CN106656728A - Mail detection and monitoring system - Google Patents
Mail detection and monitoring system Download PDFInfo
- Publication number
- CN106656728A CN106656728A CN201510726346.4A CN201510726346A CN106656728A CN 106656728 A CN106656728 A CN 106656728A CN 201510726346 A CN201510726346 A CN 201510726346A CN 106656728 A CN106656728 A CN 106656728A
- Authority
- CN
- China
- Prior art keywords
- user
- audit
- audited
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 17
- 238000001514 detection method Methods 0.000 title claims abstract description 11
- 238000012550 audit Methods 0.000 claims abstract description 45
- 238000004458 analytical method Methods 0.000 claims abstract description 14
- 238000007405 data analysis Methods 0.000 claims abstract description 13
- 238000013480 data collection Methods 0.000 claims abstract description 11
- 238000007726 management method Methods 0.000 claims abstract description 5
- 238000000034 method Methods 0.000 claims description 9
- 230000008569 process Effects 0.000 claims description 9
- 238000001914 filtration Methods 0.000 claims description 8
- 230000009471 action Effects 0.000 claims description 7
- 230000005540 biological transmission Effects 0.000 claims description 4
- 230000002093 peripheral effect Effects 0.000 claims description 3
- 238000012360 testing method Methods 0.000 claims description 3
- 201000010099 disease Diseases 0.000 claims 1
- 208000037265 diseases, disorders, signs and symptoms Diseases 0.000 claims 1
- 238000012217 deletion Methods 0.000 description 4
- 230000037430 deletion Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 241000700605 Viruses Species 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000008034 disappearance Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000009153 huxin Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a mail detection and monitoring system. A data collection client is used for deciding whether to audit the computer of a user according to a mail address configured by the audit management; and if so, an IP address of the computer terminal of the user is obtained, the IP address information of the computer terminal of the user is transmitted to a monitoring center of a server side after association with a mail message through a Webmail system, the monitoring center establishes a log file with the mail message associated with the IP address information and stores the log information, audit log information is transmitted to a database through log real-time acquisition, the keyword and feature threshold are set in a data analysis module, the data in the database are retrieved through the data analysis module for keyword and feature threshold analysis, and a mail message result is displayed through a web browser. The invention avoids the problem of the frequent occurrence of safety accidents to existing safety products, and also reduces repeated investment of the user.
Description
Technical field
The invention belongs to network safety filed, more particularly to one kind is suitable for each corporate intranet or LAN postal
Part system, there is provided a kind of that the operation behavior audit of mailing system and the mail inspection of monitoring function are used to user
Survey and monitoring system.
Background technology
With the continuous development of network information system, and under requirement of the international relevant programme to enterprise's internal control,
Become the requisite measure for ensureing enterprise information security based on the integrated solution of 4A.
In recent years, as the operation system of each large enterprises and the number of users of support system quickly increase, enterprise
Internal mail audit operation, can not day by day meet the requirement of information security, thus be badly in need of solving following asking
Topic:The log-on message problem of user;Subscriber mailbox safety issue;The audit of user behavior and lacking for tracking
Lose.Therefore, mail security audit monitoring system, is information security management, there is provided the 4A systems of highly effective and safe
System, not only can technically ensure the enforcement of each System Security Policy, and be systematically to solve above-mentioned asking
The preferred embodiments of topic.
The content of the invention
The technical problem to be solved is to provide a kind of mail-detection and monitoring system, it is intended to solved
The log-on message problem of user;Subscriber mailbox safety issue;The disappearance of audit and the tracking of user behavior.
The present invention is achieved in that a kind of mail-detection and monitoring system, for Intranet mailing system and
Webmail system users, including the Surveillance center, database, the data analysis module that are arranged on server end
And the data collection client of user side is arranged on, and when User logs in Webmail system, data acquisition
Client decides whether to audit the user computer according to the addresses of items of mail that audit management is configured;Such as need to examine
Meter, obtains the IP address of user computer terminal, and by the IP address information of user computer terminal, passes through
Webmail systems pass to the Surveillance center of server end, Surveillance center Jiang Guan after being associated with e-mail messages
The e-mail messages for being associated with IP address information set up journal file, and store log information, are adopted in real time by daily record
Collection is sent to audit log information in database, and keyword and feature threshold are arranged in data analysis module
Value, by the data in data analysis module called data storehouse the analysis of keyword and characteristic threshold value is carried out,
And represented e-mail messages result by web browser.
