基于专家知识库的反钓鱼系统的设计与实现

发布时间：2018-06-20 00:54

本文选题：钓鱼网站 + 页面特征　；参考：《北京邮电大学》2014年硕士论文

【摘要】：网络钓鱼是指钓鱼攻击者将人们日常生活中使用频繁普遍的网络作为载体,通过网络这个载体利用垃圾邮件、即时通讯、社交网络、手机短信群发等,设计出与被攻击网站非常相似的钓鱼网站作为鱼饵,在用户没有觉察时欺骗引诱出用户敏感信息,例如个人账户信息、密码、或信用卡详细信息,被攻击的用户受到不同程度的信息泄露甚至严重的经济损失。网络钓鱼近年来在全世界范围内变得越来越猖狂,严重影响到人们正常的工作和日常生活。为此,本文在分析了当前已有的反钓鱼技术基础上,提出了一种基于专家知识库的反钓鱼系统。本文在利用专家知识库本身特点的同时,改进专家知识库存在的缺点,结合钓鱼网站的特点设计了一种基于专家知识库的钓鱼识别系统。该系统从钓鱼网站URL结构特点和页面结构特点出发,设计出由黑白名单知识库、URL特征库以及页面特征库为主要部分的反钓鱼系统,通过严谨的数据筛选、详细的实现过程以及大量的数据评估,本系统得到了比较良好的效果。本文的主要创新工作归纳如下： 1、提出了一种基于专家知识库的反钓鱼识别系统。由于传统知识库识别单一、效率低等缺点,本文在利用传统知识库匹配简单、快速、更新时效等优点的基础上,进一步改进了传统知识库匹的局限性,设计出能够实时更新的URL特征库和页面特征库。 2、该系统从URL特征方面分析钓鱼网站的特点,将钓鱼网站的URL特征和匹配规则存储于特征知识库中。如果有新的URL特征出现,可直接更新到知识库中；如果要更新匹配规则,可直接更改知识库中已经存储的匹配算法,增强了URL特征库先验数据和检测算法在存储方便和更新及时方面的能力。 3、该系统从页面特征方面分析钓鱼网站的特点,结合页面DOM特征在钓鱼网站页面中的体现,提出了八种钓鱼网站的页面特征,应用支持向量机SVM算法实施对特征页面的分类,同时将也页面特征和特征检测算法存储于知识库,使得页面特征和检测算法的方便存储和更新有了进一步改善。 4、本文提出的反钓鱼识别系统除了设计专家知识库外,还结合了网站ALEAX排名、ICP备案和域名注册信息对网站的识别做补充判断,在最后的环节减少了误判、错判现象的发生。以往的反钓鱼识别技术要么只针对钓鱼网站的URL特征,要么只针对钓鱼网站的页面特征,在特征更新方面考虑也比较欠缺。与以往的反钓鱼识别系统相比,本文设计的反钓鱼识别系统从URL方面和页面特征方面综合考虑钓鱼总体相似特性,并且在专家知识库的基础上,对特征的存储、匹配规则以及更新都有了比较大的改进,在前人的研究基础上本文设计的系统能实现较好的性能。
[Abstract]:Phishing refers to the use of frequent and popular networks as carriers in people ' s daily life . The carrier uses spam , instant messaging , social networks , mobile phone short messages and the like to design a phishing website which is very similar to the attacked website as bait . When the user does not perceive , the user can induce user - sensitive information , such as personal account information , password , or credit card details , and the attacked user is subject to different degrees of information disclosure or even serious economic loss .

Phishing has become more and more rampant in the whole world in recent years , which seriously affects people ' s normal work and daily life . In this paper , based on the analysis of the existing anti - phishing technology , this paper proposes an anti - phishing system based on expert knowledge base .

1 . A kind of anti - phishing identification system based on expert knowledge base is put forward . Because the traditional knowledge base is simple , the efficiency is low and so on , this paper further improves the limitation of traditional knowledge base , and designs the URL feature library and page feature library which can be updated in real time .

2 , the system analyzes the characteristics of the phishing website from the aspect of the URL characteristics , stores the URL characteristics and matching rules of the phishing website in the feature knowledge base .
if that match rule is to be updated , the matching algorithm already stored in the knowledge base can be directly changed , and the prior data of the URL feature library and the ability of the detection algorithm to store convenience and timely update are enhanced .

3 . The system analyzes the characteristics of the phishing website from the aspect of the page feature , combines the characteristics of the page DOM on the page of the phishing website , and puts forward the page feature of the eight fishing websites , and applies the SVM algorithm of the support vector machine to classify the feature pages , and also stores the page feature and the feature detection algorithm in the knowledge base , so that the convenience storage and updating of the page feature and the detection algorithm are further improved .

4 . In addition to the design expert knowledge base , the anti - phishing identification system proposed in this paper also makes a supplementary judgment on the website recognition based on the ranking , ICP filing and domain name registration information of the website , and reduces the occurrence of misjudgment and misjudgment in the last link .

Compared with the previous anti - phishing identification system , the anti - phishing identification system designed by this paper comprehensively considers the overall similar characteristics of the fishing in terms of the URL and the page characteristics , and has a great improvement on the storage , matching rules and updating of the features on the basis of the expert knowledge base .
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】