基于代理的敏感邮件监控技术研究

发布时间：2018-10-18 21:01

【摘要】：随着网络的迅猛发展,电子邮件的使用范围越来越广,电子邮件在互联网通信中有着不可替代的作用,是企业互联网主要的交互手段,电子邮件的内容是否涉及敏感信息至关重要。电子邮件监控系统是指监控互联网上的电子邮件,以确保其内容和传输的合法性。目前,对于电子邮件的监控技术的研究大多数都偏向于对垃圾邮件的监控,通过分析电子邮件特征来判断邮件性质,但这并不适用于敏感邮件的分析。而且目前对敏感电子邮件的监控主要是通过旁路的方式对敏感邮件进行监控,对于敏感邮件的监控率比较低。旁路敏感邮件监控技术是对网络数据流量进行分析,发现其中的邮件流量,对邮件流量重组,然后解析邮件,获取邮件内容,并对邮件内容进行敏感识别,控制敏感邮件的传输。旁路敏感邮件监控技术目前存在两个问题,一是对大规模网络流量数据报文捕获时产生的丢包问题导致邮件监控率比较低;二是旁路敏感邮件监控技术对敏感邮件使用中断连接的方式来中断邮件传输,这会导致邮件客户端重新传输邮件,增加了邮件监控的负载。针对旁路邮件监控技术中邮件监控识别率低的问题,提出了基于代理的敏感邮件监控技术,通过使用邮件代理的方式获取邮件流量,将邮件流量从其他网络流量中分离出来,提高了邮件的监控率。对当前主流的SOCKS代理和HTTP代理两种代理方式进行分析,提出了针对邮件协议的混合代理。针对旁路邮件监控技术中邮件客户端重新传输邮件的问题,使用替换邮件内容的方式来处理敏感邮件,使邮件客户端认为邮件已经传输成功,不再重新发起传输请求。通过分析基于代理的敏感邮件监控系统的功能需求,对邮件代理服务器进行功能模块的划分,并对各个模块进行了设计与实现。最后,对基于代理的敏感邮件监控系统进行了测试,重点测试了系统的监控率和系统的性能。本文的研究成果是提出了基于代理的敏感邮件监控的技术,为企业和其他机构监控邮件通信提供了一种有效的手段。
[Abstract]:With the rapid development of the network, the use of electronic mail is becoming more and more extensive. E-mail plays an irreplaceable role in Internet communication, and it is the main interactive means of enterprise Internet. Whether the content of an email involves sensitive information is crucial. E-mail monitoring system is to monitor e-mail on the Internet to ensure the legitimacy of its content and transmission. At present, most of the research on email monitoring technology is focused on spam monitoring. The nature of email is judged by analyzing the characteristics of email, but this is not suitable for the analysis of sensitive mail. At present, the monitoring of sensitive email is mainly through bypass way to monitor sensitive email, and the monitoring rate of sensitive email is relatively low. The monitoring technology of bypass sensitive mail is to analyze the network data flow, find the mail flow, reorganize the mail flow, then analyze the mail, obtain the mail content, and identify the email content sensitively. Control the transmission of sensitive messages. There are two problems in the bypass sensitive email monitoring technology. One is that the packet loss caused by the capture of large-scale network traffic data packets leads to a low monitoring rate of mail. The other is that the bypass sensitive mail monitoring technology uses the way of breaking the connection to interrupt the mail transmission, which will cause the mail client to retransmit the mail and increase the load of the mail monitoring. Aiming at the problem of low identification rate of mail monitoring in bypass mail monitoring technology, a sensitive email monitoring technology based on agent is proposed, which can obtain mail flow by using mail agent and separate mail traffic from other network traffic. Improved mail monitoring rate. This paper analyzes the two main proxy methods, SOCKS agent and HTTP agent, and proposes a hybrid agent for mail protocol. Aiming at the problem of mail retransmission by mail client in bypass mail monitoring technology, this paper uses the method of replacing email content to deal with sensitive mail, which makes the mail client think that the mail has been transferred successfully and no longer reinitiate the transmission request. By analyzing the functional requirements of the agent-based sensitive mail monitoring system, the function modules of the mail proxy server are divided, and each module is designed and implemented. Finally, the agent-based sensitive mail monitoring system is tested, with emphasis on the monitoring rate and performance of the system. The research result of this paper is to put forward the agent-based sensitive email monitoring technology, which provides an effective means for enterprises and other organizations to monitor email communication.
【学位授予单位】：哈尔滨工业大学
【学位级别】：硕士
【学位授予年份】：2015
【分类号】：TP393.098

【参考文献】