Further, the data collection client includes carrying out base to e-mail messages by functional realiey module
The audit of plinth core, email process audit, operation behavior audit, Mail Contents audit, mail account are audited
Process;
Basal core is audited:When user operation Webmail mailing systems, will be to current time, currently step on
Subscription client IP address that the user account number in land, server background are obtained, the user client obtained from foreground
End IP address carries out record of the audit, and based on core auditing objectives, as follow-up other audit functions
Prefix is together audited warehouse-in;
Email process is audited:User writes an envelope mail, click on send when, by the theme of this envelope mail,
Text, addressee, sender, attachment title content are audited;When subscriber mailbox receives new mail,
Theme, text, addressee to this envelope mail, sender, attachment title content are audited;
Operation behavior is audited:The all of usage behavior for Webmail systems of record user, including user
Log in, check mail, receive mail, download annex, delete mail, address list;
Mail Contents are audited:To user mail title, Mail Contents, Attachment Name, sender, addressee,
Make a copy for people, secretly make a gift to someone, transmission time, user profile are audited, while being designated mail sending action.
Further, the data collection client is included by testing and analyzing module by functional realiey module
Analysis result is monitored into peripheral hardware and interface, network connection and file by the setting of user after analysis result storage
Database access, application service and outreach and send Surveillance center to.
Further, data analysis module is made up of protection module, filtering module and alarm module, protection
Module adopts quarantine measures, filtering module to be adopted according to system virus email information according to the analysis of network data
With policy library mail data is filtered and user is notified by alarm module.
Compared with prior art, beneficial effect is the present invention:Mailing system is used to user there is provided a kind of
Operation behavior audit and monitoring function, support based on extension name filter containing file types mail outgoing
Behavior, is distributed as and reports to the police outside support identification deletion, the Email attachment of the extension name that tampers with a document, and supports basis
Annex size, annex number limit SMTP, mail keyword filtration and support more than three passes of matching simultaneously
The filtration behavior of the mail matter topics, text and annex of key word, showed mail network safety detection class product and
The linkage of mail Monitoring audit product, and then the problem that existing safety product constantly occurs security incident is avoided,
The overlapping investment of user can also be reduced.The safety of enterprise's mailbox is this invention ensures that, the safety of enterprise is improve
Security work.
Description of the drawings
Fig. 1 is modular structure block diagram provided in an embodiment of the present invention;
Fig. 2 is the module frame chart of data collection client provided in an embodiment of the present invention;
Fig. 3 is the module frame chart of data analysis module provided in an embodiment of the present invention.
Specific embodiment
In order that the objects, technical solutions and advantages of the present invention become more apparent, below in conjunction with accompanying drawing and reality
Example is applied, the present invention will be described in further detail.It should be appreciated that specific embodiment described herein is only
Only to explain the present invention, it is not intended to limit the present invention.
As shown in figure 1, a kind of mail-detection and monitoring system, for Intranet mailing system and Webmail systems
System user, including being arranged on the Surveillance center of server end, database, data analysis module and be arranged on
The data collection client of user side, when User logs in Webmail system, data collection client according to
The addresses of items of mail of audit management configuration decides whether to audit the user computer;Audit is such as needed, is obtained and is used
The IP address of family computer terminal, and by the IP address information of user computer terminal, by Webmail systems
The Surveillance center of server end is passed to after being associated with e-mail messages, Surveillance center will be associated with IP address letter
The e-mail messages of breath set up journal file, and store log information, by daily record Real-time Collection by audit log
Information is sent in database, keyword and characteristic threshold value is arranged in data analysis module, by data
Data in analysis module called data storehouse carry out the analysis of keyword and characteristic threshold value, and by e-mail messages
As a result represented by web browser.
As shown in Fig. 2 data collection client includes carrying out basis to e-mail messages by functional realiey module
Core audit, email process audit, operation behavior audit, Mail Contents audit, the mistake of mail account audit
Journey;
Basal core is audited:When user operation Webmail mailing systems, will be to current time, currently step on
Subscription client IP address that the user account number in land, server background are obtained, the user client obtained from foreground
End IP address carries out record of the audit, and based on core auditing objectives, as follow-up other audit functions
Prefix is together audited warehouse-in;
Email process is audited:User writes an envelope mail, click on send when, by the theme of this envelope mail,
Text, addressee, sender, attachment title content are audited;When subscriber mailbox receives new mail,
Theme, text, addressee to this envelope mail, sender, attachment title content are audited;In the same manner,
Also above-mentioned relevant content information will be audited when email relaying, reply.Audit information is recorded,
And stored, to inquire about in the future.
