A study of two intrusion detection methods-from email virus detection to web content self-integrity measurement

• Main Authors: Da-Wei Lin, 林大為
• Other Authors: Yi-Min Chen
• Format: Others
• Language: zh-TW
• Published: 2006
• Online Access: http://ndltd.ncl.edu.tw/handle/9t5stc

博士 === 國立中央大學 === 資訊管理研究所 === 94 === Security assurance is the basis for success on the Internet. Viruses and worms constitute a great threat. Many countermeasures have been applied to counteract these malicious threats. Signature-based detection method works well only for a known virus or worm. It is very difficult to defend against an unknown virus or worm. Anomaly detection has the potential to detect unknown attacks. In this thesis, we proposed an abnormal mail detection method based on user mailing behavior. In our observation, human communication would form many parties. This characteristic can help us to differentiate the mailing behavior from email viruses. The proposed method can help us to detect new unknown viruses at the beginning of virus outbreak. To model user behavior is not easy, however, since user behavior may change over time. In the second part of this thesis, we propose a web content protection method which has a very low error rate. It is based on the concept of “integrity”, that is, the information content can be represented by an integrity value. Integrity is a unique value for any given information content. From a distinct prospective, we measure the integrity of Web content, instead of detecting the intrusion directly. If the integrity is violated it means that content modification has occurred. There is no needed of signature updating which is necessary in signature-based detection system. Besides, the computation time is better than that of the traditional type of signature-based detection systems in the long run. In the future, we plan to construct an email system by combining the integrity concept into the email system design.