数据与计算发展前沿2024,Vol.6Issue(2):56-66,11.DOI:10.11871/jfdc.issn.2096-742X.2024.02.006
基于半监督学习的邮件伪装攻击检测方法
Email Masquerade Attack Detection Based on Semi-Supervised Learning
摘要
Abstract
[Objective]Masquerade attacks are a typical attack in email systems,where attackers illicitly obtain genuine us-er authentication credentials to access unauthorized services,causing significant damage.Due to the complexity of email usage scenarios and the irregular distribution of data,the limited labeled anomaly data makes the detec-tion of masquerade attacks in email systems challenging.[Methods]To solve the above issues,we propose a rule-based self-training Auto-Encoder anomaly detection framework.Initially,the framework analyzes and categorizes scenarios of the SMTP email protocol log data,introducing coarse-grained label correction rules.Subsequently,it employs an Auto-Encoder for iterative detection through self-training,with each detection result refined by rules.Lastly,the kernel density estimation method is utilized to find an appropriate threshold to reduce the false posi-tive rate.[Results]Utilizing data from 6736 real corporate email accounts over three months,the framework de-tected 7 anomalous accounts and 12 anomalous IP addresses.The proposed method detects more than 75%anom-alous accounts compared to those detected by the corporate Security Operations Center(SOC),meanwhile the number of false positive accounts is reduced by 81.3%.关键词
半监督学习/自训练/自动编码器/伪装攻击/邮件协议Key words
semi-supervised learning/self-training/auto-encoder/masquerade attack/email protocol引用本文复制引用
李畅,龙春,赵静,杨悦,王跃达,潘庆峰,叶晓虎,吴铁军,唐宁..基于半监督学习的邮件伪装攻击检测方法[J].数据与计算发展前沿,2024,6(2):56-66,11.基金项目
国家重点研发计划"金融数据全周期流转安全风险评估监测与溯源技术研究"(2023YFC3304704) (2023YFC3304704)
中国科学院网络安全与信息化基金会"网络安全保障体系建设工程"(CAS-WX2022GC-04) (CAS-WX2022GC-04)
中国科学院战略性先导科技专项"生物数据存储管理与交互利用系统"(XDB38030000) (XDB38030000)
