CN108200105A - A kind of method and device for detecting fishing mail - Google Patents
A kind of method and device for detecting fishing mail Download PDFInfo
- Publication number
- CN108200105A CN108200105A CN201810279466.8A CN201810279466A CN108200105A CN 108200105 A CN108200105 A CN 108200105A CN 201810279466 A CN201810279466 A CN 201810279466A CN 108200105 A CN108200105 A CN 108200105A
- Authority
- CN
- China
- Prior art keywords
- targeted mails
- information
- fishing
- fishing mail
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/21—Monitoring or handling of messages
- H04L51/212—Monitoring or handling of messages using filtering or selective blocking
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/42—Mailbox-related aspects, e.g. synchronisation of mailboxes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The application provides a kind of method and device for detecting fishing mail, and applied to safety equipment, the safety equipment is docked with several terminal devices in target LAN, the method includes:Receive the log information for the targeted mails that the terminal device reports;The log information in preset threat information bank is matched, determines whether above-mentioned log information hits any threat information;If matching is unsuccessful, the attachment of the targeted mails is launched and carries out dynamic detection, and determine whether the targeted mails are fishing mail based on testing result into preset sandbox, if it is, generation warning information.In present techniques, safety equipment, which combines, threatens intelligence technology and sandbox technology to be detected fishing mail, effectively increases the accuracy of testing result.
Description
Technical field
This application involves safety protection field, more particularly to a kind of method and device for detecting fishing mail.
Background technology
Network attack person usually forges normal email, using social engineering skill inveigle user click mail link or
Attachment files are downloaded, so as to cause to attack to end host.Such attack as phishing attacks, the fishing mail sent
A wide range of infection and propagation for malicious code (including extorting software) provide many facilities, very harmful, be easy to cause use
The leakage of family account information and the loss of property.
In the prior art, to the filtering of fishing mail, mainly there are " key word method " and " check code method " etc..The former refers to foundation
Determine word (such as:" tax avoidance ", " in generation, opens " etc.) mail is filtered;The latter is then the verification of the text or attachment that calculate mail
Code (such as:Cryptographic Hash), then above-mentioned identifying code is compared with the check code of known fishing mail, it filters out and fishing postal
The identical mail of the check code of part.
However, said program needs that constantly the feature database for recording specified word or check code is updated and safeguarded, and
It is unsatisfactory that unmatched fishing mail, effect in feature database can not be filtered.
Invention content
In view of this, the application provides a kind of method and device for detecting fishing mail, effectively to filter fishing postal
Part.
Specifically, the application is achieved by the following technical solution:
A kind of method for detecting fishing mail, applied to safety equipment, if in the safety equipment and target LAN
Dry terminal device docking;Including:
Receive the log information for the targeted mails that the terminal device reports;
The log information in preset threat information bank is matched, it is any to determine whether above-mentioned log information hits
Threaten information;
If matching is unsuccessful, the attachment of the targeted mails is launched and carries out dynamic detection into preset sandbox, and
Determine whether the targeted mails are fishing mail based on testing result, if it is, generation warning information.
In the method for the detection fishing mail, the method further includes:
If successful match, determine that the targeted mails for fishing mail, generate warning information.
In the method for the detection fishing mail, the gateway that the target LAN further includes carrying Mail Gateway is set
Standby, the targeted mails first pass through the Mail Gateway filtering in advance;
The method further includes:
When determining that the targeted mails are fishing mail, the specific characteristic of the targeted mails is extracted;
The specific characteristic of the targeted mails is added in the feature database of the Mail Gateway.
In the method for the detection fishing mail, the method further includes:
When determining the targeted mails as fishing mail, the log information based on the targeted mails generates new threat feelings
Report, and the threat information is added in the threat information bank.
In the method for the detection fishing mail, the method further includes:
It is when determining the targeted mails as fishing mail, the warning information is associated with designated user's mark, it generates
Alert work order.
