網際網路的資訊安全一直是被廣泛討論的問題，近年來網路資訊安全受威脅情況越演越烈，根據研究，針對個人及中小企業的網路攻擊數量、威脅程度、遭受的經濟損失皆有增加。

面對這些威脅，實際企業所採用的對抗方式，通常為伺服器端的入侵偵測、防火牆過濾、又或者於端點安裝防毒軟體。然而研究統計實際防禦的效果並不明顯。與此同時，因為新冠病毒的影響，遠距離辦公的需求亦增加了可能被入侵的風險。使用者僅僅是連線到一個網站，便須面對多種不同的資安威脅。在此情況下，此論文提出絕緣體(Insulator)，一個應用於無線網際網路威脅之端點安全框架，絕緣體一詞意味著通過阻止網際網路上的威脅來保護用戶。

絕緣體將提供使用者一種可以完全由端點自行偵測、防護的安全框架。針對正常使用者連線容易遇到的資安威脅，此論文提供一種不依賴伺服器端支援，可同時偵測防禦數種攻擊的端點工具，令使用者可使用自身之設備於不信任的網路環境中偵測攻擊者並迴避危險。

此論文所提出之端點安全框架，由四種核心模組完成。這四種模組將分別進行無線網路偵測惡意AP、互聯網域名偵測惡意的快速變動網域、互聯網網站偵測釣魚網站、以及使用者信息洩漏這四層防護。透過事前安裝此安全框架，使用者可以在不信任的網路環境下偵測及迴避攻擊者，保護自身不受這些網路威脅的危害而安全的完成連線目標。

The risk of accessing the Internet and wireless networks is increasing. In recent years, cyberattacks on individuals and businesses have become more and more serious. To make matters worse, as work from home (WFH) has become popular due to the threat of COVID-19, cyberattacks have also increased dramatically.

Due to WFH, the defense mechanism against cyberattacks is limited. In general, the company has administrator rights to control devices and local networks. However, when the user connects back to the company through a personal device, certain defense methods will not be available.

In this case, companies usually can only perform some monitoring. According to survey statistics, companies usually use identity verification, intrusion detection systems, and anti-virus solutions. However, about half of the organizations stated that exploits and malware have evaded their solutions. And almost a third of organizations do not require their remote workers to use authentication methods.

In order to solve the above problems, this paper proposes Insulator, a client security framework that protects client users from cyberattacks. The term insulator means to protect users by blocking threats on the Internet. Insulator satisfies the constraints of detecting cyberattacks in untrusted network environments based on user-side functions. In order to provide complete protection, Insulator includes four modules for detecting and defending evil twins, fast-flux domain, phishing and information leakage. Through the above modules, Insulator can detect and defend the most popular cyberattacks.

