solutionssb

www.nyzsb.com.cn  时间:2021-02-14  阅读:()
Anti-PhishingSecurityStrategyAngeloP.
E.
RosielloAgenda1.
Briefintroductiontophishing2.
Strategicdefensetechniques3.
Anewclientbasedsolution:DOMAntiPhish4.
ConclusionsNatureofPhishing3.
8daysAveragetimeonlineforsiteU.
S.
Countryhostingthemostphishingwebsites149Numberofbrandshijackedbyphishingcampaigns37438Numberofuniquesites23415NumberofuniquereportsFinancialServicescontinuetobethemosttargetedindustrysectorat96.
9%ofallattacksinthemonthofMay-ListofthemainhighlightsreportedforMay2007-StatisticsfromtheAntiPhishingWorkingGroup(AWPG)confirmtheglobalnatureofphishingwhoseprimarytargetarefinancialinstitutionsGrowingEffectivenessandEfficiencyofPhishingOverthelastmonthsphishingattackshavebecomemoreeffectiveandcomplextotrackandchallengeUSChina-Thetop5listofbreaches-InformationWeekResearch&Accenture–InformationSecuritySurvey2007Phishingrepresentsthethirdtypeofsuccessfulattackagainstenterprises(mainlybanks)SymantechasdetectedanumberofphishingsitesthathavebeenhostedongovernmentURLsoverrecentmonths.
InJunealone(2007),fraudulentsiteswereidentifiedonsitesrunbythegovernmentsofThailand,Indonesia,Hungary,Bangladesh,Argentina,SriLanka,theUkraine,China,Brazil,BosniaandHerzegovina,Colombia,andMalaysia.
"HostingaphishingWebpageonagovernmentsitehasanumberofadvantagesforaphisher.
GovernmentWebsitesoftenreceiveahighvolumeoftraffic,sotheirserverscanhandletheextratrafficgeneratedbyaphishingsite"writesSymantecresearcherNickSullivan.
"Thisextratrafficmightnotbenoticedimmediately,givingthephishingsitealongerlifespanbeforeitisdetectedandshutdown.
Perhapsmostimportantly,hostingaphishingsiteonanactualgovernmentURLgivesthephishingsiteasenseofauthenticitythat'shardtobeat.
"-ImprovingPhishingqualityattacks-TaxonomyofPhishingAttacksPhishingattackscanbeclassifiedaccordingtotheirnatureEmail,IMPhishingAttacksE-mailIM,IRC,etc.
-Description-Spoofede-mailaresenttoasetofvictimsaskingthem(usually)toupgradetheirpasswords,dataaccount,etc.
MSN,ICQ,AOLandotherIMchannelsareusedtoreachthevictims.
Socialengineeringtechniquesareusedtogainvictim'ssensitiveinformationCallingthevictimsonthephone,classicsocialengineeringtechniquesareusedbyphishersAnotherkindofattackisbasedontheinternetbrowservulnerabilities.
ThisapproachisusuallyadoptedtoautomaticallyinstalldialersPhone,mail,etc.
Exploitbased-ClassificationoftheAttacks-AProcessofPhishingAttacksInatypicalattack,thephishersendsalargenumberofspoofed(i.
e.
fake)e-mailstorandomInternetusersthatseemtobecomingfromalegitimateandwell-knownbusinessorganization(e.
g.
financialinstitutions,creditcardcompanies,etc)Thee-mailurgesthevictimtoupdatehispersonalinformationasaconditiontoavoidloosingaccessrightstospecificservices(e.
g.
accesstoonlinebankaccount,etc).
Byclickingonthelinkprovided,thevictimisdirectedtoaboguswebsiteimplementedbytheattackerThephishingwebsiteisstructuredasacloneoftheoriginalwebsitesothatthevictimisnotabletodistinguishitfromthatoftheservicehe/shehasaccessto.
Lotsofe-mailsaresenttoasetofrandomvictimsThevictimchangesherdataE-mailurgesthevictimtoupdateherdataviaweb(aspoofedone)Phisher!
!
!
AFRUDNewPhishersSkillsToconfusethevictim,phishersaredevisingnewtricksPhishinge-mailembedhyperlinksfromtheoriginalwebsitesothattheusersmainlysurfontherealwebserverexecutingonlyasmallnumberofconnectionstothefakewebserver.