A kind of device for detecting fishing mail, applied to safety equipment, if in the safety equipment and target LAN
Dry terminal device docking;Including:
Receiving unit, for receiving the log information for the targeted mails that the terminal device reports;
Matching unit for the log information to be matched in preset threat information bank, determines above-mentioned daily record letter
Whether breath hits any threat information;
Alarm Unit, if unsuccessful for matching, by the attachmentes of the targeted mails launch into preset sandbox into
Mobile state detects, and determines whether the targeted mails are fishing mail based on testing result, if it is, generation alarm letter
Breath.
In the device of the detection fishing mail, described device further includes:
The Alarm Unit if being further used for successful match, determines the targeted mails as fishing mail, generation is accused
Alert information.
In the device of the detection fishing mail, the gateway that the target LAN further includes carrying Mail Gateway is set
Standby, the targeted mails first pass through the Mail Gateway filtering in advance;
Described device further includes:
Extraction unit, for when determining that the targeted mails are fishing mail, extracting the specific characteristic of the targeted mails;
First updating unit, for the specific characteristic of the targeted mails to be added to the feature database of the Mail Gateway
In.
In the device of the detection fishing mail, described device further includes:
Second updating unit determines the targeted mails as fishing mail, the daily record based on the targeted mails for working as
Information generates new threat information, and the threat information is added in the threat information bank.
In the device of the detection fishing mail, the Alarm Unit is further used for:
It is when determining the targeted mails as fishing mail, the warning information is associated with designated user's mark, it generates
Alert work order.
In technical scheme, safety equipment receives the targeted mails that the terminal device in target LAN reports
Log information after, by the log information it is preset threat information bank in match, whether determine the log information
Hit any threat information;If matching is unsuccessful, the attachment of the targeted mails is launched into preset sandbox into action
State detects, and determines whether the targeted mails are fishing mail based on testing result, if it is, generation warning information;
Since in this application, safety equipment can utilize the threat information bank that the whole network is shared first to the day of targeted mails
Will information is filtered, and is thrown in the case where not can determine that whether targeted mails are fishing mail, then by the attachment of targeted mails
It is put into sandbox and carries out dynamic detection, so as to be judged based on testing result is further to targeted mails, improve detection and fish
The accuracy of fish mail.
Description of the drawings
Fig. 1 is a kind of flow chart of the method for detection fishing mail shown in the application;
Fig. 2 is a kind of LAN backbone figure shown in the application;
Fig. 3 is a kind of embodiment block diagram of the device of detection fishing mail shown in the application;
Fig. 4 is a kind of hardware structure diagram of the device of detection fishing mail shown in the application.
Specific embodiment
In order to which those skilled in the art is made to more fully understand the technical solution in the embodiment of the present invention, and make of the invention real
Apply the above-mentioned purpose of example, feature and advantage can be more obvious understandable, below in conjunction with the accompanying drawings to prior art and the present invention
Technical solution in embodiment is described in further detail.
Detection fishing mail can realize that both of which needs to constantly update by " key word method " and " check code method "
With maintenance features library;Wherein, for " key word method ", features described above library records specified word to be matched;For " check code
Method ", the text of fishing mail or the check code of attachment known to the record of features described above library.
The defects of above method, is, can not filter the unmatched fishing mail in feature database, and filter effect is simultaneously paid no attention to
Think.
In view of this, the application proposes a kind of scheme for detecting fishing mail, and the program, which combines, threatens intelligence technology and sand
Box technology is repeatedly detected mail, improves the accuracy of detection fishing mail.
Referring to Fig. 1, the course diagram of the method for a kind of detection fishing mail shown in the application, the method is applied to peace
Full equipment, the described method comprises the following steps:
Step 101:Receive the log information for the targeted mails that the terminal device reports.
Wherein, safety equipment is docked with several terminal devices in target LAN, can be received in any terminal equipment
The log information of the targeted mails of report.Terminal device refers to receiving the terminal of mail in LAN, can include computer, hand
Machine etc..
It is a kind of LAN backbone figure shown in the application referring to Fig. 2, as shown in Fig. 2, LAN includes 4 calculating
Machine, safety equipment are docked by connecting the gateway device of LAN with each computer.