[1] Keeper Security and Ponemon Institute. The 2018 State of SMB Cybersecurity. Available from: https://start.keeper.io/2018-ponemon-report.
[2] Keeper Security and Ponemon Institute. Cybersecurity in the Remote Work Era - A Global Risk Report. Available from: https://www.keepersecurity.com/en_GB/ponemon2020.html.
[3] Kalitut. Wifiphisher Evil Twin Attack. Available from: https://kalitut.com/wifiphisher-evil-twin-attack/.
[4] Wei Wei, Bing Wang, Chun Zhang, Jim Kurose, and Don Towsley. Classification of access network types: Ethernet, wireless lan, adsl, cable modem or dialup? Computer Networks, 52(17):3205-3217, 2008.
[5] Aravind Venkataraman and Raheem Beyah. Rogue access point detection using innate characteristics of the 802.11 mac. pages 394-416, 09 2009.
[6] Chad Mano, Andrew Blaich, Qi Liao, Yingxin Jiang, David Cieslak, David Salyers, and Aaron Striegel. Ripps: Rogue identifying packet payload slicer detecting unauthorized wireless hosts through network traffic conditioning. ACM Trans. Inf. Syst. Secur., 11, 01 2008.
[7] Kuo-Fong Kao, Ihan Liao, and Yueh-Chia Li. Detecting rogue access points using client-side bottleneck bandwidth analysis. Computers & Security, 28:144-152, 05 2009.
[8] Wei Wei, Sharad Jaiswal, Jim Kurose, Don Towsley, Kyoungwon Suh, and Bing Wang. Identifying 802.11 traffic from passive measurements using iterative bayesian inference. IEEE/ACM Transactions on Networking, 20(2):325-338, 2012.
[9] Liran Ma, A.Y. Teymorian, and Xiuzhen Cheng. A hybrid rogue access point protection framework for commodity wi-fi networks. pages 1220 - 1228, 05 2008.
[10] Qiaolin Pu, Joseph Kee-Yin Ng, Shijie Deng, and Fawen Zhang. Rogue access point localization leveraging compressive sensing via kernel optimization. In 2020 IEEE Wireless Communications and Networking Conference (WCNC), pages 1-7, 2020.
[11] Ping Lu. A position self-adaptive method to detect fake access points. Journal of Quantum Computing, 2:119-127, 01 2020.
[12] Chao Yang, Yimin Song, and Guofei Gu. Active user-side evil twin access point detection using statistical techniques. Information Forensics and Security, IEEE Transactions on, 7:1638-1651, 10 2012.
[13] Volker Roth, Wolfgang Polak, Eleanor Rieffel, and Thea Turner. Simple and effective defense against evil twin access points. pages 220-235, 01 2008.
[14] Yimin Song, Chao Yang, and Guofei Gu. Who is peeping at your passwords at starbucks? - to catch an evil twin access point. In 2010 IEEE/IFIP International Conference on Dependable Systems Networks (DSN), pages 323-332, 2010.
[15] Suman Jana and Sneha K. Kasera. On fast and accurate detection of unauthorized wireless access points using clock skews. IEEE Transactions on Mobile Computing, 9(3):449-462, 2010.
[16] Qian LU, Haipeng Qu, Yuan ZHUANG, Xi-Jun LIN, and Yuzhan OUYANG. Client-side evil twin attacks detection using statistical characteristics of 802.11 data frames. IEICE Transactions on Information and Systems, E101.D:2465-2473, 10 2018.
[17] Jiahui Zhang, Qian Lu, Ruobing Jiang, and Haipeng Qu. PEDR: A Novel Evil Twin Attack Detection Scheme Based on Phase Error Drift Range, pages 188-207. 12 2020.
[18] A. Srinivasan and J. Wu. Vouch-ap: Privacy preserving open-access 802.11 public hotspot ap authentication mechanism with co-located evil-twins. International Journal of Security and Networks, 13:153-168, 01 2018.
[19] Hao Han, Bo Sheng, Chiu Tan, Qun Li, and Sanglu Lu. A timingbased scheme for rogue ap detection. Parallel and Distributed Systems, IEEE Transactions on, 22:1912 - 1925, 12 2011.
[20] Songrit Kitisriworapan, Aphirak Jansang, and Anan Phonphoem. Client-side rogue access-point detection using a simple walking strategy and round-trip time analysis. EURASIP Journal on Wireless Communications and Networking, 2020, 12 2020.
[21] Md Asaduzzaman, Mohammad Majib, and Md. Mahbubur Rahman. Wi-fi frame classification and feature selection analysis in detecting evil twin attack. 11 2020.
