由於網路上提供的服務越來越多樣化,使得使用者資訊變得相對地更加有價值。而釣魚攻擊便因此而產生了,加上設立釣魚網站並不會太困難,也因而造成釣魚網站如雨後春筍般越來越多,相對的受害者卻常因為一時不察而掉入陷阱,並將自己的個人資訊洩漏出去。本文提出以URL為基礎資訊的釣魚偵測系統,可以在不危害使用者隱私權的情況下,達到防止釣魚攻擊,保護一般使用者免於受騙。另外結合自動填表功能來偵測釣魚網站的轉向行為模式,使得偵測的面向更加多樣化,實驗結果證實自動偵測若能加上有效的填表功能,會使得整個系統的功能性更加的強化。由於本文提出的系統只針對URL資訊做起始的偵測基礎,因此本系統不論是設置在伺服端點或是客戶端點都是適用的。 According to the services provided in the internet are more and more variety, the user’s information have became more valuable relatively. The phishing attack emerged because of this. In addition, it’s not too difficult to set up the phishing websites, so it caused the phishing websites to “flourish”. For this reason, the victims often fall into the trap because of lacking of attention temporarily, and leak out their personal information. In this thesis, a phishing detection system based on URL information is presented. It would not endanger the user’s right of privacy and achieve preventing the phishing attacks, protects general user out of being deceived. Furthermore, combining the automatic filling in form function to detect the redirection behavior of phishing websites makes the detection ability more diversified. The experimental results prove that if it can add effective filling in form function, it will strengthen the functionality of whole system. Because of the system in this article only aims for the URL information to do the initial detection, hence it is suitable no matter the system is set up in the client end point or the sever end point.