As a kind of embodiment, the gateway device of above-mentioned target LAN can carry Mail Gateway, Mail Gateway tool
There is corresponding feature database, including the specific characteristic of mail.The specific characteristic can include source address, protocol number, destination
Location, port numbers etc..Certainly, which may include other contents, specifically can refer in the existing scheme for realizing Mail Gateway
Used feature, details are not described herein by the application.
Above-mentioned gateway device receives the targeted mails for being sent to the target LAN, first can be by Mail Gateway to upper
It states targeted mails to be filtered, be detected so as to fulfill to the first time of above-mentioned targeted mails.
On the one hand, if the specific characteristic of the above-mentioned targeted mails extracted hits any specified spy in features described above library
Sign, then can directly delete above-mentioned targeted mails;
On the other hand, if any finger in the specific characteristic miss features described above library of the above-mentioned targeted mails extracted
Determine feature, then forward the terminal device in above-mentioned targeted mails to target LAN.
Certainly, the gateway device of above-mentioned target LAN can not also carry Mail Gateway, the target that will directly receive
Terminal device in email relaying to target LAN.
Any terminal equipment receives above-mentioned targeted mails, can extract the log information of the targeted mails.Wherein, the day
Will information can include the attachment of above-mentioned targeted mails, the addressee time, source address, sender's mailbox, body matter, entrained
One or more combinations such as URL (Uniform Resoure Locator, uniform resource locator).
It is generated it should be pointed out that above-mentioned log information can be based on preset form, to facilitate subsequent processing.Than
Such as:The attachment of above-mentioned targeted mails, which can pass through MD5 (Message-Digest Algorithm5, Message-Digest Algorithm 5), to be counted
It calculates, is recorded in the form of MD5 values in above-mentioned log information.And each feature that above-mentioned log information includes can be according to pre-
If sequential arrangement.
As a kind of embodiment, above-mentioned log information can also be included through DPI (Deep Packet Inspection, depth
Degree packet check) contents such as the traffic log that detects of technology so that safety equipment subsequently can be based on more targeted mails
Feature realizes the detection of fishing mail.
Step 102:The log information in preset threat information bank is matched, whether determines above-mentioned log information
Hit any threat information.
Wherein, the threat information in above-mentioned threat information bank is mainly derived from global network environment, can be pre-configured a large amount of
Information is threatened, so as to when detecting fishing mail by threatening intelligence technology, ensure that the accuracy of testing result.Above-mentioned threat
Information can include fishing mail criterion (such as:The MD5 values of the attachment of fishing mail, source address, sender's mailbox,
Body matter etc.) and attack (such as:Propagate wooden horse, attacking system loophole etc.).
On the one hand, if successful match, i.e., above-mentioned log information has hit any threat feelings in above-mentioned threat information bank
Report, then it is fishing mail that can determine above-mentioned targeted mails.In this case, safety equipment can generate warning information, should
Warning information indicates that above-mentioned targeted mails are fishing mail.
Further, if carrying Mail Gateway on the gateway device of above-mentioned target LAN, safety equipment can carry
The specific characteristic of above-mentioned targeted mails is taken, and the above-mentioned specific characteristic extracted is added to the feature database of above-mentioned Mail Gateway
In, to filter out the fishing mail with new specific characteristic by above-mentioned Mail Gateway.
On the other hand, if matching is unsuccessful and the above-mentioned above-mentioned threat information bank of log information miss in any prestige
Information is coerced, then needs to do further detection to above-mentioned targeted mails.In this case, safety equipment can be by above-mentioned target postal
The attachment of part is launched carries out dynamic detection into preset sandbox.
Safety equipment can determine whether above-mentioned targeted mails are fishing mail based on testing result.Such as:If detection
Registration table, read-write disk or download wooden horse that the attachment of above-mentioned targeted mails has modification local etc. threaten terminal device safety
Operation, then it is fishing mail that can determine above-mentioned targeted mails.
On the one hand, if above-mentioned attachment does not have the operation for threatening terminal device safety, it may be determined that above-mentioned targeted mails
It is not fishing mail, terminates the testing process to above-mentioned targeted mails.
