面向Web3钓鱼网站的域名检测与网页分析方法

doi:10.19678/j.issn.1000-3428.0252752

计算机工程 ›› 2026, Vol. 52 ›› Issue (1): 76-85. doi: 10.19678/j.issn.1000-3428.0252752

• 大模型时代的服务计算 • 上一篇下一篇

面向Web3钓鱼网站的域名检测与网页分析方法

刘荣龙, 李梓炜, 万悦, 吴嘉婧, 蒋子规*()

中山大学软件工程学院, 广东珠海 519082

收稿日期:2025-07-11 修回日期:2025-12-04 出版日期:2026-01-15 发布日期:2026-01-15
通讯作者: 蒋子规
作者简介:
刘荣龙(CCF学生会员), 男, 硕士研究生, 主研方向为区块链、加密货币、反欺诈
李梓炜, 博士研究生
万悦, 本科生
吴嘉婧, 教授
蒋子规(CCF高级会员、通信作者), 副教授
基金资助:
国家重点研发计划(2023YFB2704703); 国家自然科学基金(62372485); 国家自然科学基金(623B2102); 国家自然科学基金(62472457); 广东省基础与应用基础研究基金项目(2023A1515011314); 广东省基础与应用基础研究基金项目(2023A1515011336); 中山大学中央高校基本科研业务费专项资金(24lgqb018)

A Method for Domain Detection and Web Page Analysis Targeting Web3 Phishing Websites

LIU Ronglong, LI Ziwei, WAN Yue, WU Jiajing, JIANG Zigui*()

School of Software Engineering, Sun Yat-sen University, Zhuhai 519082, Guangdong, China

Received:2025-07-11 Revised:2025-12-04 Online:2026-01-15 Published:2026-01-15
Contact: JIANG Zigui

摘要/Abstract

摘要：

Web3作为"去中心化的下一代互联网"范式, 依托区块链技术, 成为数智服务生态中极具潜力的新兴领域。然而, Web3钓鱼网站对生态健康构成了严重威胁, 钓鱼者精心设计域名作为主要诱饵, 诱导用户访问并进行高风险操作以窃取数字资产。目前, Web3反钓鱼工作主要集中在钓鱼账户检测、钓鱼交易检测和钓鱼团伙挖掘, 而现有钓鱼网站域名检测工作主要面向传统钓鱼网站, 存在适应性不足、缺乏系统性分析等局限性。为此, 提出一种针对Web3钓鱼网站域名的检测方法WPWHunter, 对检测到的真实Web3钓鱼网站进行多维度分析, 并探究大语言模型(LLM)在网页分析方面的应用潜力。WPWHunter检测算法对Web3钓鱼网站域名中的诱导词、视觉欺骗、项目名模仿3种特征进行检测, 实验结果表明, WPWHunter能够有效检测出可疑的Web3钓鱼域名, 在测试集上G-means指标达到0.769, 相比表现最佳的基线方法提升了0.048。此外, 作为补充的探索实验, 使用3个通用LLM对WPWHunter未能成功检测的Web3钓鱼网页内容进行分析, 总结LLM判定Web3钓鱼网站时的依据。

关键词: Web3, 网络安全, 钓鱼网站, 域名检测, 大语言模型

Abstract:

As the paradigm of ″decentralized next-generation Internet, ″ Web3, relying on blockchain technology, has become an emerging field with great potential in the digital intelligence service ecosystem. However, Web3 phishing websites pose a serious threat to ecological health. Phishers carefully design domain names as the primary bait, inducing users to visit and engage in high-risk operations to steal digital assets. Currently, the antiphishing works of Web3 primarily focus on phishing account detection, phishing transaction detection, and phishing gang mining, whereas the existing phishing website domain name detection primarily targets traditional phishing websites, which have limitations such as insufficient adaptability and a lack of systematic analysis. To this end, a detection method called WPWHunter is proposed for Web3 phishing website domain names, which conducts multidimensional analysis on the detected real Web3 phishing websites and explores the potential application of Large Language Model (LLM) in web page analysis. The WPWHunter algorithm detects three features in Web3 phishing website domain names: inducing words, visual deception, and item name imitation. The experimental results show that WPWHunter can effectively detect suspicious Web3 phishing domains with a G-means index of 0.769 on a test set, which is 0.048 higher than that of the best-performing baseline method. Additionally, as a supplementary exploratory experiment, three universal LLM are used to analyze the content of Web3 phishing websites that WPWHunter failed to detect and the logic used by LLM to determine Web3 phishing websites is summarized.

