博碩士論文 975202074 詳細資訊




以作者查詢圖書館館藏 以作者查詢臺灣博碩士 以作者查詢全國書目 勘誤回報 、線上人數:13 、訪客IP:3.80.218.53
姓名 王傳陞(Chuan-Sheng Wang)  查詢紙本館藏   畢業系所 資訊工程學系
論文名稱 Shark: Phishing Information Recycling from Spam Mails
(Shark: Phishing Information Recycling from Spam Mails)
相關論文
★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm★ Discoverer- Rootkit即時偵測系統
★ 一項Android手機上詐騙簡訊的偵測與防禦機制★ SRA系統防禦ARP欺騙劫持路由器
★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統
★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks
★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection★ FFRTD: Beat Fast-Flux by Response Time Differences
★ Antivirus Software Shield against Antivirus Terminators★ MAC-YURI : My ACcount, YoUr ResponsIbility
★ KKBB: Kernel Keylogger Bye-Bye★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment
★ PrivacyGuard:A Kernel-based Solution to Enhance the User Privacy When Using Private Browsing★ DEH:Dynamic Extensible Two-way Honeypot
檔案 [Endnote RIS 格式]    [Bibtex 格式]    [相關文章]   [文章引用]   [完整記錄]   [館藏目錄]   至系統瀏覽論文 ( 永不開放)
摘要(中) Internet的快速與便捷,使得人們越來越習慣利用網路處理各式各樣的工作,各種重要資料也因而逐漸的轉移至各網路主機上,供其他機器透過網路存取。然而與此同時,然而與此同時,利用網路的犯罪行為也開始層出不窮,其中釣魚網站的危害更是Internet上的一個嚴重問題。所謂釣魚攻擊是利用從電子通訊中,偽裝成合法的網頁來騙取被害者的個人資料。一般而言,釣魚業者為了成功的騙取大量個人資料,將寄送大量的電子郵件,而這些郵件都聲稱自己來自於一個合法的網站或網路管理者,以此誘騙受害者的信任。因此,根據攻擊者的手法,一般防禦釣魚攻擊的機制大致上可分為兩種:在處理信件時濾掉惡意信件或是在瀏覽器瀏覽網頁時判斷並過濾偽造網頁。然而直至今日,對於釣魚攻擊,仍然沒有一個萬全的解決方案出現。
這篇論文針對釣魚攻擊提出了一個新穎的解決方案,我們收集釣魚網頁的連結並主動反擊回去,對釣魚者騙取收集而成的受害者資料庫注入大量的偽造資料,癱瘓它們的釣魚機制並藉此來保護我們的使用者。此外,為了更進一步的迷惑釣魚業者,我們的機制將對router作一個小幅度的修改。我們提供一個有效而主動的防衛機制,即使使用者受騙上當,私密資料仍然不易取得。
摘要(英) Phishing, a malicious behavior that steals Internet users’ sensitive information, is a critical threat on the Internet. In general, attackers prepare a forged web page and then send a large number of spoofed e-mails in order to trick more victims. Therefore the approaches of defending phishing attacks can generally be classified into two categories: filters for e-mail or those for web page. However, none of the solutions are foolproof.
In this paper, we propose a novel scheme, which collects phishing URL information and makes a counterattack to those phishing web sites, so that they are no longer able to attack other networks. We describe the design on routers. The goal is to inject a great deal of fake data into the database which phishers use to collect victims’ data. This research presents a proactive defense mechanism; we protect users even if they have been tricked to leak their private information to phishers.
關鍵字(中) ★ 網路釣魚
★ 網路安全
★ 垃圾郵件
關鍵字(英) ★ counterattack
★ spam
★ network security
★ phishing
論文目次 Index
摘 要 i
Abstract ii
致 謝 iii
1. Introduction 1
2. Background 3
2.1 Phishing 3
2.2 Netfilter 6
3. Related Work 10
3.1 E-mail-based filters 10
3.2 Web page-based filters 11
3.3 Information flow controlling 12
4. System Overview 13
5. Implementation 16
5.1 Agent host 16
5.2 SQL server 17
5.3 Camouflage router 17
6. Evaluation 18
7. Discussion 21
8. Conclusion 22
References 23
參考文獻 References
[1] Gartner Press Release. “Gartner Says Number of Phishing Attacks on U.S. Consumers Increased 40 Percent in 2008,” http://www.gartner.com/it/page.jsp?id=936913
[2] Yue Zhang, Jason Hong, Lorrie Cranor, “CANTINA: A Content-Based Approach to Detecting Phishing Web Sites,” the 16th International World Wide Web Conference (WWW 2007)
[3] Anti Phishing Working Group, “Phishing Activity Trends Report, Q4 2009,” 2010 http://www.antiphishing.org/reports/apwg_report_Q4_2009.pdf
[4] D. Kevin McGrath, Minaxi Gupta, “Behind Phishing: An Examination of Phisher Modi Operandi,” Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, http://portal.acm.org/citation.cfm?id=1387713
[5] “Domain Name System Blacklists” http://www.dnsbl.info/
[6] Ian Fette, Norman Sadeh, Anthony Tomasic, “Learning to Detect Phishing Emails,” ISRI Technical Report, CMU-ISRI-06-112, 2006. http://reportsarchive.adm.cs.cmu.edu/anon/isri2006/abstracts/06-112.html
[7] “Google Safe Browsing,” http://www.google.com/tools/firefox/safebrowsing/.
[8] “Netcraft anti-phishing tool bar,” http://toolbar.netcraft.com/.
[9] “Phishing Filter for Internet Explorer 7,” http://www.ie-vista.com/phishing.html.
[10] “SpoofGuard,” http://crypto.stanford.edu/SpoofGuard/
[11] R. Dhamija, J. D. Tygar, and M. Hearst, “Why Phishing Works,” in Proceedings of the Conference on Human Factors in Computing Systems (CHI) 2006, Montreal, Canada, ACM Press, 2006. http://people.seas.harvard.edu/~rachna/papers/
why_phishing_works.pdf
[12] Min Wu, Robert C. Miller and Simson L. Garfinkel, “Do Security Toolbars Actually Prevent Phishing Attacks?” In Proceedings of ACM Conference on Human Factors in Computing Systems (CHI2006)
[13] E. Kirda and C. Kruegel, “Protecting Users against Phishing Attacks,” the Computer Journal, 2006 http://comjnl.oxfordjournals.org/cgi/reprint/49/5/554
[14] Angelo Rosiello, Christopher Kruegel, Engin Kirda and Fabrizio Ferrandi, “A layout-similarity-based approach for detecting phishing pages,” 3rd International Conference on Security and Privacy in Communication Networks (SecureComm 2007)
[15] “PwdHash,” http://crypto.stanford.edu/PwdHash/
[16] “PhishTank,” http://www.phishtank.com/
[17] “Alexa Internet,” http://www.alexa.com/
指導教授 許富皓(Fu-Hau Hsu) 審核日期 2010-7-4
推文 facebook   plurk   twitter   funp   google   live   udn   HD   myshare   reddit   netvibes   friend   youpush   delicious   baidu   
網路書籤 Google bookmarks   del.icio.us   hemidemi   myshare   

若有論文相關問題,請聯絡國立中央大學圖書館推廣服務組 TEL:(03)422-7151轉57407,或E-mail聯絡  - 隱私權政策聲明