ImageVerifierCode 换一换
格式:PDF , 页数:16 ,大小:118.95KB ,
资源ID:803444      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-803444.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ITU-T SERIES X SUPP 14-2012 ITU-T X 1243 C Supplement on a practical reference model for countering e-mail spam using botnet information (Study Group 17)《ITU-T X 1243推荐性规范抵制使用僵尸网络信.pdf)为本站会员(周芸)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ITU-T SERIES X SUPP 14-2012 ITU-T X 1243 C Supplement on a practical reference model for countering e-mail spam using botnet information (Study Group 17)《ITU-T X 1243推荐性规范抵制使用僵尸网络信.pdf

1、 International Telecommunication Union ITU-T Series XTELECOMMUNICATION STANDARDIZATION SECTOR OF ITU Supplement 14(09/2012) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY ITU-T X.1243 Supplement on a practical reference model for countering e-mail spam using botnet information ITU-

2、T X-series Recommendations Supplement 14 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS X.1X.199 OPEN SYSTEMS INTERCONNECTION X.200X.299 INTERWORKING BETWEEN NETWORKS X.300X.399 MESSAGE HANDLING SYSTEMS X.400X.499 DIRECTORY X.500X.599 OSI N

3、ETWORKING AND SYSTEM ASPECTS X.600X.699 OSI MANAGEMENT X.700X.799 SECURITY X.800X.849 OSI APPLICATIONS X.850X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 INFORMATION AND NETWORK SECURITY General security aspects X.1000X.1029 Network security X.1030X.1049 Security management X.1050X.1069 Telebiometric

4、s X.1080X.1099 SECURE APPLICATIONS AND SERVICES Multicast security X.1100X.1109 Home network security X.1110X.1119 Mobile security X.1120X.1139 Web security X.1140X.1149 Security protocols X.1150X.1159 Peer-to-peer security X.1160X.1169 Networked ID security X.1170X.1179 IPTV security X.1180X.1199 C

5、YBERSPACE SECURITY Cybersecurity X.1200X.1229 Countering spam X.1230X.1249 Identity management X.1250X.1279 SECURE APPLICATIONS AND SERVICES Emergency communications X.1300X.1309 Ubiquitous sensor network security X.1310X.1339 CYBERSECURITY INFORMATION EXCHANGE Overview of cybersecurity X.1500X.1519

6、 Vulnerability/state exchange X.1520X.1539 Event/incident/heuristics exchange X.1540X.1549 Exchange of policies X.1550X.1559 Heuristics and information request X.1560X.1569 Identification and discovery X.1570X.1579 Assured exchange X.1580X.1589 For further details, please refer to the list of ITU-T

7、Recommendations. X series Supplement 14 (09/2012) i Supplement 14 to ITU-T X-series Recommendations ITU-T X.1243 Supplement on a practical reference model for countering e-mail spam using botnet information Summary Botnets are a major source of e-mail spam. Botnet related devices, including master,

8、command and control (C&C) servers and infected computers, are decentralized on the Internet, which greatly challenges any party to identify botnets and discover specific botnet-related information. Therefore, information sharing becomes a crucial factor to counter e-mail spam sent by a botnet. This

9、Supplement provides a reference model which can be applied to the interactive gateway system for countering spam, in accordance with Recommendation ITU-T X.1243. In this reference model, spam-countering gateways can share botnet-related information with each other. This Supplement mainly focuses on

10、countering e-mail spam sent by a botnet. History Edition Recommendation Approval Study Group 1.0 ITU-T X Suppl. 14 2012-09-07 17 Keywords Botnet, e-mail, spam. ii X series Supplement 14 (09/2012) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the

11、 field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standa

12、rdizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is cov

13、ered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this publication, the expression “Administration“ is used for conciseness to indicat

14、e both a telecommunication administration and a recognized operating agency. Compliance with this publication is voluntary. However, the publication may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance with the publication is achieved when all

15、of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the publication is required of any party. INTELLECTUAL PROPERTY RIGHTS

16、ITU draws attention to the possibility that the practice or implementation of this publication may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU membe

17、rs or others outside of the publication development process. As of the date of approval of this publication, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this publication. However, implementers are cautioned that this may not represen

18、t the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2013 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. X series Supplement 14 (09/