Key words: Web3, cyber security, phishing website, domain detection, Large Language Model (LLM)

刘荣龙, 李梓炜, 万悦, 吴嘉婧, 蒋子规. 面向Web3钓鱼网站的域名检测与网页分析方法[J]. 计算机工程, 2026, 52(1): 76-85.

LIU Ronglong, LI Ziwei, WAN Yue, WU Jiajing, JIANG Zigui. A Method for Domain Detection and Web Page Analysis Targeting Web3 Phishing Websites[J]. Computer Engineering, 2026, 52(1): 76-85.

https://www.ecice06.com/CN/Y2026/V52/I1/76

图/表 9

图1 Web3钓鱼网站的3个关键环节

Fig.1 Three key stages of Web3 phishing websites

图2 WPWHunter的框架

Fig.2 Framework of WPWHunter

图3 Web3钓鱼网站大语言模型的分析提示词

Fig.3 Analysis prompt words for the large language model of Web3 phishing websites

图4 WPWHunter在不同阈值下的检测结果

Fig.4 WPWHunter′s detection results under different thresholds

图5 钓鱼网站页面截图

Fig.5 Screenshot of phishing website page

图6 大语言模型分析结果

Fig.6 Analysis results of large language model

参考文献 31

1	CHEN C , ZHANG L , LI Y H , et al. When digital economy meets Web3.0: applications and challenges. IEEE Open Journal of the Computer Society, 2022, 3, 233- 245. doi: 10.1109/OJCS.2022.3217565
2	WAN S C , LIN H , GAN W S , et al. Web3: the next Internet revolution. IEEE Internet of Things Journal, 2024, 11 (21): 34811- 34825. doi: 10.1109/JIOT.2024.3432116
3	WU J J , YUAN Q , LIN D , et al. Who are the phishers? phishing scam detection on Ethereum via network embedding. IEEE Transactions on Systems, Man, and Cybernetics: Systems, 2022, 52 (2): 1156- 1166. doi: 10.1109/TSMC.2020.3016821
4	TANG M D , YE M S , CHEN W L , et al. BiLSTM4DPS: an attention-based BiLSTM approach for detecting phishing scams in Ethereum. Expert Systems with Applications, 2024, 256, 124941. doi: 10.1016/j.eswa.2024.124941
5	HUANG B Y, LIU J L, WU J J, et al. Ethereum phishing fraud detection based on heterogeneous transaction subnets[C]//Proceedings of the IEEE International Symposium on Circuits and Systems (ISCAS). Washington D.C., USA: IEEE Press, 2023: 1-5.
6	CHEN Z, HU Y F, HE B W, et al. Dissecting payload-based transaction phishing on Ethereum[C]//Proceedings of 2025 Network and Distributed System Security Symposium. Washington D.C., USA: IEEE Press, 2025: 16-22.
7	LIU J L , CHEN J Z , WU J J , et al. Fishing for fraudsters: uncovering Ethereum phishing gangs with blockchain data. IEEE Transactions on Information Forensics and Security, 2024, 19, 3038- 3050. doi: 10.1109/TIFS.2024.3359000
8	MUZAMMIL M, PITUMPE A, LI X G, et al. The poorest man in Babylon: a longitudinal study of cryptocurrency investment scams[EB/OL]. [2025-05-05]. https://openreview.net/pdf?id=P0x8J5gCPP.
9	PRAKASH P, KUMAR M, KOMPELLA R R, et al. PhishNet: predictive blacklisting to detect phishing attacks[C]//Proceedings of IEEE INFOCOM. Washington D.C., USA: IEEE Press, 2010: 1-5.
10	LEE L H, LEE K C, CHEN H H, et al. POSTER: proactive blacklist update for anti-phishing[C]//Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. New York, USA: ACM Press, 2014: 1448-1450.
11	郑礼雄, 李青山, 李素科, 等. 基于域名信息的钓鱼URL探测. 计算机工程, 2012, 38 (10): 108- 110. doi: 10.3969/j.issn.1000-3428.2012.10.032
	ZHENG L X , LI Q S , LI S K , et al. Phishing URL detection based on domain name information. Computer Engineering, 2012, 38 (10): 108- 110. doi: 10.3969/j.issn.1000-3428.2012.10.032
12	蔺亚东. 基于URL特征的钓鱼网站检测方式. 电子测试, 2014 (3): 70- 72.
	LIN Y D . Detection of phishing URL based on abnormal feature. Electronic Test, 2014 (3): 70- 72.
13	ALNEMARI S , ALSHAMMARI M . Detecting phishing domains using machine learning. Applied Sciences, 2023, 13 (8): 4649. doi: 10.3390/app13084649
14	GUO B Y , ZHANG Y Y , XU C X , et al. HinPhish: an effective phishing detection approach based on heterogeneous information networks. Applied Sciences, 2021, 11 (20): 9733. doi: 10.3390/app11209733
