中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/88322
English  |  正體中文  |  简体中文  |  全文笔数/总笔数 : 80990/80990 (100%)
造访人次 : 42696716      在线人数 : 1378
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
  • 进阶搜寻


    jsp.display-item.identifier=請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/88322


    题名: Detecting Phishing Websites Based on Webpage Content Features of Page Jumping
    作者: 黃頌茜;HUANG, SUNG-CHIEN
    贡献者: 資訊工程學系在職專班
    关键词: 魚叉式網路釣魚;網頁跳轉;釣魚目標;spear-phishing;page jumping;phishing target
    日期: 2022-01-19
    上传时间: 2022-07-13 22:46:42 (UTC+8)
    出版者: 國立中央大學
    摘要: 網路釣魚攻擊是結合網頁技術與社交工程技巧的應用,為駭客攻擊中重要的一環,許多網路攻擊的第一步都是從釣魚電子郵件出發。早期無差別式的攻擊,已逐漸轉化成針對特定目標精心製作出電子郵件的「魚叉式網路釣魚」(Spear-phishing),是一種少量寄送而高度針對性的攻擊。駭客鎖定重要人士和單位寄送電子郵件,於內文中夾帶文字連結、檔案連結或圖片連結,誘騙使用者點擊並引導至駭客架設的釣魚網站。為提升網站的信任度,在外觀上也幾乎與其對應的合法網站相似,導致使用者一時不察輸入帳號、密碼、銀行帳戶資料等個人資訊。

    「魚叉式網路釣魚」(Spear-phishing)以目標式攻擊為主,沒有大規模的受害者,反饋的樣本數量不足,進行分析需要一段時間,此類型攻擊的釣魚網站對於合法網站有高度模仿性,且網站存活時間短暫,當被通報時,該網站已不存在,難以及時偵測。因此,本論文提出一種方法,針對與合法網站幾乎一模一樣,並存在輸入個人資訊行為的釣魚網站進行分析,利用其網頁跳轉(Page Jumping)的行為模式做「即時動態分析」(Time-of-Click Analysis),在使用者從網頁送出個人機敏資訊前,預先找出網路釣魚目標,最終判斷是否為一個釣魚網站。;Phishing is a form of social engineering attack combined with web development techniques. This is one of the important processes on cyber-attacks. Many cyber-attacks start from phishing emails. The early indiscriminate attacks have gradually transformed into "Spear-phishing" in which emails are well-crafted attacks with very specific targets. It’s a highly targeted attack with a small number of mailings. Hackers lock important people and organizations to send emails. The linked text, files, or pictures are included in the email context trick users into clicking phishing websites created by the hackers. To get people to trust the website, the appearance of the website is almost similar to its corresponding legitimate website. It causes users lower the guards and easily give away personal information, such as account numbers, passwords, and bank account information.

    "Spear-phishing" is a more targeted form of phishing. There are no mass victims and the sample amount of feedback is not enough. It needs to analyze for quite a while. These type of phishing websites are highly imitative to legitimate websites. Even so, the websites uptime are short, they get blocked to protect users as soon been reported as malicious sites by reporting phishing sites. It is difficult to detect in real time. Therefore, in this paper we propose a method to analyze phishing websites that are almost identical to legitimate websites and have the act of inputting personal information. We use its Page Jumping behavior to achieve "Time-of-Click Analysis". Before sending sensitive information from the webpage, find the final target in advance. Finally, we can determine whether it is a phishing website.
    显示于类别:[資訊工程學系碩士在職專班 ] 博碩士論文

    文件中的档案:

    档案 描述 大小格式浏览次数
    index.html0KbHTML130检视/开启


    在NCUIR中所有的数据项都受到原著作权保护.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明