基于POP3的邮件监测系统的研究与实现
发布时间:2018-09-03 10:22
【摘要】:企业邮箱用户常常受到垃圾邮件的干扰,同时在竞争日益激烈的商业背景下,由于企业员工安全防范意识薄弱,利用邮件进行各种违反保密规定的操作,导致内部资料、商业机密被泄漏,给企业带来无法估量的损失。为了防止企业知识产权信息、内部资料的泄漏,同时营造良好的企业内部邮件网络,企业需要拥有一种手段,能够用来监控企业内部网络与外界网络的邮件通信情况,对各种业务往来邮件进行集中的备份和事后追查。因此,设计开发基于POP3的邮件监测系统是十分必要的。而研究基于POP3的邮件监测系统的关键技术,对POP3邮件监测系统的功能优化、性能提升是至关重要的。 本文在分析课题关键技术的研究现状的基础上,重点研究解决在捕获海量的邮件数据后,,如何高效的、并行化处理相关POP3邮件数据,提高POP3邮件监测系统的性能,同时研究如何高效实现邮件内容中的敏感关键词的匹配识别。通过对课题关键技术,进一步避免上层的内容分析过滤模块成为整个系统的瓶颈,提升POP3邮件监测系统的整体性能。本文的主要工作如下: 1、本文提出了一种基于信息熵的线程池调度方法,针对实现并行化邮件原文解析线程,研究了信息熵的多属性决策模型,设计了邮件原文解析线程池,动态选择空闲度最高的邮件原文解析线程。通过对比基于线程轮询的线程池调度与基于信息熵的线程池调度的实验,说明所提出的的方法适合于实际的邮件监测环境,可进一步提升邮件原文解析线程池的并行化程度。 2、本文将多模式匹配AC算法应用于邮件监测关键词匹配领域,提出了基于多模式匹配AC算法的邮件内容监测机制,高效进行文本敏感关键词的定位匹配。通过对AC算法的存储空间消耗和匹配耗时等实验,证明多模式匹配AC算法可以高效的完成POP3邮件监测系统中的敏感关键词的监测。 3、研究了基于POP3的邮件监测系统的前后台各模块设计方案,前台包含了系统管理、规则配置、日志管理等功能模块,后台包含了主控模块、libnids捕包、POP3协议分析、邮件原文解析、敏感关键词检测等模块,详细阐述了系统各模块的具体实现及测试,并给出了典型的应用场景。 本课题设计并实现了基于POP3的邮件监测系统,不仅从多线程负载均衡的角度来提高线程池资源的利用率,而且从优化线程中的敏感关键字匹配的效率的角度,提升系统总体性能。通过本课题能够对企业内部的邮件实施审计,能够在一定程度上为企业创造更安全的邮件环境,为企业更好的进行网络信息化建设奠定基础。
[Abstract]:Enterprise mailbox users are often disturbed by spam. At the same time, in the increasingly competitive business background, due to employees'weak awareness of security, the use of e-mail for a variety of violations of confidentiality requirements, resulting in internal information, trade secrets are leaked, to bring incalculable losses to the enterprise. In order to prevent enterprise knowledge production. Enterprises need to have a means to monitor their internal network and external network mail communications, and to centralize the backup and post-mortem tracking of various business transactions. Therefore, the design and development of POP3-based mail monitoring system is necessary. It is necessary to study the key technology of POP3-based mail monitoring system, which is very important to optimize the function and improve the performance of POP3 mail monitoring system.
Based on the analysis of the research status of the key technologies of the subject, this paper focuses on how to efficiently and parallelize the POP3 mail data after capturing a large amount of mail data to improve the performance of the POP3 mail monitoring system, and how to efficiently realize the matching and recognition of sensitive keywords in the mail content. Key technologies, further avoid the upper content analysis filter module become the bottleneck of the whole system, improve the overall performance of POP3 mail monitoring system. The main work of this paper is as follows:
1. In this paper, a thread pool scheduling method based on information entropy is proposed. Aiming at parallel thread parsing, a multi-attribute decision model based on information entropy is studied. A thread pool for message parsing is designed and the thread with the highest idleness is dynamically selected. The experiment of thread pool scheduling based on information entropy shows that the proposed method is suitable for the actual mail monitoring environment and can further improve the parallelization degree of thread pool for message parsing.
