2009 | OriginalPaper | Buchkapitel
Detecting Methods of Virus Email Based on Mail Header and Encoding Anomaly
verfasst von : Daisuke Miyamoto, Hiroaki Hazeyama, Youki Kadobayashi
Erschienen in: Advances in Neuro-Information Processing
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
In this paper, we try to develop a machine learning-based virus email detection method. The key feature of this paper is employing Mail Header and Encoding Anomaly(MHEA) [1]. MHEA is capable to distinguish virus emails from normal emails, and is composed of only 5 variables, which are obtained from particular email header fields. Generating signature from MHEA is easier than generating signature by analyzing a virus code, therefore, we feature MHEA as signature to distinguish virus emails. At first, we refine the element of MHEA by association analysis with our email dataset which is composed of 4,130 virus emails and 2,508 normal emails. The results indicate that the one element of MHEA should not be used to generate MHEA. Next, we explore a way to apply MHEA into detection methods against virus emails. Our proposed method is a hybrid of matching signature from MHEA(signature-based detection) and detecting with AdaBoost (anomaly detection). Our preliminary evaluation shows that
f
1
measure is 0.9928 and error rate is 0.75% in the case of our hybrid method, which outperforms other types of detection methods.