| Phishing attacks, as a typical online fraud and criminal activities, having become increasingly rampant with the expansion and prosperous of the Internet related e-commerce trading platforms, gave rise to increasing economic losses. The current phishing defense programs, mostly achieved through specific applications and designated filtering technology to the terminal, have greater limitations to its application. In most cases, phishing achieved through DNS and the losses were also caused during the use of network applied services based on DNS. Therefore, DNS is the front line of phishing defense. The biggest advantage to develop anti-phishing and other security applications on the DNS is the full coverage to all network users and applications.This paper focused on the defense program and detective algorithm of phishing, the main work and achievements are as follows:1. Proposed a method based on the support vector machine (SVM) active learning algorithm for phishing detection. Through timely detection judgement on the URL collected by DNS, it can provide a black list of phishing Web URL for anti-phishing modules. In this algorithm, it also proposed to classify the detection by combining the comprehensive sensitive features of URL and Web page content so as to ensure the defection's application scope and efficiency. Experimental results show that the algorithm has achieved high detection accuracy and efficiency.in the classified detection on the small sample set.2. Established the phishing protective system based on the DNS. Through comprehensive analysis on the current Phishing defense programms, we summarized the strengths and weaknesses of the current defense programs. Integrated with the reseach of DNS security application, we designed and achieved a DNS anti-phishing system consisting of a filter sytem and a URL detection system based on the computing platform . 3. Developed an anti-phishing module for Bind server. By analyzing themost widely used DNS server software - source code of ISC Bind, we developed anti-phishing modules for Bind server, and other appropriate system modules, including data integration, transparent proxy, Web management etc.. The system-running-experiments results show that the system can provide users with timely and effective protection against phishing attacks, with minimal impact on the DNS server performance, to achieve compatibility with existing BIND-based server configuration, which is also easy for management and maintenance.Finally, made a summary of the full text of the work, and discussed the prospects for further work. |
PDF Full Text Request