WebsiteURLareencodedorobfuscatedtonotraisesuspicious.
IDNspoofing,forexample,usesUnicodeURLsthatrenderURLsinbrowsersinawaythattheaddresslooksliketheoriginalwebsiteaddressbutactuallylinktoafakewebsitewithadifferentaddress.
VictimsareredirectedtoaphishingwebsitebyfirstusingmalwarestoinstallamaliciousBrowserHelperObject(BHO).
BHOsareDLLsthatallowsdeveloperstocustomizeandcontrolInternetExplorerbutalsophisherstocompromiseconnections.
Thehostsfileonthevictim'smachineiscorrupted,forexampleusingamalware.
ThehostfilesmaintainslocalmappingsbetweenDNSnamesandIPaddresses.
ByinsertingafakeDNSentryintotheuser'shostsfile,itwillappearthattheirwebbrowserisconnectingtoalegitimatewebsitewheninfactitisconnectingtoaphishingwebsite.
Agenda1.
Briefintroductiontophishing2.
Strategicdefensetechniques3.
Anewclientbasedsolution:DOMAntiPhish4.
ConclusionsStrategicDefenseTechniquesAntiphisingdefensescanbeserverandclientbasedsolutionsServer-basedAnti-PhishingClient-basedBehaviourDetectionBrandMonitoringSecurityEventsE-mailAnalysisBlackListsInformationFlowSimilarityofLayoutsFocusofthispresentation!
Server-basedSolutionsServerbasedtechniquesareimplementedbyserviceproviders(e.
g.
ISP,e-commercestores,financialinstitutions,etc…)Crawlingon-linewebsitestoidentify"clones"(lookingforlegitimatebrands),whichareconsideredphishingpages.
Suspectedwebsitesareaddedtoacentralized"black-list".
Foreachcustomeraprofileisidentified(afteratrainingperiod)whichisusedtodetectanomaliesinthebehaviourofusersSecurityeventanalysisandcorrelationusingregisteredeventsprovidedbyseveralsources(OS,application,networkdevice)toidentifyanomalousactivityorforpostmortemanalysisfollowinganattackorafraudUsingmorethanoneidentificationfactoriscalledstrongauthentication.
Therearethreeuniversallyrecognizedfactorsforauthenticatingindividuals:somethingyouknow(e.
g.
password);somethingyouhave(e.
g.
hwsecuritytoken);somethingyouare(e.
g.
fingerprint)Newtechniquesofauthenticationareunderreasearch,suchasusinganimageduringtheregistrationphasewhichisshownduringeveryloginprocessBrandMonitoringBehaviourDetectionSecurityEventMonitoringStrongAuthenticationNewAuthenticationTechniquesClient-basedSolutionsClient-basedtechniquesareimplementedonusers'endpointthroughbrowserplug-insore-mailclientsE-mail-basedapproachestypicallyusefiltersandcontentanalysis.
IftrainedregularlyBayesianfiltersareactuallyquiteeffectiveininterceptingbothspammingandphishinge-mails.
BlacklistsarecollectionsofURLsidentifiedasmalicious.
Theblacklistisqueriedbythebrowserrun-timewheneverapageisloaded.
IfthecurrentlyvisitedURLisincludedintheblacklist,theuserisadvisedofthedanger,otherwisethepageisconsideredlegitimate.
InformationflowsolutionsarebasedonthepremisethatwhileausermaybeeasilyfooledbyURLobfuscationorafakedomainname,aprogramwillnot.
AntiPhishisanexampleofthistypeofdefensetechniquewhichkeepstrackofthesensitiveinformationthattheuserentersintowebforms,raisinganalertifsomethingisconsideredunsafeMostadvancedtechniquestrytodistinguishaphishingwebpagefromthelegitimateonecomparingtheirvisualsimilarity[[Wenyin,Huang,Xiaoyue,Min,Deng],[Rosiello,Kirda,Kruegel,Ferrandi]E-mailAnalysisBlack-ListsInformationFlowSimilarityofLayoutsTrendsonclient-basedMarketSolutionsInOctober2006,aMicrosoft-commissionedreportonvariousanti-phishingsolutionswasreleased.
