信息通信技术与政策2024,Vol.50Issue(8):46-54,9.DOI:10.12267/j.issn.2096-5931.2024.08.007
面向异常行为的邮件访问控制网关的设计与实现
Design and implementation of email access control gateway for abnormal behavior
周林志 1陈晨 2郑浩然 2时轶 3邢家鸣 4林峰旭1
作者信息
- 1. 北京航空航天大学网络信息中心,北京 100191||北京航空航天大学网络空间安全学院,北京 100191
- 2. 北京航空航天大学网络空间安全学院,北京 100191
- 3. 北京航空航天大学网络信息中心,北京 100191
- 4. 北京航空航天大学网络信息中心,北京 100191||北京航空航天大学软件学院,北京 100191
- 折叠
摘要
Abstract
On average,university email systems face tens of thousands of brute force authentication attacks every month.Attackers will use the SMTP protocol authentication method to perform brute force authentication on email accounts of university teachers and students.Especially,it is difficult to identify and detect distributed brute force attacks and low-frequency slow brute force attacks,which is a huge threat to the resource consumption and account security of the mail server.Therefore,it is necessary to design a mail access control gateway for abnormal behavior,which can dynamically block malicious IP addresses by analyzing mail logs to capture abnormal attacks.The test results indicate that the gateway has constructed feature rules by analyzing email logs,extracting security events,and capturing abnormal behavior characteristics;based on the leaky bucket algorithm,low-frequency and distributed brute force attacking malicious IPs are captured,and dynamic blocking and lifting of malicious IPs are achieved through linkage with firewalls;designed and implemented an access control gateway and applied it to the campus network,successfully blocking 62%of attack traffic.关键词
邮件网关/访问控制系统/日志分析/异常检测Key words
email gateway/access control system/log analysis/abnormal detection分类
社会科学引用本文复制引用
周林志,陈晨,郑浩然,时轶,邢家鸣,林峰旭..面向异常行为的邮件访问控制网关的设计与实现[J].信息通信技术与政策,2024,50(8):46-54,9.
