range: Flexible Cyber Security Environment for Exercises, Training and Research

    论文主题:概述了AIT(奥地利国家技术研究院) Cyber Range的体系结构以及它实现的四个模块:计算平台(Computing Platform).基础设施供应(Infrastructure Pr ...

  6. When Cyber Security Meets Machine Learning 机器学习 安全分析 对于安全领域的总结很有用 看未来演进方向...

    链接:http://ucys.ugr.es/jnic2016/docs/MachineLearning_LiorRokachJNIC2016.pdf https://people.eecs.berke ...

  7. 【文献翻译】构建网络安全知识库的框架-A Framework to Construct Knowledge Base for Cyber Security

    摘要--现在有一些针对不同方面的独立网络安全知识库.在互联网上,也有很多网络安全相关的内容以文字的形式存在.融合这些网络安全相关信息可以是一项有意义的工作.在本文中,我们提出了一个框架来整合现有的网络 ...

  8. Cyber security

    Using TCP/IP 任务1:SYN泛滥攻击 SYN flood是一种DoS攻击的形式,攻击者向受害者的TCP端口发送许多SYN请求,但  攻击者并不打算完成三方握手程序.攻击者要么使用欺骗的IP ...

  9. 香港专业教育学院学会编写网络钓鱼电子邮件的9件事

    For the past six months, I've been writing and sending phishing emails to thousands of innocent peop ...

最新文章

  1. opengl 创建context_OpenGL学习笔记1-创建窗口,绘制三角形
  2. 最大字段和_使对易失性字段的操作原子化
  3. 新论文推荐:Auto-Keras:自动搜索深度学习模型的网络架构和超参数
  4. 创建虚拟环境和新建工程目录
  5. 前端学习(3270):js中this的使用call bind
  6. 【“互联网+”大赛华为云赛道】GaussDB命题攻略:支持三种开发语言,轻松完成数据库缓冲池
  7. 20200707:动态规划专题之不同路径
  8. Oracle数据反向恢复
  9. 18. CSS 内边距
  10. iOS 中 常用的第三方库
  11. Tableau过期处理方法
  12. Gartner发布《2021年RPA魔力象限》,两家中国企业首次入选,开创历史!
  13. 原来在Android中请求权限也可以有这么棒的用户体验(转自郭霖)
  14. 红孩儿编辑器模块设计7
  15. 网易暴力裁员事件,真的让人寒心
  16. Java之消息推送浅入浅出
  17. 裸板 nand flash K9F2G08U0C --- 读取ID
  18. 1937 年阿尔法罗密欧 8C 2900B Berlinetta获选成为全球最负盛名的车辆
  19. diy 扫地机器人 滚刷_扫地机器人滚刷和边刷分别有什么作用
  20. 面向对象类和类之间的几种关系

热门文章

  1. 设置meta标签强制客户端浏览器为google内核+兼容+双核
  2. 谷歌推荐的Android图片加载库(Glide)介绍
  3. 怎么使用cmd命令更改文件后缀
  4. java取石子_40.从某工地现场石子堆放区取石子5Kg,放入水中达到吸水饱和后,将表面擦干后称得质量为5.5 Kg,烘干后质量为4.7 Kg。该料场石子的吸水率为( )。...
  5. 点云去噪-双边滤波-matlab实现-2021-7-26-
  6. 打电话(通讯录、直接拨打、拨号)
  7. 基因表达分析-01基础概念
  8. 用html5做元素周期表,Web纯前端“旭日图”实现元素周期表
  9. 吾尝终日而思矣——2019.02.27
  10. macOS平铺窗口yabai配置分享