[转载]An EmailWorm Vaccine Architecture(页 1) - 骨干网络运营{ Backbone Security } - 蠕虫监控[ Anti DDoS ] - 邪恶八进制信息安全团队技术讨论组努力为祖国的信息安全撑起一片蓝天

EvilOctal 2006-3-15 22:17

[转载]An EmailWorm Vaccine Architecture

信息来源：[url]http://www1.cs.columbia.edu/~angelos/[/url]

We present an architecture for detecting “zero-day” worms and viruses in incoming email. Our main idea is to intercept every incoming message, prescan it for potentially dangerous attachments, and only deliver messages that are deemed safe. Unlike traditional scanning techniques that rely on some form of pattern matching (signatures), we use behavior-based anomaly detection. Under our approach, we “open” all suspicious attachments inside an instrumented virtual machine looking for dangerous actions, such as writing to the Windows registry, and ag suspicious messages.

页: [1]

邪恶八进制信息安全团队技术讨论组's Archiver

[转载]An EmailWorm Vaccine Architecture