19、2012) iii Table of Contents Page 1 Scope 1 2 References. 1 3 Definitions 1 3.1 Terms defined elsewhere 1 3.2 Terms defined in this Supplement 1 4 Abbreviations and acronyms 2 5 Conventions 2 6 Background . 2 7 Reference model for countering e-mail spam using botnet information 3 7.1 General architec

20、ture 3 7.2 Functional entities in botnet detection systems 4 7.3 Functional entities in spam-countering gateways . 5 7.4 System interfaces 5 8 Working procedure of the reference model 6 Bibliography. 7 X series Supplement 14 (09/2012) 1 Supplement 14 to ITU-T X-series Recommendations ITU-T X.1243 Su

21、pplement on a practical reference model for countering e-mail spam using botnet information 1 Scope This Supplement to ITU-T X-series Recommendations provides a practical reference model for countering e-mail spam sent by a botnet, which can be applied to the interactive spam-countering gateway spec

22、ified in ITU-T X.1243. This Supplement also specifies the working procedure, functional entities and system interfaces of this reference model. Furthermore, this Supplement describes the function for making signatures and filtering rules based on botnet information. The objective of this Supplement

23、is to design and implement an interactive gateway for countering e-mail spam. This Supplement mainly focuses on countering e-mail spam sent by a botnet. 2 References ITU-T X.1243 Recommendation ITU-T X.1243 (2010), Interactive gateway system for countering spam. 3 Definitions 3.1 Terms defined elsew

24、here This Supplement uses the following terms defined elsewhere: 3.1.1 bot b-ITU-T X.1244: Bot is a contraction of “robot“, which is a program that operates as an agent for a user or another program to simulate a human activity. 3.1.2 email b-ITU-T X.1241: This term is mainly used to indicate the el

25、ectronic mail transmitted over a telecommunication network. 3.1.3 email spam b-ITU-T X.1241: This term is used to describe unsolicited electronic communications over email, which is usually sent for specific purposes. 3.2 Terms defined in this Supplement This Supplement defines the following terms:

26、3.2.1 botnet: A collection of Internet-connected computers whose security defences have been breached and are controlled by an unknown party. Each compromised device, known as a “bot“, is created when a computer is penetrated by software from a malware distribution source. The controller of a botnet

27、 is able to direct the activities of these compromised computers through communication channels formed by standards-based network protocols. 3.2.2 botnet information: Botnet information refers to the topology-related information of a botnet, such as command and control (C&C) IP addresses, zombie IP

28、lists, binary update server IP addresses, spam template server IP addresses, etc. 3.2.3 botnet master: An individual responsible for controlling and maintaining a botnet. 3.2.4 command and control server: Server used as a command and control point by a botnet operator. 2 X series Supplement 14 (09/2

29、012) 4 Abbreviations and acronyms This Supplement uses the following abbreviations and acronyms: BDE Botnet Detection Engine BID Botnet Information Database C&C Command and Control DDoS Distributed Denial of Service ID Identity IP Internet Protocol LscDB Local spam-countering Database MMS Multimedia

30、 Messaging Service MX Mail exchange SCG Spam-Countering Gateway SMS Short Message Service SMTP Simple Mail Transfer Protocol SRM Spam Receiver Monitor function SSFRG Spam Signature and Filtering Rule Generator SSM Spam Sender Monitor function URL Uniform Resource Locator 5 Conventions None. 6 Backgr

31、ound A botnet is a collection of Internet-connected computers whose security defences have been breached and are controlled by an unknown party (see Figure 1). The botnet master can use the remotely controlled botnet to launch various kinds of attacks such as spam, distributed denial of service (DDo

32、S), theft of personal information, etc. The most significant characteristics of a botnet are that the botnet master can control every attack property (such as type, method and time, etc.), and that command and control (C&C) servers and infected computers are distributed all over the world. These fac

33、tors make it difficult to identify a botnet. X series Supplement 14 (09/2012) 3 X.Suppl.14(12)_F01BotnetmasterC and C ServerBot Bot Bot1. Spreadsmaliciouscodes 3. AccessesC and C server5. Updatescommand and control4. DeliverscommandBotnet Server / Host2. Computersbecome bots6. Initiatesattacks Figur