On the other hand if above-mentioned attachment has the operation for threatening terminal security, it may be determined that above-mentioned targeted mails are fishing
Mail.In this case, safety equipment can generate warning information, which indicates above-mentioned targeted mails for fishing postal
Part.
Further, if carrying Mail Gateway on the gateway device of above-mentioned target LAN, safety equipment can carry
The specific characteristic of above-mentioned targeted mails is taken, and the above-mentioned specific characteristic extracted is added to the feature database of above-mentioned Mail Gateway
In, to filter out the fishing mail with new specific characteristic by above-mentioned Mail Gateway.
In addition, when determining that above-mentioned targeted mails are fishing mail, safety equipment is also based on the day of above-mentioned targeted mails
Will information generates new threat information, and the threat information is added in above-mentioned threat information bank so that later use is above-mentioned
Threaten information bank that can filter out the targeted mails for hitting the threat information.
Specifically, safety equipment can be believed based on the form of the threat information in above-mentioned threat information bank from above-mentioned daily record
Extracted in breath necessary content (such as:If threaten sender's mailbox of the form including mail of information, MD5 values of attachment and just
Literary content can then extract sender's mailbox of targeted mails, the MD5 values of attachment and body matter from above-mentioned log information),
Then it is associated with the attack (operation for threatening terminal device safety) detected in sandbox, generate new threat feelings
Report, and the threat information is added to above-mentioned threat information bank.
In a kind of embodiment shown, safety equipment determines that above-mentioned targeted mails for fishing mail, are alerted in generation
Before information, the threat level of above-mentioned targeted mails can be determined based on preset threat rating model.
Wherein, predeterminable several threat levels in above-mentioned threat rating model (such as:Be divided into it is high-risk, it is middle danger and it is low
Danger), each threat level corresponds to several attacks with different threat risks.Specific dividing mode can be based on practical application
Depending on environment, if for example, applied to government department, the threat risk for carrying the fishing mail of reaction speech is higher;If
Applied to educational institution, then the threat risk of the fishing mail of the hidden danger with steal information is higher;And advertisement matter etc. will not
It generates the spam substantially threatened and can be considered that risk is relatively low.
If above-mentioned targeted mails hit any threat information of above-mentioned threat information bank, above-mentioned threat can be based on and graded
Model assesses the attack in the threat information, determines the threat level of above-mentioned targeted mails.
If above-mentioned targeted mails detect that, with the operation for threatening terminal security, above-mentioned threat can be based in sandbox
Rating model assesses aforesaid operations, determines the threat level of above-mentioned targeted mails.
Further, threat level can be added to by safety equipment in the warning information for generating above-mentioned targeted mails
In above-mentioned warning information.
In the embodiment of the present application, to be further processed the fishing mail detected, safety equipment can be by above-mentioned alarm
Information is associated with designated user's mark, generation alarm work order.
Wherein, above-mentioned designated user identifies the operation personnel of the operation platform of instruction network safety prevention.
Above-mentioned designated user identifies corresponding operation personnel and the fishing mail detected can be done by the alarm work order
Further depth safety analysis, and the work of intranet security emergency disposal is performed at the time of necessity.
In conclusion in technical scheme, what the terminal device in safety equipment reception target LAN reported
Then above-mentioned log information in preset threat information bank is matched, determines above-mentioned day by the log information of targeted mails
Whether will newly hits any threat information, if matching is unsuccessful, the attachment of above-mentioned targeted mails is launched to preset sand
Dynamic detection is carried out in case, and determines whether above-mentioned targeted mails are fishing mail based on testing result, if it is, generation is accused
Alert information;
Since in this application, safety equipment can utilize the threat information bank that the whole network is shared first to the day of targeted mails
Will information is filtered, and is thrown in the case where not can determine that whether targeted mails are fishing mail, then by the attachment of targeted mails
It is put into sandbox and carries out dynamic detection, so as to be judged based on testing result is further to targeted mails, improve detection and fish
The accuracy of fish mail;
In addition, the gateway device of above-mentioned target LAN carries Mail Gateway, therefore, gateway device is before forwarding by mail
Primary filtering is performed to it, the application has closely taken precautions against the attack of fishing mail by repeated detection;
In application scheme, after fishing mail is detected, the feature database of the above-mentioned Mail Gateway of real-time update and above-mentioned prestige
Coerce information bank so that the system of entire detection fishing mail can efficiently cope with the fishing mail with new feature.
