臺灣博碩士論文加值系統

網路釣魚攻擊每年都以驚人的速度增長，目前在網路上已成為最危險的威脅之一，這可能會使某些人對於電子交易失去信心。在本論文中，我們提出了一個啟發式方法，用來確定一個網頁是否是合法的或者是詐騙的。這個方法能發現新的釣魚網頁，而使用黑名單的反釣魚網頁工具無法發現。本論文的方法是組合了其他作者所提出的幾個啟發式方法，並且做了一些增加與修改。經由實驗的結果得知我們的網路釣魚探測器可以達到很高的精準度並且有較低的誤報率以及漏報率。這證明結合了不同的方法可以提高精準度，因為不同的方法之間會有互補的效果。

Phishing attack is growing significantly each year and is considered as one of the most dangerous threats in the Internet which may cause people to lose confidence in e-commerce. In this paper, we present a heuristic method to determine whether a webpage is a legitimate or a phishing page. This scheme could detect new phishing pages which black list based anti-phishing tools could not. Our method is a combination of several heuristic methods previously proposed by other authors, with several addition and modification. Our evaluation result shows that the phishing detector may achieve high accuracy with relatively low false positive and low false negative. This also proves that the combination of different methods may improve detection performance since the strength of one method may cover the weakness of other methods.

摘要 i
Abstract ii
Acknowledgements iii
Table of Content iv
List of Figures vi
List of Tables vii
List of Equations viii
Chapter 1 Introduction 1
Chapter 2 System Architecture 3
Chapter 3 Identity Extraction 6
3.1 Term Identity 6
3.2 URL Identity 10
Chapter 4 Feature Generation 11
4.1 Feature 1: Suspicious page address 11
4.2 Feature 2: ID page address 12
4.3 Feature 3: Nil anchors 12
4.4 Feature 4: ID foreign anchors 13
4.5 Feature 5: Foreign anchors 14
4.6 Feature 6: ID foreign requests 14
4.7 Feature 7: Foreign requests 15
4.8 Feature 8: Cookie domain 15
4.9 Feature 9: SSL certificate 16
4.10 Feature 10: Number of dots in page address 16
4.11 Feature 11: Number of dots in all URLs 16
4.12 Feature 12: Search engine 17
4.13 Domain association 17
4.14 Unused features 19
4.15 SVM classifier 20
Chapter 5 Evaluation 21
5.1 Experiment on the first dataset 21
5.2 Experiment on the second dataset 23
Chapter 6 Discussion 25
Chapter 7 Conclusion 27
References 28

[1] 3Sharp. Gone Phishing: Evaluating Anti-Phishing Tools for Windows. 2006. http://www.3sharp.com/projects/antiphishing/
[2] Anti-Phishing Working Group. Phishing Activity Trends Report. 2007. http://www.antiphishing.org/reports/apwg_report_dec_2007.pdf
[3] Chang C. C., and C. J. Lin. LibSVM: A Library for Support Vector Machines. 2001. http://www.csie.ntu.edu.tw/~cjlin/libsvm/
[4] Chou, N., R. Ledesma, Y. Teraguchi, D. Boneh, and J.C. Mitchell. Client-Side Defense against Web-Based Identity Theft. In Proceedings of the 11th Annual Network and Distributed System Security Symposium (NDSS 2004). http://crypto.stanford.edu/SpoofGuard/webspoof.pdf
[5] Cranor, L., S. Egelman, J. Hong, and Y. Zhang. Phinding Phish: Evaluating Anti-Phishing Tools. In Proceedings of the 14th Annual Network and Distributed System Security Symposium (NDSS 2007).
[6] Downs, J.S., M.B. Holbrook, and L.F. Cranor. Decision Strategies and Susceptibility to Phishing. In Proceedings of the Second Symposium on Usable Privacy and Security (SOUPS 2006). pp. 79-90 2006.
[7] Fette, I., N. Sadeh, and A. Tomasic. Learning to Detect Phishing Emails. ISRI Technical Report. CMU-ISRI-06-112, 2006. http://reports-archive.adm.cs.cmu.edu/ anon/isri2006/abstracts/06-112.html
[8] Google Inc. Google Safe Browsing for Firefox. Visited: May 2008. http://www.google.com/tools/firefox/safebrowsing/
[9] Netcraft. Netcraft Anti-Phishing Toolbar. Visited: May 2008. http://toolbar.netcraft.com/
[10] Pan Y., and X. Ding. Anomaly Based Web Phishing Page Detection. 22nd Annual Computer Security Applications Conference (ACSAC ‘06), IEEE, 2006, pp. 381-392.
[11] Ronda, T., S. Saroiu, and A. Wolman. iTrustPage: A User-Assisted Anti-Phishing Tool. In Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008.
[12] Schneier, B. Semantic Attacks: The Third Wave of Network Attacks. Cryptogram Newsletter. October 15, 2000. http://www.schneier.com/crypto-gram-0010.html
[13] TG Daily. Phishing cost the U.S. $3.2 billion in 2007. December 18, 2007. http://www.tgdaily.com/content/view/35326/113/
[14] V.N. Vapnik. The nature of statistical learning theory. Springer, New York. 1995.
[15] W3C DOM Interest Group. Document Object Model. http://www.w3.org/DOM/
[16] Wu, M. R.C. Miller, and S. Garfinkel. Do Security Toolbars Actually Prevent Phishing Attacks?. In Proceedings of ACM Conference on Human Factors in Computing Systems (CHI 2006), CHI Letters 8(1). Quebec, Canada: ACM Press. pp. 601-610.
[17] Zhang Y., J. Hong, and L. Cranor. CANTINA: A Content-Based Approach to Detecting Phishing Web Sites. In Proceedings of the International World Wide Web Conference (WWW). 2007.