一種用於釣魚網站驗證與偵測之方法

Abstract

在本文中，我們提出一個名為Phishbox的方法，能有效收集釣魚網站資料，並產生用於釣魚驗證與偵測之模型。提出的方法將釣魚網站的收集、驗證與偵測整合成一個工具，可以即時監控PhishTank黑名單上的釣魚網站。由於釣魚網站的生命週期較短，我們提出了兩階段的偵測模型來確保偵測效能。首先，我們設計一個組合式模型來驗證釣魚網站，並應用主動學習降低人工標籤的成本，結果顯示，我們的組合式驗證模型擁有良好的效能，可以達到95%的準確度和3.9%的假陽性率。接著，驗證後的釣魚網站將用於訓練偵測模型。與原始數據相比，釣魚偵測的假陽性率平均下降了43.7%。實際參與PhishTank上的驗證投票，結果顯示兩階段的偵測模型能有效地驗證釣魚網站。最後，我們發現黑名單之中包含大量無效資料。比起PhishTank的定期更新機制，我們的偵測器在一周後能移除約五倍以上的無效網站。

In this thesis, we propose an approach, called PhishBox, to effectively collect phishing data and generate models for phishing validation and detection. The proposed approach integrates the phishing websites collection, validation and detection into an on-line tool, which can monitor the blacklist of PhishTank and validate and detect phishing websites in real-time. Due to the short life time of phishing websites, the proposed approach uses a two-stage detection model to ensure the performance. First, we design an ensemble model to validate the phishing data and apply active learning for reducing the cost of manual labeling. The result shows that our ensemble validation model can achieve high performance with 95% accuracy and 3.9% false-positive rate. Next, the validated phishing data will be used to train a detection model. Comparing with the original dataset, the false-positive rate of phishing detection is dropped by 43.7% in average. After participating the voting procedure on PhishTank, the result shows that our two-stage model is effective to verify phishing websites. Finally, we monitor the blacklist and found that the blacklist contains lots of invalid data. According to our experiment, we can remove about five times more than regularly update after one week.