| DC 欄位 |
值 |
語言 |
| DC.contributor | 資訊管理學系在職專班 | zh_TW |
| DC.creator | 陳俊傑 | zh_TW |
| DC.creator | Chun-Chieh Chen | en_US |
| dc.date.accessioned | 2021-7-27T07:39:07Z | |
| dc.date.available | 2021-7-27T07:39:07Z | |
| dc.date.issued | 2021 | |
| dc.identifier.uri | http://ir.lib.ncu.edu.tw:88/thesis/view_etd.asp?URN=108453025 | |
| dc.contributor.department | 資訊管理學系在職專班 | zh_TW |
| DC.description | 國立中央大學 | zh_TW |
| DC.description | National Central University | en_US |
| dc.description.abstract | 電子郵件已是現今企業用以進行商業交易資訊的主要溝通管道,惟惡意電子郵件的攻擊行為層出不窮,影響資訊安全已是企業不容忽視的重要議題,選擇導入電子郵件安全閘道產品。透過IP信譽資料可更有效地強化郵件判斷之效率,綜觀市面上已有的電子郵件閘道產品中,許多產品均採用郵件IP信譽做為攔阻功能,但關於各間廠商的郵件IP信譽資料,主要依據各間產品的不同存所差異,且皆屬於各自獨有的信譽資料。惡意郵件對於公司營運角度而言實屬莫大風險,尤其是零時差的攻擊行為(Zero Day Attack)及BEC郵件詐騙氾濫,皆可能因一封郵件造成公司龐大的損失,故能否有效阻擋惡意郵件進入公司,已是現今每一位資訊系統管理人員應重視的議題。
本研究係透過新增兩種輔助功能作為協助資訊系統管理人員處理異常郵件。第一種功能為透過外部第三方信譽資料,搭配自行開發程式進行比對,以郵件IP 信譽資料判斷是否有疑似誤攔阻或漏攔阻的郵件;第二種功能為透過合法郵件資訊累積產出白名單,透過自行開發程式並搭配人工比對以查核與過濾,藉此輔助資訊系統管理人員進行分析,解決因AI判斷分數異常情形導致郵件誤攔阻的狀況發生。本研究案例透過兩種輔助功能的比對,第一種功能為比對外部即時阻擋清單(RBL),並在疑似漏攔阻的部分,透過實驗階段的資料總計17,151筆連線紀錄,有效找出43筆異常的連線紀錄,再透過人工比對找出一筆惡意郵件。而在第二種功能則透過合法郵件的資訊所自建之白名單資料庫,透過8,531筆的資料比對,均能有效找出攔阻資料,共計53筆。 | zh_TW |
| dc.description.abstract | Nowadays E-mail is an effective and a type of mainly communication channel using in the company, many cyberattacks were taken place and most of attacks are from malicious E-mail. Therefore, every company should pay attention to Information Security issue and most of company has implemented the product of E-mail Security Gateway. Using IP Reputation data to determine the E-mail could be more effectiveness. There are various of products for E-mail Security Gateway in the market and most of them can block the malicious E-mail by filtering IP Reputation data. But each vendor has their own IP Reputation data and it exists difference among various products. The point of view from the business, Malicious E-mail can bring the high risk to company, especially for Zero Day Attack and Business E-mail Compromise (BEC), company would suffer huge loss due to an E-mail. Thus, how to use an effective way to block the Malicious E-mail in the company is the important issue that each Information System Administrator should know.
This study adds two stages of accessibility function to support Administrator to deal with abnormal E-mails. The first stage is using IP Reputation data from external third party and collaborate the self-developed program to determine if there are any misjudged or missed E-mails. The second stage is to generate a whitelist through legal E-mails and collaborate the self-developed program and manual check to determine the abnormal E-mails. Administrators can analyze through accessibility to avoid the situation of misjudged or missed E-mails happening again due to the incorrect judgement by AI. In this study, the first stage was check external Real-Time Black List (RBL) and found 43 missed E-mails out of 17,151 connection logs, and found a Malicious E-mail out of 43 logs by manual at the end. The second stage was using whitelist database by self-configuration which were sourced from legal data, and found 53 misjudged E-mails out of 8,531 connection logs. | en_US |
| DC.subject | 即時阻擋清單 | zh_TW |
| DC.subject | IP信譽 | zh_TW |
| DC.subject | 郵件傳送紀錄 | zh_TW |
| DC.subject | 惡意郵件 | zh_TW |
| DC.subject | RBL(Real-Time Block List) | en_US |
| DC.subject | IP Reputation | en_US |
| DC.subject | MTA Log | en_US |
| DC.subject | Malicious E-mail | en_US |
| DC.title | 郵件防護系統新增輔助分析功能之設計與實現 | zh_TW |
| dc.language.iso | zh-TW | zh-TW |
| DC.title | Design and Implementation of Auxiliary Analysis Function For E-Mail Protection System | en_US |
| DC.type | 博碩士論文 | zh_TW |
| DC.type | thesis | en_US |
| DC.publisher | National Central University | en_US |