以URL資訊為基礎之網路釣魚偵測系統

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：37

、訪客IP：3.23.92.127

姓名

黃克仲(Ke-Jhong Huang) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

以URL資訊為基礎之網路釣魚偵測系統
(A Phishing Detection System Based on URL Information)

相關論文

★ 整合多樣配置組態下的藍芽射頻驗證系統	★ 具檔案敘述相關語查詢之智慧型檔案搜尋系統
★ 具遲到者支援功能之網際網路簡報系統	★ 以快速廣播法建構熱門視訊隨選服務伺服器
★ 具事件同步再現特性之遠程電傳展示伺服器	★ 無線網路環境下之廣播資訊快速下載
★ 中文網站繁簡互訪協助系統	★ 支援時光平移播放之調適性現場直播演算法
★ 用於互動式廣播之段落對齊法	★ 熱門影片廣播法之影片區段復原機制
★ 配合熱門影片廣播的本地伺服器高效快取法	★ 一個增進SIP在防火牆環境中應用的協同模組
★ 考量網頁熱門度之一致性雜湊法解決網頁代理伺服器之負載平衡	★ 以網域名稱伺服器為基礎之色情網站過濾系統
★ 使用熱門廣播法及支援點對點傳輸之影音內容傳遞網路	★ 變動頻寬平滑化之熱門廣播演算法

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

由於網路上提供的服務越來越多樣化，使得使用者資訊變得相對地更加有價值。而釣魚攻擊便因此而產生了，加上設立釣魚網站並不會太困難，也因而造成釣魚網站如雨後春筍般越來越多，相對的受害者卻常因為一時不察而掉入陷阱，並將自己的個人資訊洩漏出去。本文提出以URL為基礎資訊的釣魚偵測系統，可以在不危害使用者隱私權的情況下，達到防止釣魚攻擊，保護一般使用者免於受騙。另外結合自動填表功能來偵測釣魚網站的轉向行為模式，使得偵測的面向更加多樣化，實驗結果證實自動偵測若能加上有效的填表功能，會使得整個系統的功能性更加的強化。由於本文提出的系統只針對URL資訊做起始的偵測基礎，因此本系統不論是設置在伺服端點或是客戶端點都是適用的。

摘要(英)

According to the services provided in the internet are more and more variety, the user’s information have became more valuable relatively. The phishing attack emerged because of this. In addition, it’s not too difficult to set up the phishing websites, so it caused the phishing websites to “flourish”. For this reason, the victims often fall into the trap because of lacking of attention temporarily, and leak out their personal information. In this thesis, a phishing detection system based on URL information is presented. It would not endanger the user’s right of privacy and achieve preventing the phishing attacks, protects general user out of being deceived. Furthermore, combining the automatic filling in form function to detect the redirection behavior of phishing websites makes the detection ability more diversified. The experimental results prove that if it can add effective filling in form function, it will strengthen the functionality of whole system. Because of the system in this article only aims for the URL information to do the initial detection, hence it is suitable no matter the system is set up in the client end point or the sever end point.

關鍵字(中)

★ 釣魚
★ 網路詐騙
★ 網路安全

關鍵字(英)

★ Web Spoofing
★ Phishing
★ Internet Security

論文目次

摘要 i
ABSTRACT ii
致謝辭 iii
目錄 iv
圖目錄 vi
表目錄 vii
第一章緒論 1
1.1 研究背景 1
1.2 研究動機 2
1.3 論文架構 3
第二章相關研究 4
2.1 什麼是釣魚－網路詐騙 4
2.2 為何釣魚能成功 4
2.3 教育使用者 5
2.3.1 Anti-Phishing Phil 5
2.4 PREVENTION 8
2.4.1 Content Verification Certificates (CVC) 8
2.4.2 TrustLogo 9
2.4.3 E-mail Certificates 9
2.5 使用者介面 9
2.5.1 Web Wallet 9
2.6 偵測 13
2.6.1 CANTINA 13
2.6.2 SpoofGuard 13
2.6.3 Cloudmark 13
2.6.4 Visual Similarity Assessment (VSA) 13
2.6.5 Web Bugs and Honeytokens 14
2.7 系統比較 (針對預防、UI及偵測部分) 15
第三章系統設計 17
3.1 系統架構 17
3.2 運作流程 20
第四章系統實做 23
4.1 實做環境 23
4.2 模組說明 23
第五章實驗測試 25
5.1 實驗資料來源 25
5.2 實驗資料組成 25
5.3 實驗步驟 25
5.4 實驗結果 25
5.5 實驗結論 26
第六章結論與討論 29
參考文獻 31
附錄 33

