摘要: | 隨著時代的進步,網路的發展逐漸對人們的生活產生了很大的影響。從早期的56K撥接網路到ADSL、CATV網路,更進一步到現在FTTx光纖網路以及3G行動上網,網路已在我們身邊無所不在,成為我們每天生活不可或缺的一部分。台灣使用網路的人口高居亞洲第四名,僅次於南韓、日本與新加坡;每天沈浸於網路的年齡層也以年輕族群為大宗,其中不乏尚在就讀國中、高中之青少年。但由於現今家庭中經濟結構改變,雙薪家庭較以往為多,父母平日白天忙於工作,晚上還要處理家務,較無時間關心孩子的上網行為,有時必須擔心孩子是否前往瀏覽不適合的網站,或是觀看有害身心健康的內容,成為了家長關注的焦點;除此之外,在公司機關中,老闆亦會擔心員工不小心感染病毒與木馬程式,或是瀏覽到被竄改的惡意網頁,透過網頁瀏覽器之缺陷執行惡意的程式碼,進而將一些重要的機密資料透過網路洩漏出去,使公司蒙受重大損失。為了避免這些事件的發生,網路內容檢測的重要性在此可見一斑。我們希望能夠透過網路內容過濾服務來減低及避免這類影響與損失。 本論文於嵌入式寬頻閘道器中實作內容過濾服務,首先分析目前各種可行之解決方案優缺點並加以比較,評估適合且效能較好之方案進行實作與實驗量測,並進一步加以討論。本內容過濾服務為網路瀏覽提供舉凡網站黑名單阻擋、圖片篩選與文字內容過濾、上網時段管控、用戶控管、訊務側錄及瀏覽紀錄查閱等功能。為了使本服務使用上更具親和力,本內容過濾機制可於過濾生效時顯示說明訊息告知使用者,並協助其轉往其他合適的頁面,讓使用者一目了然。另外本內容過濾服務提供一便於操作之管理者端介面,讓管理者能夠藉由此介面輕易修改各個設定與參數調整,亦可自行藉由網路抓取列表或經由第三方派送名單進行資料庫的更新,提供完整且具有彈性及擴充性之內容過濾機制,以期能夠帶給使用者一個安全且乾淨之上網環境。 With developments of scientific technologies, the Internet has increasingly made a great impact on the world. The network technology experienced an exciting evolution from dial-up, ADSL, CATV to FTTx and 3G which make it indispensable to people life. According to statistics, the population of Internet user in Taiwan ranked fourth in Asia, just behind Korea, Japan and Singapore. Most of Internet users are the youth including junior and senior high school students. It is hard to ask students’ parents to watch their children go on line. In addition, parents worry about websites and contents which their children visit is appropriate and healthy or not. Thus, how to solve aforementioned problem is becoming an important issue. On the other hand, company managers concern with their employee surfing the Internet which may cause huge losses by infecting viruses or malwares. To avoid these incidents happening, the technique of content-based filtering is a feasible solution. It is possible to reduce the loss, and even avoid effects by filtering inappropriate information, such as phishing, spam, and pornography. In this paper, we designed and implemented a content-based filter on an embedded broadband gateway. We analyzed and compared various feasible approaches with their advantages and disadvantages. And then, we took into account implementation and chose the most appropriate approach to develop the mechanism. In our filtering proposal, we proposed following functional modules consisted with URL blocker, keyword filter, traffic recorder, sender identifier, porn image recognizer, and timed-access monitor to help users blocking harmful information. Once the filter detected bad contents, the filter generated real time notices to the client and informed users the reason of drop-out and then redirected the browser to normal webpage. Additionally, user friendly management interfaces were designed. System administrator can easily configure settings and fetch blacklists from Internet, which announced by 3rd parties to enhance filter accuracy. We examined our content-filter mechanism with numerous experiments. The result demonstrated that our proposal significantly improve efficiency of blocking malicious information and reduce hazards of virus affecting. |