近年來,釣魚網站(Phishing Websites)已成為網路安全中的重大威脅,對個人和組織的資料安全造成了嚴重威脅。釣魚網站是指那些偽裝成合法網站,試圖從用戶那裡獲取敏感訊息,如帳戶密碼、信用卡號碼等,以進行非法活動的網站。它們通常利用欺騙性的手段,例如偽造的登入頁面和欺騙性的電子郵件,誘導用戶進行點擊和操作,從而竊取信息或安裝惡意軟體。 為了應對這一問題,此系統提出了一種新的釣魚網站檢測方法,該方法結合了登入前和登入後畫面的分析,以提高釣魚網站偵測的準確性,若無法透過登入前後畫面來識別是否為釣魚網站,則先把登入前後的原始碼做篩選,保留需要的程式碼當成AI方法的輸入,再由AI去判斷是否為釣魚網站,本研究的目標是開發出一種全面而有效的釣魚網站檢測系統,幫助用戶識別和防止釣魚網站的攻擊,從而保護個人和組織的資料安全。 ;In recent years, phishing websites have become a significant threat in the realm of cybersecurity, posing severe risks to the data security of individuals and organizations. Phishing websites are those that masquerade as legitimate sites, attempting to obtain sensitive information from users, such as account passwords and credit card numbers, for illicit activities. These sites often employ deceptive tactics, such as fake login pages and misleading emails, to trick users into clicking and interacting, thereby stealing information or installing malware. To address this issue, this system proposes a novel phishing website detection method that combines the analysis of pre-login and post-login screens to enhance the accuracy of phishing site detection. If it is not possible to identify a phishing site through the analysis of pre-login and post-login screens, the system will filter the source code before and after login, retaining the necessary code as input for an AI method, which will then determine whether the site is a phishing website. The objective of this research is to develop a comprehensive and effective phishing website detection system that helps users identify and prevent phishing attacks, thereby protecting the data security of individuals and organizations.