ThetestersfoundthatMicrosoftInternetExplorer(IE)7.
0hasbetteranti-phishingtechnologythancompetingsolutions.
TheproductstestedincludedIE7.
0Beta3,EarthLinkScamBlocker,eBayToolbarwithAccountGuard,GeoTrustTrustWatch,GoogleToolbarforFirefoxwithSafeBrowsing,McAfeeSiteAdvisorPlus,NetcraftToolbar,andNetscapeBrowserwithbuilt-inantiphishingtechnologyTheMozillaFoundationcommissioneditsownstudytogaugetheeffectivenessofMozillaFirefox2.
0'santi-phishingtechnologyascomparedwithIE7.
0's.
ThisstudyfoundthatFirefox'santi-phishingtechnologywasbetterthanIE'sbyaconsiderablemarginItseemsevidentthatwecannottrustbothabovestudiesandforthisreasonweconsiderathirdindependentevaluationrealizedbytheSecurityLaboftheTechnicalUniversityofViennaInthelastmonthsthemajorbrowsers(e.
g.
IE7andMozillaFirefox)haveintegratedspecificanti-phishingfunctionalities(black-listsandstaticpageanalysis)AnalysisoftheBlack-ListsOveraperiodofthreeweekstheTechnicalUniversityofVienna(TUWIEN)hascollected10,000URLstobenchmarkMicrosoftandGoogle'sblack-lists.
Basedonthreeindicators,theresearchshowsthatGoogleperformsbetterthanMicrosoftCoverage:percentageofphishingURLsalreadyincludedinthelistQuality:percentageoflegitimateURLsincorrectlyincludedinthelistAverageResponseTime(ART):averagetimerequiredtoinsertnotinitiallyincludedURLs-KPI-2,413(67.
18%)3,241(90.
23%)BLTotal6.
4h9.
3hART2,139(59.
55%)274(7.
63%)3,157(87.
89%)84(2.
34%)BLinitallyBLdelayed3,592(100%)3,595(100%)SitesMicrosoftGoogle-ExperimentalResults-StaticPageAnalysisTUWIENhasdemonstratedthatasetofpagepropertiesactuallyallowstodifferentiatebetweenmalicious(phishing)andlegitimate(benign)onesSelectasetofpagepropertiesCollectwebpagestobeanalyzed18propertiesareconsideredmainlyextractedfromtheHTMLsourcecode(e.
g.
forms,inputfields,links,scripttags,etc.
)ExtracttheclassificationmodelInferaboutphishingAsetoflegitimateandphishingwebpagesarecollectedtoextracttheclassificationmodelTheC4.
2algorithmisexecutedtoidentifytheclassificationmodel(i.
e.
thedecion-tree)AnautomatictoolthatusestheextractedclassificationmodelcandistinguishphishingfromlegitimatewebpagesStaticPageAnalysis:ExperimentalResultsThedecision-treeisextractedusingtheWekapackage(algorithmJ48)onasetof4,829webpages-ReducedDecision-TreeextractedusingtheWekapackage-565115PhishingPages184,131LegitimatePagesClassifiedasPhishingClassifiedasLegitimate-ConfusionMatrix-Thequalifierisquitesuccessfulinidentifyingphishingpages(morethan80%arecorrectlyrecognized),raisingonlyaverysmallnumberoffalsealerts(18outof4,149pagesareincorrectlyclassifiedasphishing)StaticPageAnalysis:DemoStartingfromthetrainingdata-set,arealtimedemonstrationisprovidedInstalltheWekaPackageLoadtheinput".
arf"or".
csv"fileSelecttheJ48algorithmRuntheapplicationChecktheextractedtree-Stepstobeexecuted-InformationFlowSolutions:AntiPhish(1/2)Alimitednumberofinformationflowbasedsolutionswererealized.