Operation behavior is audited:The all of usage behavior for Webmail systems of record user, including user
Log in, check mail, receive mail, download annex, delete mail, address list;
User logs in:
User logs in behavior using Webmail mailing systems is audited.When User logs in mailing system
When, auditing system can audit to information such as the user name of User logs in, login times.
Check mail:
To checking that mail action behavior is audited using the user of Webmail mailing systems.When user is to postal
When part is checked, title name that system can check mail to user, the annex name for including, user check postal
The information such as the time of part are audited.
Receive mail:
Mail action behavior is received to the user using Webmail mailing systems to audit.When user receives
During mail, system of users receives text, addressee, sender, attachment title, the reception time of mail
Audited etc. content.
Download annex:
Annex behavior is downloaded to the user using Webmail mailing systems to audit.When user it is attached to mail
When part is downloaded, system of users is downloaded the information such as title, file type, the download time of annex and is audited.
Delete mail:
Mail action behavior is deleted to the user using Webmail mailing systems to audit.When user deletes
During mail, the deletion action that system of users is carried out is recorded, while the deleted message body of record,
The contents such as addressee, sender, attachment title, erasing time.
Address list:
The address list operation behavior of the user using Webmail mailing systems is audited.When user add,
When modification, deletion individual address, operation of the system of users to individual address is recorded, to individual
The contents such as the mail contact for adding, delete, changing in address list, setup time, modification time, erasing time
Audited.
Mail Contents are audited:To user mail title, Mail Contents, Attachment Name, sender, addressee,
Make a copy for people, secretly make a gift to someone, transmission time, user profile are audited, while being designated mail sending action.
After data collection client is included by testing and analyzing analysis result storage of the module by functional realiey module
Further according to functional realiey module by analysis result by the setting of user monitor peripheral hardware and interface, network connection and
Document data bank access, application service and outreach and send Surveillance center to.
As shown in figure 3, data analysis module is made up of protection module, filtering module and alarm module, prevent
Shield module adopts quarantine measures according to the analysis of network data to virus email information, and filtering module is according to system
Using policy library mail data is filtered and user is notified by alarm module.
Web browser carry out representing including:
What email process was audited represents:It is the theme of user including mail, text, addressee, sender, attached
The contents such as part title.
What operation behavior was audited represents:Including all of usage behavior for Webmail systems of record user,
Including user name, User logs in IP address, the mail checked, the mail for receiving, the annex downloaded, deletion
Mail, operation individual address etc. information self-defined according to demand carry out inquiry and represent.
What Mail Contents were audited represents:By User Defined demand, carry out auditing objectives and inquired about.Bag
Include user mail title, Mail Contents, Email attachment, sender, addressee, transmission time, Yong Huxin
The contents such as breath.
What email account was audited represents:Including the letter such as user name, affiliated function, districts and cities' unit, subordinate unit
Breath is represented.
Presently preferred embodiments of the present invention is the foregoing is only, it is all at this not to limit the present invention
Any modification, equivalent and improvement made within bright spirit and principle etc., should be included in the present invention
Protection domain within.
Claims (4)
1. a kind of mail-detection and monitoring system, it is characterised in that for Intranet mailing system and Webmail
System user, including the Surveillance center, database, data analysis module and the setting that are arranged on server end
In the data collection client of user side, when User logs in Webmail system, data collection client root
The addresses of items of mail configured according to audit management decides whether to audit the user computer;Audit is such as needed, is obtained
The IP address of user computer terminal, and by the IP address information of user computer terminal, by Webmail systems
System passes to the Surveillance center of server end after being associated with e-mail messages, Surveillance center will be associated with IP address
The e-mail messages of information set up journal file, and store log information, will be audited day by daily record Real-time Collection
Will information is sent in database, keyword and characteristic threshold value is arranged in data analysis module, by number
The analysis of keyword and characteristic threshold value is carried out according to the data in analysis module called data storehouse, and by mail
Breath result is represented by web browser.
