| 姓名 |
羅傳郡(Chuan-Chun Lo)
查詢紙本館藏 |
畢業系所 |
資訊工程學系 |
| 論文名稱 |
PingBao: 一套詐騙簡訊偵測系統
(PingBao: A Fraudulent Short Message Service (SMS) Detection System)
|
| 相關論文 | |
| 檔案 |
 [Endnote RIS 格式]
[Bibtex 格式]
 [相關文章]  [文章引用]  [完整記錄]  [館藏目錄]  至系統瀏覽論文 (2029-6-30以後開放)
|
| 摘要(中) |
詐騙簡訊是現今一種很常見的詐騙手法。詐騙簡訊常會冒充知名公司或政府部門,並附加要使用者點擊的連結,進一步後續詐騙的行為,如:竊取個資或信用卡資訊等等。
本研究透過對收到的簡訊進行自然語言處理的文本分析,截取出簡訊中的公司行號及簡訊欲使使用者點擊的連結,設計出一套能有效判斷是否為詐騙簡訊的偵測系統 -- PingBao。本研究收集了現今台灣電信使用者中實務上收到的簡訊,對於詐騙簡訊,PingBao皆能成功偵測並給出警告標語,對於非詐騙之簡訊,偵測成功率也可達98%以上。
針對新型態的簡訊詐騙:利用合法雲端服務Amazon、Google 和 IBM 雲端服務進行重導向網址的詐騙手法,本篇也提供了一種使用者不須點擊,即可得知最後會造訪的網址,並搭配本研究系統來成功辨別偵測詐騙簡訊的防禦方式。 |
| 摘要(英) |
Fraudulent Short Message Service (SMS) are a very common form of fraud nowadays. Scammers who send text messages usually pretend to be trustworthy organizations (well-known companies or government departments) and use SMS to deliver deceptive information to induce victims to click on malicious links, visit suspicious websites, provide personal information or conduct money transactions and remittances, thus exposing user to the risk of phishing attacks.
The link provided in the SMS is a fake phishing website created by the attacker. The phishing website is not much different from the real website. The attacker uses the phishing website to collect personal information and credit card information. So, the attacker can use this information to carry out further operations and further criminal conduct.
This study uses natural language processing text analysis on received text messages to intercept the company number in the text message and the link that the text message wants users to click, and designs a detection system, PingBao, that can effectively determine whether it is a fraudulent text message. This study collects text messages actually received by current Taiwanese telecommunications users. For fraudulent text messages, PingBao can successfully detect and give warning slogans. For non-fraudulent text messages, the detection success rate can reach more than 98%.
In view of the new type of SMS fraud: using legitimate cloud services such Amazon, Google and IBM cloud services to redirect URLs, this article also provides a way for users to obtain the last URL they will visit without clicking. And paired with this research system to successfully identify defense methods for detecting fraudulent SMS. |
| 關鍵字(中) |
★ 詐騙簡訊偵測
★ 詐騙簡訊 |
關鍵字(英) |
★ Fraudulent Short Message Service Detection
★ Fraudulent Short Message Service |
| 論文目次 |
中文摘要 i
Abstract ii
誌謝 iv
目錄 v
圖目錄 vii
表目錄 x
第1章 緒論 1
1.1 研究動機 1
1.2 研究目的 3
第2章 背景介紹 5
2.1 簡訊 (Short Message Service) 5
2.2 MySQL資料庫 6
2.3 Selenium 8
2.4 OpenAI-ChatGPT-4o 10
2.5 網頁重導向的短網址服務 11
2.6 利用合法雲端Server嵌入網址重導向 12
第3章 相關研究 15
3.1 機器學習針對簡訊內文的文本分析 15
3.2 新形態的簡訊詐騙:詐騙者利用 Amazon、Google 和 IBM 等雲端服務竊取客戶數據 17
第4章 系統架構與實作 20
4.1 設計目標 20
4.2 系統架構 21
4.3 系統元件 23
第5章 實驗結果與分析 27
5.1 實驗環境 27
5.2 實驗1:對正常的通知簡訊 27
5.3 實驗2:對合法的簡訊偵測 29
5.4 實驗3:對詐騙簡訊的偵測 30
5.5 實驗4:動態新增合法公司官網進資料庫 32
5.6 實驗5:對任意URL重導向,至最終網站 34
5.7 準確性評估 35
第6章 討論 36
6.1 系統限制 36
6.2 未來展望 37
第7章 結論 39
參考文獻 40 |
| 參考文獻 |
[1] Daniele Lain, Kari Kostiainen, and Srdjan Capkun. Phishing in Organizations: Findings from a Large-Scale and Long-Term Study. Paper presented at IEEE Symposium on Security and Privacy (2022).
