检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:陈远志 陈飞跃 郎君 CHEN Yuanzhi;CHEN Feiyue;LANG Jun(The Third Research Institute of the Ministry of Public Security,Shanghai 200030,China;Network Security Bureau of the Ministry of Public Security,Beijing 100010,China)
机构地区:[1]公安部第三研究所,上海200030 [2]公安部网络安全保卫局,北京100010
出 处:《信息安全与通信保密》2023年第10期50-59,共10页Information Security and Communications Privacy
摘 要:基于当前电子邮件技术发展现状,总结梳理我国邮件安全总体态势及面临的风险隐患。从社会工程学视角出发,研究近年来主流网络钓鱼邮件攻击的方式、类型和使用技术,介绍邮件恶意附件常用的恶意木马、自解压文件、动态链接库侧加载等攻击技术的工作原理。分析生成式AI机器人、多片段程序编码混淆等新型信息技术加剧钓鱼邮件攻击的风险隐患,并结合理论和现实情况,就如何防范应对新型钓鱼邮件攻击提出对策建议。Based on the status quo of email technology development,this paper summarizes and reviews the overall situation and hidden risks of email security in China.From the perspective of social engineering,it studies the methods,types and application techniques of mainstream phishing email attacks in recent years,and introduces the working principles of malicious Trojan horse,self-extracting file and dynamic link library side loading and other attack techniques commonly used in malicious attachments to emails.This paper analyzes the risks and hidden dangers of phishing email attacks aggravated by new information technologies such as generative AI robot and multi-fragment program coding confusion,and puts forward countermeasures and suggestions on how to prevent and deal with the new phishing emailattacks based on theory and reality.
分 类 号:TP309.2[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.142.200.134
