摘要
文章以复制著名站点的钓鱼网站为对象,基于半脆弱水印提出一种新的网络钓鱼主动防御技术,将融合域名、URL、Logo等网站身份特征的半脆弱水印,利用等价标记算法嵌入在网页中;检测时,比较可疑网站产生的水印与提取的水印,当两者不一致,可疑网站为钓鱼网站。文章首先分析主动防御的有效性,并验证融合网站特征的半脆弱水印性能。模拟网络钓鱼攻击实验表明,该方法能有效地检测出钓鱼者通过下载合法网站网页,进行少量修改后的钓鱼网站.
A novel countermeasure scheme is proposed in this paper based on semi-fragile watermark, including of declaring website identity based on semi-fragile watermark, and detecting phishing webpage. The semi-fragile watermark with domain name, URL, Logo features of website is generated, and then embedded into the webpage to express the identity. When the suspicious webpage is met, the inconsistence of the generated semi-fragile watermark and the extracted information shows the phishing attack. The simulating phishing experiments show the method can effective detect the phishing attack by downloading the tactic’s webpage and modifying a little to lure the victims. So our phishing detection entails high cost to the adversary.
出处
《信息网络安全》
2013年第1期8-11,共4页
Netinfo Security
基金
国家自然科学基金[61202496]
湖南省自然科学基金资助项目[10JJ4043
10JJ5062]
湖南省科技计划重点项目[2010NK2003]
湖南省科技计划项目[2010TZ4012]
长沙市科技局科技计划项目[K1005180-61]
湖南省公安厅科学研究项目[湘公装[2008]14号]
关键词
网络钓鱼
网络钓鱼防御
网站特征
半脆弱水印
等价标记
phishing
phishing countermeasure
website characters
semi-fragile watermark
equal tag