特徵保存之電子郵件封包樣本匿名化之研究

為了防禦越來越複雜的網路攻擊手法，需要更有效的惡意行為封包的分析能力，在分享封包給資訊安全單位進行分析時，需要先進行匿名化處理以保護網路使用者隱私，現有的匿名化工具著重於封包標頭的處理，封包負載經過匿名化過後保留的訊息非常有限，我們希望在保護被分享封包的中隱私的同時，能保留下更多被分享封包中有助於資訊安全分析的資訊，在本篇論文中會針對郵件封包中的簡單郵件傳輸協定(Simple Mail Transfer Protocol, SMTP)以及郵局協定(Post Office Protocol, POP)封包的標頭欄位以及負載(payload)來進行處理，將隱私以及有分析價值的資訊區隔開，讓被分享封包能提供更多的資訊來幫助惡意行為的分析。

關鍵字

封包隱私；匿名化；封包分享；惡意行為分析

並列摘要

Network packets in traffic traces contain privacy information. Anonimize traffic traces before they are released to be used in devising a new attack detecting strategy is a critical operation to retain the privacy of the users whose communication were recorded in the traces. The existing anonimization tools focus their efforts on packet header processing. The payload are usually nullified which result in very limited information remained to be used for analysis purpose. In order to satisfy the privacy requirement while retain as much non privacy information as possible, we propose a set of new anonimization schemes to be used on SMTP and POP protocol packets. The propose schemes have been implemented and can be easily used to anonimize contents of packets to the said protocols.

並列關鍵字

malicious behavior analysis ； packet sharing ； packet privacy ； anonymization

參考文獻

[6]Parekh J. J., Wang K., Stolfo S., “Privacy-Preserving Payload-Based Correlation for Accurate

[1]Sweeney L., “k-anonymity: a model for protecting privacy,” International Journal on Uncertainty,

[2]Samarati P., Sweeney L., “Generalizing data to provide anonymity when disclosing information,”

17th ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems, New York,

[3]Fan J., Xu J., Mostafa H. M. H., Moon S. B., ”Prefix-Preserving IP address anonymization:

國際替代計量

特徵保存之電子郵件封包樣本匿名化之研究

全文下載

主題瀏覽