[1]金建栋,杨加,周昌令,等.勒索欺诈邮件僵尸网络的检测与分析[J].深圳大学学报理工版,2020,37(增刊1):78-83.[doi:10.3724/SP.J.1249.2020.99078]
 JIN Jiandong,YANG Jia,ZHOU Changling,et al.Network forensics analysis on email scam botnet[J].Journal of Shenzhen University Science and Engineering,2020,37(增刊1):78-83.[doi:10.3724/SP.J.1249.2020.99078]
点击复制

勒索欺诈邮件僵尸网络的检测与分析()
分享到:

《深圳大学学报理工版》[ISSN:1000-2618/CN:44-1401/N]

卷:
第37卷
期数:
2020年增刊1
页码:
78-83
栏目:
网络空间安全
出版日期:
2020-11-20

文章信息/Info

Title:
Network forensics analysis on email scam botnet
文章编号:
202099015
作者:
金建栋杨加周昌令李笑难马皓
北京大学计算中心,北京 100871
Author(s):
JIN Jiandong YANG Jia ZHOU Changling LI Xiaonan and MA Hao
Computer Center, Peking University, Beijing 100871, P.R.China
关键词:
网络安全勒索邮件欺诈邮件僵尸网络网络取证
Keywords:
cyber security extortion scam email fraudulent mail botnet network forensic
分类号:
TN915.08
DOI:
10.3724/SP.J.1249.2020.99078
文献标志码:
A
摘要:
利用僵尸网络发送垃圾邮件是网络黑产领域常见的攻击手段,近年来随着区块链技术的广泛应用,借助数字货币实现匿名转账的新型勒索邮件攻击也逐渐兴起,给网络空间安全带来极大威胁.本研究以北京大学邮件系统为研究对象,设计了一套面向勒索欺诈邮件僵尸网络的分析框架,基于知识抽取实现勒索欺诈邮件的检测,采用预训练模型对邮件发送僵尸网络进行聚类分析,进一步探索攻击者利用加密货币的洗钱网络.在真实数据集上的实验结果表明,相比经典的邮件过滤模型,该框架可有效检测新型勒索欺诈邮件,抽取文本中的结构化语义信息,为勒索欺诈邮件等网络攻击行为的取证、溯源提供了思路.
Abstract:
Using botnet to send spam is a common attack method of cyber blackmailers and extortionist. In recent years, with the widespread application of blockchain, a new type of extortion scam spam using bitcoin to achieve anonymous transfer have gradually emerged, which poses a great threat to cyber security. This paper aims to a university email system for spam botnet detection. We design a network forensics framework, which can identify extortion scam email and spam-sending botnet. Furthermore, this framework can also analyze the bitcoin money laundering network used by attacker. Experiment on real-world datasets shows that compared to some classic spam filtering models, our method has a higher recall rate on extortion scam email, while provides further analysis on botnet cluster and money laundering network.

参考文献/References:

[1] VELOSO A, MEIRA Jr W. Lazy associative classificat: a generic process model for botnet forensic analysis ion for content-based spam detection[C]// The 4th Latin American Web Congress. [s.l.:s.n.],2006: 154-161.
[2] GOMEZ J C, BOIY E, MOENS M-F. Highly discriminative statistical features for email classification[J]. Knowledge & Information Systems, 2012, 31(1): 23-53.
[3] DELANY S J, CUNNINGHAM P. An analysis of case-base editing in a spam filtering system[C]// European Conference on Case-Based Reasoning.[S. l.: s. n.], 2004: 128-141.
[4] 秦逸.基于行为的垃圾邮件检测技术[J].计算机科学,2012,39(11):86-89.
[5] 张玉清,吕少卿,范丹.在线社交网络中异常帐号检测方法研究[J].计算机学报,2015,38(10):2011-2027.
[6] RANUM M. Intrusion detection: challenges and myths[J].[S. l.]: Network Flight Recorder Inc., 1998.
[7] NELSON B, PHILLIPS A, STEUART C. Guide to computer forensics and investigations[M].[S. l.]: Cengage Learning, 2014: 2-3.
[8] THAPLIYAL M, BIJALWAN A, GARG N, et al. A generic process model for botnet forensic analysis[C]// Conference on Advances in Communication and Control Systems.[S. l.]: Atlantis Press, 2013: 98-102.
[9] BIJALWAN A. Botnet forensic analysis using machine learning[J]. Security and Communication Networks, 2020: 1-9.
[10] HONNIBAL M, JOHNSON M. An improved non-monotonic transition system for dependency parsing[C]// Proceedings of the 2015 Conference on Empirical Methods in Natural Language Processing.[S. l.: s. n.], 2015: 1373-1378.
[11] FELLBAUM C. WordNet[G]. The Encyclopedia of Applied Linguistics. 2nd Edition. Oxford: Elsevier, 2012: 665-670..
[12] YANG Zhilin, DAI Zihang, YANG Yiming, et al. XLNet: generalized autoregressive pretraining for language understanding[EB/OL]. (2019-06-19).[2020-01-02]. https://arxiv.org/abs/1906.08237v1.
[13] Van der MAATEN L, HINTON G. Visualizing data using t-SNE[J]. Journal of machine learning research, 2008, 9: 2579-2605.
[14] WEBER M, DOMENICONI G, CHEN Jie, et al. Anti-money laundering in bitcoin: experimenting with graph convolutional networks for financial forensics[EB/OL]. (2019-07-31). https://arxiv.org/abs/1908.02591?context=cs.LG.
[15] CORMACK G V. University of Waterloo Participation in the TREC 2007 spam track[C]// Proceedings of the 16th Text Retireval Conference. Gaithersburg, USA:[s. n.], 2007.
[16] CAMPOS R, MANGARAVITE V, PASQUALI A, et al. YAKE! Keyword extraction from single documents using multiple local features[J]. Information Sciences, 2020, 509: 257-289.
[17] HAMBORG F, BREITINGER C, GIPP B. Giveme5W1H: a universal system for extracting main events from news articles[EB/OL]. (2019-09-06). https://arxiv.org/abs/1909.02766.
[18] MANNING C D, SURDEANU M, BAUER J, et al. The Stanford CoreNLP natural language processing toolkit[C]// Proceedings of 52nd Annual Meeting of the Association for Computational Linguistics: System Demonstrations. Baltimore, USA:[s. n.], 2014: 55-60.