參考文獻

[1] MillerSmiles.co.uk!, http://www.millersmiles.co.uk/
[2] Anti-Phishing Working Group, “Phishing Attack Trends Report - May 2007”, http://www.antiphishing.org/reports/apwg_report_may_2007.pdf
[3] Gregg Keizer, “Phishing Costs Nearly $1 Billion”, TechWeb Technology News. http://www.techweb.com/wire/security/164902671
[4] Robert McMillan, “Gartner: Consumers to lose $2.8 billion to phishers in 2006”, NetworkWorld, 2006. http://www.networkworld.com/news/2006/110906-gartner-consumers-to-lose-28b.html
[5] APWG, “Origins of the Word "Phishing"”. http://www.antiphishing.org/word_phish.html
[6] Anti-Phishing Working Group, http://www.antiphishing.org/index.html
[7] Dhamija, R., J. D. Tygar. and M. Hearst. “Why phishing works”. CHI 2006, April 22-27, Montreal, Quebec, Canada
[8] Steve Sheng, Bryant Magnien, Ponnurangam Kumaraguru,Alessandro Acquisti, Lorrie Faith Cranor, Jason Hong, Elizabeth Nunge, “Anti-Phishing Phil: The Design and Evaluation of a Game That Teaches People Not to Fall for Phish”, Symposium on Usable Privacy and Security (SOUPS) 2007, July 18-20, 2007, Pittsburgh, PA, USA.
[9] COMODO, “Anti-Phishing Portfolio”, Comodo Inc, 2005
[10] CVC (Content Verification Certificates), http://www.contentverification.com
[11] TrustLogo, http://www.trustlogo.com
[12] Min Wu, Robert C. Miller, Greg Little, “Web Wallet:
Preventing Phishing Attacks by Revealing User Intentions”, Symposium On Usable Privacy and Security (SOUPS) 2006, July 12-14, 2006, Pittsburgh, PA, USA.
[13] Zhang, Y., J. Hong., and L. Cranor, “CANTINA: a Content-Based Approach to Detecting Phishing Websites”. In Proceedings of the 16th International World Wide Web Conference (WWW2007), Banff, Alberta, Canada, May 8-12, 2007
[14] Chou, N., R. Ledesma, Y. Teraguchi, D. Boneh, and J.C. Mitchell. “Client-Side Defense against Web-Based Identity Theft”. In Proceedings of The 11th Annual Network and Distributed System Security Symposium (NDSS '04).
[15] Vipul Ved Prakash, Christopher Abad, Jamie de Guerre. “Cloudmark's Unique Approach To Phishing”. Cloudmark, Inc. ,2006
[16] Liu Wenyin, Guanglin Huang, Liu Xiaoyue, Xiaotie Deng and Zhang Min, “Phishing Webpage Detection“. Proceedings of the 2005 Eight International Conference on Document Analysis and Recognition (ICDAR’05)
[17] Craig M. McRae, Rayford B. Vaughn, “Phighting the Phisher:Using Web Bugs and Honeytokens to Investigatethe Source of Phishing Attacks”. Proceedings of the 40th Annual Hawaii International Conference on System Sciences (HICSS'07)
[18] Yun Zhang, Serge Egelman, Lorrie Cranor, and Jason Hong, “Phinding Phish: Evaluating Anti-Phishing Tools”, In Proceedings of the 14th Annual Network and Distributed System Security Symposium (NDSS 2007), February 2007.
[19] PhishTank, http://www.phishtank.com/
[20] VeriSign, http://www.verisign.com

指導教授

曾黎明(Li-Ming Tseng)

審核日期

2007-9-26

推文