34、e 1 Common working procedure of a botnet Botnets have become the major source for e-mail spam, which generates massive unwanted e-mail traffic on networks and negatively influences e-mail receivers. First, a botnet master can send spamming attack commands to a C&C server. Second, after the C&C serve

35、r receives the command, the C&C server will update the attack information in the infected computers to include target addresses, e-mail content and the sending rate. Finally, the infected computers will send e-mail spam according to the attack information. Generally, the botnet uses normal e-mail ad

36、dresses as sender e-mail addresses. Meanwhile, the botnet generates e-mail content and subjects randomly. Therefore, it is difficult to detect e-mail spam from normal e-mails in network devices including e-mail servers. The e-mail spam is commonly filtered by e-mail receivers rather than e-mail serv

37、ers, which causes serious waste of network resources and negatively influences e-mail receivers. Considering that most e-mail spam is sent by botnets, it will be more effective and efficient to use botnet information for identification of e-mail spam. In addition, spam-filtering rules stored in e-ma

38、il gateways can be also updated simultaneously based on botnet information. It is very hard to identify botnet masters and C&C servers from botnets. It is also very difficult to recognize spam control and attack messages from Internet flows. Considering the above difficulties, it is more practical t

39、o identify infected computers and recognize e-mail spam in real time. Therefore, botnet information used for countering e-mail spam can generally be IP addresses of infected computers, behaviours of the botnet, etc. 7 Reference model for countering e-mail spam using botnet information 7.1 General ar

40、chitecture Botnet information usually needs to be synchronized between different spam-countering gateways via a botnet detection system. The general architecture for countering e-mail spam sent by a botnet is shown in Figure 2, which is in accordance with the architecture of the spam-countering gate

41、way (SCG) specified in ITU-T X.1243. 4 X series Supplement 14 (09/2012) X.Suppl.14(12)_F02Botnet detection engine(BDE)Botnet information database(BID)Botnet detection systemSpam-countering gateway 1Spam signature and filteringrule generator (SSFRG)Spam receiver monitor(SRM) functionSpam-countering g

42、ateway 2Spam signature and filteringrule generator (SSFRG)Spam-counteringpeerLocalcountering databasespam-Localcountering databasespam-User message Signalling Spam receiver monitor(SRM) functionSpam sender monitor(SSM) functionSpam sender monitorfunction(SSM) MessagesenderMessagesenderMessagereceive

43、rMessagereceiverFigure 2 Reference model for countering e-mail spam sent by a botnet In Figure 2, the detected botnet information is stored in the botnet information database (BID) after data pre-processing. The two functional entities, including the spam sender monitor (SSM) function and spam recei

44、ver monitor (SRM) function in the spam-countering gateway (SCG), can get botnet information from the BID. Then, the above two functional entities can monitor spamming activities from the botnet. If they find spamming activities, they will record the spam information, such as e-mail spam body, mail e

45、xchange (MX) queries, relay server and attached files. Afterwards, they will transmit it to the spam signature and filtering rule generator (SSFRG). The SSFRG will generate spam signature and filtering rules, which will be synchronized to the local spam-countering database (LscDB). 7.2 Functional en

46、tities in botnet detection systems A botnet detection system is used to detect, collect and store botnet information, which consists of two functional entities: the botnet detection engine (BDE) and the botnet information database (BID). BDE: This functional entity is used to collect the botnet info

47、rmation which will be transmitted to the BID either directly or after pre-processing. Many countries or organizations operate such botnet detection systems to obtain botnet information by means of honeypot detection, security incident analysis, network traffic analysis, malware analysis, etc. Best p

48、ractices are described in b-ITU-T X-Sup.8 BID: This functional entity is used to store botnet information. Botnet information can include C&C servers IP addresses/URLs, infected computers IP addresses, attack behaviours and information of related servers. The botnet information can be used to detect

49、 e-mail spam sent by a botnet. This functional entity also provides botnet information to other systems requiring it. X series Supplement 14 (09/2012) 5 7.3 Functional entities in spam-countering gateways Countering e-mail spam is mainly realized through SCGs. The SCG has three functional entities: the SSM, the SRM and the SSFRG. Generally, each SCG has a sender gateway function and receiver gateway function. The SSM can check which e-mails are sent by a botnet based on the botnet information on t

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1