相似文献/References:

[1]刘宏伟,谢维信,喻建平.一种基于身份的无可信第三方签名方案[J].深圳大学学报理工版,2007,24(3):257.
 LIU Hong-wei,XIE Wei-xin,and YU Jian-ping.A scheme of identity-based signature without a trusted PKG[J].Journal of Shenzhen University Science and Engineering,2007,24(增刊1):257.
[2]闫巧.基于Bloom 滤波器的IP源地址假冒过滤[J].深圳大学学报理工版,2009,26(2):132.
 YAN Qiao.IPsourceaddressspoofingfilteringbasedonBloomfilter[J].Journal of Shenzhen University Science and Engineering,2009,26(增刊1):132.
[3]闫巧,宁土文.基于矩阵边采样的IP追踪[J].深圳大学学报理工版,2012,29(No.5(377-470)):399.[doi:10.3724/SP.J.1249.2012.05399]
 YAN Qiao and NING Tu-wen.IP traceback with matrix edge sampling[J].Journal of Shenzhen University Science and Engineering,2012,29(增刊1):399.[doi:10.3724/SP.J.1249.2012.05399]
[4]蔡良伟,程璐,李军,等.基于遗传算法的正则表达式规则分组优化[J].深圳大学学报理工版,2015,32(3):281.[doi:10.3724/SP.J.1249.2015.03281]
 Cai Liangwei,Cheng Lu,Li Jun,et al.Regular expression grouping optimization based on genetic algorithm[J].Journal of Shenzhen University Science and Engineering,2015,32(增刊1):281.[doi:10.3724/SP.J.1249.2015.03281]
[5]马云龙,张千里,李风华,等.基于IPoE的校园网IPv4/IPv6双栈准入认证设计与实现[J].深圳大学学报理工版,2020,37(增刊1):1.[doi:10.3724/SP.J.1249.2020.99001]
 MA Yunlong,ZHANG Qianli,LI Fenghua,et al.IPoE based campus network IPv4/IPv6 dual-stack admission control design and implementation[J].Journal of Shenzhen University Science and Engineering,2020,37(增刊1):1.[doi:10.3724/SP.J.1249.2020.99001]
[6]江魁,吴思维,王飞.校园网环境下DNSSEC系统的设计与实现[J].深圳大学学报理工版,2020,37(增刊1):50.[doi:10.3724/SP.J.1249.2020.99050]
 JIANG Kui,WU Siwei,and WANG Fei.Design and implementation of DNSSEC system in campus network environment[J].Journal of Shenzhen University Science and Engineering,2020,37(增刊1):50.[doi:10.3724/SP.J.1249.2020.99050]
[7]王宇,温占考,王卫东,等.校园网络IPv4/IPv6威胁监测与处置体系的规划与实践[J].深圳大学学报理工版,2020,37(增刊1):55.[doi:10.3724/SP.J.1249.2020.99055]
 WANG Yu,WEN Zhankao,WANG Weidong,et al.Planning and practice of IPv4/IPv6 dual-stack campus network’s security threat monitoring and handling system[J].Journal of Shenzhen University Science and Engineering,2020,37(增刊1):55.[doi:10.3724/SP.J.1249.2020.99055]
[8]陆孺牛,刘吉,孙涛,等.基于态势感知的网络安全综合管控平台设计[J].深圳大学学报理工版,2020,37(增刊1):60.[doi:10.3724/SP.J.1249.2020.99060]
 LU Runiu,LIU Ji,SUN Tao,et al.Design of integrated network security management system based on situation awareness[J].Journal of Shenzhen University Science and Engineering,2020,37(增刊1):60.[doi:10.3724/SP.J.1249.2020.99060]
[9]秦道祥,林伟栋,徐国徽,等.网络安全视角下校园卡管理探索[J].深圳大学学报理工版,2020,37(增刊1):64.[doi:10.3724/SP.J.1249.2020.99064]
 QIN Daoxiang,LIN Weidong,XU Guohui,et al.Exploration of campus card management from the perspective of network security[J].Journal of Shenzhen University Science and Engineering,2020,37(增刊1):64.[doi:10.3724/SP.J.1249.2020.99064]

备注/Memo

备注/Memo:
Received:2020-10-14
Corresponding author:Senior engineer professor MA Hao. E-mail: mah@pku.edu.cn
Citation:JIN Jiandong, YANG Jia, ZHOU Changling, et al. Network forensics analysis on email scam botnet[J]. Journal of Shenzhen University Science and Engineering, 2020, 37(Suppl.1): 78-83.(in Chinese)
作者简介:金建栋(1994—),北京大学助理工程师.研究方向:异常检测.E-mail: jjd@pku.edu.cn
引文:金建栋,杨加,周昌令,等. 勒索欺诈邮件僵尸网络的检测与分析[J]. 深圳大学学报理工版,2020,37(增刊1):78-83.
更新日期/Last Update: 2020-11-26