(3.238.174.50) 您好!臺灣時間:2021/04/17 05:41
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

我願授權國圖
: 
twitterline
研究生:黃克仲
研究生(外文):Ke-Jhong Huang
論文名稱:以URL資訊為基礎之網路釣魚偵測系統
論文名稱(外文):A Phishing Detection System Based on URL Information
指導教授:曾黎明曾黎明引用關係
指導教授(外文):Li-Ming Tseng
學位類別:碩士
校院名稱:國立中央大學
系所名稱:資訊工程研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2007
畢業學年度:96
語文別:中文
論文頁數:46
中文關鍵詞:釣魚網路詐騙網路安全
外文關鍵詞:Web SpoofingPhishingInternet Security
相關次數:
  • 被引用被引用:5
  • 點閱點閱:481
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:69
  • 收藏至我的研究室書目清單書目收藏:4
由於網路上提供的服務越來越多樣化,使得使用者資訊變得相對地更加有價值。而釣魚攻擊便因此而產生了,加上設立釣魚網站並不會太困難,也因而造成釣魚網站如雨後春筍般越來越多,相對的受害者卻常因為一時不察而掉入陷阱,並將自己的個人資訊洩漏出去。本文提出以URL為基礎資訊的釣魚偵測系統,可以在不危害使用者隱私權的情況下,達到防止釣魚攻擊,保護一般使用者免於受騙。另外結合自動填表功能來偵測釣魚網站的轉向行為模式,使得偵測的面向更加多樣化,實驗結果證實自動偵測若能加上有效的填表功能,會使得整個系統的功能性更加的強化。由於本文提出的系統只針對URL資訊做起始的偵測基礎,因此本系統不論是設置在伺服端點或是客戶端點都是適用的。
According to the services provided in the internet are more and more variety, the user’s information have became more valuable relatively. The phishing attack emerged because of this. In addition, it’s not too difficult to set up the phishing websites, so it caused the phishing websites to “flourish”. For this reason, the victims often fall into the trap because of lacking of attention temporarily, and leak out their personal information. In this thesis, a phishing detection system based on URL information is presented. It would not endanger the user’s right of privacy and achieve preventing the phishing attacks, protects general user out of being deceived. Furthermore, combining the automatic filling in form function to detect the redirection behavior of phishing websites makes the detection ability more diversified. The experimental results prove that if it can add effective filling in form function, it will strengthen the functionality of whole system. Because of the system in this article only aims for the URL information to do the initial detection, hence it is suitable no matter the system is set up in the client end point or the sever end point.
摘要 i
ABSTRACT ii
致謝辭 iii
目錄 iv
圖目錄 vi
表目錄 vii
第一章 緒論 1
1.1 研究背景 1
1.2 研究動機 2
1.3 論文架構 3
第二章 相關研究 4
2.1 什麼是釣魚-網路詐騙 4
2.2 為何釣魚能成功 4
2.3 教育使用者 5
2.3.1 Anti-Phishing Phil 5
2.4 PREVENTION 8
2.4.1 Content Verification Certificates (CVC) 8
2.4.2 TrustLogo 9
2.4.3 E-mail Certificates 9
2.5 使用者介面 9
2.5.1 Web Wallet 9
2.6 偵測 13
2.6.1 CANTINA 13
2.6.2 SpoofGuard 13
2.6.3 Cloudmark 13
2.6.4 Visual Similarity Assessment (VSA) 13
2.6.5 Web Bugs and Honeytokens 14
2.7 系統比較 (針對預防、UI及偵測部分) 15
第三章 系統設計 17
3.1 系統架構 17
3.2 運作流程 20
第四章 系統實做 23
4.1 實做環境 23
4.2 模組說明 23
第五章 實驗測試 25
5.1 實驗資料來源 25
5.2 實驗資料組成 25
5.3 實驗步驟 25
5.4 實驗結果 25
5.5 實驗結論 26
第六章 結論與討論 29
參考文獻 31
附錄 33
[1]MillerSmiles.co.uk!, http://www.millersmiles.co.uk/
[2]Anti-Phishing Working Group, “Phishing Attack Trends Report - May 2007”, http://www.antiphishing.org/reports/apwg_report_may_2007.pdf
[3]Gregg Keizer, “Phishing Costs Nearly $1 Billion”, TechWeb Technology News. http://www.techweb.com/wire/security/164902671
[4]Robert McMillan, “Gartner: Consumers to lose $2.8 billion to phishers in 2006”, NetworkWorld, 2006. http://www.networkworld.com/news/2006/110906-gartner-consumers-to-lose-28b.html
[5]APWG, “Origins of the Word "Phishing"”. http://www.antiphishing.org/word_phish.html
[6]Anti-Phishing Working Group, http://www.antiphishing.org/index.html
[7]Dhamija, R., J. D. Tygar. and M. Hearst. “Why phishing works”. CHI 2006, April 22-27, Montreal, Quebec, Canada
[8]Steve Sheng, Bryant Magnien, Ponnurangam Kumaraguru,Alessandro Acquisti, Lorrie Faith Cranor, Jason Hong, Elizabeth Nunge, “Anti-Phishing Phil: The Design and Evaluation of a Game That Teaches People Not to Fall for Phish”, Symposium on Usable Privacy and Security (SOUPS) 2007, July 18-20, 2007, Pittsburgh, PA, USA.
[9]COMODO, “Anti-Phishing Portfolio”, Comodo Inc, 2005
[10]CVC (Content Verification Certificates), http://www.contentverification.com
[11]TrustLogo, http://www.trustlogo.com
[12]Min Wu, Robert C. Miller, Greg Little, “Web Wallet:
Preventing Phishing Attacks by Revealing User Intentions”, Symposium On Usable Privacy and Security (SOUPS) 2006, July 12-14, 2006, Pittsburgh, PA, USA.
[13]Zhang, Y., J. Hong., and L. Cranor, “CANTINA: a Content-Based Approach to Detecting Phishing Websites”. In Proceedings of the 16th International World Wide Web Conference (WWW2007), Banff, Alberta, Canada, May 8-12, 2007
[14]Chou, N., R. Ledesma, Y. Teraguchi, D. Boneh, and J.C. Mitchell. “Client-Side Defense against Web-Based Identity Theft”. In Proceedings of The 11th Annual Network and Distributed System Security Symposium (NDSS ''04).
[15]Vipul Ved Prakash, Christopher Abad, Jamie de Guerre. “Cloudmark''s Unique Approach To Phishing”. Cloudmark, Inc. ,2006
[16]Liu Wenyin, Guanglin Huang, Liu Xiaoyue, Xiaotie Deng and Zhang Min, “Phishing Webpage Detection“. Proceedings of the 2005 Eight International Conference on Document Analysis and Recognition (ICDAR’05)
[17]Craig M. McRae, Rayford B. Vaughn, “Phighting the Phisher:Using Web Bugs and Honeytokens to Investigatethe Source of Phishing Attacks”. Proceedings of the 40th Annual Hawaii International Conference on System Sciences (HICSS''07)
[18]Yun Zhang, Serge Egelman, Lorrie Cranor, and Jason Hong, “Phinding Phish: Evaluating Anti-Phishing Tools”, In Proceedings of the 14th Annual Network and Distributed System Security Symposium (NDSS 2007), February 2007.
[19]PhishTank, http://www.phishtank.com/
[20]VeriSign, http://www.verisign.com
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
系統版面圖檔 系統版面圖檔