中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/8802
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 80990/80990 (100%)
Visitors : 41265058      Online Users : 854
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/8802


    Title: 透過Server協同之網路釣魚防禦研究—以交易網站為例;Anti-Phishing with Client-Server Cooperation -- Example by Online Transaction Website
    Authors: 鄭宇弘;YU-Hong Cheng
    Contributors: 資訊工程學系碩士在職專班
    Keywords: 網路安全;網路詐騙;網路釣魚;Phishing;Web spoofing;Internet Security
    Date: 2009-01-16
    Issue Date: 2009-09-22 11:35:03 (UTC+8)
    Publisher: 國立中央大學圖書館
    Abstract: 何謂網路釣魚攻擊?網路釣魚攻擊者是藉由發送釣魚郵件(Phishing mail)給受害者,受害者點選了誤以為是來自合法網站的郵件中的惡意超連結(Hypelink),受害者就被導向釣魚網頁,而在釣魚網頁上洩漏了個人的機密資訊給予攻擊者,如個人的信用卡號碼、帳號、密碼,釣魚者再將受害者導向合法的網頁,受害者根本很難發覺剛剛發生了什麼事而掉入釣魚者的陷阱。 因此本論文提出了一個Client端及Server端協同合作的方式,防止網路釣魚的攻擊,以此種協同方式強化線上交易網站,希望藉由此種方式能達到更加緊密的來防堵網路釣魚的攻擊,基於合作協防的立場,Client端可以提供一組假的帳號密碼代替使用者的正確帳號密碼,來協助舉報與追蹤受懷疑的攻擊者,此組假的帳號密碼是事先與Sever端協議好用來反制釣魚者的,釣魚者獲得此組協議的帳號密碼等於已被標記,釣魚者使用此組協議的帳號密碼來登入合法Server時,Server就能藉由這標記識別出釣魚者,Server端發現此異常帳號密碼後,可將釣魚者導向Trap Sever,使得釣魚者不會攻擊到受害者,因Trap Server是仿製合法網站,並可以在Trap Server監控釣魚者的一切活動,甚至可以收集到其他不知情的受害者的帳號資料並凍結帳號,如此一來,讓交易網站的Server端成為防禦網路釣魚的另一道防線,降低網路釣魚攻擊的威脅。過去防止網路釣魚的方式集中於Client端為多,其實在防堵網路釣魚方面,Server端也應該負起更多責任來協助,畢竟Server端的有此責任義務,同時也擁有較多的資源來防止網路釣魚的攻擊。 Because the network online transaction is increasingly popular, many users encounter the phishing attack. The phisher usually use phishing mail and web spoofing to lure the victims. The victims don’t pay attention to the phisher’s trick, they leak their secret information to phisher. The victims often carelessly fall into the trap because of lacking of attention. In this thesis, we propose a Client-Server Cooperated Anti-Phishing method to detect phishing attacks. We use this method to strength the anti-phishing ability of a online transaction web site. The goal of Client-Server Cooperated Anti-Phishing method is how to detect phisher, how to notify client, how to report server, how to trace back phisher. Except client sides’ anti-phinsh, Server sides take more effort to anti-phish will be more safty in online transaction environment. Because Server sides have more resource to anti-phish.
    Appears in Collections:[Executive Master of Computer Science and Information Engineering] Electronic Thesis & Dissertation

    Files in This Item:

    File SizeFormat


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明