「魚叉式網路釣魚」(Spear-phishing)以目標式攻擊為主,沒有大規模的受害者,反饋的樣本數量不足,進行分析需要一段時間,此類型攻擊的釣魚網站對於合法網站有高度模仿性,且網站存活時間短暫,當被通報時,該網站已不存在,難以及時偵測。因此,本論文提出一種方法,針對與合法網站幾乎一模一樣,並存在輸入個人資訊行為的釣魚網站進行分析,利用其網頁跳轉(Page Jumping)的行為模式做「即時動態分析」(Time-of-Click Analysis),在使用者從網頁送出個人機敏資訊前,預先找出網路釣魚目標,最終判斷是否為一個釣魚網站。;Phishing is a form of social engineering attack combined with web development techniques. This is one of the important processes on cyber-attacks. Many cyber-attacks start from phishing emails. The early indiscriminate attacks have gradually transformed into "Spear-phishing" in which emails are well-crafted attacks with very specific targets. It’s a highly targeted attack with a small number of mailings. Hackers lock important people and organizations to send emails. The linked text, files, or pictures are included in the email context trick users into clicking phishing websites created by the hackers. To get people to trust the website, the appearance of the website is almost similar to its corresponding legitimate website. It causes users lower the guards and easily give away personal information, such as account numbers, passwords, and bank account information.
"Spear-phishing" is a more targeted form of phishing. There are no mass victims and the sample amount of feedback is not enough. It needs to analyze for quite a while. These type of phishing websites are highly imitative to legitimate websites. Even so, the websites uptime are short, they get blocked to protect users as soon been reported as malicious sites by reporting phishing sites. It is difficult to detect in real time. Therefore, in this paper we propose a method to analyze phishing websites that are almost identical to legitimate websites and have the act of inputting personal information. We use its Page Jumping behavior to achieve "Time-of-Click Analysis". Before sending sensitive information from the webpage, find the final target in advance. Finally, we can determine whether it is a phishing website.