2. In this paper, multi-pattern matching AC algorithm is applied to the field of mail monitoring keyword matching, and a mail content monitoring mechanism based on multi-pattern matching AC algorithm is proposed to efficiently locate and match text-sensitive keywords. Complete the monitoring of sensitive keywords in POP3 mail monitoring system.
3. The front-end and back-end modules of the mail monitoring system based on POP3 are studied. The front-end includes system management, rule configuration, log management and other modules. The back-end includes the main control module, Libnids packet catching, POP3 protocol analysis, mail text parsing, sensitive keyword detection and other modules. And test, and gives typical application scenarios.
This paper designs and implements a POP3-based mail monitoring system, which not only improves the utilization of thread pool resources from the perspective of multi-thread load balancing, but also improves the overall performance of the system from the perspective of optimizing the efficiency of sensitive keyword matching in threads. To a certain extent, it will create a safer e-mail environment for enterprises, and lay a foundation for enterprises to better carry out network information construction.
【学位授予单位】:电子科技大学
【学位级别】:硕士
【学位授予年份】:2013
【分类号】:TP274
本文编号:2219699
[Abstract]:Enterprise mailbox users are often disturbed by spam. At the same time, in the increasingly competitive business background, due to employees'weak awareness of security, the use of e-mail for a variety of violations of confidentiality requirements, resulting in internal information, trade secrets are leaked, to bring incalculable losses to the enterprise. In order to prevent enterprise knowledge production. Enterprises need to have a means to monitor their internal network and external network mail communications, and to centralize the backup and post-mortem tracking of various business transactions. Therefore, the design and development of POP3-based mail monitoring system is necessary. It is necessary to study the key technology of POP3-based mail monitoring system, which is very important to optimize the function and improve the performance of POP3 mail monitoring system.
Based on the analysis of the research status of the key technologies of the subject, this paper focuses on how to efficiently and parallelize the POP3 mail data after capturing a large amount of mail data to improve the performance of the POP3 mail monitoring system, and how to efficiently realize the matching and recognition of sensitive keywords in the mail content. Key technologies, further avoid the upper content analysis filter module become the bottleneck of the whole system, improve the overall performance of POP3 mail monitoring system. The main work of this paper is as follows:
1. In this paper, a thread pool scheduling method based on information entropy is proposed. Aiming at parallel thread parsing, a multi-attribute decision model based on information entropy is studied. A thread pool for message parsing is designed and the thread with the highest idleness is dynamically selected. The experiment of thread pool scheduling based on information entropy shows that the proposed method is suitable for the actual mail monitoring environment and can further improve the parallelization degree of thread pool for message parsing.
2. In this paper, multi-pattern matching AC algorithm is applied to the field of mail monitoring keyword matching, and a mail content monitoring mechanism based on multi-pattern matching AC algorithm is proposed to efficiently locate and match text-sensitive keywords. Complete the monitoring of sensitive keywords in POP3 mail monitoring system.
3. The front-end and back-end modules of the mail monitoring system based on POP3 are studied. The front-end includes system management, rule configuration, log management and other modules. The back-end includes the main control module, Libnids packet catching, POP3 protocol analysis, mail text parsing, sensitive keyword detection and other modules. And test, and gives typical application scenarios.
This paper designs and implements a POP3-based mail monitoring system, which not only improves the utilization of thread pool resources from the perspective of multi-thread load balancing, but also improves the overall performance of the system from the perspective of optimizing the efficiency of sensitive keyword matching in threads. To a certain extent, it will create a safer e-mail environment for enterprises, and lay a foundation for enterprises to better carry out network information construction.
【学位授予单位】:电子科技大学
【学位级别】:硕士
【学位授予年份】:2013
【分类号】:TP274
【参考文献】
相关期刊论文 前4条
1 李辉;赵辉;李安贵;;一种多模式匹配高效算法的设计与实现[J];北京工商大学学报(自然科学版);2009年03期
2 徐伟平,董秀成;安全、可靠的电子邮件服务器系统的实现[J];计算机应用;2003年05期
3 贺龙涛,方滨兴,余翔湛;一种时间复杂度最优的精确串匹配算法[J];软件学报;2005年05期
4 李志东;杨武;张汝波;王巍;;基于异构隐式存储的多模式匹配算法[J];通信学报;2009年03期
相关博士学位论文 前1条
1 范洪博;快速精确字符串匹配算法研究[D];哈尔滨工程大学;2011年
本文编号:2219699
本文链接:https://www.wllwen.com/falvlunwen/zhishichanquanfa/2219699.html
