姓名 |
陳俊傑(Chun-Chieh Chen)
查詢紙本館藏 |
畢業系所 |
資訊管理學系在職專班 |
論文名稱 |
郵件防護系統新增輔助分析功能之設計與實現 (Design and Implementation of Auxiliary Analysis Function For E-Mail Protection System)
|
相關論文 | |
檔案 |
[Endnote RIS 格式]
[Bibtex 格式]
[相關文章] [文章引用] [完整記錄] [館藏目錄] 至系統瀏覽論文 (2026-7-31以後開放)
|
摘要(中) |
電子郵件已是現今企業用以進行商業交易資訊的主要溝通管道,惟惡意電子郵件的攻擊行為層出不窮,影響資訊安全已是企業不容忽視的重要議題,選擇導入電子郵件安全閘道產品。透過IP信譽資料可更有效地強化郵件判斷之效率,綜觀市面上已有的電子郵件閘道產品中,許多產品均採用郵件IP信譽做為攔阻功能,但關於各間廠商的郵件IP信譽資料,主要依據各間產品的不同存所差異,且皆屬於各自獨有的信譽資料。惡意郵件對於公司營運角度而言實屬莫大風險,尤其是零時差的攻擊行為(Zero Day Attack)及BEC郵件詐騙氾濫,皆可能因一封郵件造成公司龐大的損失,故能否有效阻擋惡意郵件進入公司,已是現今每一位資訊系統管理人員應重視的議題。
本研究係透過新增兩種輔助功能作為協助資訊系統管理人員處理異常郵件。第一種功能為透過外部第三方信譽資料,搭配自行開發程式進行比對,以郵件IP 信譽資料判斷是否有疑似誤攔阻或漏攔阻的郵件;第二種功能為透過合法郵件資訊累積產出白名單,透過自行開發程式並搭配人工比對以查核與過濾,藉此輔助資訊系統管理人員進行分析,解決因AI判斷分數異常情形導致郵件誤攔阻的狀況發生。本研究案例透過兩種輔助功能的比對,第一種功能為比對外部即時阻擋清單(RBL),並在疑似漏攔阻的部分,透過實驗階段的資料總計17,151筆連線紀錄,有效找出43筆異常的連線紀錄,再透過人工比對找出一筆惡意郵件。而在第二種功能則透過合法郵件的資訊所自建之白名單資料庫,透過8,531筆的資料比對,均能有效找出攔阻資料,共計53筆。 |
摘要(英) |
Nowadays E-mail is an effective and a type of mainly communication channel using in the company, many cyberattacks were taken place and most of attacks are from malicious E-mail. Therefore, every company should pay attention to Information Security issue and most of company has implemented the product of E-mail Security Gateway. Using IP Reputation data to determine the E-mail could be more effectiveness. There are various of products for E-mail Security Gateway in the market and most of them can block the malicious E-mail by filtering IP Reputation data. But each vendor has their own IP Reputation data and it exists difference among various products. The point of view from the business, Malicious E-mail can bring the high risk to company, especially for Zero Day Attack and Business E-mail Compromise (BEC), company would suffer huge loss due to an E-mail. Thus, how to use an effective way to block the Malicious E-mail in the company is the important issue that each Information System Administrator should know.