Corresponding with the embodiment of the method for aforementioned detection fishing mail, present invention also provides the dresses of detection fishing mail
The embodiment put.
Referring to Fig. 3, the embodiment block diagram of the device for a kind of detection fishing mail shown in the application.
As shown in figure 3, the device 30 of the detection fishing mail includes:
Receiving unit 310, for receiving the log information for the targeted mails that the terminal device reports.
Matching unit 320 for the log information to be matched in preset threat information bank, determines above-mentioned daily record
Whether information hits any threat information.
If unsuccessful for matching, the attachment of the targeted mails is launched into preset sandbox for Alarm Unit 330
Dynamic detection is carried out, and determines whether the targeted mails are fishing mail based on testing result, if it is, generation alarm letter
Breath.
In this example, described device further includes:
The Alarm Unit 330 if being further used for successful match, determines the targeted mails as fishing mail, raw
Into warning information.
In this example, the target LAN further includes the gateway device for carrying Mail Gateway, and the targeted mails are advance
It is filtered by the Mail Gateway;
Described device further includes:
340 (not shown) of extraction unit, for when determining that the targeted mails are fishing mail, extracting the target
The specific characteristic of mail;
First updating unit, 350 (not shown), for the specific characteristic of the targeted mails to be added to the postal
In the feature database of part gateway.
In this example, described device further includes:
Second updating unit, 360 (not shown), for being fishing mail when the determining targeted mails, based on described
The log information of targeted mails generates new threat information, and the threat information is added in the threat information bank.
In this example, the Alarm Unit 330, is further used for:
It is when determining the targeted mails as fishing mail, the warning information is associated with designated user's mark, it generates
Alert work order.
The embodiment that the application detects the device of fishing mail can be applied on a security device.Device embodiment can lead to
Software realization is crossed, can also be realized by way of hardware or software and hardware combining.For implemented in software, as a logic
Device in meaning is to be referred to computer program corresponding in nonvolatile memory by the processor of safety equipment where it
It enables and reads what operation in memory was formed.For hardware view, as shown in figure 4, detecting the device of fishing mail for the application
A kind of hardware structure diagram of place safety equipment in addition to processor shown in Fig. 4, memory, network interface and non-volatile is deposited
Except reservoir, the safety equipment in embodiment where device is gone back generally according to the actual functional capability of the device of the detection fishing mail
It can include other hardware, this is repeated no more.
The function of each unit and the realization process of effect specifically refer to and step are corresponded in the above method in above device
Realization process, details are not described herein.
For device embodiment, since it corresponds essentially to embodiment of the method, so related part is referring to method reality
Apply the part explanation of example.The apparatus embodiments described above are merely exemplary, wherein described be used as separating component
The unit of explanation may or may not be physically separate, and the component shown as unit can be or can also
It is not physical unit, you can be located at a place or can also be distributed in multiple network element.It can be according to reality
It needs that some or all of module therein is selected to realize the purpose of application scheme.Those of ordinary skill in the art are not paying
In the case of going out creative work, you can to understand and implement.
The foregoing is merely the preferred embodiment of the application, not limiting the application, all essences in the application
God and any modification, equivalent substitution, improvement and etc. within principle, done, should be included within the scope of the application protection.
Claims (10)
1. it is a kind of detect fishing mail method, applied to safety equipment, the safety equipment with it is several in target LAN
Terminal device docks;It is characterised in that it includes:
Receive the log information for the targeted mails that the terminal device reports;
The log information in preset threat information bank is matched, determines whether above-mentioned log information hits any threat
Information;
If matching is unsuccessful, the attachment of the targeted mails is launched and carries out dynamic detection, and be based on into preset sandbox
Testing result determines whether the targeted mails are fishing mail, if it is, generation warning information.