[22] Harsha S., Khalid Abdus Sattar, Balaji Sriramulu, and Vallabh Rao. Improving wi-fi security against evil twin attack using light weight machine learning application. Compusoft, 8, 03 2019.
[23] Abdulrahman Al-Hababi and Sezer C. Tokgoz. Man-in-the-middle attacks to detect and identify services in encrypted network flows using machine learning. In 2020 3rd International Conference on Advanced Communication Technologies and Networking (CommNet), pages 1-5, 2020.
[24] Qian Lu, Ruobing Jiang, Yuzhan Ouyang, Haipeng Qu, and Jiahui Zhang. Bire: A client-side bi-directional syn reflection mechanism against multi-model evil twin attacks. Computers & Security, 88:101618, 09 2019.
[25] Sathish Kumar and Brian Xu. A machine learning based approach to detect malicious fast flux networks. pages 1676-1683, 11 2018.
[26] Williams Surjanto and Charles Lim. Finding Fast Flux Traffic in DNS Haystack, pages 69-82. 08 2020.
[27] Gopinath P., Sangeetha S., Balaji Rajendran, Sanjay Adiwal, Shubham Goyal, and Bapu Bindhumadhava. Malicious domain detection using machine learning on domain name features, host-based features and web-based features. Procedia Computer Science, 171:654-661, 01 2020.
[28] Anuradha Biradar and B. Padmavathi. BotHook: A Supervised Machine Learning Approach for Botnet Detection Using DNS Query Data, pages 261-269. 01 2020.
[29] Leyla Bilge, Engin Kirda, Christopher Kruegel, and Marco Balduzzi. Exposure: Finding malicious domains using passive dns analysis. 01 2011.
[30] Manos Antonakakis, Roberto Perdisci, David Dagon, Wenke Lee, and Nick Feamster. Building a dynamic reputation system for DNS. In 19th USENIX Security Symposium (USENIX Security 10), Washington, DC, August 2010. USENIX Association.
[31] Alper Caglayan, Mike Toothaker, Dan Drapeau, Dustin Burke, and Gerry Eaton. Real-time detection of fast flux service networks. In 2009 Cybersecurity Applications Technology Conference for Homeland Security, pages 285-292, 2009.
[32] Ching-Hsiang Hsu, Chun-Ying Huang, and Kuan-Ta Chen. Fast-flux bot detection in real time. volume 6307, pages 464-483, 01 2010.
[33] Hui-Tang Lin, Ying-You Lin, and Jui-Wei Chiang. Genetic-based real-time fast-flux service networks detection. Computer Networks, 57:501-513, 02 2013.
[34] Hongling Jiang and Jinzhi Lin. Detect fast-flux domain name with dga through ip fluctuation. International Journal of Network Security, 23(1):88-96, Jan 2021.
[35] Nikola Kasabov, Kshitij Dhoble, Nuttapod Nuntalid, and Giacomo Indiveri. Dynamic evolving spiking neural networks for on-line spatio- and spectro-temporal pattern recognition. Neural Networks, 41:188-201, 2013. Special Issue on Autonomous Learning.
[36] Dr.Ammar Almomani, Ahmad Al Nawasrah, Mohammad Alauthman, Farid Meziane, and Mohammed Al-Betar. Botnet detection used fast-flux technique, based on adaptive dynamic evolving spiking neural network algorithm. International Journal of Ad Hoc and Ubiquitous Computing, 36:50, 01 2021.
[37] Ian Fette, Norman Sadeh, and Anthony Tomasic. Learning to detect phishing emails. pages 649-656, 01 2007.
[38] Xiong Ding, Baoxu Liu, Zhengwei Jiang, Qiuyun Wang, and Liling Xin. Spear phishing emails detection based on machine learning. In 2021 IEEE 24th International Conference on Computer Supported Cooperative Work in Design (CSCWD), pages 354-359, 2021.
[39] Yue Zhang, Jason Hong, and Lorrie Cranor. Cantina: A contentbased approach to detecting phishing web sites. pages 639-648, 01 2007.
[40] Guang Xiang, Jason Hong, Carolyn Rosé, and Lorrie Cranor. Cantina+: A feature-rich machine learning framework for detecting phishing web sites. ACM Trans. Inf. Syst. Secur., 14:21, 09 2011.
[41] Madhusudhanan Chandrasekaran, Ramkumar Chinchani, and Shambhu Upadhyaya. Phoney: mimicking user response to detect phishing attacks. In 2006 International Symposium on a World of Wireless, Mobile and Multimedia Networks(WoWMoM'06), pages 5 pp.-672, 2006.
[42] Shujun Li and Roland Schmitz. A novel anti-phishing framework based on honeypots. pages 1 - 13, 11 2009.