This study adds two stages of accessibility function to support Administrator to deal with abnormal E-mails. The first stage is using IP Reputation data from external third party and collaborate the self-developed program to determine if there are any misjudged or missed E-mails. The second stage is to generate a whitelist through legal E-mails and collaborate the self-developed program and manual check to determine the abnormal E-mails. Administrators can analyze through accessibility to avoid the situation of misjudged or missed E-mails happening again due to the incorrect judgement by AI. In this study, the first stage was check external Real-Time Black List (RBL) and found 43 missed E-mails out of 17,151 connection logs, and found a Malicious E-mail out of 43 logs by manual at the end. The second stage was using whitelist database by self-configuration which were sourced from legal data, and found 53 misjudged E-mails out of 8,531 connection logs. |
關鍵字(中) |
★ 即時阻擋清單 ★ IP信譽 ★ 郵件傳送紀錄 ★ 惡意郵件 |
關鍵字(英) |
★ RBL(Real-Time Block List) ★ IP Reputation ★ MTA Log ★ Malicious E-mail |
論文目次 |
目錄
論文摘要 I
ABSTRACT II
致謝 III
目錄 IV
表目錄 V
圖目錄 VI
第一章 緒論 1
1.1 研究背景 1
1.2 研究動機與問題 4
1.3 研究目的 6
1.4 論文架構 7
第二章 文獻探討 8
2.1 郵件資訊概念 8
2.2 IP信譽介紹 11
第三章 研究方法 13
3.1 系統架構設計 13
3.2 資料說明 14
3.3 RBL CHECK 15
3.4 DB FILTER CHECK 17
第四章 系統實作與討論 19
4.1 開發環境說明 19
4.2 系統設計說明 20
4.3 系統實證結果 28
第五章 研究結果 37
5.1 研究結果 37
5.2 研究限制 37
5.3 未來方向 38
參考文獻 39 |
參考文獻 |
[01] Forrest:2021-Q2 Forrest Wave E-mail Security Report。2021年5月6日,取自
https://www.forrester.com/report/The+Forrester+Wave+Enterprise+E-mail+Security+Q2+2021/-/E-RES157497 (Retrieved on: 2021/05/11)
[02] Proofpoint:Proofpoint E-mail Security。取自:https://www.proofpoint.com/us/products/E-mail-security-and-protection
(Retrieved on: 2021/05/01)
[03] 中華數位:SPAM SQR 全方位郵件過濾平台介紹。取自: https://www.softnext-inc.com/pdt_SPAM.html (Retrieved on: 2021/04/15)
[04] Sophos E-mail Security介紹。取自: https://www.sophos.com/en-us/products/sophos-E-mail.aspx (Retrieved on: 2021/04/15)
[05] Openfind Mail Gates介紹。取自 https://www.openfind.com.tw/taiwan/products/dl/mailgates/MailGates_FAQ.pdf (Retrieved on: 2021/04/15)
[06] TrendMicro ERS介紹,取自: https://success.trendmicro.com/tw/solution/1097055 (Retrieved on: 2021/04/15)
[07] Holly Esquivel,Aditya Akella,(2010) On the Effectiveness of IP Reputation for Spam Filtering, DOI: 10.1109/COMSNETS.2010.5431981
[08] Coalition:今年上半年資安風險有41%的索賠源自於勒索軟體。取自 :
https://info.coalitioninc.com/rs/566-KWJ-784/images/DLC-2020-09-Coalition-Cyber-Insurance-Claims-Report-2020.pdf (Retrieved on: 2021/04/13)
[09] 電子豹:被誤判為垃圾郵件的三大因素。2020年8月12日,取自:https://blog.newsleopard.com/ (Retrieved on: 2021/05/1)
[10] IT Home:美國2020年網路犯罪報告。2021年03月18日,取自:
https://www.ithome.com.tw/news/143302 (Retrieved on: 2021/04/15)
[11] IT Home:難以根除的傀儡網路 - Emotet採用多層次網路架構,垃圾郵件是主要散播管道。2021年3月11日,取自:https://www.ithome.com.tw/news/143061
(Retrieved on: 2021/04/15)
