以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：17

、訪客IP：3.134.99.32

姓名	葉峻羲(CHUN-HSI YEH)  查詢紙本館藏	畢業系所	資訊工程學系
論文名稱	檢測基於惡意使用圖像標籤的MIME類型混淆攻擊 (Detecting MIME Type Confusion Attacks Based on Malicious Use of Image Tags)
相關論文	★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm ★ Discoverer- Rootkit即時偵測系統 ★ 一項Android手機上詐騙簡訊的偵測與防禦機制 ★ SRA系統防禦ARP欺騙劫持路由器 ★ A Solution for Detecting and Defending ARP Spoofing on Virtual Machines ★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統 ★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統 ★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection ★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks ★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection ★ Shark: Phishing Information Recycling from Spam Mails ★ FFRTD: Beat Fast-Flux by Response Time Differences ★ Antivirus Software Shield against Antivirus Terminators ★ MAC-YURI : My ACcount, YoUr ResponsIbility ★ KKBB: Kernel Keylogger Bye-Bye ★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment
檔案	[Endnote RIS 格式]    [Bibtex 格式]    [相關文章]   [文章引用]   [完整記錄]   [館藏目錄]   至系統瀏覽論文 (2028-6-30以後開放)
摘要(中)	圖片是現今大多數的網站上不可或缺的一項元素，對於文字無法 說明的部分，圖片是一種能夠輔助說明的媒介，在任何能夠讓使用 者交流的網站，大多都允許使用者發布圖片，這就具有被駭客利在 在網路攻擊上的可能性。因其廣泛性與重要性，許多網站都不會去 禁止 img tag 的使用，使得基於圖片的多用途網際網路郵件擴展類 型混淆攻擊(Multipurpose Internet Mail Extensions(MIME) Type Confusion attack)變得相當重要。 多用途網際網路郵件擴展類型混淆攻擊是駭客利用瀏覽器會使用 MIME-Type sniffing 檢測正確的檔案類型這一特徵，而發展出來的 攻擊。早期的瀏覽器開始導入 MIME-Type sniffing 功能的原因， 是用來防止伺服器給出錯誤的檔案格式，而讓瀏覽器使用錯誤的處 理方式解釋接收到的資源。而這卻被駭客利用偽裝檔案類型的方 式，讓瀏覽器在未經使用者同意的情況下導致跨網站腳本攻擊 (Coss-Site Scripting(XSS) attack)。或者使用者的個人訊息透過 惡意的網絡信標(Web Beacon)，導致使用者的隱私遭到洩漏。 本論文提出一種方法，針對任何應當是圖片類型的資源，在瀏覽 器向伺服器請求資源之前，就正確的辨認和解釋會從伺服器傳遞的 檔案類型，並透過實作成瀏覽器插件的形式，以即時動態分析的方 式，預先阻擋任何可疑的請求，以阻斷 MIME Type Confusion attack 的攻擊途徑。
摘要(英)	Images are an indispensable element on most websites today. For parts that cannot be explained by text, pictures are a medium that can assist in explanation. Most of the websites that allow users to communicate, allow users to post pictures. This has the possibility of being exploited by hackers in attacks. Because of its extensiveness and importance, many websites will not prohibit the use of img tag, making image-based Multipurpose Internet Mail Extensions (MIME) Type Confusion attack (Multipurpose Internet Mail Extensions (MIME) Type Confusion attack) very important. The MIME type confusion attack is an attack developed by hackers to take advantage of the fact that browsers use MIME sniffing to detect the correct file type. The reason why early browsers started importing MIME-Type sniffing was to prevent the server from giving the wrong file format and let the browser interpret the received resource in the wrong way. However, hackers use the method of disguising the file type to allow the browser to cause a cross-site scripting attack (Coss-Site Scripting (XSS) attack) without the consent of the user. Forgery (CSRF) attack). Or the user′s personal information is transmitted through a malicious web beacon (Web Beacon), causing the user′s privacy to be leaked. This paper proposes a method to correctly identify and explain the file type that will be transmitted from the server before the browser requests the resource from the server for any resource that should be an image type, and implement it in the form of a browser plug-in. By means of real-time dynamic analysis, any suspicious request is blocked in advance to block the attack path of MIME Type Confusion attack.
