Mail metadata processing method and device, storage medium, and electronic device

A processing method and metadata technology, applied in the field of network security, can solve the problems of network attack defense lag, no solution found, etc., to achieve the effect of improving the ability of analysis, tracking and positioning

Active Publication Date: 2022-07-05
BEIJING QIANXIN TECH
View PDF9 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At present, there is no plan to obtain threat intelligence in advance when these attacks occur in a small area, and carry out early warning and defense on a large scale
Defenses leading to cyberattacks lag
[0005] For the above-mentioned problems existing in related technologies, no effective solution has been found yet

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Mail metadata processing method and device, storage medium, and electronic device
  • Mail metadata processing method and device, storage medium, and electronic device
  • Mail metadata processing method and device, storage medium, and electronic device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0029] The method embodiment provided in Embodiment 1 of the present application may be executed in a server or a similar computing device. Take running on the server as an example, figure 1 It is a hardware structural block diagram of a mail metadata processing server according to an embodiment of the present invention. like figure 1 As shown, the server 10 may include one or more ( figure 1 Only one is shown in the above) processor 102 (the processor 102 may include, but is not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA, etc.) and a memory 104 for storing data. Optionally, the above server may also Transmission devices 106 and input and output devices 108 are included for communication functions. Those of ordinary skill in the art can understand that, figure 1 The shown structure is for illustration only, and does not limit the structure of the above server. For example, the server 10 may also include a figure 1 mor...

Embodiment 2

[0060] This embodiment also provides an apparatus for processing email metadata, which may be a server. The apparatus is used to implement the above-mentioned embodiments and preferred implementations, and what has already been described will not be repeated. As used below, the term "module" may be a combination of software and / or hardware that implements a predetermined function. Although the apparatus described in the following embodiments is preferably implemented in software, implementations in hardware, or a combination of software and hardware, are also possible and contemplated.

[0061] Figure 5 is a structural block diagram of an apparatus for processing email metadata according to an embodiment of the present invention, which can be applied in a server, such as Figure 5 As shown, the device includes: a collection module 50, an identification module 52, and a setting module 54, wherein,

[0062] a collection module 50 for collecting mail samples;

[0063] The ide...

Embodiment 3

[0072] An embodiment of the present invention further provides a storage medium, where a computer program is stored in the storage medium, wherein the computer program is configured to execute the steps in any one of the above method embodiments when running.

[0073] Optionally, in this embodiment, the above-mentioned storage medium may be configured to store a computer program for executing the following steps:

[0074] S1, collect email samples;

[0075] S2, identifying the file type of the email sample by adopting the OWL rule of the network ontology language;

[0076] S3, extract the metadata of the email sample according to the file type, and set a metadata label;

[0077] S4, extracting data information from the user file according to the metadata tag, and determining whether the user file is a threat file that identifies the advanced persistent threat APT type according to the data information.

[0078] Optionally, in this embodiment, the above-mentioned storage medi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention provides a method and device for processing mail metadata, a storage medium and an electronic device, wherein the method includes: collecting mail samples; identifying the file type of the mail samples by using OWL rules of network ontology language; Extract the metadata of the email sample by type, and set the metadata tag; extract data information from the user file according to the metadata tag, and judge whether the user file is an APT type of identifying advanced persistent threats according to the data information threat file. The invention solves the technical problem of low efficiency in extracting metadata of mail samples in the related art.

Description

technical field [0001] The present invention relates to the field of network security, and in particular, to a method and device for processing email metadata, a storage medium, and an electronic device. Background technique [0002] Network attacks are attacks on electronic devices by hackers or virus Trojans, which bring huge losses to users by stealing files. [0003] When tracking and discovering Advanced Persistent Threat (APT) gangs, contextual correlation analysis is mainly performed based on malicious files, phishing emails and other attacks in network transmission. Attackers use malicious programs to control the intrusion of networks and information systems to steal sensitive data and damage the system and network environment. It is urgent to improve the detection rate and batch analysis capabilities of malicious samples spread in corporate networks. [0004] In the related art, in the field of computer security, network attacks are becoming more and more specializ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40H04L51/42G06F16/35G06F40/30
CPCH04L63/1441H04L63/1408G06F16/35H04L51/42G06F40/30
Inventor 白敏王天翔
Owner BEIJING QIANXIN TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap