何謂網路釣魚攻擊?網路釣魚攻擊者是藉由發送釣魚郵件(Phishing mail)給受害者,受害者點選了誤以為是來自合法網站的郵件中的惡意超連結(Hypelink),受害者就被導向釣魚網頁,而在釣魚網頁上洩漏了個人的機密資訊給予攻擊者,如個人的信用卡號碼、帳號、密碼,釣魚者再將受害者導向合法的網頁,受害者根本很難發覺剛剛發生了什麼事而掉入釣魚者的陷阱。 因此本論文提出了一個Client端及Server端協同合作的方式,防止網路釣魚的攻擊,以此種協同方式強化線上交易網站,希望藉由此種方式能達到更加緊密的來防堵網路釣魚的攻擊,基於合作協防的立場,Client端可以提供一組假的帳號密碼代替使用者的正確帳號密碼,來協助舉報與追蹤受懷疑的攻擊者,此組假的帳號密碼是事先與Sever端協議好用來反制釣魚者的,釣魚者獲得此組協議的帳號密碼等於已被標記,釣魚者使用此組協議的帳號密碼來登入合法Server時,Server就能藉由這標記識別出釣魚者,Server端發現此異常帳號密碼後,可將釣魚者導向Trap Sever,使得釣魚者不會攻擊到受害者,因Trap Server是仿製合法網站,並可以在Trap Server監控釣魚者的一切活動,甚至可以收集到其他不知情的受害者的帳號資料並凍結帳號,如此一來,讓交易網站的Server端成為防禦網路釣魚的另一道防線,降低網路釣魚攻擊的威脅。過去防止網路釣魚的方式集中於Client端為多,其實在防堵網路釣魚方面,Server端也應該負起更多責任來協助,畢竟Server端的有此責任義務,同時也擁有較多的資源來防止網路釣魚的攻擊。 Because the network online transaction is increasingly popular, many users encounter the phishing attack. The phisher usually use phishing mail and web spoofing to lure the victims. The victims don’t pay attention to the phisher’s trick, they leak their secret information to phisher. The victims often carelessly fall into the trap because of lacking of attention. In this thesis, we propose a Client-Server Cooperated Anti-Phishing method to detect phishing attacks. We use this method to strength the anti-phishing ability of a online transaction web site. The goal of Client-Server Cooperated Anti-Phishing method is how to detect phisher, how to notify client, how to report server, how to trace back phisher. Except client sides’ anti-phinsh, Server sides take more effort to anti-phish will be more safty in online transaction environment. Because Server sides have more resource to anti-phish.