15	XIANG G , HONG J , ROSE C P , et al. CANTINA+: a feature-rich machine learning framework for detecting phishing web sites. ACM Transactions on Information and System Security, 2011, 14 (2): 1- 28.
16	LI Y K , YANG Z G , CHEN X , et al. A stacking model using URL and HTML features for phishing webpage detection. Future Generation Computer Systems, 2019, 94, 27- 39. doi: 10.1016/j.future.2018.11.004
17	余恩泽, 努尔布力, 于清. 一种基于集成学习的钓鱼网站检测方法. 计算机工程与应用, 2019, 55 (18): 81-88, 200.
	YU E Z , NURBOL , YU Q . Phishing website detection method based on integrated learning. Computer Engineering and Applications, 2019, 55 (18): 81-88, 200.
18	胡向东, 刘可, 张峰, 等. 基于页面敏感特征的金融类钓鱼网页检测方法. 网络与信息安全学报, 2017, 3 (2): 31- 38.
	HU X D , LIU K , ZHANG F , et al. Financial phishing detection method based on sensitive characteristics of webpage. Chinese Journal of Network and Information Security, 2017, 3 (2): 31- 38.
19	陈旭, 黎宇坤, 袁华平, 等. 基于分类置信度和网站特征的钓鱼检测系统. 信息网络安全, 2017, 17 (9): 111- 114.
	CHEN X , LI Y K , YUAN H P , et al. Phishing detection system based on classification confidence and website features. Netinfo Security, 2017, 17 (9): 111- 114.
20	LIN Y, LIU R, DIVAKARAN D, et al. Phishpedia: a hybrid deep learning based approach to visually identify phishing webpages[EB/OL]. [2025-05-05]. http://linyun.info/publications/usenix21.pdf.
21	LIU R F, LIN Y, YANG X L, et al. Inferring phishing intention via webpage appearance and dynamics: a deep vision based approach[EB/OL]. [2025-05-05]. https://www.usenix.org/system/files/sec22-liu-ruofan.pdf.
22	LI Y X, HUANG C Y, DENG S M, et al. KnowPhish: large language models meet multimodal knowledge graphs for enhancing reference-based phishing detection[EB/OL]. [2025-05-05]. https://arxiv.org/abs/2403.02253.
23	CAO T , HUANG C Y , LI Y X , et al. PhishAgent: a robust multimodal agent for phishing webpage detection. Proceedings of the AAAI Conference on Artificial Intelligence, 2025, 39 (27): 27869- 27877. doi: 10.1609/aaai.v39i27.35003
24	HE B W, CHEN Y, CHEN Z, et al. TxPhishScope: towards detecting and understanding transaction-based phishing on Ethereum[C]//Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. New York, USA: ACM Press, 2023: 120-134.
25	XU C , LI R R , ZHU L H , et al. EWDPS: a novel framework for early warning and detection on Ethereum phishing scams. IEEE Internet of Things Journal, 2024, 11 (19): 30483- 30495. doi: 10.1109/JIOT.2024.3409742
26	LEE J, LIM P, HOOI B, et al. Multimodal large language models for phishing webpage detection and identification[C]//Proceedings of the APWG Symposium on Electronic Crime Research (eCrime). Washington D.C., USA: IEEE Press, 2025: 1-13.
27	YANG J J , LIU J L , LIN D , et al. Who stole my NFT? investigating Web3 NFT phishing scams on Ethereum. IEEE Transactions on Information Forensics and Security, 2024, 19, 9301- 9314. doi: 10.1109/TIFS.2024.3463541
28	LI K, LEE D, GUAN S X. Understanding the cryptocurrency free giveaway scam disseminated on Twitter lists[C]//Proceedings of the IEEE International Conference on Blockchain (Blockchain). Washington D.C., USA: IEEE Press, 2024: 9-16.
29	LIU E Z, KAPPOS G, MUGNIER E, et al. Give and take: an end-to-end investigation of giveaway scam conversion rates[C]//Proceedings of the 2024 ACM on Internet Measurement Conference. New York, USA: ACM Press, 2024: 704-712.
30	SHAFAHI M, KEMPERS L, AFSARMANESH H. Phishing through social bots on Twitter[C]//Proceedings of the IEEE International Conference on Big Data (Big Data). Washington D.C., USA: IEEE Press, 2017: 3703-3712.
31	HRIDAY D, KULKARNI A, BALACHANDRAN V, et al. Phish-Blitz: advancing phishing detection with comprehensive webpage resource collection and visual integrity preservation[C]//Proceedings of the 17th International Conference on Communication Systems and Networks (COMSNETS). Washington D.C., USA: IEEE Press, 2025: 481-488.

