--- title: 偽冒網站偵測與辨識 tags: - 第一組 --- 關鍵字：`website spoofing`、`spoofed website`、`phishing website` :::success <i class="fa fa-book" aria-hidden="true"></i> **偽冒網站（website spoofing）** Website spoofing is the creation of a replica of a trusted site with the intention of misleading visitors to a phishing site. Legitimate logos, fonts, colors and functionality are used to make the spoofed site look realistic.[^TREND_website_spoofing] ::: 而偽冒網站不一定等同於釣魚網站，但是釣魚網站一定是偽冒網站。所以在偵測偽冒網站時，釣魚網站偵測的相關研究可以提供很多相關的知識。 :::success <i class="fa fa-book" aria-hidden="true"></i> **釣魚攻擊（phishing）** 一種試圖通過電子郵件或網站上的欺詐性招攬來獲取敏感數據（如銀行帳號）的技術，其中犯罪者偽裝成合法企業或信譽良好的人。[^NIST_phishing] ::: 而釣魚網站的定義有被整理出來會有以下兩個特點[^Tutorial_and_critical_analysis_of_phishing_websites_methods]： - Showing a high visual similarity. - Containing at least one login form. 偽冒（釣魚）網站偵測可以分為以下幾種[^A_systematic_literature_review_on_phishing_website_detection_techniques]： - **List Based：** 建立網址的白名單或黑名單，缺點就是可以透過更改網址來規避，必須時常更新清單內容。 - **Visual Similarity：** 根據各種視覺特徵評估可疑網站和真實網站。透過分析 CSS、文字排版、原始碼、網站 Logo 和網頁截圖...等，來比較相似度。但由於是與之前瀏覽過的網頁做比較，因此較難預防 zero-hour 釣魚攻擊。 - **Heuristic：** 這種方法會用網頁的特徵來辨別。例如 URL、文本內容、DNS、數位證書和網站流量...等等。並且這種方法可以檢測 zero-hour 釣魚攻擊。 - **Machine Learning：** 收集網站的 URL、網站結構...等相關資訊作為資料集。 - **Deep Learning：** ## 相關研究 - [Safi, A., & Singh, S. (2023). **A systematic literature review on phishing website detection techniques**. Journal of King Saud University-Computer and Information Sciences, 35(2), 590-611.](https://www.sciencedirect.com/science/article/pii/S1319157823000034) > 整理與分析關於釣魚網站的論文 - [Mohammad, R. M., Thabtah, F., & McCluskey, L. (2015). **Tutorial and critical analysis of phishing websites methods**. Computer Science Review, 17, 1-24.](https://www.sciencedirect.com/science/article/pii/S1574013715000039?casa_token=yQQBV45JeTwAAAAA:vEvXbegCM6lVPLPoooEaRl6Ia07tkxlUgGv5X-IC5X1CQIY6A7dXcW8-rpBkVSv18LhYPL2ba7pI) - [Basit, A., Zafar, M., Liu, X., Javed, A. R., Jalil, Z., & Kifayat, K. (2021). **A comprehensive survey of AI-enabled phishing attacks detection techniques**. Telecommunication Systems, 76, 139-154.](https://link.springer.com/article/10.1007/s11235-020-00733-2) - [Jain, A. K., & Gupta, B. B. (2017). **Phishing detection: analysis of visual similarity based approaches**. Security and Communication Networks, 2017(1), 5421046.](https://onlinelibrary.wiley.com/doi/10.1155/2017/5421046) > 比對了很多以視覺相似度偵測的方法 - [Jain, A. K., & Gupta, B. B. (2018). **Two-level authentication approach to protect from phishing attacks in real time**. Journal of Ambient Intelligence and Humanized Computing, 9(6), 1783-1796.](https://link.springer.com/article/10.1007/s12652-017-0616-z) > 兩階段認證是指 1.)從 URL 擷取關鍵字，丟 Google 搜尋 2.)對比內文的超連結是否為惡意網站 - [Alkawaz, M. H., Steven, S. J., Hajamydeen, A. I., & Ramli, R. (2021, April). **A comprehensive survey on identification and analysis of phishing website based on machine learning methods**](https://ieeexplore.ieee.org/document/9431794) >比較不同檢測方法，指出機器學習是有效的方法之一，且提出混和方法 PhishAlert 在 500 個釣魚網站與 500 個合法網站的測試中表現良好(98%準確率)。 - [Jasika Bawa, Xinghui Lu, Google Chrome Security & Jonathan Li, Alex Wozniak, Google Safe Browsing. (2024). **Real-time, privacy-preserving URL protection**.](https://security.googleblog.com/2024/03/blog-post.html) > Google 的檢測方法 - [d4r3topk . **Web crawler to detect malicious websites**](https://github.com/d4r3topk/Web-crawler-to-detect-malicious-websites) > d4r3topk 撰寫的爬蟲可以 BFS 所有網站，看那些是惡意網站 - [Zamir, A., Khan, H. U., Iqbal, T., Yousaf, N., Aslam, F., Anjum, A., & Hamdani, M. (2020). **Phishing web site detection using diverse machine learning algorithms**. The Electronic Library, 38(1), 65-80.](#) > 用的是 url 的 [data set](https://www.kaggle.com/datasets/akashkr/phishing-website-dataset/data) 去判斷 > 用 RF+NN+Baging 有 97.4% 的正確率 <!-- 註腳連結 --> [^TREND_website_spoofing]: [**Website spoofing**. (n.d.). https://www.trendmicro.com/vinfo/us/security/definition/website-spoofing](https://www.trendmicro.com/vinfo/us/security/definition/website-spoofing) [^NIST_phishing]: [**phishing**. (n.d.). https://csrc.nist.gov/glossary/term/phishing](https://csrc.nist.gov/glossary/term/phishing) [^A_systematic_literature_review_on_phishing_website_detection_techniques]: [Safi, A., & Singh, S. (2023). **A systematic literature review on phishing website detection techniques**. Journal of King Saud University-Computer and Information Sciences, 35(2), 590-611.](https://www.sciencedirect.com/science/article/pii/S1319157823000034) [^Tutorial_and_critical_analysis_of_phishing_websites_methods]: [Mohammad, R. M., Thabtah, F., & McCluskey, L. (2015). **Tutorial and critical analysis of phishing websites methods**. Computer Science Review, 17, 1-24.](https://www.sciencedirect.com/science/article/pii/S1574013715000039?casa_token=yQQBV45JeTwAAAAA:vEvXbegCM6lVPLPoooEaRl6Ia07tkxlUgGv5X-IC5X1CQIY6A7dXcW8-rpBkVSv18LhYPL2ba7pI)