利用电子邮件取证和内存取证识别欺骗邮件

Sanjeev Shukla, M. Misra, G. Varshney
{"title":"利用电子邮件取证和内存取证识别欺骗邮件","authors":"Sanjeev Shukla, M. Misra, G. Varshney","doi":"10.1145/3442520.3442527","DOIUrl":null,"url":null,"abstract":"Email forensics is the subdomain of network forensics, and email spoofing is the most common type of email attack. Email spoofing is a process of creating a forged message by manipulating the sender’s email address so that it appears to the recipient that the originating email is coming from a genuine sender. Spoofed email attack and its detection is a challenging problem in email forensic investigation. Research in the past has tried to address email detection by different mechanisms. This paper tries to improve and fill some of the research gaps from the base paper of R.P Iyer [11]. In our work, we detect spoofed emails received by the user by applying memory forensic approach. Instead of capturing the complete memory dump, we only capture the browser’s live running processes from memory and extract the email header for analysis. This reduces the size of the memory dump and makes detection fast. Also proposed detection algorithm overcomes messageID based detection failures by applying nslookup to fetch MX record to identify the genuine emails. The advantage of memory forensic application for spoofed email detection is that we get guaranteed non-repudiation of the user’s digital footprint in physical memory. The results of the performance analysis show that the entire task can be completed in approximately 1 min with high accuracy with minimum false positives. The proposed method detects spoofed emails without disrupting the regular operation of the testing machine.","PeriodicalId":340416,"journal":{"name":"Proceedings of the 2020 10th International Conference on Communication and Network Security","volume":"459 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Identification of Spoofed Emails by applying Email Forensics and Memory Forensics\",\"authors\":\"Sanjeev Shukla, M. Misra, G. Varshney\",\"doi\":\"10.1145/3442520.3442527\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Email forensics is the subdomain of network forensics, and email spoofing is the most common type of email attack. Email spoofing is a process of creating a forged message by manipulating the sender’s email address so that it appears to the recipient that the originating email is coming from a genuine sender. Spoofed email attack and its detection is a challenging problem in email forensic investigation. Research in the past has tried to address email detection by different mechanisms. This paper tries to improve and fill some of the research gaps from the base paper of R.P Iyer [11]. In our work, we detect spoofed emails received by the user by applying memory forensic approach. Instead of capturing the complete memory dump, we only capture the browser’s live running processes from memory and extract the email header for analysis. This reduces the size of the memory dump and makes detection fast. Also proposed detection algorithm overcomes messageID based detection failures by applying nslookup to fetch MX record to identify the genuine emails. The advantage of memory forensic application for spoofed email detection is that we get guaranteed non-repudiation of the user’s digital footprint in physical memory. The results of the performance analysis show that the entire task can be completed in approximately 1 min with high accuracy with minimum false positives. The proposed method detects spoofed emails without disrupting the regular operation of the testing machine.\",\"PeriodicalId\":340416,\"journal\":{\"name\":\"Proceedings of the 2020 10th International Conference on Communication and Network Security\",\"volume\":\"459 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-11-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2020 10th International Conference on Communication and Network Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3442520.3442527\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2020 10th International Conference on Communication and Network Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3442520.3442527","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3

摘要

电子邮件取证是网络取证的子领域,电子邮件欺骗是最常见的电子邮件攻击类型。电子邮件欺骗是通过操纵发件人的电子邮件地址来创建伪造信息的过程,以便在收件人看来,原始电子邮件来自真正的发件人。欺骗邮件攻击及其检测是电子邮件取证调查中的一个难题。过去的研究试图通过不同的机制来解决电子邮件检测问题。本文试图完善和填补R.P Iyer[11]基础论文的部分研究空白。在我们的工作中,我们通过应用内存取证方法检测用户收到的欺骗电子邮件。我们没有捕获完整的内存转储,而是从内存中捕获浏览器正在运行的进程,并提取电子邮件头以供分析。这减少了内存转储的大小,使检测更快。提出的检测算法克服了基于messageID的检测失败,通过nslookup获取MX记录来识别真实的电子邮件。内存取证应用程序用于欺骗电子邮件检测的优点是,我们可以保证用户在物理内存中的数字足迹不可否认。性能分析结果表明,整个任务可以在大约1分钟内完成,准确率高,假阳性最小。所提出的方法在不干扰试验机正常运行的情况下检测欺骗电子邮件。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Identification of Spoofed Emails by applying Email Forensics and Memory Forensics
Email forensics is the subdomain of network forensics, and email spoofing is the most common type of email attack. Email spoofing is a process of creating a forged message by manipulating the sender’s email address so that it appears to the recipient that the originating email is coming from a genuine sender. Spoofed email attack and its detection is a challenging problem in email forensic investigation. Research in the past has tried to address email detection by different mechanisms. This paper tries to improve and fill some of the research gaps from the base paper of R.P Iyer [11]. In our work, we detect spoofed emails received by the user by applying memory forensic approach. Instead of capturing the complete memory dump, we only capture the browser’s live running processes from memory and extract the email header for analysis. This reduces the size of the memory dump and makes detection fast. Also proposed detection algorithm overcomes messageID based detection failures by applying nslookup to fetch MX record to identify the genuine emails. The advantage of memory forensic application for spoofed email detection is that we get guaranteed non-repudiation of the user’s digital footprint in physical memory. The results of the performance analysis show that the entire task can be completed in approximately 1 min with high accuracy with minimum false positives. The proposed method detects spoofed emails without disrupting the regular operation of the testing machine.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
VCPEC: Vulnerability Correlation Analysis Based on Privilege Escalation and Coritivity Theory DIDroid: Android Malware Classification and Characterization Using Deep Image Learning Identification of Spoofed Emails by applying Email Forensics and Memory Forensics DIDarknet: A Contemporary Approach to Detect and Characterize the Darknet Traffic using Deep Image Learning The analysis method of security vulnerability based on the knowledge graph
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1