IMM4HT:an identification method of malicious mirror website for high-speed network traffic
Aiming at the problem that some information causing harm to the network environment was transmitted through the mirror website so as to bypass the detection,an identification method of malicious mirror website for high-speed network traffic was proposed.At first,fragmented data from the traffic was...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2019-07-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2019089/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841539356838330368 |
|---|---|
| author | Lei ZHANG Peng ZHANG Wei SUN Xingdong YANG Lichao XING |
| author_facet | Lei ZHANG Peng ZHANG Wei SUN Xingdong YANG Lichao XING |
| author_sort | Lei ZHANG |
| collection | DOAJ |
| description | Aiming at the problem that some information causing harm to the network environment was transmitted through the mirror website so as to bypass the detection,an identification method of malicious mirror website for high-speed network traffic was proposed.At first,fragmented data from the traffic was extracted,and the source code of the webpage was restored.Next,a standardized processing module was utilized to improve the accuracy.Additionally,the source code of the webpage was divided into blocks,and the hash value of each block was calculated by the simhash algorithm.Therefore,the simhash value of the webpage source codes was obtained,and the similarity between the webpage source codes was calculated by the Hamming distance.The page snapshot was then taken and SIFT feature points were extracted.The perceptual hash value was obtained by clustering analysis and mapping processing.Finally,the similarity of webpages was calculated by the perceptual hash values.Experiments under real traffic show that the accuracy of the method is 93.42%,the recall rate is 90.20%,the F value is 0.92,and the processing delay is 20 μs.Through the proposed method,malicious mirror website can be effectively detected in the high-speed network traffic environment. |
| format | Article |
| id | doaj-art-78237eb5ac004cf2b42e33c7963c0b6d |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2019-07-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-78237eb5ac004cf2b42e33c7963c0b6d2025-01-14T07:17:18ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2019-07-0140879459728296IMM4HT:an identification method of malicious mirror website for high-speed network trafficLei ZHANGPeng ZHANGWei SUNXingdong YANGLichao XINGAiming at the problem that some information causing harm to the network environment was transmitted through the mirror website so as to bypass the detection,an identification method of malicious mirror website for high-speed network traffic was proposed.At first,fragmented data from the traffic was extracted,and the source code of the webpage was restored.Next,a standardized processing module was utilized to improve the accuracy.Additionally,the source code of the webpage was divided into blocks,and the hash value of each block was calculated by the simhash algorithm.Therefore,the simhash value of the webpage source codes was obtained,and the similarity between the webpage source codes was calculated by the Hamming distance.The page snapshot was then taken and SIFT feature points were extracted.The perceptual hash value was obtained by clustering analysis and mapping processing.Finally,the similarity of webpages was calculated by the perceptual hash values.Experiments under real traffic show that the accuracy of the method is 93.42%,the recall rate is 90.20%,the F value is 0.92,and the processing delay is 20 μs.Through the proposed method,malicious mirror website can be effectively detected in the high-speed network traffic environment.http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2019089/malicious mirror websitesimhash algorithmwebpage similarity |
| spellingShingle | Lei ZHANG Peng ZHANG Wei SUN Xingdong YANG Lichao XING IMM4HT:an identification method of malicious mirror website for high-speed network traffic Tongxin xuebao malicious mirror website simhash algorithm webpage similarity |
| title | IMM4HT:an identification method of malicious mirror website for high-speed network traffic |
| title_full | IMM4HT:an identification method of malicious mirror website for high-speed network traffic |
| title_fullStr | IMM4HT:an identification method of malicious mirror website for high-speed network traffic |
| title_full_unstemmed | IMM4HT:an identification method of malicious mirror website for high-speed network traffic |
| title_short | IMM4HT:an identification method of malicious mirror website for high-speed network traffic |
| title_sort | imm4ht an identification method of malicious mirror website for high speed network traffic |
| topic | malicious mirror website simhash algorithm webpage similarity |
| url | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2019089/ |
| work_keys_str_mv | AT leizhang imm4htanidentificationmethodofmaliciousmirrorwebsiteforhighspeednetworktraffic AT pengzhang imm4htanidentificationmethodofmaliciousmirrorwebsiteforhighspeednetworktraffic AT weisun imm4htanidentificationmethodofmaliciousmirrorwebsiteforhighspeednetworktraffic AT xingdongyang imm4htanidentificationmethodofmaliciousmirrorwebsiteforhighspeednetworktraffic AT lichaoxing imm4htanidentificationmethodofmaliciousmirrorwebsiteforhighspeednetworktraffic |