Research On Identification Method Of Network Dynamic High Simulation Phishing Sites

With the development of black industry such as phishing websites and the continuous rise of high phishing websites,phishing attacks have already posed a very serious threat to users' confidential information and property security,and the harm to the rapid development of the Internet economy is becoming more and more serious.Phishing attackers combine shrewd social engineering with superb engineering and technology,using a variety of phishing technology to forge phishing websites that can deceive users' trust to steal confidential data.In recent years,anti-phishing researchers are increasingly concerned about phishing site recognition technology.There are a lot of mature anti-phishing technology,and some rely on the blacklist,and some use the identity authentication mechanism,as well as the establishment of phishing site features cluster center.As the rapid development of mobile Internet,phishing technology with each passing day,the existing methods are increasingly unable to meet the needs of the actual security business.The identification technology of phishing websites needs continuous improvement and innovation.By analyzing the source code of the high phishing web site,a high simulation web page recognition method which can be applied to resist the network dynamic high phishing web site cheating system is proposed.The goal of the method is to find and identify high phishing websites in phishing sites that have been identified as highly suspicious phishing sites.High phishing websites are a category of phishing websites that rely on high-similarity domain names and highly emulated web pages to cheat users.The method's server is the core of the method,responsible for the high suspicious phishing sites identified as high simulation phishing sites.The server mainly extracts identifiable features of high simulation web pages from three aspects of image,text and URL,extracts high simulation phishing websites,and publishes updated blacklist to the clients with the server as the center node.The method's client,real-time access to the user is browsing the Web page URL,and the server-side updates to the blacklist of real-time comparison,the high phishing site alarm and interception.Simulated experiments' results show that the proposed method can detect andidentify the high phishing sites and real-time alarm interception and other functions,and can reduce the harm to the users of such phishing websites.