[12] 網管人:趁疫情偷襲資安弱點,BEC攻擊大舉坑殺企業。2020年11月13日,取自:https://www.netadmin.com.tw/netadmin/zhtw/trend/94821DFE33F74195B3544D3CAE4EB31F (Retrieved on:2021/04/15)
[13] Openfind 網擎資訊:2020 年前五名垃圾信來源:中國、美國、俄羅斯、巴西、台灣2020年10月13日。取自: https://opm.twnic.tw/34th/upload/8-2.pdf
(Retrieved on: 2021/04/15)
[14] IT Home :美國電信商Verizon資料外洩調查報告,透過郵件傳播惡意軟體的比例竟高達93.8%。2020年 取自: https://www.ithome.com.tw/news/120507
(Retrieved on: 2021/04/15)
[15] IT Home:Google 2017Q1 顯示企業信箱收到的網路釣魚信數量是個人信箱的6.2倍。2018年1月21日,取自:https://www.ithome.com.tw/news/120507
(Retrieved on: 2021/04/15)
[16] 大鈞科技:Proofpoint MLX技術。取自:https://www.ta-chun.com/proofpoint/ (Retrieved on: 2021/04/15)
[17] Tech-Orange:機器學習有 5 種偏差,會讓你的 AI 做出錯誤決策。2021年2月25日,取自:https://buzzorange.com/techorange/2021/02/25/5-machine-learning-bias/ (Retrieved on: 2021/04/15)
[18] SMTP協定,取自: https://www.ietf.org/rfc/rfc2821.txt (Retrieved on: 2021/04/15)
[19] Internet Message Format ,取自:https://datatracker.ietf.org/doc/html/rfc5322 (Retrieved on: 2021/05/01)
[20] IP信譽評等介紹,取自:https://blog.trendmicro.com/trendlabs-security-intelligence/ip-reputation-and-spam-prevention-working-with-E-mail-providers/
(Retrieved on: 2021/05/01)
[21] RBL (Real-time Black List):Openfind RBL介紹,取自:https://www.openfind.com.tw/taiwan/markettrend_detail.php?news_id=6731
(Retrieved on: 2021/05/01)
[22] Proofpoint SPAM detection。取自:https://proofpointcommunities.force.com/ community/s/article/Spam-Detection (Retrieved on: 2021/04/15)
[23] DNSBL:取自:https://www.dnsbl.info/ (Retrieved on: 2021/05/01)
[24] Jared Lee Lewis, Geanina F. Tambaliuc, Husnu S. Narman, and Wook-Sung Yoo(2020) IP Reputation Analysis of Public Databases and Machine Learning Techniques, DOI: 10.1109/ICNC47757.2020.9049760
[25] Arya Renjan , Karuna Pande Joshiy, Sandeep Nair Narayanan and Anupam Joshi (2018) DAbR:Dynamic Attribute-based Reputation scoring for Malicious IP Address Detection, DOI: 10.1109/ISI.2018.8587342
[26] 莊政堯,以IP信譽值提升Mezzanine網站安全。朝陽科技大學,資訊管理系,碩士論文,民國105年http://ir.lib.cyut.edu.tw:8080/bitstream/310901800/32976/1/104CYUT0396024-001.pdf
[27] Jernej Porenta, Mojca Ciglariˇc, (2011), Empirical comparison of IP reputation databases DOI: 10.1145/2030376.2030402
[28]呂英傑 (2007),基於全球IP信譽系統的垃圾郵件過濾技術研究。碩士論文,哈爾濱工業大學。https://wap.cnki.net/touch/web/Dissertation/Article/10213-2008194612.html (Retrieved on: 2021/05/15)
[29] Alienvault RBL Database 。取自:https://www.alienvault.com
(Retrieved on:2021/03/15)
[30] RBL Database:Myip.ms 。取自:https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time (Retrieved on: 2021/03/15)
[31] RBL Database: IPSUM Project,取自: https://github.com/stamparm/ipsum
(Retrieved on: 2021/03/15)
[32] GitHub: https://zh.wikipedia.org/wiki/GitHub (Retrieved on: 2021/04/15) |
指導教授 |
陳奕明(Yi-Ming Chen)
|
審核日期 |
2021-7-27 |
推文 |
facebook plurk twitter funp google live udn HD myshare reddit netvibes friend youpush delicious baidu
|
網路書籤 |
Google bookmarks del.icio.us hemidemi myshare
|