« Malware Defense Using Network Security Authentication | Main | Cooperative Automated worm Response and Detection ImmuNe ALgorithm (CARDINAL) inspired by T-cell Immunity and Tolerance »
A Two-Layer Approach for Novel Email Worm Detection
We don't cover enough mass-mailer detection on wormblog. A pretty simple approach, and one that seems to have some merit.The rapid proliferation of novel email-borne worms poses new challenges for systems administrators. Traditional techniques for scanning email messages for viruses rely on up-to-date virus signatures. However, these signatures are primarily manually generated, can only be created after a sample of a virus has been received and identified by an antivirus company, and must be disseminated to each virus scanner. This process can take anywhere from hours to days to complete, an insufficient amount of time to prevent epidemics for rapidly propagating viruses. In this paper, we propose and evaluate an approach for catching such infections quickly. We combine sensitive novelty detection with a parametric classifier for increased accuracy. We provide preliminary results for six separate email-borne viruses with varying characteristics.Source: A Two-Layer Approach for Novel Email Worm Detection, Steve Martin Anil Sewani Blaine Nelson, Karl Chen Anthony D. Joseph.
December 2, 2005 in mass mailers, papers | Permalink
Tell others: digg submit
|
del.icio.us this
|
Reddit
Comments
The comments to this entry are closed.
