Cybercrime refers to any crime that involves a computer and a network, where the computers may or may not have played an instrumental part in the commission of a crime. Computer crime encompasses a broad range of potentially illegal activities. Generally, however, it may be divided into one of two types of categories: (1) crimes that target computer networks or devices directly and (2) crimes facilitated by computer networks or devices, the primary target of which is independent of the computer network or device. Examples for cybercrimes are fraud, spam, cyber terrorism and phishing. Phishing is a type of online fraud in which a scam artist uses an e-mail or website to illicitly obtain confidential information. It is a semantic attack which targets the user rather than the computer. It is a relatively new internet crime. The phishing problem is a hard problem because of the fact that it is very easy for an attacker to create an exact replica of a good banking website which looks very convincing to users. The communication (usually email) directs the user to visit a web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers that the legitimate organization already has .
网络犯罪是指任何涉及计算机和网络,其中计算机可以或者可能没有在这场比赛中扮演重要角色犯罪。计算机犯罪包括范围广泛的潜在非法活动活动。然而,一般来说,它可以分为两类犯罪中的一类:(1)针对直接使用计算机网络或设备和(2)犯罪在计算机网络或设备的推动下其主要目标独立于计算机网络或设备。举例说明网络犯罪包括欺诈、垃圾邮件、网络恐怖主义和网络钓鱼网络钓鱼是一种在线欺诈,其中包括欺诈艺术家使用电子邮件或网站非法获取机密信息。这是一种语义攻击它的目标是用户而不是计算机。这是一个相对较新的网络犯罪。网络钓鱼问题这是一个很难解决的问题,因为它非常复杂攻击者很容易创建一个精确的好的银行网站,看起来很有说服力给用户。沟通(通常是电子邮件)指导用户访问要求他们访问的网站更新个人信息,如密码和密码信用卡、社会保险和银行账户合法组织已经拥有的数字。
Despite growing efforts to educate users and create better detection tools, users are still very susceptible to phishing attacks. Unfortunately, due to the nature of the attacks, it is very difficult to estimate the number of people who actually fall victim. A report by Gartner estimated the costs at $1,244 per victim, an increase over the $257 they cited in a 2004 report [9]. In 2007, Moore and Clayton estimated the number of phishing victims by examining web server logs. They estimated that 311,449 people fall for phishing scams annually, costing around 350 million dollars. There are several promising defending approaches to this problem reported earlier. The first approach is [11] to stop phishing at the email level, since most current phishing attacks use broadcast email (spam) to lure victims to a phishing website .Another approach [10] is to use security toolbars. The phishing filter in IE8 is a toolbar approach with more features such as blocking the userrsquo;s activity with a detected phishing site. A third approach is to visually differentiate the phishing sites from the spoofed legitimate sites. Dynamic Security Skins [12] proposes to use a randomly generated visual hash to customize the browser window or web form elements to indicate the successfully authenticated sites. A fourth approach is two-factor authentication, which ensures that the user not only knows a secret but also presents a security token. However, this approach is a server-side solution. Sensitive information that is not related to a specific site, e.g., credit card information and SSN (Social Security Number), cannot be protected by this approach either. Many industrial antiphishing products use toolbars in Web browsers, but some researchers have shown that security tool bars donrsquo;t effectively prevent phishing attacks. The Passpet system, created by Yee et al. in 2006, uses indicators so that users know they are at a previously trusted website. Since all of these proposals require the use of complicated third-party tools, its unclear how many users will actually benefit from them. The newest version of Microsoftrsquo;s Internet Explorer supports Extended Validation (EV) certificates, coloring the URL bar green and displaying the name of the company. However, a recent study found that EV certificates did not make users less fall for phishing attacks.
尽管教育用户和创建更好的检测工具,用户仍然非常容易受到影响网络钓鱼攻击。不幸的是,由于在这些攻击中,很难估计攻击的严重程度实际成为受害者的人数。报告Gartner估计每个受害者的成本为1244美元,比他们在2004年报告中引用的257美元有所增加2007年,摩尔和克莱顿估计通过检查web服务器的网络钓鱼受害者数量日志。他们估计有311449人堕入情网网络钓鱼诈骗每年耗资约3.5亿美元美元。有几种很有前途的方法早些时候报告了解决此问题的方法。第一种方法是[11]停止网络钓鱼电子邮件级别,因为当前大多数网络钓鱼攻击都使用广播电子邮件(垃圾邮件)诱使受害者进行网络钓鱼网站另一种方法[10]是使用安全性工具栏。IE8中的钓鱼过滤器是一个工具栏方法具有更多功能,例如阻止检测到钓鱼网站的用户活动。第三种方法是从视觉上区分来自欺骗合法网站的钓鱼网站。动态安全皮肤[12]建议使用随机生成的可视哈希,用于自定义要指示的浏览器窗口或web窗体元素已成功验证的站点。第四种方法是双因素身份验证,它确保用户不仅知道秘密,而且显示安全令牌。然而,这种做法是一种错误的做法服务器端解决方案。非机密的敏感信息与特定网站相关,如信用卡信息和SSN(社会保险号码),不能为也受到这种方法的保护。许多工业反hishing产品在Web浏览器中使用工具栏,但一些研究人员已经证明,安全工具酒吧无法有效防止网络钓鱼攻击。由Yee等人于2006年创建的Passpet系统,使用指示器,以便用户知道他们处于最佳状态以前信任的网站。因为所有这些提案需要使用复杂的第三方软件目前还不清楚到底有多少用户会从中受益从他们那里。微软最新版本的Internet Explorer支持扩展验证(EV)证书,将URL栏染成绿色和显示公司名称。但是,最近的研究发现,电动汽车证书并不意味着用户较少受到网络钓鱼攻击。
For our implementation we plan to use two publicly available datasets to test: the “phishtank” from the phishtank.com[8] .The PhishTank database records the URL for the suspected website that has been reported, the time of that report, and sometimes further detail such as the screenshots of the website, and is publicly available. The Anti Phishing Working Group (APWG) which maintains a “Phishing Archive” describing phishing attacks. In addition, 27 features are used to train and test the classifiers [7]. We will use a series of short scripts to programmatically extract the above features, and store them in an excel sheet for quick reference. The age of the dataset is the most significant problem, which is particularly relevant with the phishing corpus. E-banking Phishing websites are short-lived, often lasting only in the order of 48 hours. Some of our features can therefore not be extracted from older websites, making our tests difficult. The average phishing site stays live for approximately 2.25 days.
对于我们的实现,我们计划公开使用两个要测试的可用数据集:来自菲什坦克。com[8]。PhishTank数据库记录已删除的可疑网站的URL报告,报告的时间,有时更多详细信息,如网站截图,并且是公开的。反网络钓鱼工作组(APWG)维护描述网络钓鱼的“网络钓鱼档案”攻击。此外,27项功能用于培训和培训测试分类器[7]。我们将使用一系列的短文以编
剩余内容已隐藏,支付完成后下载完整资料
英语原文共 7 页,剩余内容已隐藏,支付完成后下载完整资料
资料编号:[596974],资料为PDF文档或Word文档,PDF文档可免费转换为Word
以上是毕业论文外文翻译,课题毕业论文、任务书、文献综述、开题报告、程序设计、图纸设计等资料可联系客服协助查找。
