题名

分散式之智慧型網路釣魚偵測機制

并列篇名

An Intelligent Phishing Detection Mechanism on Distributed Environment

DOI

10.29767/ECS.201106.0003

作者

宋佩貞(Pei-Chen Sung);蘇建源(Chien-Yuan Su)

关键词

網路釣魚 ; 分散式系統 ; 智慧型技術 ; phishing ; distributed systems ; intelligent technology

期刊名称

Electronic Commerce Studies

卷期/出版年月

9卷2期(2011 / 06 / 30)

页次

183 - 197

内容语文

繁體中文
中文摘要

網路釣魚是一種使用社交工程與技術性的哄騙以竊取他人身份以及財務帳號資料的犯罪手段。對個人、企業組織以及社會,都有負面的影響。隨著網路釣魚的攻擊手法與途徑的快速變化,現有的反網路釣魚機制在有限的可擴展性、偵測方式係由固定法則處理以及欠缺時效性等缺點下,難以有效偵測與判斷網路釣魚。本研究提出一個分散式智慧型網路釣魚偵測架構與機制,透過行動代理人蒐集情報,讓各個功能主機能取得更新並分享資料,減少網路釣魚攻擊的擴散並提升偵測的有效性以及有效整合分散的資源。另外,使用分類與序列型樣等智慧型技術探索出網路釣魚特徵及其關聯性與順序性,以預測此特徵將伴隨何種特徵一起出現或後續會再發生何種攻擊特徵,進而達到智慧型網路釣魚自動偵測機制。本研究屬於概念性的研究,未來除了把這概念落實在真正的分散式網路釣魚偵測系統並進行實證。
英文摘要

