防火墙视域下基于报文特征的医保诈骗治理方案
网络安全与数据治理 2期
徐雅卿,张靖琦
(1.西安电子科技大学,陕西 西安710071;2.360数字安全集团,北京100015)
摘要:通过分析当前流行的仿冒医保网站诈骗典型过程,针对潜在受害者与仿冒网站的网络行为进行流量采集、协议过滤、报文分析,获得了当前仿冒医保网站诈骗过程中HTTP请求报文和HTTP响应报文的典型特征,提出了一种仿冒医保网站诈骗治理方案。本方案可实现事前监测识别诈骗域名、事中获取潜在受害者信息用于预警、事后反网络诈骗技战法储备。以某单位安全部门为试点,以反诈预警时效性和涉诈情报准确性为衡量标准进行应用效果评估,结果表明,依据流量报文特征建立的治理体系框架可有效治理当前的仿冒医保网站诈骗。
中图分类号: TP39
文献标识码:A
DOI:10.19358/j.issn.2097-1788.2023.02.004
引用格式: 徐雅卿,张靖琦. 防火墙视域下基于报文特征的医保诈骗治理方案[J].网络安全与数据治理,2023,42(2):25-30.
文献标识码:A
DOI:10.19358/j.issn.2097-1788.2023.02.004
引用格式: 徐雅卿,张靖琦. 防火墙视域下基于报文特征的医保诈骗治理方案[J].网络安全与数据治理,2023,42(2):25-30.
Medical insurance fraud governance scheme based on message characteristics in the view of firewall
Xu Yaqing1,Zhang Jingqi1,2
(1.Xidian University,Xi′an 710071,China;2.360 Digital Security Technology Group,Beijing 100015,China)
Abstract:By analyzing the typical process of the current phishing website medical insurance fraud, and analyzing the characteristics of the communication behavior between the victim and the phishing website medical insurance fraud, combined with the characteristics of the firewall product, this paper proposes a medical insurance fraud governance scheme based on the message characteristics in the view of the firewall. Through traffic collection, protocol filtering, message analysis and feature summary, the scheme clarifies the handling method of communication traffic between potential victims and medical insurance fraud of counterfeit websites. Taking the security department of a certain unit as a pilot, the application effect was evaluated based on the timeliness of anti-fraud early warning and the accuracy of fraud-related information. The results showed that the treatment of counterfeit website medical insurance fraud based on message characteristics can effectively prevent counterfeit website medical insurance fraud cases.
Key words :firewall;medical insurance fraud;phishing website;message analysis
0 引言
根据某省2020年至2021年统计的电信网络诈骗案件分析,案发率高的5类电信网络诈骗是:兼职类诈骗、“杀猪盘”类诈骗、冒充类诈骗、贷款类诈骗、互联网购物类诈骗。上述5类电信网络诈骗占到案件总体的72.38%[1]。仿冒医保网站诈骗是冒充类诈骗常见的方式之一,往往借助短信引流受害者至仿冒医保网站实施欺诈,骗取受害者资金。
檀鹏等人提出了一种基于智慧中台的仿冒网站识别方案,首先采集公开文字、图片等信息,然后分析并提取采集到的数据,通过文字过滤和图片过滤,最终识别仿冒的违规网站[2]。赵珂等人提出对短信中的疑似诈骗域名进行DNS日志分析、域名自动化审核和人工复审,从而监测和识别诈骗域名,为上级单位统一封堵提供数据支撑[3]。监管机构通过案件情报采集诈骗域名,并在城域网侧进行封堵。据统计,2022年公安部夏季治安打击整治“百日行动”开展以来,各地公安会同有关部门封堵诈骗域名网址 28.7万个[4]。目前针对仿冒诈骗网站的封堵治理仍存在滞后性,基于报文特征开展仿冒医保网站诈骗治理可提升反诈预警时效性和涉诈情报准确性。
本文详细内容请下载:https://www.chinaaet.com/resource/share/2000005209
作者信息:
徐雅卿1,张靖琦1,2
(1.西安电子科技大学,陕西 西安710071;2.360数字安全集团,北京100015)
此内容为AET网站原创,未经授权禁止转载。