中文摘要：

网络钓鱼是指一种利用社会工程技巧,通过短信、邮件、即时通讯工具等渠道,诱导用户访问伪造的站点,以获得用户敏感信息的欺诈方式。随着网络钓鱼检测的研究成果不断提出与应用,虽然很大程度上减少了网络钓鱼的威胁,但也因检测方式都有各自的局限性,导致攻击者可以根据不同检测方式以相对较低成本躲避检测。针对现有检测算法的缺陷,以运营商的真实网络流量作为研究对象,重点分析了网络钓鱼的行为模式,提出了一种基于置信传播算法的检测模型。实验结果表明,该算法具有良好的检出率与运行效率。同时,由于算法设计时考虑了分布式计算,该模型在流行的分布式处理框架中具有良好的可推广性。

英文摘要：

Web Phishing is a way of fraud,which uses social engineering technique through short messages,emails and IMs to induce users to visit fake website to get sensitive information.With detecting method for phishing continually proposed and applied,the threat of web phishing has already reduced at a great extent.However,since each type of detection has limitation,phishing attackers can modify their strategies at a relatively low cost to avoid detection accordingly.Facing the defects of current detection methods,it mainly focuses on the behavior pattern of phishing websites.It analyzes real IP flows from ISP and proposes a detecting method based on Graph Mining and Belief Propagation.The experiment suggests that the algorithm has decent accuracy and runtime efficiency.As it has considered distributed computation while designing the algorithm,it will be easy to replicate the model in popular distributed processing frameworks.