[43] Ammar Odeh, Ismail Keshta, and Eman Abdelfattah. Phiboosta novel phishing detection model using adaptive boosting approach. Jordanian Journal of Computers and Information Technology (JJCIT), 07:65-74, 03 2021.
[44] L. Lakshmi, Purushotham Mittapalli, Chukka Santhaiah, and U. Reddy. Smart phishing detection in web pages using supervised deep learning classification and optimization technique adam. Wireless Personal Communications, 118, 06 2021.
[45] Bandar Alotaibi and Munif Alotaibi. Consensus and majority vote feature selection methods and a detection technique for web phishing. Journal of Ambient Intelligence and Humanized Computing, 12, 01 2021.
[46] Canan Batur Sahin and özlem Dinler. Prediction of phishing web sites with deep learning using weka environment. European Journal of Science and Technology, 04 2021.
[47] AdBlock. AdBlock. Available from: https://getadblock.com/.
[48] Giorgio Maone. NoScript Security Suite. Available from: https://addons.mozilla.org/zh-TW/firefox/addon/noscript/.
[49] Pamblam. Tamper Data for FF Quantum. Available from: https://addons.mozilla.org/zh-TW/firefox/addon/tamper-data-for-ff-quantum/.
[50] Wentao Chang and Songqing Chen. Defeat information leakage from browser extensions via data obfuscation. pages 33-48, 11 2013.
[51] Mengfei Xie, Jianming Fu, Jia He, Chenke Luo, and Guojun Peng. JTaint: Finding Privacy-Leakage in Chrome Extensions, pages 563-583. 08 2020.
[52] Fu-Hau Hsu, Chuan-Sheng Wang, Yu-Liang Hsu, Yung-Pin Cheng, and Yu-Hsiang Hsneh. A client-side detection mechanism for evil twins. Computers & Electrical Engineering, 59, 11 2015.
[53] Fu-Hau Hsu, Chuan-Sheng Wang, Chih-Wen Ou, and Yu-Liang Hsu. A passive user-side solution for evil twin access point detection at public hotspots. International Journal of Communication Systems, 33:e4460, 06 2020.
[54] Fu-Hau Hsu, Yu-Liang Hsu, and Chuan-Sheng Wang. A solution to detect the existence of a malicious rogue ap. Computer Communications, 142, 05 2019.
[55] Jay Aikat, Jasleen Kaur, F. Donelson Smith, and Kevin Jeffay. Variability in tcp round-trip times. In Proceedings of the 3rd ACM SIGCOMM Conference on Internet Measurement, IMC '03, pages 279-284, New York, NY, USA, 2003. ACM.
[56] Phillipa Sessini and Anirban Mahanti. Observations on round-trip times of tcp connections. SIMULATION SERIES, 38(3):347, 2006.
[57] Rafael Camilo Lozoya Gámez, P Marti, Manel Velasco, and J Fuertes. Wireless network delay estimation for time-sensitive applications. Autom. Control Dept., Technical Univ. Catalonia, Catalonia, Spain, Tech. Rep. ESAII RR-06-12, 2006.
[58] Xian Chen, Ruofan Jin, Kyoungwon Suh, Bing Wang, and Wei Wei. Network performance of smart mobile handhelds in a university campus wifi network. In Proceedings of the 2012 ACM Conference on Internet Measurement Conference, IMC '12, pages 315-328, New York, NY, USA, 2012. ACM.
[59] O. Awoniyi and F.A. Tobagi. Packet error rate in ofdm-based wireless lans operating in frequency selective channels. In INFOCOM 2006. 25th IEEE International Conference on Computer Communications. Proceedings, pages 1-13, April 2006.
[60] E. Kuo, M. Chang, and D. Kao. User-side evil twin attack detection using time-delay statistics of tcp connection termination. In 2018 20th International Conference on Advanced Communication Technology (ICACT), pages 1-1, Feb 2018.
[61] Fu-Hau Hsu, Chuan-Sheng Wang, Chi-Hsien Hsu, Chang-Kuo Tso, Li-Han Chen, and Song-Hui Lin. Detect fast-flux domains through response time differences. Selected Areas in Communications, IEEE Journal on, 32:1947-1956, 10 2014.
[62] Alexa - The Web Information Company. http://www.alexa.com/.
[63] ATLAS. Global fast flux. Available from: http://atlas.arbor.net/summary/fastflux.
[64] DNSBL. http://dnsbl.abuse.ch/fastfluxtracker.php.
[65] Chuan Sheng Wang, Fu Hau Hsu, Shih Jen Chen, Yan Ling Hwang, and Min Hao Wu. Detecting phishing sites using urls collected from emails. In Applied Science and Precision Engineering Innovation, volume 479 of Applied Mechanics and Materials, pages 916-922. Trans Tech Publications Ltd, 3 2014.
[66] PhishTank. http://www.phishtank.com/.