A Stateful and Flow-Based Intrusion Prevention System for Email Applications

• Main Authors: Chih-Di Chen, 陳智迪
• Other Authors: Yuan-Sun Chu
• Format: Others
• Language: zh-TW
• Published: 2006
• Online Access: http://ndltd.ncl.edu.tw/handle/34303100233263168494

碩士 === 國立中正大學 === 電機工程所 === 95 === Recently years, an email has become more important communication for most users over Internet. As this popularity for emails, there are many email attackers who abuse emails to launch SMTP attacks and Spam mails to receivers.Although some technical countermeasures against SMTP attacks and Spam mails are proposed respectively, there is not an approach to prevent Spam mails as well as SMTP attack effectively. These proposed security technologies usually aim at signal threat so that it lack for an integral security technology to defend these problems. In order to prevent both Spam mails and SMTP attacks more effectively, in this thesis, we propose an integral approach which bases on the concept of PAD (Protocol Anomaly Detection) , adopting this concept implemented by finite state machine to inspect statefully whether email flows deviate from the normal behavior. We integrated the porposed approach with Snort to make it possess not only positive approach but also negative approach. Finally, we would hope the study that it can be a soulution for researchers who strong Snort more and more.