2. mail-detection as claimed in claim 1 and monitoring system, it is characterised in that the data acquisition
Client include by functional realiey module e-mail messages are carried out basal core audit, email process audit,
Operation behavior audit, Mail Contents audit, the process of mail account audit;
Basal core is audited:When user operation Webmail mailing systems, will be to current time, currently step on
Subscription client IP address that the user account number in land, server background are obtained, the user client obtained from foreground
End IP address carries out record of the audit, and based on core auditing objectives, as follow-up other audit functions
Prefix is together audited warehouse-in;
Email process is audited:User writes an envelope mail, click on send when, by the theme of this envelope mail,
Text, addressee, sender, attachment title content are audited;When subscriber mailbox receives new mail,
Theme, text, addressee to this envelope mail, sender, attachment title content are audited;
Operation behavior is audited:The all of usage behavior for Webmail systems of record user, including user
Log in, check mail, receive mail, download annex, delete mail, address list;
Mail Contents are audited:To user mail title, Mail Contents, Attachment Name, sender, addressee,
Make a copy for people, secretly make a gift to someone, transmission time, user profile are audited, while being designated mail sending action.
3. mail-detection as claimed in claim 2 and monitoring system, it is characterised in that the data acquisition
Client includes passing through setting for user after by testing and analyzing analysis result storage of the module by functional realiey module
Put monitoring peripheral hardware and the access of interface, network connection and document data bank, application service and outreach and send monitoring to
Center.
4. mail-detection as claimed in claim 1 and monitoring system, it is characterised in that data analysis module
It is made up of protection module, filtering module and alarm module, protection module is according to the analysis of network data to disease
Contaminated mail information adopts quarantine measures, filtering module to be carried out to mail data according to the policy library that system is adopted
Filter simultaneously notifies user by alarm module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510726346.4A CN106656728A (en) | 2015-10-30 | 2015-10-30 | Mail detection and monitoring system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510726346.4A CN106656728A (en) | 2015-10-30 | 2015-10-30 | Mail detection and monitoring system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106656728A true CN106656728A (en) | 2017-05-10 |
Family
ID=58830625
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510726346.4A Pending CN106656728A (en) | 2015-10-30 | 2015-10-30 | Mail detection and monitoring system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106656728A (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108337250A (en) * | 2018-01-24 | 2018-07-27 | 杭州迪普科技股份有限公司 | A kind of conversation key auditing method and device |
| CN108809803A (en) * | 2018-04-18 | 2018-11-13 | 北京明朝万达科技股份有限公司 | A kind of anti-method and system divulged a secret with tracing of fileinfo |
| CN108833258A (en) * | 2018-06-12 | 2018-11-16 | 广东睿江云计算股份有限公司 | A kind of mail service actively discovers abnormal method |
| CN109376998A (en) * | 2018-09-20 | 2019-02-22 | 平安科技(深圳)有限公司 | Performance data management method, device, computer equipment and storage medium |
| CN109409849A (en) * | 2018-12-05 | 2019-03-01 | 广州中浩控制技术有限公司 | A kind of audit trail method and system of MES system |
| CN109474510A (en) * | 2017-12-25 | 2019-03-15 | 北京安天网络安全技术有限公司 | A kind of E mail safety intersects auditing method, system and storage medium |
| CN110048932A (en) * | 2019-04-03 | 2019-07-23 | 北京奇安信科技有限公司 | Validation checking method, apparatus, equipment and the storage medium of mail Monitoring function |
| CN111083110A (en) * | 2019-11-14 | 2020-04-28 | 国网河南省电力公司驻马店供电公司 | Information network abnormal mail monitoring system linked with manageable switch |
| CN111787112A (en) * | 2020-07-03 | 2020-10-16 | 厦门一通灵信息科技有限公司 | Safety audit method based on mail content |
| CN112100042A (en) * | 2020-08-26 | 2020-12-18 | 北京天空卫士网络安全技术有限公司 | Monitoring method, device and system |
| CN115622970A (en) * | 2021-07-12 | 2023-01-17 | 深信服科技股份有限公司 | E-mail auditing method, device, equipment and storage medium |
| CN116192529A (en) * | 2023-03-10 | 2023-05-30 | 广东堡塔安全技术有限公司 | Third party server safety management system |
-
2015
- 2015-10-30 CN CN201510726346.4A patent/CN106656728A/en active Pending
