請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/71030
完整後設資料紀錄
DC 欄位 | 值 | 語言 |
---|---|---|
dc.contributor.advisor | 蕭旭君(Hsu-Chun Hsiao) | |
dc.contributor.author | Chih-Chun Liu | en |
dc.contributor.author | 劉祉君 | zh_TW |
dc.date.accessioned | 2021-06-17T04:49:19Z | - |
dc.date.available | 2021-01-01 | |
dc.date.copyright | 2018-08-14 | |
dc.date.issued | 2018 | |
dc.date.submitted | 2018-07-31 | |
dc.identifier.citation | [1] Amazon web services. https://aws.amazon.com/.
[2] Can you trust your browser extensions? exploring an ad-injecting chrome extension. https://www.hanselman.com/blog/CanYouTrustYourBrowserExtensionsExploringAnAdinjectingChromeExtension.aspx. [3] Comcast still uses mitm javascript injection to serve unwanted ads and messages. https://www.privateinternetaccess.com/blog/2016/12/comcast-still-uses-mitm-javascript-injection-serve-unwanted-ads-messages. [4] Cross-origin resource sharing. https://www.w3.org/TR/cors/. [5] Google. https://www.google.com/. [6] Isp advertisement injection - cma communications. https://zmhenkel.blogspot.tw/2013/03/isp-advertisement-injection-cma.html. [7] Javascript ddos attack peaks at 275,000 requests-per-second. https://threatpost.com/javascript-ddos-attack-peaks-at-275000-requests-per-second/114828/. [8] Majestic million. https://majestic.com/reports/majestic-million. [9] Mitmproxy. https://mitmproxy.org/. [10] Mobile ad networks as ddos vectors: A case study. https://blog.cloudflare.com/mobile-ad-networks-as-ddos-vectors/. [11] No boundaries: Exfiltration of personal data by session-replay scripts. https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/. [12] Same-origin policy. https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy. [13] Subresource integrity. https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity. [14] Telkom indonesia secretly injects advertisements. https://medium.com/@grumpyuser/telkom-indonesia-secretly-injects-advertisements-a3bf10b447ee. [15] The walt disney company. http://go.com/. [16] Wikipedia. https://www.wikipedia.org/. [17] Yahoo. https://www.yahoo.com/. [18] A. Agrawall, K. Chaitanya, A. K. Agrawal, and V. Choppella. Mitigating browserbased ddos attacks using corp. Proceedings of the 10th Innovations in Software Engineering Conference, pages 137–146, 2017. [19] B. H. Bloom. Space/time trade-offs in hash coding with allowable errors. Communications of the ACM, 13(7):422–426, 1970. [20] M. Cova, C. Kruegel, and G. Vigna. Detection and analysis of drive-by-download attacks and malicious javascript code. pages 281–290, 2010. [21] L. Fan, P. Cao, J. Almeida, and A. Z. Broder. Summary cache: a scalable wide-area web cache sharing protocol. IEEE/ACM transactions on networking, 8(3):281–293, 2000. [22] J. Grossman and M. Johansen. Million browser botnet. Black Hat USA, 2013. [23] L.-S. Huang, Z. Weinberg, C. Evans, and C. Jackson. Protecting browsers from cross-origin css attacks. pages 619–629, 2010. [24] A. Levy, H. Corrigan-Gibbs, and D. Boneh. Stickler: Defending against malicious content distribution networks in an unmodified browser. IEEE Security & Privacy, 14(2):22–28, 2016. [25] B. Marczak, N. Weaver, J. Dalek, R. Ensafi, D. Fifield, S. McKune, A. Rey, J. Scott-Railton, R. Deibert, and V. Paxson. China’s great cannon. Citizen Lab, 10, 2015. [26] G. Pellegrino, C. Rossow, F. J. Ryba, T. C. Schmidt, and M. Wählisch. Cashing out the great cannon? on browser-based ddos attacks and economics. 2015. [27] K. Thomas, E. Bursztein, C. Grier, G. Ho, N. Jagpal, A. Kapravelos, D. McCoy, A. Nappa, V. Paxson, P. Pearce, et al. Ad injection at scale: Assessing deceptive advertisement modifications. pages 151–167, 2015. | |
dc.identifier.uri | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/71030 | - |