TheobjectiveistoprotectusersbycheckingwheretheinformationissenttoAntiPhishisanapplicationthatisintegratedintothebrowserasanexternalplug-inAfterAntiPhishisinstalled,thebrowserpromptsarequestforanewmasterpasswordwhentheuserentersinputintoaformforthefirsttimeThemasterpasswordisusedtoencryptthesensitiveinformationbeforeitisstored(usingDES)Aftertheuserenterssensitiveinformationsuchasapassword,theAntiPhishmenuisusedtoscanthepageandtocaptureandstorethisinformationwiththedomainofthewebsite,too-Howdoesitlooklike--Generaldescription-InformationFlowSolutions:AntiPhish(2/2)TheexecutionflowchartofAntiPhishindicateshowthistoolallowtoprotectpotentialvictimsUserpresseskeyorpastestextintoformfieldCheckiftheinformationenteredisinthe"watch-list"Istheinfointhe"watch-list"DoesthedomaincorrespondThewebsiteistrusted.
ContinuenormallyUntrustedwebsite.
GenerateanalertNOYESNOYESAntiPhishdetectsthatsensitiveinformationhasbeentypedintoaformofanuntrusteddomainandcancelstheoperation.
Everytimeinformationisenteredintoaformelement(e.
g.
,textfield,textarea,etc.
),AntiPhishgoesthroughitslistofcaptured/cachedinformation.
Interactioneventstheusergenerateswithinthebrowser(keypresses,submissions,mouseclicks&focus)areinterceptedbeforeinformationcanflowtountrustedwebsite.
AntiPhishinActionWhenthevictiminsertshisusernameandpasswordtoanuntrustedwebsite,analertisraisedbeforesensitiveinformationaresenttothephisherAgenda1.
Briefintroductiontophishing2.
Strategicdefensetechniques3.
Anewclientbasedsolution:DOMAntiPhish4.
ConclusionsLayout-Similarity-basedSolutions(1/2)Layout-similarity-basedapproachesclassifyawebpageasaphishingpageifits"visual"similarityvalueisaboveapredefinedthreshold-Wenyinetal.
Approach-Thewebpageisdecomposedintosalientblocksaccordingto"visualcues".
Thevisualsimilaritybetweentwowebpagesismeasured.
Awebpageisconsideredaphishingpageifthesimilaritytothelegitimatewebpageishigherthanathreshold.
Layout-Similarity-basedSolutions(2/2)DOMAntiPhish[Rosiello,Kirda,Kruegel,Ferrandi]computesthesimilarityvalueextractingtheDOM-Treeoftheconsideredwebpages-DOMAntiPhishdescription-Whenapasswordassociatedwithacertaindomainisreusedonanotherdomainthesystemcomparesthelayoutofthecurrentpagewiththepagewherethesensitiveinformationwasoriginallyentered.
ForthecomparisontheDOM-Treeoftheoriginalwebpageandthenewonearechecked.
Ifthesystemdeterminesthatthesepageshaveasimilarappearance,aphishingattackisassumed-DOMAntiPhishFlowchart-DOMAntiPhish:DOM-TreeExtractionTheDocumentObjectModel(DOM)-Treeisaninternalrepresentationusedbybrowserstorepresentawebpage-HTMLsourcecode-ShadyGroveAeolianOvertheriverAlbert-DOM-Treerepresentation-DOMAntiPhish:SimilarityComputationDOM-TreesreducetheproblemofcomputingthelayoutsimilarityoftwowebpagestotheproblemofestablishingiftwotreesareisomorphicINPUTS:vertexv,vertexu,firstSubTreeФ,secondSubTreeФWHILEcontinue_whileexistsequivalent_subTrees_branchesDOfirstSubTree=getSubTree(u,firstSubTree);secondSubTree=getSubTree(v,secondSubTree);IFaresimilar(firstSubTree,secondSubTree)THENfloatpenalty=compute_similarity_penalty();storesubTrees(u,v,firstSubTree,secondSubTree,penalty);ENDIFENDWHILE-Templatescomputationalgorithm-Equaltemplatesextractedbythealgorithm.
Tocoverthetrees,thebestsetoftemplatesareselected(minimizingthesimilaritypenalties)-PhishingExample-DOMAntiPhish:ImplementationProcessDOMAntiPhishprototypeisimplementedasaJavascriptplug-inforMozillaFirefox2.
0whichinvokesaJavasoftwaretocomputethelayoutsimilarityDOM-TreeExtractionJavaSoftwareCallTheJavascriptplug-inforMozillaFirefox2.
