Internet的快速與便捷,使得人們越來越習慣利用網路處理各式各樣的工作,各種重要資料也因而逐漸的轉移至各網路主機上,供其他機器透過網路存取。然而與此同時,然而與此同時,利用網路的犯罪行為也開始層出不窮,其中釣魚網站的危害更是Internet上的一個嚴重問題。所謂釣魚攻擊是利用從電子通訊中,偽裝成合法的網頁來騙取被害者的個人資料。一般而言,釣魚業者為了成功的騙取大量個人資料,將寄送大量的電子郵件,而這些郵件都聲稱自己來自於一個合法的網站或網路管理者,以此誘騙受害者的信任。因此,根據攻擊者的手法,一般防禦釣魚攻擊的機制大致上可分為兩種:在處理信件時濾掉惡意信件或是在瀏覽器瀏覽網頁時判斷並過濾偽造網頁。然而直至今日,對於釣魚攻擊,仍然沒有一個萬全的解決方案出現。 這篇論文針對釣魚攻擊提出了一個新穎的解決方案,我們收集釣魚網頁的連結並主動反擊回去,對釣魚者騙取收集而成的受害者資料庫注入大量的偽造資料,癱瘓它們的釣魚機制並藉此來保護我們的使用者。此外,為了更進一步的迷惑釣魚業者,我們的機制將對router作一個小幅度的修改。我們提供一個有效而主動的防衛機制,即使使用者受騙上當,私密資料仍然不易取得。Phishing, a malicious behavior that steals Internet users’ sensitive information, is a critical threat on the Internet. In general, attackers prepare a forged web page and then send a large number of spoofed e-mails in order to trick more victims. Therefore the approaches of defending phishing attacks can generally be classified into two categories: filters for e-mail or those for web page. However, none of the solutions are foolproof. In this paper, we propose a novel scheme, which collects phishing URL information and makes a counterattack to those phishing web sites, so that they are no longer able to attack other networks. We describe the design on routers. The goal is to inject a great deal of fake data into the database which phishers use to collect victims’ data. This research presents a proactive defense mechanism; we protect users even if they have been tricked to leak their private information to phishers.
