«上一篇/Previous Article|本期目录/Table of Contents|下一篇/Next Article»

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:

30

期数:

2020年04期

页码:

100-104

栏目:

安全与防范

出版日期:

2020-04-10

文章信息/Info

Title:

Research of Anti-phishing for QR Code

文章编号:

1673-629X(2020)04-0100-05

作者:

柴艳娜

长安大学 信息与网络管理处,陕西 西安 710064

Author(s):

CHAI Yan-na

Dept. of Information and Network Management,Chang’an University,Xi’an 710064,China

关键词:

网络安全; QR; 二维码; 钓鱼网站; 安卓

Keywords:

network security; QR; QR code; anti-phishing; Android

分类号:

TP309

DOI:

10. 3969 / j. issn. 1673-629X. 2020. 04. 019

摘要:

QR 码(quick response code) 是一种简单易用的矩阵条码。 随着移动互联网的崛起和繁荣,已经广泛应用于人们的日常活动中。 它给人们带来便利的同时,还伴有钓鱼网站、病毒软件、信息泄漏等网络安全风险和恶意攻击。 越来越多的钓鱼攻击由传统的诱导式电子邮件转变为一扫即开的二维码,堂而皇之地在移动互联网世界里游荡。 新闻稿中也屡见各种伪造二维码、钓鱼二维码导致人们的信息和财产受到损失的报道。 目前流行的具有支持扫码功能的 App 如微信、支付宝等均无法有效甄别钓鱼网站。 文中分析了 QR 码的基本结构和原理,钓鱼网站以及防范钓鱼的传统技术,从 URL 结构和网页内容两个方面分析钓鱼网站的异常特征,并且相应地给出检测方法和数学模型,设计并实现 Android 平台的 QR 码钓鱼网站识别技术。

Abstract:

QR code (quick response code) ,as a type of matrix barcode (or two-dimensional barcode) ,has became popular due to the rise and prosperity of mobile Internet. It brings convenience to people at the same time,but also accompanied by network security risks and malicious attacks like the phishing website,virus software,data leak and so on. More and more phishing website show up as faked QR code in mobile Internet instead of classical e-mail,and you can see news that the faked QR code causes money losing and data leak cases. Currently,most popular apps with support for code scanning,such as echat, Alipay, can’t identify phishing website in QR code.Therefore,we analyze basic structure and working way of QR, research phishing website and the classical way to prevent. We can figure out exception behavior from URL structure and source code of web page from phishing website,then point out the detective way and math model,design and implement a platform to prevent phishing website for Android.

常用功能

更新日期/Last Update: 2020-04-10