Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ISPEC
2005
Springer
2005
Springer
An Email Worm Vaccine Architecture
We present an architecture for detecting “zero-day” worms and viruses in incoming email. Our main idea is to intercept every incoming message, prescan it for potentially dangerous attachments, and only deliver messages that are deemed safe. Unlike traditional scanning techniques that rely on some form of pattern matching (signatures), we use behavior-based anomaly detection. Under our approach, we “open” all suspicious attachments inside an instrumented virtual machine looking for dangerous actions, such as writing to the Windows registry, and flag suspicious messages. The attachment processing can be offloaded to a cluster of ancillary machines (as many as are needed to keep up with a site’s email load), thus not imposing any computational load on the mail server. Messages flagged are put in a “quarantine” area for further, more labor-intensive processing. Our implementation shows that we can use a large number of malwarechecking VMs operating in parallel to cope with...
Real-time TrafficBehavior-based Anomaly Detection | Dangerous Attachments | Instrumented Virtual Machine | ISPEC 2005 | Security Privacy |
| Added | 28 Jun 2010 |
| Updated | 28 Jun 2010 |
| Type | Conference |
| Year | 2005 |
| Where | ISPEC |
| Authors | Stelios Sidiroglou, John Ioannidis, Angelos D. Keromytis, Salvatore J. Stolfo |
Comments (0)
Researcher Info
|
