摘要
随着二维码技术的应用与推广,二维码已成为病毒传播的新通道,如钓鱼网站、手机病毒、恶意程序等通过二维码传播的潜在风险日益严重。文中分别分析了恶意钓鱼网站、跨站脚本攻击和恶意APP应用下载等攻击方式的特点,设计并实现了一个全方位深层次的二维码安全检测系统。为提高查询效率,该系统将黑白名单同时保存在客户端服务器端进行黑/白名单检测、并重点针对恶意钓鱼网站采用文本相似度算法、SIFT(尺度不变特征检测)匹配算法、SVM(支持向量机)进行综合分析。该系统不仅可以应用于普通用户的日常扫码行为,同时该系统可被政府机构二维码安全监管提供参考工具。
With the application and popularization of QR code technology, QR code has become a new way of the spread of the mobile phone virus. For example, problems like the potential risk for the transmission of fishing websites, mobile phone virus and malicious programs through the way of QR code is becoming more and more serious. This paper respectively analyzes the features of malicious phishing sites, CSS(cross-site scripting) attacks and malwares, designs and implements a comprehensive QR code security detection system. To improve the efficiency of the system, blacklists and whitelists are saved in both client and server which are used to check whether the URL is on any of both lists. And this paper focuses on malicious phishing sites, using the algorithm of text similarity, SIFT(scale invariant feature transform) and SVM(support vector machine) for comprehensive analysis. This system can be applied to the daily scanning behaviors of normal users. This system can not only be applied to the daily QR code-scan behaviors of normal users, but also be provided as a reference tool for QR code security supervision by government agencies as well.
出处
《电脑知识与技术(过刊)》
2017年第3X期61-64,共4页
Computer Knowledge and Technology
