Malicious Link Detection System

Product features
Product features
Product features
Product features
Product features

Diversified display

It can classify a variety of phishing websites, and output the results by type, region, industry and other dimensions.
AI intelligent applications

The domain name is analyzed in the intelligent way of autonomous learning.
1) Research and judge the domain name features: extracts and analyzes domain name semantics and page structure based on page code;
2) Feature training and strengthening: using historical data, unsupervised training and strengthening of domain name features are carried out;
3) Self updating mechanism: the trained features are added to the system by the self updating mechanism for subsequent detection.
Accumulation of knowledge base

Comprehensive, generalized black and white list are supported to meet the needs of different identification research.
Whitelist: it includes not only the domain names of mainstream websites, but also the sub domain names; according to the separation of dynamic and static contents, various images, audio and video domain names of mainstream websites are added to the whitelist.
Blacklist: including illegal and malicious website domain name, ISP service provider, domain name registrant, domain name contact person, IP and geographical location.
Grey list: Based on the access threshold, the grey list is distinguished. Through the domain name characteristics and source sensitive content, the grey list is studied and judged.
Business flow characteristics
Special features

1) Intelligent research and judgment
Intelligent research and judgment on the trend of malicious websites, master the global network security situation, and solve the problem of low efficiency of traditional website security detection products.
2) Focus on business
In order to solve the passive problem of traditional website detection and identification, we use machine learning and other technologies to conduct in-depth security examination and perception of traffic URL from the aspects of business attribute and importance.
3) unified management
Integrating threat intelligence database, unified management of URL features, establishing website threat view, to solvie the problem that malicious website threat information is not commonly used.
4) Support multi-source data
Support IDC data, metrometropolitan area network data, CDN data, Internet log and other data sources.
5) flexible configurable architecture
Hadoop + streaming processing is taken as the overall big data technology architecture. At the same time, it has the feature of loose coupling in the functional modules. In addition, the product supports local or cloud deployment.
6) Intelligent multilayer filtering
Supports black and white list matching, DGA algorithm detection, domain name feature recognition.
7) Autonomous Learning Mechanism
It has the mechanism of feature extraction, key information research and judgment, feature strengthening training and independent updating.
8) Multidimensional result output
Supports result output by type, industry object and region.

Product function
Product function

Core functions

The core functions of this product are as follows:

1) Data preprocessing

Cleaning, de duplication, alignment, data caching and standardized storage operations are performed for the massive data accessed; various data forms such as online log, real-time traffic, system log, CDN cache are supported.

2) Online quick analysis

With Storm stream processing technology as the core, combined with Threat Intelligence Database, the links in massive data are identified and analyzed.

3) Offline intelligent learning

Build a multi-layer machine learning model; quantify the features of the grey data to be checked, combine natural semantics, page elements, etc. for feature extraction and rule generation; implement a "self-update, self-learning" detection mechanism.

Core technologies

Taking "big data security analysis and artificial intelligence technology" as the core, more active and intelligent discovery and identification of various phishing website core technologies are as follows.

1) Big data security analysis technology

Based on big data analysis technology, detect and correlate various types of traffic and phishing website content in logs;

Combined with business scenarios, to achieve a comprehensive perception of phishing websites;

Through the deep correlation with threat intelligence, the APT's advanced persistent threats can be identified on the outreach website.

2) Artificial intelligence technology

Using artificial intelligence technology to continuously discover and extract the characteristics of phishing websites;

Combined the characteristics to continuously iterate and optimize the analysis and recognition rules to meet the security requirements of various business scenarios;

Combined with big data security analysis, providing intelligent security analysis products and security services.

Product architecture

图片1.png

Customer case
Customer case
Customer case
Customer case
Customer case
Customer case

CDN harmful information monitoring technology support service of Sichuan Mobile in 2017

CDN harmful information monitoring technology support service of Sichuan Mobile in 2017

The service content includes: providing real-time monitoring technology: the bypass monitoring method is required, and the unified DPI equipment mirrors the signaling traffic in the link, after the text and pictures are restored, and the pictures and texts are identified and monitored.
IDC harmful Information monitoring management service of Jiang Mobile Customer Department in 2017

IDC harmful Information monitoring management service of Jiang Mobile Customer Department in 2017

This construction project is mainly to provide Jiangsu Mobile with its own business, its own website, IDC access, CDN introduction and cache content monitoring, malicious link analysis, identification, analysis and audit services.
Internet harmful information detection and management system of China Telecom in 2017

Internet harmful information detection and management system of China Telecom in 2017

The goal of China Telecom’s Internet bad information content detection and management system is to control the safety risk of the spread of bad information from telecom access to Internet websites through this platform, and ensure that the content complies with national laws.
IDC Flow Monitoring and harmful Information Monitoring System Phase I Project of China Mobile

IDC Flow Monitoring and harmful Information Monitoring System Phase I Project of China Mobile

The overall goal of the project is to build a centralized monitoring platform for harmful information, to provide government and enterprise branches with the ability to analyze, identify and control harmful information and malicious links on the business information content carried by
China Mobile Information Security Control Platform-harmful Information centralized control subsystem Phase III Project (Central Platform Expansion)

China Mobile Information Security Control Platform-harmful Information centralized control subsystem Phase III Project (Central Platform Expansion)

This project has realized the functions of centralized monitoring of phishing websites against communication fraud, centralized management of harmful information monitoring of self owned websites, optimization of operation and maintenance functions, phase III supporting transformation of strategic operation analysis platform, data de-duplication function and business function optimization.
Internet harmful information & phishing websites detection services for Guangdong Mobile in 2017-2018

Internet harmful information & phishing websites detection services for Guangdong Mobile in 2017-2018

The project is mainly aimed at pornographic scams, phishing scams, terror and other website information that may be generated by customer resources in IDC and Internet dedicated line products, using crawler and identification technologies to carry out Internet harmful information monitoring

Diversified display

AI intelligent applications

Accumulation of knowledge base

Business flow characteristics

Special features