2. according to the method described in claim 1, it is characterized in that, the method further includes:
If successful match, determine that the targeted mails for fishing mail, generate warning information.
3. method according to claim 1 or 2, which is characterized in that the target LAN further includes carrying Mail Gateway
Gateway device, the targeted mails first pass through Mail Gateway filtering in advance;
The method further includes:
When determining that the targeted mails are fishing mail, the specific characteristic of the targeted mails is extracted;
The specific characteristic of the targeted mails is added in the feature database of the Mail Gateway.
4. according to the method described in claim 1, it is characterized in that, the method further includes:
When determining the targeted mails as fishing mail, the log information based on the targeted mails generates new threat information,
And the threat information is added in the threat information bank.
5. method according to claim 1 or 2, which is characterized in that the method further includes:
When determining the targeted mails as fishing mail, the warning information is associated with designated user's mark, and generation alerts
Work order.
6. it is a kind of detect fishing mail device, applied to safety equipment, the safety equipment with it is several in target LAN
Terminal device docks;It is characterised in that it includes:
Receiving unit, for receiving the log information for the targeted mails that the terminal device reports;
Matching unit for the log information to be matched in preset threat information bank, determines that above-mentioned log information is
The no any threat information of hit;
If unsuccessful for matching, the attachment of the targeted mails is launched into preset sandbox into action for Alarm Unit
State detects, and determines whether the targeted mails are fishing mail based on testing result, if it is, generation warning information.
7. device according to claim 6, which is characterized in that described device further includes:
The Alarm Unit if being further used for successful match, determines the targeted mails as fishing mail, generation alarm letter
Breath.
8. the device described according to claim 6 or 7, which is characterized in that the target LAN further includes carrying Mail Gateway
Gateway device, the targeted mails first pass through Mail Gateway filtering in advance;
Described device further includes:
Extraction unit, for when determining that the targeted mails are fishing mail, extracting the specific characteristic of the targeted mails;
First updating unit, for the specific characteristic of the targeted mails to be added in the feature database of the Mail Gateway.
9. device according to claim 6, which is characterized in that described device further includes:
Second updating unit determines the targeted mails as fishing mail, the log information based on the targeted mails for working as
New threat information is generated, and the threat information is added in the threat information bank.
10. the device described according to claim 6 or 7, which is characterized in that the Alarm Unit is further used for:
When determining the targeted mails as fishing mail, the warning information is associated with designated user's mark, and generation alerts
Work order.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810279466.8A CN108200105A (en) | 2018-03-30 | 2018-03-30 | A kind of method and device for detecting fishing mail |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810279466.8A CN108200105A (en) | 2018-03-30 | 2018-03-30 | A kind of method and device for detecting fishing mail |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108200105A true CN108200105A (en) | 2018-06-22 |
Family
ID=62596575
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810279466.8A Withdrawn CN108200105A (en) | 2018-03-30 | 2018-03-30 | A kind of method and device for detecting fishing mail |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108200105A (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108965350A (en) * | 2018-10-23 | 2018-12-07 | 杭州安恒信息技术股份有限公司 | A kind of mail auditing method, device and computer readable storage medium |
