恶意邮件检测技术研究

doi:10.3969/j.issn.1671-1122.2018.09.013

信息网络安全 ›› 2018, Vol. 18 ›› Issue (9): 80-85.doi: 10.3969/j.issn.1671-1122.2018.09.013

恶意邮件检测技术研究

张健, 栗文真, 宫良一

天津理工大学计算机科学与工程学院,天津 300384

收稿日期:2018-07-17 出版日期:2018-09-30 发布日期:2020-05-11
作者简介:
作者简介：张健（1968—）,男,天津,正高级工程师,博士,主要研究方向为网络空间安全、恶意代码防治;栗文真（1994—）,女,河北,硕士研究生,主要研究方向为信息安全;宫良一（1987—）,男,山东,讲师,博士,主要研究方向为普适计算、网络与信息安全。
基金资助:
国家重点研发计划[2016YFB0800805];天津市科技服务业科技重大专项[16ZXFWGX00140]

Research on Malicious E-mail Detection Technology

Jian ZHANG, Wenzhen LI, Liangyi GONG

School of Computer Science and Engineering, Tianjin University of Technology, Tianjin 300384, China

Received:2018-07-17 Online:2018-09-30 Published:2020-05-11

摘要/Abstract

摘要：

随着个人隐私信息的大量泄露,攻击者可以通过收集攻击目标的相关信息制作出信息关联度较高的邮件用于传播恶意代码和APT攻击。传统的垃圾邮件检测方法大多依赖于邮件中提取的静态特征,然而对于复杂的、有针对性的新型恶意邮件的检测有很大的局限性。文章深入分析了近年邮件安全威胁的发展变化,发现了日益突出的恶意邮件安全问题,总结了现有的垃圾邮件检测技术,同时指出了恶意邮件检测技术存在的不足并给出了未来研究方向。

关键词: 垃圾邮件, 恶意邮件, 动态行为, 虚拟机自省, 检测

Abstract:

With the large leakage of personal privacy information, attackers can collect relevant information of the attack target, thereby creating an E-mail with high relevance to the recipients’ information to spread malicious code and APT attacks. Most of the traditional spam detection methods rely on the static features extracted from the E-mail, however, this has great limitations for the detection of complex and targeted new types of malicious E-mail. This paper thoroughly analyzed the development and changes of E-mail security threats in recent years, discovered the increasingly prominent issue of malicious E-mail security, then summarized the existing spam E-mail detection technology, and pointed out the inadequacies of malicious E-mail detection and proposed related improvement measures, finally introduced future research directions, and pointed out the inadequacies of malicious E-mail detection and proposed the future research directions.

Key words: spam E-mail, malicious E-mail, dynamic behavior, virtual machine introspection, detection

中图分类号:

TP309

张健, 栗文真, 宫良一. 恶意邮件检测技术研究[J]. 信息网络安全, 2018, 18(9): 80-85.

Jian ZHANG, Wenzhen LI, Liangyi GONG. Research on Malicious E-mail Detection Technology[J]. Netinfo Security, 2018, 18(9): 80-85.

