| DC 欄位 |
值 |
語言 |
| DC.contributor | 資訊工程學系在職專班 | zh_TW |
| DC.creator | 黃頌茜 | zh_TW |
| DC.creator | HUANG SUNG-CHIEN | en_US |
| dc.date.accessioned | 2022-1-19T07:39:07Z | |
| dc.date.available | 2022-1-19T07:39:07Z | |
| dc.date.issued | 2022 | |
| dc.identifier.uri | http://ir.lib.ncu.edu.tw:88/thesis/view_etd.asp?URN=104552011 | |
| dc.contributor.department | 資訊工程學系在職專班 | zh_TW |
| DC.description | 國立中央大學 | zh_TW |
| DC.description | National Central University | en_US |
| dc.description.abstract | 網路釣魚攻擊是結合網頁技術與社交工程技巧的應用,為駭客攻擊中重要的一環,許多網路攻擊的第一步都是從釣魚電子郵件出發。早期無差別式的攻擊,已逐漸轉化成針對特定目標精心製作出電子郵件的「魚叉式網路釣魚」(Spear-phishing),是一種少量寄送而高度針對性的攻擊。駭客鎖定重要人士和單位寄送電子郵件,於內文中夾帶文字連結、檔案連結或圖片連結,誘騙使用者點擊並引導至駭客架設的釣魚網站。為提升網站的信任度,在外觀上也幾乎與其對應的合法網站相似,導致使用者一時不察輸入帳號、密碼、銀行帳戶資料等個人資訊。
「魚叉式網路釣魚」(Spear-phishing)以目標式攻擊為主,沒有大規模的受害者,反饋的樣本數量不足,進行分析需要一段時間,此類型攻擊的釣魚網站對於合法網站有高度模仿性,且網站存活時間短暫,當被通報時,該網站已不存在,難以及時偵測。因此,本論文提出一種方法,針對與合法網站幾乎一模一樣,並存在輸入個人資訊行為的釣魚網站進行分析,利用其網頁跳轉(Page Jumping)的行為模式做「即時動態分析」(Time-of-Click Analysis),在使用者從網頁送出個人機敏資訊前,預先找出網路釣魚目標,最終判斷是否為一個釣魚網站。 | zh_TW |
| dc.description.abstract | Phishing is a form of social engineering attack combined with web development techniques. This is one of the important processes on cyber-attacks. Many cyber-attacks start from phishing emails. The early indiscriminate attacks have gradually transformed into "Spear-phishing" in which emails are well-crafted attacks with very specific targets. It’s a highly targeted attack with a small number of mailings. Hackers lock important people and organizations to send emails. The linked text, files, or pictures are included in the email context trick users into clicking phishing websites created by the hackers. To get people to trust the website, the appearance of the website is almost similar to its corresponding legitimate website. It causes users lower the guards and easily give away personal information, such as account numbers, passwords, and bank account information.
"Spear-phishing" is a more targeted form of phishing. There are no mass victims and the sample amount of feedback is not enough. It needs to analyze for quite a while. These type of phishing websites are highly imitative to legitimate websites. Even so, the websites uptime are short, they get blocked to protect users as soon been reported as malicious sites by reporting phishing sites. It is difficult to detect in real time. Therefore, in this paper we propose a method to analyze phishing websites that are almost identical to legitimate websites and have the act of inputting personal information. We use its Page Jumping behavior to achieve "Time-of-Click Analysis". Before sending sensitive information from the webpage, find the final target in advance. Finally, we can determine whether it is a phishing website. | en_US |
| DC.subject | 魚叉式網路釣魚 | zh_TW |
| DC.subject | 網頁跳轉 | zh_TW |
| DC.subject | 釣魚目標 | zh_TW |
| DC.subject | spear-phishing | en_US |
| DC.subject | page jumping | en_US |
| DC.subject | phishing target | en_US |
| DC.title | Detecting Phishing Websites Based on Webpage Content Features of Page Jumping | en_US |
| dc.language.iso | en_US | en_US |
| DC.type | 博碩士論文 | zh_TW |
| DC.type | thesis | en_US |
| DC.publisher | National Central University | en_US |