[1]	张珑耀, 温东新, 马庄宇, 舒燕君, 李庆, 刘明义, 左德承. 基于大语言模型的多智能体系统异常综述(特邀)[J]. 计算机工程, 2026, 52(1): 22-32.
[2]	林丹, 卢顺峰, 刘姿妍, 张博昭, 何龙, 蒋子规, 吴嘉婧, 郑子彬. 大语言模型赋能区块链服务安全研究综述: 现状、挑战与机遇(特邀)[J]. 计算机工程, 2026, 52(1): 1-21.
[3]	刘根壕, 张能, 郑子彬. 基于大语言模型的API使用约束知识构建[J]. 计算机工程, 2025, 51(8): 74-85.
[4]	梁绪宁, 王思琪, 杨海龙, 栾钟治, 刘轶, 钱德沛. 基于自适应张量交换和重算的大模型推理优化[J]. 计算机工程, 2025, 51(10): 27-36.
[5]	罗焕坤, 葛一烽, 刘帅. 大语言模型在数学推理中的研究进展[J]. 计算机工程, 2024, 50(9): 1-17.
[6]	杨冬菊, 黄俊涛. 基于大语言模型的中文科技文献标注方法[J]. 计算机工程, 2024, 50(9): 113-120.
[7]	石琼, 段辉, 师智斌. 基于深度强化学习的可信任务卸载方案[J]. 计算机工程, 2024, 50(8): 142-152.
[8]	杨兴睿, 马斌, 李森垚, 钟忺. 基于大语言模型的教育文本幂等摘要方法[J]. 计算机工程, 2024, 50(7): 32-41.
[9]	翟洁, 李艳豪, 李彬彬, 郭卫斌. 基于大语言模型的个性化实验报告评语自动生成与应用[J]. 计算机工程, 2024, 50(7): 42-52.
[10]	侯钰涛, 阿布都克力木·阿布力孜, 史亚庆, 马依拉木·木斯得克, 哈里旦木·阿布都克里木. 面向"一带一路"的低资源语言机器翻译研究[J]. 计算机工程, 2024, 50(4): 332-341.
[11]	李敬灿, 肖萃林, 覃晓婷, 谢夏. 基于大语言模型与语义增强的文本关系抽取算法[J]. 计算机工程, 2024, 50(4): 87-94.
[12]	王靖尧, 曹敏. 基于文本的行人图像检索的多样化数据扩充方法[J]. 计算机工程, 2024, 50(12): 276-287.
[13]	周莎, 申国伟, 郭春. 基于安全知识图谱与逆向特征的弱点信息补全[J]. 计算机工程, 2024, 50(1): 145-155.
[14]	哈里旦木·阿布都克里木, 侯钰涛, 姚登峰, 阿布都克力木·阿布力孜, 陈吉尚. 维吾尔语机器翻译研究综述[J]. 计算机工程, 2024, 50(1): 1-16.
[15]	余长宏, 陆雅, 王海鑫, 高明. 基于滑动时间窗的物联网设备流量分类算法[J]. 计算机工程, 2023, 49(7): 259-268.

选择文件类型/文献管理软件名称

选择包含的内容

面向Web3钓鱼网站的域名检测与网页分析方法

A Method for Domain Detection and Web Page Analysis Targeting Web3 Phishing Websites

RichHTML

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 9

参考文献 31

相关文章 15

编辑推荐

Metrics

本文评价

模态框（Modal）标题

选择文件类型/文献管理软件名称

选择包含的内容

面向Web3钓鱼网站的域名检测与网页分析方法

A Method for Domain Detection and Web Page Analysis Targeting Web3 Phishing Websites

RichHTML

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 9

参考文献 31

相关文章 15

编辑推荐

Metrics

本文评价