图/表 7

参考文献 13

[1]	PATEL K, DUBEY S K.To Recognize and Analyze Spam Domains from Spam Emails by Data Mining[C]//IEEE. 3rd International Conference on Computing for Sustainable Global Development, March 16-18, 2016, New Delhi, India. New Jersey: IEEE, 2016: 4030-4035.
[2]	HUNT R, CARPINTER J.Current and New Developments in Spam Filtering[C]//IEEE. 14th IEEE International Conference on Networks, September 13-15, 2006, Singapore. New Jersey: IEEE, 2006: 1-6.
[3]	WEST A G, AVIV A J, CHANG Jian, et al.Spam Mitigation Using Spatio-temporal Reputations from Blacklist History[C]//ACM. 26th Annual Computer Security Applications Conference, December 5-9, 2010, Orlando, Florida. New York: ACM, 2010: 161-170.
[4]	MOURA G C M, SPEROTTO A, SADRE R, et al. Evaluating Third-party Bad Neighborhood Blacklists for Spam Detection[C]//IFIP, IEEE. 2013 IFIP/IEEE International Symposium on Integrated Network Management, May 27-31, 2013, Ghent, Belgium. New Jersey: IEEE, 2013: 252-259.
[5]	HIJAWI W, FARIS H, ALQATAWNA J, et al.Improving Email Spam Detection Using Content Based Feature Engineering Approach[C]//IEEE. 2017 IEEE Jordan Conference on Applied Electrical Engineering and Computing Technologies, October 11-13, 2017, Aqaba, Jordan. New Jersey: IEEE, 2017: 1-6.
[6]	PATIL P, RANE R, BHALEKAR M. Detecting Spam and Phishing Mails Using SVM and Obfuscation URL Detection Algorithm[EB/OL]. , 2018-4-11.
[7]	ALAZAB M, LAYTON R, BROADHURST R, et al.Malicious Spam Emails Developments and Authorship Attribution[C]//IEEE. 4th Cybercrime and Trustworthy Computing Workshop, November 21-22, 2013, Sydney NSW, Australia. New Jersey: IEEE, 2014: 58-68.
[8]	SONGKHLA C N, PIROMSOPA K.Statistical Rules for Thai Spam Detection[C]//IEEE. 2nd International Conference on Future Networks, January 22-24, 2010, Sanya, Hainan, China. New Jersey: IEEE, 2010: 238-242.
[9]	GARFINKEL T, Rosenblum M. A Virtual Machine Introspection Based Architecture for Intrusion Detection[EB/OL]. , 2018-4-12.
[10]	ZHANG Jian, GAO Cheng, GONG Liangyi, et al.Research on Virtual Machine Introspection Technology[J]. Netinfo Security, 2017, 17(9): 63-68.
	张健,高铖,宫良一,等. 虚拟机自省技术研究[J]. 信息网络安全,2017,17(9):63-68.
[11]	DINABURG A, ROYAL P, SHARIF M, et al.Ether: Malware Analysis via Hardware Virtualization Extensions[C]//ACM. 15th ACM Conference on Computer and Communications Security, October 27-31, 2008, Alexandria, Virginia, USA. New York: ACM, 2008: 51-62.
[12]	NIU Pengfei, ZHANG Jian, CHANG Qing, et al.Research and Design on Abnormal Behavior Online Detection Platform Based on Xen[J]. Netinfo Security, 2016, 16(9): 139-144.
	牛鹏飞,张健,常青,等. 基于Xen的异常行为在线检测平台研究与设计[J]. 信息网络安全,2016,16(9):139-144.
[13]	BINDU V, THOMAS C.Performance Evaluation of Classifiers for Spam Detection with Benchmark Datasets[C]//IEEE. 2016 International Conference on Data Mining and Advanced Computing, March 16-18, 2016, Ernakulam, India. New Jersey: IEEE, 2016: 17-22.

[1]	王蓉, 马春光, 武朋. 基于联邦学习和卷积神经网络的入侵检测方法[J]. 信息网络安全, 2020, 20(4): 47-54.
[2]	边玲玉, 张琳琳, 赵楷, 石飞. 基于LightGBM的以太坊恶意账户检测方法[J]. 信息网络安全, 2020, 20(4): 73-80.
[3]	赵志岩, 纪小默. 智能化网络安全威胁感知融合模型研究[J]. 信息网络安全, 2020, 20(4): 87-93.
[4]	顾兆军, 任怡彤, 刘春波, 王志. 基于一致性预测算法的内网日志检测模型[J]. 信息网络安全, 2020, 20(3): 45-50.
[5]	罗文华, 许彩滇. 基于改进MajorClust聚类的网络入侵行为检测[J]. 信息网络安全, 2020, 20(2): 14-21.
[6]	吕宗平, 赵春迪, 顾兆军, 周景贤. 基于Stacking模型融合的勒索软件动态检测算法[J]. 信息网络安全, 2020, 20(2): 57-57.
[7]	张浩, 陈龙, 魏志强. 基于数据增强和模型更新的异常流量检测技术[J]. 信息网络安全, 2020, 20(2): 66-74.
[8]	荆涛, 万巍. 面向属性迁移状态的P2P网络行为分析方法研究[J]. 信息网络安全, 2020, 20(1): 16-25.
[9]	李晓冉, 郝蓉, 于佳. 具有数据上传管控的无证书可证明数据持有方案[J]. 信息网络安全, 2020, 20(1): 83-88.
[10]	宋鑫, 赵楷, 张琳琳, 方文波. 基于随机森林的Android恶意软件检测方法研究[J]. 信息网络安全, 2019, 19(9): 1-5.
[11]	康健, 王杰, 李正旭, 张光妲. 物联网中一种基于多种特征提取策略的入侵检测模型[J]. 信息网络安全, 2019, 19(9): 21-25.
[12]	陈里可, 阮树骅, 陈兴蜀, 王海舟. 社交媒体机器人账号智能检测研究[J]. 信息网络安全, 2019, 19(9): 96-100.
[13]	冯文英, 郭晓博, 何原野, 薛聪. 基于前馈神经网络的入侵检测模型[J]. 信息网络安全, 2019, 19(9): 101-105.
[14]	陈良臣, 刘宝旭, 高曙. 网络攻击检测中流量数据抽样技术研究[J]. 信息网络安全, 2019, 19(8): 22-28.
[15]	饶绪黎, 徐彭娜, 陈志德, 许力. 基于不完全信息的深度学习网络入侵检测[J]. 信息网络安全, 2019, 19(6): 53-60.

恶意邮件检测技术研究

Research on Malicious E-mail Detection Technology

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 7

参考文献 13

相关文章 15

编辑推荐

Metrics

本文评价