簡易檢索 / 詳目顯示
| 研究生: |
黃克仲 Ke-Jhong Huang |
|---|---|
| 論文名稱: |
以URL資訊為基礎之網路釣魚偵測系統 A Phishing Detection System Based on URL Information |
| 指導教授: |
曾黎明
Li-Ming Tseng |
| 口試委員: | |
| 學位類別: |
碩士 Master |
| 系所名稱: |
資訊電機學院 - 資訊工程學系 Department of Computer Science & Information Engineering |
| 畢業學年度: | 96 |
| 語文別: | 中文 |
| 論文頁數: | 46 |
| 中文關鍵詞: | 釣魚 、網路詐騙 、網路安全 |
| 外文關鍵詞: | Web Spoofing, Phishing, Internet Security |
| 相關次數: | 點閱:11 下載:0 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
由於網路上提供的服務越來越多樣化,使得使用者資訊變得相對地更加有價值。而釣魚攻擊便因此而產生了,加上設立釣魚網站並不會太困難,也因而造成釣魚網站如雨後春筍般越來越多,相對的受害者卻常因為一時不察而掉入陷阱,並將自己的個人資訊洩漏出去。本文提出以URL為基礎資訊的釣魚偵測系統,可以在不危害使用者隱私權的情況下,達到防止釣魚攻擊,保護一般使用者免於受騙。另外結合自動填表功能來偵測釣魚網站的轉向行為模式,使得偵測的面向更加多樣化,實驗結果證實自動偵測若能加上有效的填表功能,會使得整個系統的功能性更加的強化。由於本文提出的系統只針對URL資訊做起始的偵測基礎,因此本系統不論是設置在伺服端點或是客戶端點都是適用的。
According to the services provided in the internet are more and more variety, the user’s information have became more valuable relatively. The phishing attack emerged because of this. In addition, it’s not too difficult to set up the phishing websites, so it caused the phishing websites to “flourish”. For this reason, the victims often fall into the trap because of lacking of attention temporarily, and leak out their personal information. In this thesis, a phishing detection system based on URL information is presented. It would not endanger the user’s right of privacy and achieve preventing the phishing attacks, protects general user out of being deceived. Furthermore, combining the automatic filling in form function to detect the redirection behavior of phishing websites makes the detection ability more diversified. The experimental results prove that if it can add effective filling in form function, it will strengthen the functionality of whole system. Because of the system in this article only aims for the URL information to do the initial detection, hence it is suitable no matter the system is set up in the client end point or the sever end point.
[1] MillerSmiles.co.uk!, http://www.millersmiles.co.uk/
[2] Anti-Phishing Working Group, “Phishing Attack Trends Report - May 2007”, http://www.antiphishing.org/reports/apwg_report_may_2007.pdf
[3] Gregg Keizer, “Phishing Costs Nearly $1 Billion”, TechWeb Technology News. http://www.techweb.com/wire/security/164902671
[4] Robert McMillan, “Gartner: Consumers to lose $2.8 billion to phishers in 2006”, NetworkWorld, 2006. http://www.networkworld.com/news/2006/110906-gartner-consumers-to-lose-28b.html
[5] APWG, “Origins of the Word "Phishing"”. http://www.antiphishing.org/word_phish.html
[6] Anti-Phishing Working Group, http://www.antiphishing.org/index.html
[7] Dhamija, R., J. D. Tygar. and M. Hearst. “Why phishing works”. CHI 2006, April 22-27, Montreal, Quebec, Canada
[8] Steve Sheng, Bryant Magnien, Ponnurangam Kumaraguru,Alessandro Acquisti, Lorrie Faith Cranor, Jason Hong, Elizabeth Nunge, “Anti-Phishing Phil: The Design and Evaluation of a Game That Teaches People Not to Fall for Phish”, Symposium on Usable Privacy and Security (SOUPS) 2007, July 18-20, 2007, Pittsburgh, PA, USA.
[9] COMODO, “Anti-Phishing Portfolio”, Comodo Inc, 2005
[10] CVC (Content Verification Certificates), http://www.contentverification.com
[11] TrustLogo, http://www.trustlogo.com
[12] Min Wu, Robert C. Miller, Greg Little, “Web Wallet:
Preventing Phishing Attacks by Revealing User Intentions”, Symposium On Usable Privacy and Security (SOUPS) 2006, July 12-14, 2006, Pittsburgh, PA, USA.
[13] Zhang, Y., J. Hong., and L. Cranor, “CANTINA: a Content-Based Approach to Detecting Phishing Websites”. In Proceedings of the 16th International World Wide Web Conference (WWW2007), Banff, Alberta, Canada, May 8-12, 2007
[14] Chou, N., R. Ledesma, Y. Teraguchi, D. Boneh, and J.C. Mitchell. “Client-Side Defense against Web-Based Identity Theft”. In Proceedings of The 11th Annual Network and Distributed System Security Symposium (NDSS ''04).
[15] Vipul Ved Prakash, Christopher Abad, Jamie de Guerre. “Cloudmark''s Unique Approach To Phishing”. Cloudmark, Inc. ,2006
[16] Liu Wenyin, Guanglin Huang, Liu Xiaoyue, Xiaotie Deng and Zhang Min, “Phishing Webpage Detection“. Proceedings of the 2005 Eight International Conference on Document Analysis and Recognition (ICDAR’05)
[17] Craig M. McRae, Rayford B. Vaughn, “Phighting the Phisher:Using Web Bugs and Honeytokens to Investigatethe Source of Phishing Attacks”. Proceedings of the 40th Annual Hawaii International Conference on System Sciences (HICSS''07)
[18] Yun Zhang, Serge Egelman, Lorrie Cranor, and Jason Hong, “Phinding Phish: Evaluating Anti-Phishing Tools”, In Proceedings of the 14th Annual Network and Distributed System Security Symposium (NDSS 2007), February 2007.
[19] PhishTank, http://www.phishtank.com/
[20] VeriSign, http://www.verisign.com
