Research On Information Security Technology For Financial Computerization

With the rapid development of computer technology and Internet technology, financial computerization has brought unprecedented opportunities of development for financial industry, while meeting great challenges of information security problems including illegal external links, phishing, etc.The contributions of this dissertation are on information security technology for financial computerization, mainly including the technology for illegal external link detection and anti-phishing technology. The major details and findings are as follows:In this dissertation, we propose the pseudo-route based method for illegal external link detection. The method overcomes some shortcomings of existing technologies, such as:poor concealment, need to forging the source address of detecting packets, need to deploy detecting servers in internet, the routing configurations of public networks affecting the detecting accuracy. We also present the design and implementation of illegal external link detection system and propose several approaches to improve accuracy rate. The experiment shows that the accuracy rate of the result is approximately 100%.We propose several DNS based anti-phishing approaches to protect trading account from being stolen by phishing site. These approaches can protect online bank account, email account, and common trading account from being stolen and can effectively defend the Pharming attacks, which overcome some shortcomings of existing technologies, such as:low accuracy rate, high computation complexity, and poor timeliness. We also present the design and implementation of anti-phishing system and propose several approaches to improve performance.We extend the Incident Object Description Exchange Format (IODEF) and propose the Phishing Incident Description Exchange Format, which can be applied to phishing incident emergency response and automated management of phishing blacklist. This approach may contribute to the automatic phishing incident exchange and improve the efficiency of emergency response and blacklist management.