Research On Malicious E-mail Detection Technology

E-mail is still one of the most frequently used tools for business contact and communication among governments,businesses,social organizations and individuals.With the large amount of leakage of personal privacy information,attackers can create targeted phishing emails with a high degree of information correlation by collecting relevant information about attack targets.Such emails have become an important means of current APT attacks and distributing ransomware.Aiming at the new threats and detection problems of malicious emails,this paper proposes a static malicious email detection technology based on multiple features and a dynamic malicious email detection technology based on virtualization platform.In order to further improve the detection accuracy and efficiency,a new hybrid technology of static and dynamic detection for malicious email is proposed.The detection methods use Ada Boost ensemble learning algorithm and Voting combination strategy to build a classification model,which effectively improves the detection accuracy and generalization ability of the overall classification model.The experimental results show that compared with the existing detection methods,the proposed malicious email detection method achieves a balanced and optimal accuracy and efficiency,and is also superior to major antivirus engines.In summary,the main research results of this paper are as follows:(1)A static malicious email detection technology based on multiple features is proposed.Based on rapid static analysis,a large number of reliable and distinguishable static features are extracted from the email header,body,and attachments at one time for the construction of a static classification detection model to achieve rapid and accurate detection of malicious email.(2)A dynamic malicious email detection technology based on virtualization platform is proposed.We simulate a user to open an email,use Virtual Machine Introspection(VMI)technology and Memory Forensics Analysis(MFA)technology to capture the dynamic behavior features of the email,effectively avoid the problems of evasion technology against traditional sandbox,and obtain more realistic and reliable email dynamic feature information,and improved the ability to detect targeted phishing emails.(3)This paper proposes an efficient combination of static and dynamic detectiontechnologies for new malicious emails.First,the static detection method is used to detect and filter out regular spam and phishing emails.The suspicious emails that are difficult to determine are detected using dynamic detection methods to detect high-risk targeted phishing emails,which improves the accuracy and efficiency of the detection method as a whole.(4)This paper finds the optimal machine learning algorithm model in static and dynamic detection methods respectively.With the help of Ada Boost ensemble learning method and Voting combination strategy,the classification accuracy and generalization ability of the overall classifier are effectively improved.In short,the malicious email detection technology proposed in this paper can improve the detection and discovery capabilities of targeted phishing emails,and has positive significance for ensuring the security of cyberspace.