PhishTrack - Dynamical Blacklist Evolution

Date Issued
2014
Date
2014
Author(s)
Lee, Kuei-Ching
URI
Abstract
With time moving on, the technologies used in Phishing area is evolved as well. Owing to the updating mechanism and matching process used in static blacklist, it is hard to protect network users in time with only static blacklist approach. Many rising Phishing use toolkit to change the appearance of URLs to escape the detection from static blacklist with exactly matching. So we need more quickly and efficient ways to update the blacklist to adapt the evolution of Phishing and provide network users more powerful and prompt protection. Pawan Prakash et al. (2010) propose a PhishNet system. It does cluster training on known Phishing URL set in advance and propose five Heuristic approaches to replace TLD, Hostname, Target Page, Query String and Brand Name of Phishing URLs to discover more unknown Phishing URLs. Therefore the blacklist can be updated and enlarge the protection scope. In our research, we implement the five Heuristic approaches proposed in PhishNet as five components in our system, and proposed two more components originated in the observation of Phishing behaviors to form PhishTrack system proposed in this thesis. Phishing history started in early 1987 and the word "Phishing" is used in 1996 to address the focus on Phishing attacks, but the behavior and the nature of luring network users for their privacy information are not changed. From our research, we observe large quantity of Phishing URLs from blacklist of PhishTank and find out that 46% of them have URL redirection. From one point of view, that avoids the detection the Phishing''s behavior from blacklist. From another point of view, the ultimate goal of Phishing is to cheat the personal information of network users. Therefore, it must provide a form to users for them to fill in and submit information. According to our analysis, the submission will bring users to another page which requires more detail information to fill in. From the above discussion, we develop another two dynamic components J1-J2. Based on our experiments, J1-J2 can save the time required in H1-H5 for early stage on Cluster training. In addition,J1-J2 perform well on discovering more unknown Phishing URLs than H1-H5。
Subjects
黑名單
動態更新
行為模式
網路釣魚
Type
thesis
File(s)
Loading...
Thumbnail Image
Name

ntu-103-P00922002-1.pdf

Size

23.32 KB

Format

Adobe PDF

Checksum

(MD5):ade855e583e61d7b8058e5cf8418ef85

臺大位居世界頂尖大學之列,為永久珍藏及向國際展現本校豐碩的研究成果及學術能量,圖書館整合機構典藏(NTUR)與學術庫(AH)不同功能平台,成為臺大學術典藏NTU scholars。期能整合研究能量、促進交流合作、保存學術產出、推廣研究成果。

To permanently archive and promote researcher profiles and scholarly works, Library integrates the services of “NTU Repository” with “Academic Hub” to form NTU Scholars.

總館學科館員 (Main Library)
醫學圖書館學科館員 (Medical Library)
社會科學院辜振甫紀念圖書館學科館員 (Social Sciences Library)

開放取用是從使用者角度提升資訊取用性的社會運動,應用在學術研究上是透過將研究著作公開供使用者自由取閱,以促進學術傳播及因應期刊訂購費用逐年攀升。同時可加速研究發展、提升研究影響力,NTU Scholars即為本校的開放取用典藏(OA Archive)平台。(點選深入了解OA)

  • 請確認所上傳的全文是原創的內容,若該文件包含部分內容的版權非匯入者所有,或由第三方贊助與合作完成,請確認該版權所有者及第三方同意提供此授權。
    Please represent that the submission is your original work, and that you have the right to grant the rights to upload.
  • 若欲上傳已出版的全文電子檔,可使用Open policy finder網站查詢,以確認出版單位之版權政策。
    Please use Open policy finder to find a summary of permissions that are normally given as part of each publisher's copyright transfer agreement.

Built with DSpace-CRIS software - Extension maintained and optimized by 4Science