dc.description.abstract | 本論文針對基於JavaScript的網路攻擊型態,提出利用網頁特徵之偵測系統。此類攻擊型態利用中間人竄改JavaScript程式碼,透過該程式碼攻擊者可以利用無辜使用者的瀏覽器發起分散式阻斷服務攻擊。除了利用瀏覽器的分散式阻斷服務攻擊外,中間人也可透過植入惡意JavaScript來插入廣告。然而針對此類攻擊之現行偵測方法仍有部分限制例如難以大規模部署或是難以有效設定阻擋規則,故本研究提出一套透過網頁特徵且不需要網頁端協同運作的偵測系統。本研究利用網頁特徵分辨正常流量與攻擊連線,我們將瀏覽器發出之連線請求視為防禦此類攻擊的特徵,並針對大量網站進行特徵擷取分析實驗,同時完成雛形系統開發。經模擬環境實驗證明透過網頁特徵系統,能成功阻擋96.98%的此種網路攻擊。 | zh_TW |
dc.description.abstract | This thesis presents the design and implementation of a system that uses website fingerprint to detect JavaScript-based cyber attacks. We consider a man-in-the-middle attacker who tries to tamper with JavaScript and leverages innocent users to trigger browser-based DDoS attack by the malicious code they have injected. Additionally, attackers also can inject advertisements by tampering with JavaScript. Current research on mitigating this type of attacks suffers from practical limitations, such as lack of deployment incentives and difficulty to configure policies. In this thesis, we presents a website fingerprint system to detect JavaScript-based cyber attacks. This system can be deployed without server-side cooperation and do not need to set any policy. This fingerprint system detects abnormal traffic by distinguishing the differences between fingerprints. A fingerprint of a website is defined by its dependency on external resources, such as the set of external domains loaded by this website. Our experiments proved that the website fingerprint system can detect 96.98% JavaScript-based cyber attacks in our simulation environment. | en |
dc.description.provenance | Made available in DSpace on 2021-06-17T04:49:19Z (GMT). No. of bitstreams: 1 ntu-107-P05922001-1.pdf: 1029557 bytes, checksum: 2703b244ad10979d3cd216571f7bc768 (MD5) Previous issue date: 2018 | en |
dc.description.tableofcontents | 口試委員會審定書 i
誌謝 iii Acknowledgements v 摘要 vii Abstract ix 1 Introduction 1 2 Attacker Model 5 2.1 Browser-based DDoS 5 2.2 Mobile App Served Ad Networks as DDoS Vectors 8 2.3 Advertisements Injection by ISP or Browser Extensions 8 2.4 Summary 9 3 System Architecture 11 3.1 System Overview 11 3.2 Data Collection Phase 12 3.2.1 Fingerprints Collection 13 3.2.2 Fingerprint Management 15 3.2.3 Fingerprint Extraction 15 3.2.4 Bloom Filters and Counting Bloom Filters 17 3.2.5 Fingerprint Extraction by Different Methods 19 3.2.6 Websites Classification and Methods Selection 21 3.3 Detection Phase 22 4 Experimentation 25 4.1 Parameter Selection 25 4.2 Data collection phase 27 4.3 Detection Phase 29 4.3.1 Attack Simulation I - Ad Injection Detection 29 4.3.2 Attack Simulation II - Browser-based DDoS Detection 29 4.4 Performance Evaluation 30 4.5 Privacy Concern 32 5 Related Work 33 5.1 Same-Origin Policy (SOP) [12] 33 5.2 Cross-Origin Resource Sharing (CORS) [4] 33 5.3 Subresource Integrity (SRI) [13] 34 5.4 Cross Origin Request Policy (CORP) [18] 34 5.5 Defending Against Malicious CDNs in an Unmodified Browser [24] 35 6 Discussion 37 6.1 Comparison 37 6.2 Limitations 37 6.3 Challenge 38 7 Conclusion and Future Work 41 Bibliography 43 | |
dc.language.iso | en | |
dc.title | 利用網站特徵偵測基於JavaScript之網路攻擊 | zh_TW |
dc.title | Detecting JavaScript-based Cyber Attack Using Website Fingerprint | en |
dc.type | Thesis | |
dc.date.schoolyear | 106-2 | |
dc.description.degree | 碩士 | |
dc.contributor.oralexamcommittee | 黃世昆(Shih-Kun Huang),許富皓(Fu-Hau Hsu) | |
dc.subject.keyword | 基於瀏覽器分散式阻斷服務攻擊,分散式阻斷服務攻擊,廣告植入,網站特徵,布隆過濾器, | zh_TW |
dc.subject.keyword | browser-based DDoS,DDoS,ad-injection,website fingerprint,Bloom filter, | en |
dc.relation.page | 45 | |
dc.identifier.doi | 10.6342/NTU201801502 | |
dc.rights.note | 有償授權 | |
dc.date.accepted | 2018-07-31 | |
dc.contributor.author-college | 電機資訊學院 | zh_TW |
dc.contributor.author-dept | 資訊工程學研究所 | zh_TW |
顯示於系所單位: | 資訊工程學系 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-107-1.pdf 目前未授權公開取用 | 1.01 MB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。