Design & Implementation Of Internet E-mail Security Detection And Identification System

Nowadays,,Interrelated departments'network put the email sever and the security detect software on a same computer. When this computer is attacted to paralysis, all the serve can not be offered. Otherwise , the security detect software occupies a lot of resource while the system is running. In order to solve these problems, we designed the Email Security Detection and Identification System for Important departments'network. In this email security frame, we separated the email security detection system and the email sever not only from logic but also from physics, and set the Email Security Detection and Identification System as the only entry that can visit the email sever. This frame separated the email security problems to 3 layer: the network layer , the core layer and the application layer. On the core layer , based on the high level security of network's characteristic, we designed and realized the HIDS using system process audit. On the network layer , the SEGAN using a NIDS that includes a misuse classifier based on the SNORT rules and a abnormal classifier that based on SVM to detect the attack IP packets. On the application layer , the system defense the hostile email depend on two modules: the Spam Detect Module and the Hostile Email Detect Module.This paper includes such works as below: designed the Email Security Detection and Identification System which is independent of the email sever, realized the key technique――Email Capture, Email Revert , and Email Transmit. Designed the HIDS that protected the email sever and the NIDS that protect the Email Security Detection and Identification System. On the other hand, in this paper, the BSDA-BOMC Arithmetic and the EBDA-BOSC Arithmetic are brought forward. The BSDA-BOMC Arithmetic is used to detect the hostile net script and the EBDA-BOSC Arithmetic which is used to detect email bomb.There are five chapters in this essayChapter 1 Introduction In this chapter there is a brief introduction on research situation of e-mail security technology at home and abroad and the research work what this essay has done.Chapter 2 The overall architecture of the e-mail security detection and recognition system In this part the design of a separate logical and physical architecture between the E-mail security detection and recognition system and mail server is discussed as well the advantage of this architecture compared with the traditional one.Chapter3 Design and implementation of IDS components in E-mail security detection and recognition systemThere are detailed discussions on design and implementation technology of NIDS components which guarantee the system security at the network layer and HIDS components which guarantee the mail server security at the kernel layer. Then in the next part a method which combined the SVM classifiers anomaly detection and the detection which extracts the distributed attack result from misusing the rule is put forward as well its implementation details.Chapter 4 Malicious message detection moduleThere is a detailed description on design and implementation of anti-malware module in this chapter. As for the current popular e-mail bomb attacks and malicious web scripts, the mail bomb detection algorithm based on message size of the audit and malicious web page script attack detection algorithm based on Markov chain are proposed respectively. Then the detailed description on the implementation of these two algorithms in the malicious email detection module is followed.Chapter 5 System performance analysis and system deficiencies and the reasons This chapter shows the test data of prototype system firstly, and then discusses the e-mail security detection and recognition system performance, finally, analyzes the drawback of the system and the reasons.