| CN109347819A (en) * | 2018-10-12 | 2019-02-15 | 杭州安恒信息技术股份有限公司 | A kind of virus mail detection method, system and electronic equipment and storage medium |
| CN109450929A (en) * | 2018-12-13 | 2019-03-08 | 成都亚信网络安全产业技术研究院有限公司 | A kind of safety detection method and device |
| CN109600304A (en) * | 2018-12-21 | 2019-04-09 | 成都九洲电子信息系统股份有限公司 | Based on time wheel mail data reduction, threat detection and trend behavior analysis method |
| CN110868378A (en) * | 2018-12-17 | 2020-03-06 | 北京安天网络安全技术有限公司 | Phishing mail detection method and device, electronic equipment and storage medium |
| CN111147518A (en) * | 2019-12-30 | 2020-05-12 | 论客科技(广州)有限公司 | Attack and defense countermeasure based e-mail system security evaluation method and device |
| CN111737696A (en) * | 2020-06-28 | 2020-10-02 | 杭州安恒信息技术股份有限公司 | Method, system and equipment for detecting malicious file and readable storage medium |
| CN112511517A (en) * | 2020-11-20 | 2021-03-16 | 深信服科技股份有限公司 | Mail detection method, device, equipment and medium |
| CN112688926A (en) * | 2020-12-18 | 2021-04-20 | 杭州安恒信息技术股份有限公司 | Method, system and device for detecting spear type phishing mails based on attachments |
| CN113489734A (en) * | 2021-07-13 | 2021-10-08 | 杭州安恒信息技术股份有限公司 | Phishing mail detection method and device and electronic device |
| CN113794674A (en) * | 2021-03-09 | 2021-12-14 | 北京沃东天骏信息技术有限公司 | Method, device and system for detecting mail |
| CN114760119A (en) * | 2022-04-02 | 2022-07-15 | 北京安博通金安科技有限公司 | Phishing mail attack detection method, device and system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150180896A1 (en) * | 2013-02-08 | 2015-06-25 | PhishMe, Inc. | Collaborative phishing attack detection |
| CN105072137A (en) * | 2015-09-15 | 2015-11-18 | 蔡丝英 | Spear phishing mail detection method and device |
| CN105743876A (en) * | 2015-08-28 | 2016-07-06 | 哈尔滨安天科技股份有限公司 | Method and system for discovering targeted attack based on email source data |
| US20170048273A1 (en) * | 2014-08-21 | 2017-02-16 | Salesforce.Com, Inc. | Phishing and threat detection and prevention |
-
2018
- 2018-03-30 CN CN201810279466.8A patent/CN108200105A/en not_active Withdrawn
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150180896A1 (en) * | 2013-02-08 | 2015-06-25 | PhishMe, Inc. | Collaborative phishing attack detection |
| US20170048273A1 (en) * | 2014-08-21 | 2017-02-16 | Salesforce.Com, Inc. | Phishing and threat detection and prevention |
| CN105743876A (en) * | 2015-08-28 | 2016-07-06 | 哈尔滨安天科技股份有限公司 | Method and system for discovering targeted attack based on email source data |
| CN105072137A (en) * | 2015-09-15 | 2015-11-18 | 蔡丝英 | Spear phishing mail detection method and device |
Non-Patent Citations (1)
| Title |
|---|
| 360 MESHFIRE TEAM: "钓鱼邮件威胁检测实战及典型样本分析", 《HTTPS://WWW.ANQUANKE.COM/POST/ID/88145》 * |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109347819A (en) * | 2018-10-12 | 2019-02-15 | 杭州安恒信息技术股份有限公司 | A kind of virus mail detection method, system and electronic equipment and storage medium |
| CN108965350A (en) * | 2018-10-23 | 2018-12-07 | 杭州安恒信息技术股份有限公司 | A kind of mail auditing method, device and computer readable storage medium |
| CN108965350B (en) * | 2018-10-23 | 2021-04-23 | 杭州安恒信息技术股份有限公司 | Mail auditing method, device and computer readable storage medium |
| CN109450929A (en) * | 2018-12-13 | 2019-03-08 | 成都亚信网络安全产业技术研究院有限公司 | A kind of safety detection method and device |
| CN109450929B (en) * | 2018-12-13 | 2021-05-14 | 成都亚信网络安全产业技术研究院有限公司 | Safety detection method and device |
| CN110868378A (en) * | 2018-12-17 | 2020-03-06 | 北京安天网络安全技术有限公司 | Phishing mail detection method and device, electronic equipment and storage medium |
| CN109600304A (en) * | 2018-12-21 | 2019-04-09 | 成都九洲电子信息系统股份有限公司 | Based on time wheel mail data reduction, threat detection and trend behavior analysis method |