[2] 收到政府普發現金簡訊要小心!點擊「這連結」損失慘重 手機詐騙頻傳如何自保?檢自https://www.fetnet.net/content/cbu/tw/lifecircle/tech/2023/02/6000.html (Feb. 13, 2023)。
[3] 新北市政府警察局。不明連結點擊前請三思。檢自https://www.wpb.police.ntpc.gov.tw/cp-3522-105680-30.html (Jun. 15, 2023)。
[4] Amazon。什麼是 SMS?檢自https://aws.amazon.com/tw/what-is/sms/ 。
[5] Trend Micro.何謂網路釣魚簡訊(Smishing)?檢自https://www.trendmicro.com/zh_tw/what-is/phishing/smishing.html。
[6] 中華電信。「反電信詐騙及本公司正確網址」宣導。檢自https://www.cht.com.tw/home/consumer/customer-service/announce/antitelefraud (Dec. 27, 2023)。
[7] 科技橘報。「年度十大熱門科技事件-8」為什麼 Google 要關閉短網址服務,出了什麼事?檢自https://buzzorange.com/techorange/2018/05/30/why-google-shutdown-googl-shorten-url-service/ (May. 30, 2018)。
[8] Google安全瀏覽公開資訊報告網頁。檢自https://transparencyreport.google.com/safe-browsing/overview。
[9] 黃頌茜。Detecting Phishing Websites Based on Webpage Content Features of Page Jumping. (2022)
[10] ENEA。利用雲端:簡訊詐騙者如何利用 Amazon、Google 和 IBM 雲端服務竊取客戶數據。檢自https://www-enea-com.translate.goog/insights/exploiting-the-cloud-how-sms-scammers-are-using-amazon-google-and-ibm-cloud-services-to-steal-customer-data/?_x_tr_sl=auto&_x_tr_tl=zh-TW&_x_tr_hl=zh-TW&_x_tr_pto=wapp (May. 23, 2024)。
[11] Mingxuan Liu, Yiming Zhang, Baojun Liu, Zhou Li, Haixin Duan, Donghong Sun. Detecting and Characterizing SMS Spearphishing Attacks. Paper presented at Annual Computer Security Applications Conference (ACSAC 2021).
[12] Barracuda Networks. Smishing (SMS Phishing) 檢自https://www.barracuda.com/support/glossary/smishing。
[13] Aleksandr Nahapetyan, Sathvik Prasad, Kevin Childs, Adam Oest,
Yeganeh Ladwig, Alexandros Kapravelos, Bradley Reaves.
Preliminary Draft On SMS Phishing Tactics and Infrastructure. Paper presented at IEEE Symposium on Security and Privacy (Oct. 31,2023).
[14] Dave Hitchins. The complete guide to SMS fraud detection and prevention. Article presented at https://www.infobip.com/blog/a-complete-guide-to-sms-fraud#what-is-sms-pumping-0 (Apr. 5, 2024).
[15] 華視新聞。詐騙手法層出不窮!去年簡訊騙逾1600萬。檢自https://news.cts.com.tw/cts/life/202402/202402012283063.html (Feb. 1, 2024)。
[16] Ufosend. MMS 與 SMS 之分別及其用途。檢自https://www.ufosend.com/new-blog-detail.php?id=mms (Sep. 2020)。 |
| 指導教授 |
許富皓(Fu-Hau Hsu)
|
審核日期 |
2024-7-17 |
| 推文 |
 facebook  plurk  twitter  funp  google  live  udn  HD  myshare  reddit  netvibes  friend  youpush  delicious  baidu
|
| 網路書籤 |
 Google bookmarks  del.icio.us  hemidemi myshare
|
