《電子技術(shù)應(yīng)用》
您所在的位置:首頁 > 通信与网络 > 设计应用 > 防火墙视域下基于报文特征的医保诈骗治理方案
防火墙视域下基于报文特征的医保诈骗治理方案
网络安全与数据治理 2期
徐雅卿,张靖琦
(1.西安电子科技大学,陕西 西安710071;2.360数字安全集团,北京100015)
摘要: 通过分析当前流行的仿冒医保网站诈骗典型过程,针对潜在受害者与仿冒网站的网络行为进行流量采集、协议过滤、报文分析,获得了当前仿冒医保网站诈骗过程中HTTP请求报文和HTTP响应报文的典型特征,提出了一种仿冒医保网站诈骗治理方案。本方案可实现事前监测识别诈骗域名、事中获取潜在受害者信息用于预警、事后反网络诈骗技战法储备。以某单位安全部门为试点,以反诈预警时效性和涉诈情报准确性为衡量标准进行应用效果评估,结果表明,依据流量报文特征建立的治理体系框架可有效治理当前的仿冒医保网站诈骗。
中圖分類號(hào): TP39
文獻(xiàn)標(biāo)識(shí)碼: A
DOI: 10.19358/j.issn.2097-1788.2023.02.004
引用格式: 徐雅卿,張靖琦. 防火墻視域下基于報(bào)文特征的醫(yī)保詐騙治理方案[J].網(wǎng)絡(luò)安全與數(shù)據(jù)治理,2023,42(2):25-30.
Medical insurance fraud governance scheme based on message characteristics in the view of firewall
Xu Yaqing1,Zhang Jingqi1,2
(1.Xidian University,Xi′an 710071,China;2.360 Digital Security Technology Group,Beijing 100015,China)
Abstract: By analyzing the typical process of the current phishing website medical insurance fraud, and analyzing the characteristics of the communication behavior between the victim and the phishing website medical insurance fraud, combined with the characteristics of the firewall product, this paper proposes a medical insurance fraud governance scheme based on the message characteristics in the view of the firewall. Through traffic collection, protocol filtering, message analysis and feature summary, the scheme clarifies the handling method of communication traffic between potential victims and medical insurance fraud of counterfeit websites. Taking the security department of a certain unit as a pilot, the application effect was evaluated based on the timeliness of anti-fraud early warning and the accuracy of fraud-related information. The results showed that the treatment of counterfeit website medical insurance fraud based on message characteristics can effectively prevent counterfeit website medical insurance fraud cases.
Key words : firewall;medical insurance fraud;phishing website;message analysis

0 引言

根據(jù)某省2020年至2021年統(tǒng)計(jì)的電信網(wǎng)絡(luò)詐騙案件分析,案發(fā)率高的5類電信網(wǎng)絡(luò)詐騙是:兼職類詐騙、“殺豬盤”類詐騙、冒充類詐騙、貸款類詐騙、互聯(lián)網(wǎng)購物類詐騙。上述5類電信網(wǎng)絡(luò)詐騙占到案件總體的72.38%[1]。仿冒醫(yī)保網(wǎng)站詐騙是冒充類詐騙常見的方式之一,往往借助短信引流受害者至仿冒醫(yī)保網(wǎng)站實(shí)施欺詐,騙取受害者資金。

檀鵬等人提出了一種基于智慧中臺(tái)的仿冒網(wǎng)站識(shí)別方案,首先采集公開文字、圖片等信息,然后分析并提取采集到的數(shù)據(jù),通過文字過濾和圖片過濾,最終識(shí)別仿冒的違規(guī)網(wǎng)站[2]。趙珂等人提出對(duì)短信中的疑似詐騙域名進(jìn)行DNS日志分析、域名自動(dòng)化審核和人工復(fù)審,從而監(jiān)測(cè)和識(shí)別詐騙域名,為上級(jí)單位統(tǒng)一封堵提供數(shù)據(jù)支撐[3]。監(jiān)管機(jī)構(gòu)通過案件情報(bào)采集詐騙域名,并在城域網(wǎng)側(cè)進(jìn)行封堵。據(jù)統(tǒng)計(jì),2022年公安部夏季治安打擊整治“百日行動(dòng)”開展以來,各地公安會(huì)同有關(guān)部門封堵詐騙域名網(wǎng)址 28.7萬個(gè)[4]。目前針對(duì)仿冒詐騙網(wǎng)站的封堵治理仍存在滯后性,基于報(bào)文特征開展仿冒醫(yī)保網(wǎng)站詐騙治理可提升反詐預(yù)警時(shí)效性和涉詐情報(bào)準(zhǔn)確性。



本文詳細(xì)內(nèi)容請(qǐng)下載:http://m.ihrv.cn/resource/share/2000005209




作者信息:

徐雅卿1,張靖琦1,2

(1.西安電子科技大學(xué),陜西 西安710071;2.360數(shù)字安全集團(tuán),北京100015)


微信圖片_20210517164139.jpg


此內(nèi)容為AET網(wǎng)站原創(chuàng),未經(jīng)授權(quán)禁止轉(zhuǎn)載。

相關(guān)內(nèi)容