期刊文献+

基于多维度分析的APT邮件攻击检测 被引量:2

APT e-mail attack detection based on multi-dimensional analysis
下载PDF
导出
摘要 电子邮件是APT攻击中常用的攻击载体,本文针对APT邮件攻击提出了一种基于多维度分析的APT邮件攻击检测方法。首先,提取邮件头部和邮件正文信息,邮件附件文件还原;其次,分别通过邮件头部、邮件正文、情报检测、文件内容深度检测、邮件异常行为检测和邮件站点自学习等多维度进行分析;最后,基于分析结果将邮件归类为普通邮件和可疑APT攻击特征的邮件。本文提出的方案,首先是基于规则特征的威胁邮件检测,然后融入情报检测和文件内容的深度检测,接着从邮件异常行为开始分析,最后进行客户业务自学习,可以有效提高APT邮件攻击的检测准确率,为APT邮件攻击检测提供一种良好的检测方案。 E-mail is a commonly used attack vector in APT attacks.This article proposes an APT e-mail attack detection method based on multi-dimensional analysis for APT e-mail attacks.First,the mail header,body information and file attachments are parsed and extracted.Then,the mail header,mail body,intelligence detection,file content depth detection,and mail multi-dimensional analysis of abnormal behavior detection and self-learning of the mail site;fi nally,based on the analysis results,the mail is classifi ed as ordinary mail and mail with APT attack characteristics.The solution proposed in this paper fi rstly detects threats based on rule characteristics,then integrates intelligence detection and in-depth detection of fi le content,then analyzes abnormal e-mail behavior,and fi nally conducts customer business self-learning,which can effectively improve the APT e-mail attack.The detection accuracy rate provides a good detection scheme for APT mail attack detection.
作者 高泽芳 胡娜 文成江 王岱辉 GAO Ze-fang;HU Na;WEN Cheng-jiang;WANG Dai-hui(China Mobile Group Device Co.,Ltd.,Beijing 100053,China)
出处 《电信工程技术与标准化》 2020年第12期48-53,共6页 Telecom Engineering Technics and Standardization
关键词 APT攻击 邮件 网页链接 威胁情报 深度检测 异常行为 APT attack e-mail link threat intelligence deep inspection anomalous behaviors
  • 相关文献

参考文献2

二级参考文献31

  • 1Anti-Phishing Working Group [EB/OL]. http://www.antiphishing. org, 2008-01/2011-12-15.
  • 2PhishTank [EB/OL]. http://www.phishtank.com, 2011-04/2011-12-15.
  • 3Engin Kirda, Christopher Kruegel. Protecting Users against Phishing Attacks[J]. The Computer Journal, 2006, 49(05):554-561.
  • 4Ian Fette, Norman Sadeh, Anthony Tomasic. Learning to Detect Phishing Emails[C]. In Proc. of the WWW 2007, Alberta, Canada, May 8-12, 2007: 649-656.
  • 5Chenfeng Vincent Zhou, Christopher Leckie, Shanika Karunasekera. Collaborative Detection of Fast Flux Phishing Domains[J]. Journal of Networks, 2009, 4(01):75-84.
  • 6D. Kevin McGrath, Minaxi Gupta. Behind Phishing: An Examination of Phisher Modi Operandi[C]. In Proc. of the 1st Usenix Workshop on Large- Scale Exploits and Emergent Threats, California USA, April 15 2008:1-8.
  • 7Tyler Moore, Richard Clayton. The Impact of Incentives on Notice and Take-down[C]. In Proc. of the 7th Workshop on the Economics of Information Security, New Hampshire USA, June 25-28 2007: 1-24.
  • 8Christian Ludl, Sean McAUister, Engin Kirda,et al.. On the Effectiveness of Techniques to Detect Phishing Sites[C]. In Proc. of the 4th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Lucerne Switzerland, July 12-13 2007:20-39.
  • 9Steve Sheng, Brad Wardman, Gary Warner, et al.. An Empirical Analysis of Phishing Blacklists[C]. In Proc. of the sixth Conference on Email and Anti-Spare, California USA, July 16-17 2009.
  • 10Pawan Prakash, Manish Kumar, Ramana Rao Kompella, et al.. PhishNet: Predictive Blacklisting to Detect Phishing Attacks[C]. In Proc. of the IEEE INFOCOM, San Diego Canada, March 14-19 201011-5.

共引文献47

同被引文献12

引证文献2

二级引证文献5

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部