博碩士論文 110525015 詳細資訊




以作者查詢圖書館館藏 以作者查詢臺灣博碩士 以作者查詢全國書目 勘誤回報 、線上人數:64 、訪客IP:3.144.9.152
姓名 劉松靄(Sung-Ai Liu)  查詢紙本館藏   畢業系所 軟體工程研究所
論文名稱
(Drive by Download via a Cookie Banner)
相關論文
★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm★ Discoverer- Rootkit即時偵測系統
★ 一項Android手機上詐騙簡訊的偵測與防禦機制★ SRA系統防禦ARP欺騙劫持路由器
★ A Solution for Detecting and Defending ARP Spoofing on Virtual Machines★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統
★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection
★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection
★ Shark: Phishing Information Recycling from Spam Mails★ FFRTD: Beat Fast-Flux by Response Time Differences
★ Antivirus Software Shield against Antivirus Terminators★ MAC-YURI : My ACcount, YoUr ResponsIbility
★ KKBB: Kernel Keylogger Bye-Bye★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment
檔案 [Endnote RIS 格式]    [Bibtex 格式]    [相關文章]   [文章引用]   [完整記錄]   [館藏目錄]   至系統瀏覽論文 (2028-6-30以後開放)
摘要(中) 網絡安全威脅的興起,使用瀏覽器偽裝作業系統更新的出現,凸顯了網路環境中存在的詐欺行為。這些偽造的更新頁面模仿微軟作業系統的更新界面,欺騙用戶點擊並下載,進而使用戶無意中安裝惡意軟體。

本論文關注的是與Cookie Banner相關的潛在風險,特別是由Cookie Banner的供應者提供惡意引導的可能性。如果當任意網站部署了這樣的惡意腳本,造受欺騙的用戶將面臨重大風險。

通過全面的分析,本研究探討了各種攻擊機制,包括使用可執行文件、腳本和巨集,模仿Cookie Banner的行為樣態來欺騙使用者下載。評估了不同文件類型的攻擊樣態以及瀏覽器、Windows Defender和防病毒軟件等防禦機制的有效性。結果顯示現有安全措施的局限性,壓縮文件可以成功滲透到用戶端環境中,逃避檢測,增加用戶的風險。

最終,本論文旨在為網站所有者、開發人員和用戶提供所需的知識,以減輕與惡意Cookie Banner和drive-by download攻擊相關的風險。通過采取主動措施並實施適當的安全協議,可以提高在線環境的整體安全性,保護用戶免受潛在威脅。
摘要(英) The rise of security threats, particularly the occurrence of fake in-browser windows updates, has highlighted the vulnerabilities present in online environments. These fake update pages mimic legitimate interfaces to deceive users into clicking on malicious content, often leading to the inadvertent installation of malware through drive-by-download attacks.
This thesis focuses on the potential risks associated with cookie banners, specifically the possibility of malicious banners being provided by cookie banner providers. If such malicious banners are deployed, the history of deceptive tactics repeats itself, placing users at significant risk.
Through a comprehensive analysis, this research examines various attack mechanisms, including the use of executable files, scripts, and macros, to exploit vulnerabilities in cookie banners. The behavior of different file types and the effectiveness of defense mechanisms, such as browsers, Windows Defender, and anti-virus software, are evaluated. The results reveal the limitations of existing security measures, as compressed files can successfully infiltrate the client-side environment, evading detection and increasing the risk to users.
Ultimately, this thesis seeks to empower website owners, developers, and users with the knowledge needed to mitigate the risks associated with malicious cookie banners and drive-by-download attacks. By adopting proactive measures and implementing appropriate security protocols, it is possible to enhance the overall security posture of online environments and protect users from potential threats.
關鍵字(中) ★ Cookie Banner 關鍵字(英) ★ Cookie Banner
論文目次 Table of Contents 0
Introduction 1
Background 2
Fake in-browser Windows Updates 2
General Data Protection Regulation (GDPR) 2
Literature Review 3
Drive by Download Attack 3
Clickjacking Review 3
Cookie Banners 3
Clickjacking Analyzing and Detection 3
Methodology 4
Threat Model 4
Experimental Environment 5
Approach 5
Ways to Download and Execute Files through a Browser 6
Executable Files 6
Compressed Files 7
Scripts 7
Macros 8
Adopted Strategy 8
Videos 10
Limitation 11
Conclusion 12
Reference 13
參考文獻 Aditya K. Sood, Sherali Zeadally, “Drive-By Download Attacks: A Comparative Study,” IT Professional, Volume: 18, Issue: 5, Sept.-Oct. 2016.
Puneet Kour, “A Review on Clickjacking Attack and its Defense Mechanism,” International Research Journal of Engineering and Technology (IRJET), Volume: 08, Issue: 04, Apr 2021.
Célestin Matte, Nataliia Bielova, Cristiana Santos, “Do Cookie Banners Respect my Choice? : Measuring Legal Compliance of Banners from IAB Europe’s Transparency and Consent Framework,” 2020 IEEE Symposium on Security and Privacy (SP), 18-21 May 2020.
Anil Saini, Manoj Singh Gaur, Vijay Laxmi, Mauro Conti, “You click, I steal: analyzing and detecting click hijacking attacks in web pages,” International Journal of Information Security, 2019.
Bill Toulas, “Fake in-browser Windows updates push Aurora info-stealer malware” in BleepingComputer security news on 10 May 2023.
GDPR Official Website
指導教授 許富皓(Fu-Hau Hsu) 審核日期 2024-1-16
推文 facebook   plurk   twitter   funp   google   live   udn   HD   myshare   reddit   netvibes   friend   youpush   delicious   baidu   
網路書籤 Google bookmarks   del.icio.us   hemidemi   myshare   

若有論文相關問題,請聯絡國立中央大學圖書館推廣服務組 TEL:(03)422-7151轉57407,或E-mail聯絡  - 隱私權政策聲明