Phishing is a significant security threat to the Internet, which is a social engineering technique used to fraudulently acquire sensitive information from users by masquerading as a legitimate entity. In order to promote accuracy of phishing detection and effectiveness of resource integration, this research proposed a conceptual framework that we adopt the distributed intelligent mechanism on phishing detection. This distributed intelligent phishing detection mechanism is established through classification and sequential patterns technologies to explore the primary phishing features and the associated and sequence of them. In addition to accuracy of the detection, the mechanism provides an emergency alert of phishing attack. In the future, this conceptual mechanism will be practiced and proved this effectiveness in the future.
主题分类 基礎與應用科學 > 資訊科學
社會科學 > 經濟學
参考文献
  1. 蔡良庭、楊志堅(2004)。學習向量量化網路分類之模擬研究。測驗統計年刊,12,269-291。
    連結:
  2. Computer Security Institute (2009). CSI Computer Crime and Security Survey Executive Summary. Retrieved January 8, 2010, from the World Wide Web:http://pathmaker.biz/whitepapers/CSISurvey2009.pdf
  3. Computer Security Institute (2007). CSI Computer Crime and Security Survey.Retrieved April 30, 2009, from the World Wide Web:http://www.cse.msstate.edu/~cse6243/readings/CSISurvey2007.pdf
  4. Computer Security Institute (2008). CSI Computer Crime and Security Survey.Retrieved April 30, 2009, from the World Wide Web:http://www.cse.msstate.edu/~cse6243/readings/CSIsurvey2008.pdf
  5. Symantec (2010), Symantec Intelligence Quarterly: Global Report (April–June2010). Retrieved November 26, 2010, from the World Wide Web:http://www.symantec.com/content/en/us/enterprise/other_resources/b-symc_intelligence_quarterly_apr-jun_2010_21072009.en-us.pdf
  6. 資策會產業情報研究所(2010 年11 月23 日)。「端裝置、雲服務、雲建置」雲端運算牽動九大關鍵軟體市場。2010 年12 月26 日, 取自:http://mic.iii.org.tw/aisp/pressroom/press01_pop.asp?sno=234&type1=2
  7. Kaspersky (2010, Nov. 10). Kaspersky Spam in the Third Quarter of 2010. Retrieved December 15, 2010, from the World Wide Web:http://www.securelist.com/en/analysis/204792147/Spam_in_the_Third_Quarter_of_2010
  8. Aburrous, M.,Hossain, M.A.,Dahal, K.,Thabtah, F.(2010).Intelligent Phishing Detection System for e-banking using Fuzzy Data Mining.Expert Systems with Applications,37(12),7913-7921.
  9. Agrawal, R.,Srikant, R.(1994).Fast Algorithms for Mining Association Rules.Proceedings of the 20th Very Large Data Bases Conference
  10. Agrawal, R.,Srikant, R.(1995).Mining Sequential Patterns.Proceedings of the 11th International Conference on Data Engineering
  11. Breiman, L.(2001).Random Forests.Machine Learning,45(1),5-32.
  12. Breiman, L.,Friedman, J.H.,Olshen , R.A.,Stone, C.J.(1984).Classification and Regression Trees.Belmont:Wadsworth Belmont Group.
  13. Cao, Y.,Han, W.,Le, Y.(2008).Anti-phishing Based on Automated Individual White-List.Proceedings of the 4th ACM Workshop on Digital Identity Management (DIM'08)
  14. Caporaletti, L.E.,Dorsey, R.E.,Johnson, J.D.,Powell, W.A.(1994).A Decision Support System for In-Sample Simultaneous Equation Systems Forecasting Using Artificial Neural Systems.Decision Support Systems,11(5),481-495.
  15. Chen, X.,Bose, I.,Alvin, C.M.L.,Guo, C.(2010).Assessing the severity of phishing attacks: A hybrid data mining approach.Decision Support Systems,50(4),662-672.
  16. Chipman, H.A.,George, E.I.,McCulloch, R.E.(2006).BART: Bayesian Additive Regression Trees.Canada:Department of Mathematics and Statistics, Acadia University.
  17. Fette, I.,Sadeh, N.,Tomasic, A.(2007).Learning to detect phishing emails.Proceedings of the 16th international conference on World Wide Web
  18. Han, J.,Pei, J.,Mortazavi-Asl, B.,Chen, Q.,Dayal, U.,Hsu, M.(2000).FreeSpan:frequent pattern-projected sequential pattern mining.Proceedings of the 6th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining
  19. Jo, I.,Jung, EJ,Yeom, H.Y.(2010).You' re not who you claim to be: website identity check for phishing detection.Proceedings of 19th International Conference on Computer Communications and Networks
  20. Michie, D.(Ed.)(1979).Expert Systems in the Microelectronic age.Edinburgh, Scotland:Edinburgh University.
  21. Mitchell, T.M.(1997).Machine Learning.New York:McGraw-Hill.
  22. Pan, Y.,Ding, X.(2006).Anomaly based Web Phishing Page Detection.Proceedings of the 22nd Annual Computer Security Applications Conference on Annual Computer Security Applications Conference
  23. Pei, J.,Han, J.,Mortazavi-Asl, B.,Pinto, H.(2001).PrefixSpan: Mining Sequential Patterns Efficiently by Prefix-Projected Pattern Growth.Proceedings of the 17th International Conference on Data Engineering
  24. Quinlan J.R.(1993).C4.5: Programs for machine learning.San Francisco:Morgan Kaufmann.
  25. Ravi, V.,Kurniawan, H.,Thai, Peter Nwee Kok,Kumar, P.R.(2008).Soft computing system for bank performance prediction.Applied Soft Computing,8(1),305-315.
  26. Srikant, R.,Agrawal, R.(1996).Mining Sequential Patterns: Generalizations And Performance Improvements.Proceedings of the 5th International Conference Extending Database Technology, EDBT
  27. Toolan, F.,Carthy, J.(2009).Phishing Detection using Classifier Ensembles.Proceedings of the 4th annual Anti-Phishing Working Groups eCrime Researchers Summit
  28. 陳青島(2008)。碩士論文(碩士論文)。國立臺灣科技大學資訊工程研究所。
print cancel