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109474510A (en) * | 2017-12-25 | 2019-03-15 | 北京安天网络安全技术有限公司 | A kind of E mail safety intersects auditing method, system and storage medium |
| CN108337250A (en) * | 2018-01-24 | 2018-07-27 | 杭州迪普科技股份有限公司 | A kind of conversation key auditing method and device |
| CN108809803A (en) * | 2018-04-18 | 2018-11-13 | 北京明朝万达科技股份有限公司 | A kind of anti-method and system divulged a secret with tracing of fileinfo |
| CN108833258A (en) * | 2018-06-12 | 2018-11-16 | 广东睿江云计算股份有限公司 | A kind of mail service actively discovers abnormal method |
| CN109376998B (en) * | 2018-09-20 | 2024-02-06 | 平安科技(深圳)有限公司 | Performance data management method, device, computer equipment and storage medium |
| CN109376998A (en) * | 2018-09-20 | 2019-02-22 | 平安科技(深圳)有限公司 | Performance data management method, device, computer equipment and storage medium |
| CN109409849A (en) * | 2018-12-05 | 2019-03-01 | 广州中浩控制技术有限公司 | A kind of audit trail method and system of MES system |
| CN110048932A (en) * | 2019-04-03 | 2019-07-23 | 北京奇安信科技有限公司 | Validation checking method, apparatus, equipment and the storage medium of mail Monitoring function |
| CN110048932B (en) * | 2019-04-03 | 2021-03-23 | 奇安信科技集团股份有限公司 | Method, device and equipment for detecting effectiveness of mail monitoring function and storage medium |
| CN111083110A (en) * | 2019-11-14 | 2020-04-28 | 国网河南省电力公司驻马店供电公司 | Information network abnormal mail monitoring system linked with manageable switch |
| CN111787112A (en) * | 2020-07-03 | 2020-10-16 | 厦门一通灵信息科技有限公司 | Safety audit method based on mail content |
| CN112100042A (en) * | 2020-08-26 | 2020-12-18 | 北京天空卫士网络安全技术有限公司 | Monitoring method, device and system |
| CN115622970A (en) * | 2021-07-12 | 2023-01-17 | 深信服科技股份有限公司 | E-mail auditing method, device, equipment and storage medium |
| CN116192529A (en) * | 2023-03-10 | 2023-05-30 | 广东堡塔安全技术有限公司 | Third party server safety management system |
| CN116192529B (en) * | 2023-03-10 | 2023-09-29 | 广东堡塔安全技术有限公司 | Third party server safety management system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106656728A (en) | Mail detection and monitoring system | |
| US20230164155A1 (en) | Systems and methods for automated retrieval, processing, and distribution of cyber-threat information | |
| DE60128227T2 (en) | METHOD AND SYSTEM FOR E-MAIL PROCESSING | |
| US20160050181A1 (en) | Information security threat identification, analysis, and management | |
| CN103198123B (en) | For system and method based on user's prestige filtering spam email message | |
| DE60220004T2 (en) | System and method for preventing unsolicited electronic mail | |
| CN110519150B (en) | Mail detection method, device, equipment, system and computer readable storage medium | |
| US7610342B1 (en) | System and method for analyzing and managing spam e-mail | |
| CN113474776A (en) | Threat detection platform for real-time detection, characterization, and remediation of email-based threats | |
| CN101087259A (en) | A system for filtering spam in Internet and its implementation method | |
| EP2180660B1 (en) | Method and system for statistical analysis of botnets | |
| US20080250106A1 (en) | Use of Acceptance Methods for Accepting Email and Messages | |
| DE602005004671T2 (en) | METHOD AND SYSTEM FOR SENDING ELECTRONIC POST VIA A NETWORK | |
| CN103026345A (en) | Dynamic multidimensional schemas for event monitoring priority | |
| CN105049232A (en) | Network information log audit system | |
| CN108183888A (en) | A kind of social engineering Network Intrusion path detection method based on random forests algorithm | |
| CN110113350A (en) | A kind of monitoring of Internet of things system security threat and system of defense and method | |
| CN111181959A (en) | Method and device for constructing threat information knowledge graph based on mail data | |
| CN103716335A (en) | Detecting and filtering method of spam mail based on counterfeit sender | |
| CN114143282A (en) | Mail processing method, device, equipment and storage medium | |
| CN103873348A (en) | E-mail filter method and system | |
| CN109271790A (en) | A kind of malicious site access interception method and detection system based on flow analysis | |
| US20130145289A1 (en) | Real-time duplication of a chat transcript between a person of interest and a correspondent of the person of interest for use by a law enforcement agent | |
| CN104363160A (en) | Processing methods, device and system of e-mail with file attachments | |
| CN112398724A (en) | E-mail sending method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20170510 |
|
| WD01 | Invention patent application deemed withdrawn after publication |