| CN111147518A (en) * | 2019-12-30 | 2020-05-12 | 论客科技(广州)有限公司 | Attack and defense countermeasure based e-mail system security evaluation method and device |
| CN111147518B (en) * | 2019-12-30 | 2021-08-13 | 论客科技(广州)有限公司 | Attack and defense countermeasure based e-mail system security evaluation method and device |
| CN111737696A (en) * | 2020-06-28 | 2020-10-02 | 杭州安恒信息技术股份有限公司 | Method, system and equipment for detecting malicious file and readable storage medium |
| CN112511517B (en) * | 2020-11-20 | 2023-11-07 | 深信服科技股份有限公司 | Mail detection method, device, equipment and medium |
| CN112511517A (en) * | 2020-11-20 | 2021-03-16 | 深信服科技股份有限公司 | Mail detection method, device, equipment and medium |
| CN112688926A (en) * | 2020-12-18 | 2021-04-20 | 杭州安恒信息技术股份有限公司 | Method, system and device for detecting spear type phishing mails based on attachments |
| CN113794674A (en) * | 2021-03-09 | 2021-12-14 | 北京沃东天骏信息技术有限公司 | Method, device and system for detecting mail |
| CN113794674B (en) * | 2021-03-09 | 2024-04-09 | 北京沃东天骏信息技术有限公司 | Method, device and system for detecting mail |
| CN113489734A (en) * | 2021-07-13 | 2021-10-08 | 杭州安恒信息技术股份有限公司 | Phishing mail detection method and device and electronic device |
| CN114760119A (en) * | 2022-04-02 | 2022-07-15 | 北京安博通金安科技有限公司 | Phishing mail attack detection method, device and system |
| CN114760119B (en) * | 2022-04-02 | 2023-12-12 | 北京安博通金安科技有限公司 | Phishing mail attack detection method, device and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108200105A (en) | A kind of method and device for detecting fishing mail | |
| US11030311B1 (en) | Detecting and protecting against computing breaches based on lateral movement of a computer file within an enterprise | |
| US20190215335A1 (en) | Method and system for delaying message delivery to users categorized with low level of awareness to suspicius messages | |
| US10616272B2 (en) | Dynamically detecting abnormalities in otherwise legitimate emails containing uniform resource locators (URLs) | |
| Alazab et al. | Spam and criminal activity | |
| CN108337153B (en) | Method, system and device for monitoring mails | |
| US9106692B2 (en) | System and method for advanced malware analysis | |
| US7434261B2 (en) | System and method of identifying the source of an attack on a computer network | |
| US6763462B1 (en) | E-mail virus detection utility | |
| US20170244736A1 (en) | Method and system for mitigating malicious messages attacks | |
| CN100448203C (en) | System and method for identifying and preventing malicious intrusions | |
| CN110519150B (en) | Mail detection method, device, equipment, system and computer readable storage medium | |
| CN109040103A (en) | A kind of mail account is fallen detection method, device, equipment and readable storage medium storing program for executing | |
| US20230034035A1 (en) | Cloud-based orchestration of incident response using multi-feed security event classifications | |
| CN109328448A (en) | Spam Classification system based on network flow data | |
| CN107046535B (en) | A kind of abnormality sensing and method for tracing and system | |
| US11297024B1 (en) | Chat-based systems and methods for data loss prevention | |
| CN111147489B (en) | Link camouflage-oriented fishfork attack mail discovery method and device | |
| CN112511517B (en) | Mail detection method, device, equipment and medium | |
| CN109600362A (en) | Zombie host recognition methods, identification equipment and medium based on identification model | |
| US20190306192A1 (en) | Detecting email sender impersonation | |
| CN111147518B (en) | Attack and defense countermeasure based e-mail system security evaluation method and device | |
| CN109672607A (en) | A kind of email processing method, device and storage equipment, program product | |
| CN103716335A (en) | Detecting and filtering method of spam mail based on counterfeit sender | |
| US20040054742A1 (en) | Method and system for detecting malicious activity and virus outbreak in email |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20180622 |