English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 80990/80990 (100%)
造訪人次 : 41620755      線上人數 : 2494
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋


    請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/92837


    題名: Drive by Download via a Cookie Banner
    作者: 劉松靄;Liu, Sung-Ai
    貢獻者: 軟體工程研究所
    關鍵詞: Cookie Banner;Cookie Banner
    日期: 2024-01-16
    上傳時間: 2024-09-19 16:22:07 (UTC+8)
    出版者: 國立中央大學
    摘要: 網絡安全威脅的興起,使用瀏覽器偽裝作業系統更新的出現,凸顯了網路環境中存在的詐欺行為。這些偽造的更新頁面模仿微軟作業系統的更新界面,欺騙用戶點擊並下載,進而使用戶無意中安裝惡意軟體。

    本論文關注的是與Cookie Banner相關的潛在風險,特別是由Cookie Banner的供應者提供惡意引導的可能性。如果當任意網站部署了這樣的惡意腳本,造受欺騙的用戶將面臨重大風險。

    通過全面的分析,本研究探討了各種攻擊機制,包括使用可執行文件、腳本和巨集,模仿Cookie Banner的行為樣態來欺騙使用者下載。評估了不同文件類型的攻擊樣態以及瀏覽器、Windows Defender和防病毒軟件等防禦機制的有效性。結果顯示現有安全措施的局限性,壓縮文件可以成功滲透到用戶端環境中,逃避檢測,增加用戶的風險。

    最終,本論文旨在為網站所有者、開發人員和用戶提供所需的知識,以減輕與惡意Cookie Banner和drive-by download攻擊相關的風險。通過采取主動措施並實施適當的安全協議,可以提高在線環境的整體安全性,保護用戶免受潛在威脅。;The rise of security threats, particularly the occurrence of fake in-browser windows updates, has highlighted the vulnerabilities present in online environments. These fake update pages mimic legitimate interfaces to deceive users into clicking on malicious content, often leading to the inadvertent installation of malware through drive-by-download attacks.
    This thesis focuses on the potential risks associated with cookie banners, specifically the possibility of malicious banners being provided by cookie banner providers. If such malicious banners are deployed, the history of deceptive tactics repeats itself, placing users at significant risk.
    Through a comprehensive analysis, this research examines various attack mechanisms, including the use of executable files, scripts, and macros, to exploit vulnerabilities in cookie banners. The behavior of different file types and the effectiveness of defense mechanisms, such as browsers, Windows Defender, and anti-virus software, are evaluated. The results reveal the limitations of existing security measures, as compressed files can successfully infiltrate the client-side environment, evading detection and increasing the risk to users.
    Ultimately, this thesis seeks to empower website owners, developers, and users with the knowledge needed to mitigate the risks associated with malicious cookie banners and drive-by-download attacks. By adopting proactive measures and implementing appropriate security protocols, it is possible to enhance the overall security posture of online environments and protect users from potential threats.
    顯示於類別:[軟體工程研究所 ] 博碩士論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML18檢視/開啟


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明