0extractstheDOM-TreerepresentationofeachstoredwebpageandbrowsingoneTheJavascriptplug-inwritesdowntwotextfilesthatcontaintheextractedDOM-TreesTheJavascriptplug-ininvokestheJavasoftwareSimilarityLayoutCalculationTheJavasoftwarecalculatesthesimilarityoftheanalyzedDOM-TreeschoosingthesetoftemplateswhichminimizethesimilaritypenaltyandmaximizethecoveragePhishingReportTheJavascriptplug-inreadsthesimilarityvaluefromatextfileandreturnsthephishingreporttotheuserDOMAntiPhish:ExperimentalResultsDOMAntiPhishwastestedonasetofover200websitesprovingthatourapproachisfeasibleinpractice-Experimentalresultsdescription-Duringthesimilaritycomputationprocess,fortheisomorphicsubtreesidentificationalgorithm,weaddedapenaltyof0.
3iftwocorrespondingtagshaddifferenttypesorifatagdidnothavechildrenanditsmatchedcounterpartdid.
Iftwoattributesofmatchedtagsweredifferent,apenaltyof0.
1wasadded.
Moreover,iftheattributeshaddifferentvalues,thenapenaltyof0.
05wasadded,too.
Thepenaltyvaluesweredeterminedempiricallybyhavingasobjectivefunctiontheminimizationoffalsepositiveandnegativeresultsforlowandhighthresholdvaluesrespectively.
DOMAntiPhish:LimitationsAseverysecuritysolution,alsoDOMAntiPhishisnotperfectandwecanidentifythefollowingmainlimitations:Itcouldbepossibleforattackerstouseacombinationofimagestocreateaspoofedwebpagethatlooksvisuallysimilartoalegitimatewebpage.
Hence,theDOMofthespoofedwebpagewouldbedifferentanddetectionwouldbeevaded.
Onepossibilityofdealingwiththislimitationcouldbetotakeaconservativeapproachandtotagwebpagesasbeingsuspiciousthatcontainalargenumberofimagesorthatmainlyconsistofimages.
AnotherpossibleproblemcouldbeDOMobfuscationattemptsthatwouldmakethevisuallooksimilartothelegitimatewebpagewhileatthesametimeevadingdetection.
Ourapproachraisesthedifficultybarforcreatingphishingpages.
Furthermore,onecanalwaystakeamoreconservativeapproachbyreducingthephishingalertthreshold.
Also,ifphishersareforcedtoalterthelookandfeeloftheirphishingpages,thesepageswillbecomelessconvincingandmoresuspicioustothevictims.
-Potentialattacks--Defensivesolutions-DOMAntiPhish:DemoBrowsingsomewebpagesweshowhowDOMAntiPhishworksagainstphishingattacksInstallDOMAntiPhishplug-inLogintoatrustedwebsiteTrytologintoaphishingwebsiteCheckthephishingreport-Stepstobeexecuted-Agenda1.
Briefintroductiontophishing2.
Strategicdefensetechniques3.
Anewclientbasedsolution:DOMAntiPhish4.
ConclusionsConclusionsAsforeveryITattack,phishingcanbeprevented,detectedandmitigatedthroughserver-basedandclient-basedapproaches,supportedbyeducationandawarenessPeopleClient-basedtechniquestrytoprotectusersimplementinglocalsolutions,suchasbrowserplug-insore-mailclientsServerbasedtechniquesareappliedonserversorprovidersthatofferservicestocustomersReferencesAngeloP.
E.
Rosiello,EnginKirda,ChristopherKruegel,andFabrizioFerrandi.
"ALayout-Similarity-BasedApproachforDetectingPhishingPages".
IEEEInternationalConferenceonSecurityandPrivacyinCommunicationNetworks(SecureComm),Nice,France,September2007ChristianLudl,SeanMcAllister,EnginKirda,andChristopherKruegel.
"OntheEffectivenessofTechniquestoDetectPhishingSites".
DetectionofIntrusionsandMalwareandVulnerabilityAssessment(DIMVA)2007Conference,Lucerne,Switzerland,July2007EnginKirdaandChristopherKruegel.
