【摘要】 利用僵尸网络发送垃圾邮件是网络黑产领域常见的攻击手段,近年来随着区块链技术的广泛应用,借助数字货币实现匿名转账的新型勒索邮件攻击也逐渐兴起,给网络空间安全带来极大威胁.本研究以北京大学邮件系统为研究对象,设计了一套面向勒索欺诈邮件僵尸网络的分析框架,基于知识抽取实现勒索欺诈邮件的检测,采用预训练模型对邮件发送僵尸网络进行聚类分析,进一步探索攻击者利用加密货币的洗钱网络.在真实数据集上的实验结果表明,相比经典的邮件过滤模型,该框架可有效检测新型勒索欺诈邮件,抽取文本中的结构化语义信息,为勒索欺诈邮件等网络攻击行为的取证、溯源提供了思路.更多还原

【Abstract】 Using botnet to send spam is a common attack method of cyber blackmailers and extortionist. In recent years, with the widespread application of blockchain, a new type of extortion scam spam using bitcoin to achieve anonymous transfer have gradually emerged, which poses a great threat to cyber security. This paper aims to a university email system for spam botnet detection. We design a network forensics framework, which can identify extortion scam email and spam-sending botnet. Furthermore, this framework can also analyze the bitcoin money laundering network used by attacker. Experiment on real-world datasets shows that compared to some classic spam filtering models, our method has a higher recall rate on extortion scam email, while provides further analysis on botnet cluster and money laundering network.更多还原