關鍵字(中)	★ MIME 類型混淆攻擊 ★ 圖片標籤	關鍵字(英)	★ MIME ★ img ★ html
論文目次	摘要………………………………………………………………………i Abstract ………………………………………………………………iii 致謝………………………………………………………………………v 目錄 ……………………………………………………………………vi 第 1 章 緒論 …………………………………………………………1 第 2 章 背景介紹 ……………………………………………………4 2.1 多用途網際網路郵件擴展類型混淆攻擊 ……………………4 2.1.1 MIME-Type Sniffing ……………………………………4 2.2 跨網站腳本攻擊 ………………………………………………5 2.2.1 多用途網際網路郵件擴展類型混淆攻擊 ………………6 2.3 網絡信標 ………………………………………………………7 第 3 章 文獻回顧……………………………………………………11 第 4 章 系統設計與實作……………………………………………13 4.1 系統設計………………………………………………………13 4.2 Redirect Checker……………………………………………15 4.2.1 網頁跳轉…………………………………………………15 4.2.2 運作原理…………………………………………………17 4.3 Image Collector …………………………………………17 4.3.1 運作原理…………………………………………………17 4.4 請求封鎖………………………………………………………18 第 5 章 實驗分析……………………………………………………21 5.1 環境設置………………………………………………………21 5.2 資料收集………………………………………………………22 5.3 分析評估………………………………………………………27 第 6 章 討論…………………………………………………………28 6.1 限制……………………………………………………………28 6.2 未來研究………………………………………………………28 第 7 章 結論…………………………………………………………30
參考文獻	[1] OWASP Top-10 2022_ Forecast Based on Statistics https://lab.wallarm.com/owasp-top-10-2022-forecast-based-on-statistics/ [2] Pixel Tracking_ A Hacker’s Tool - Check Point Blog https://blog.checkpoint.com/research/pixel-tracking-a-hackers-tool/ [3] XSS Filter Evasion - OWASP Cheat Sheet Series https://cheatsheetseries.owasp.org/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.html [4] Xss attack using script style and image https://preciselab.io/xss-attack-using-script-style-and-image/ [5] Theofilos Petsios, Adrian Tang, Dimitris Mitropoulos, Salvatore Stolfo, Angelos D. Keromytis and Suman Jana “Tug_of_War_Observations on Unified Content Handling” arXiv preprint arXiv:1708.09334, 2017. [6] Lukas Weichselbaum, Michele Spagnuolo, Sebastian Lekies and Artur Janc “CSP Is Dead, Long Live CSP! On the Insecurity of Whitelists and the Future of Content Security Policy” In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (pp. 1376-1387). [7] Dipayan Ghosh and Ben Scott “Digital deceit the technologies behind precision propaganda on the internet” 2018; Lise Henric, ‘Les fake news, entre outils de propagande et entraves à la liberté de la presse’, Hermès, La Revue 82, no. 3 (2018): 120–25, https://doi.org/10.3917/herm.082.0120. [8] Fahmi Anwar, Abdul Fadlil and Imam Riadi “Validation Analys is of Scalable Vector Graphics (SVG) File Upload using Magic Number and Document Object Model (DOM)” International Journal of Advanced Computer Science and Applications 11.11 (2020). [9] Tracking pixel_ function and definition of the website pixel - IONOS https://www.ionos.com/digitalguide/online-marketing/web-analytics/what-is-a-tracking-pixel/ [10] What’s the Difference Between a Cookie, a Pixel, and a Tag_ - Learn Web Analytics https://learnwebanalytics.com/whats-the-difference-between-a-cookie-a-pixel-and-a-tag/ [11] When you look at files from your cloud, are they looking back at you_ - Check Point Blog https://blog.checkpoint.com/research/look-files-cloud-looking-back/ [12] More details on the transition to Manifest V3 - Chrome Developers https://developer.chrome.com/blog/more-mv2-transition/ [13] Migrate to Manifest V3 - Chrome Developers https://developer.chrome.com/docs/extensions/migrating/ [14] Google Trends 台灣地區每日搜尋趨勢 https://trends.google.com.tw/trends/trendingsearches/daily?geo=TW&hl=zh-TW [15] Vadivu, P. Shanmuga, P. Sumathy, and A. Vadivel. "Ranking images in web documents based on HTML TAGs for image retrieval from WWW." International Journal of Computational Intelligence Studies 3.2-3 (2014): 176-195.
指導教授	許富皓(Fu-Hau Hsu)	審核日期	2023-7-17
推文	facebook   plurk   twitter   funp   google   live   udn   HD   myshare   reddit   netvibes   friend   youpush   delicious   baidu
網路書籤	Google bookmarks   del.icio.us   hemidemi   myshare