【作者】 何高辉；

【导师】 王明政；

【作者基本信息】 上海交通大学 ， 通信与信息系统， 2011， 硕士

【摘要】 钓鱼式网络攻击作为一种典型的网络欺诈犯罪活动,随着电子商务等互联网交易平台的兴起而日益猖獗,给人们带来了越来越大的经济损失。当前的网络钓鱼防御方案大都是在特定的应用、特定的终端上基于过滤技术实现的,这样的应用就具有较大的局限性。网络钓鱼大都是通过DNS达到目的的,被钓者也是在使用基于DNS的网络应用服务中造成损失的。因此,DNS是防御网络钓鱼的第一线。在DNS上开发防御网络钓鱼等安全应用,最大的优点是能够全面覆盖到所有的网络用户和应用。本文重点研究了网络钓鱼的防御方案和检测算法,主要工作和成果如下:1、提出了基于支持向量机(SVM)主动学习算法的网络钓鱼检测算法。通过对DNS收集的URL进行及时的检测判定,为DNS反网络钓鱼模块提供钓鱼网络URL黑名单库。在该算法中,还提出了采用网址URL与Web页面内容的综合敏感特征进行检测分类,以保证检测的适应范围和效率。实验结果表明,该算法在小样本集的分类检测中,就达到了较高的检测精度和效率。2、建立了基于DNS的网络钓鱼防护系统。通过对当前网络钓鱼防御方案的全面分析,总结了当前各种防御方案的优点和不足。结合DNS的安全应用研究,设计并实现了一个由DNS反网络钓鱼过滤系统和基于云计算平台提供性能支撑的网络钓鱼URL检测系统组成的DNS反网络钓鱼应用系统。3、开发了Bind服务器反钓鱼模块。通过对DNS应用最广泛的服务器软件ISC Bind源码进行分析,开发了Bind服务器上调用的反钓鱼模块,以及系统其他相应功能模块,包括数据整合、透明代理、Web管理等。系统运行试验结果表明,本系统能够为用户提供及时有效的钓鱼式网络攻击防护,对DNS服务器性能影响极小,基于BIND的实现兼容现有的服务器配置,管理维护非常简便。最后,总结了全文的工作,并讨论了对进一步工作的展望。更多还原

【Abstract】 Phishing attacks, as a typical online fraud and criminal activities, having become increasingly rampant with the expansion and prosperous of the Internet related e-commerce trading platforms, gave rise to increasing economic losses. The current phishing defense programs, mostly achieved through specific applications and designated filtering technology to the terminal, have greater limitations to its application. In most cases, phishing achieved through DNS and the losses were also caused during the use of network applied services based on DNS. Therefore, DNS is the front line of phishing defense. The biggest advantage to develop anti-phishing and other security applications on the DNS is the full coverage to all network users and applications.This paper focused on the defense program and detective algorithm of phishing, the main work and achievements are as follows:1. Proposed a method based on the support vector machine (SVM) active learning algorithm for phishing detection. Through timely detection judgement on the URL collected by DNS, it can provide a black list of phishing Web URL for anti-phishing modules. In this algorithm, it also proposed to classify the detection by combining the comprehensive sensitive features of URL and Web page content so as to ensure the defection’s application scope and efficiency. Experimental results show that the algorithm has achieved high detection accuracy and efficiency.in the classified detection on the small sample set.2. Established the phishing protective system based on the DNS. Through comprehensive analysis on the current Phishing defense programms, we summarized the strengths and weaknesses of the current defense programs. Integrated with the reseach of DNS security application, we designed and achieved a DNS anti-phishing system consisting of a filter sytem and a URL detection system based on the computing platform . 3. Developed an anti-phishing module for Bind server. By analyzing themost widely used DNS server software - source code of ISC Bind, we developed anti-phishing modules for Bind server, and other appropriate system modules, including data integration, transparent proxy, Web management etc.. The system-running-experiments results show that the system can provide users with timely and effective protection against phishing attacks, with minimal impact on the DNS server performance, to achieve compatibility with existing BIND-based server configuration, which is also easy for management and maintenance.Finally, made a summary of the full text of the work, and discussed the prospects for further work.更多还原