"ProtectingUsersagainstPhishingAttacks".
TheComputerJournal,2006.
NeilChou,RobertLedesma,YukaTeraguchi,DanBoneh,andJohnMitchell.
"Client-sidedefenseagainstweb-basedidentitytheft".
In11thAnnualNetworkandDistributedSystemSecuritySymposium(NDSS'04),SanDiego,2005.
Anti-PhishingWorkingGroup(APWG).
APWGHomepage.
http://www.
antiphishing.
org/,2007.
InformationSecuritySurvey2007–InformationWeekResearch&AccentureGoogle.
GoogleWhitelist.
http://sb.
google.
com/safebrowsing/updateversion=goog-white-domain:1:-1,2007.
Mozilla.
Firefox2PhishingProtectionEffectivenessTesting.
http://www.
mozilla.
org/security/phishing-test.
html,2006.
Verisign.
Anti-PhishingSolution.
http://www.
verisign.
com/verisign-business-solutions/anti-phishing-solutions/,2005.
YueZhang,SergeEgelman,LorrieCranor,andJasonHong.
PhindingPhish:EvaluatingAnti-PhishingTools.
InNetworkandITSecurityConference:NDSS2007,SanDiego,California,2007.
Weka.
http://www.
cs.
waikato.
ac.
nz/ml/weka/

香港服务器多少钱一个月?香港云服务器最便宜价格

香港服务器多少钱一个月?香港服务器租用配置价格一个月多少,现在很多中小型企业在建站时都会租用香港服务器,租用香港服务器可以使网站访问更流畅、稳定性更好,安全性会更高等等。香港服务器的租用和其他地区的服务器租用配置元素都是一样的,那么为什么香港服务器那么受欢迎呢,香港云服务器最便宜价格多少钱一个月呢?阿里云轻量应用服务器最便宜的是1核1G峰值带宽30Mbps,24元/月,288元/年。不过我们一般选...

CloudCone2核KVM美国洛杉矶MC机房机房2.89美元/月,美国洛杉矶MC机房KVM虚拟架构2核1.5G内存1Gbps带宽,国外便宜美国VPS七月特价优惠

近日CloudCone发布了七月的特价便宜优惠VPS云服务器产品,KVM虚拟架构,性价比最高的为2核心1.5G内存1Gbps带宽5TB月流量,2.89美元/月,稳定性还是非常不错的,有需要国外便宜VPS云服务器的朋友可以关注一下。CloudCone怎么样?CloudCone服务器好不好?CloudCone值不值得购买?CloudCone是一家成立于2017年的美国服务器提供商,国外实力大厂,自己开...

Pia云服务商春节6.66折 美国洛杉矶/中国香港/俄罗斯和深圳机房

Pia云这个商家的云服务器在前面也有介绍过几次,从价格上确实比较便宜。我们可以看到最低云服务器低至月付20元,服务器均采用KVM虚拟架构技术,数据中心包括美国洛杉矶、中国香港、俄罗斯和深圳地区,这次春节活动商家的活动力度比较大推出出全场6.66折,如果我们有需要可以体验。初次体验的记得月付方案,如果合适再续约。pia云春节活动优惠券:piayun-2022 Pia云服务商官方网站我们一起看看这次活...

www.nyzsb.com.cn为你推荐
微信小程序直播功能准入要求请务必阅读正文之后的免责条款部分支持ipadCTioscss3圆角如何用CSS实现圆角矩形?win7关闭445端口win7系统怎么关闭445和135这两个端口勒索病毒win7补丁求问win7 64位旗舰版怎么预防勒索病毒iphonewifi为什么我的苹果手机连不上wifi重庆电信宽带管家重庆电信宽带多少钱一个月google图片搜索谁能教我怎么在手机用google的图片搜索啊!!!
如何查询ip地址 2019年感恩节 cpanel suspended 卡巴斯基永久免费版 165邮箱 ntfs格式分区 泉州电信 isp服务商 卡巴斯基免费试用 卡巴斯基免费试用版 华为云盘 视频服务器是什么 英国伦敦 智能dns解析 privatetracker 腾讯云平台 reboot wannacry勒索病毒 tko 更多