Fwd: MEF, Malicious Email Filter--A UNIX Mail Filter That Detects Malicious Windows Executables

Mon, 23 Jul 2001 18:49:02 -0700 

fyi..

----------  Forwarded Message  ----------
Subject: MEF, Malicious Email Filter--A UNIX Mail Filter That Detects 
Malicious Windows Executables
Date: Mon, 23 Jul 2001 17:02:53 -0600
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]


MEF: Malicious Email Filter
A UNIX Mail Filter that Detects Malicious Windows Executables

Matthew G. Schultz and Eleazar Eskin
Department of Computer Science
Columbia University
{mgs,eeskin}@cs.columbia.edu

Erez Zadok
Department of Computer Science
State University of New York at Stony Brook
[EMAIL PROTECTED]

Manasi Bhattacharyya, and Salvatore J. Stolfo
Department of Computer Science
Columbia University
{mb551,sal}@cs.columbia.edu

Abstract:

We present Malicious Email Filter, MEF, a freely distributed malicious binary
filter incorporated into Procmail that can detect malicious Windows
attachments by integrating with a UNIX mail server. The system has three
capabilities: detection of known and unknown malicious attachments, tracking
the propagation of malicious attachments and efficient model update
algorithms.

The system filters multiple malicious attachments in an email by using
detection models obtained from data mining over known malicious attachments.
It leverages preliminary research in data mining applied to malicious
executables which allows the detection of previously unseen, malicious
attachments. In addition, the system provides a method for monitoring and
measurement of the spread of malicious attachments. Finally, the system also
allows for the efficient propagation of detection models from a central
server. These updated models can be downloaded by a system administrator and
easily incorporated into the current model. The system will be released under
GPL in June 2001.

http://www.cs.columbia.edu/~ezk/research/mef/freenix01.ps
http://www.cs.columbia.edu/~ezk/research/mef/freenix01.pdf
http://www.cs.columbia.edu/~ezk/research/mef/index.html

--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum

-------------------------------------------------------

-- 
Douglas J. Hunley ([EMAIL PROTECTED]) - Linux User #174778 
Admin: http://hunley.homeip.net/        Admin: http://linux.nf/ 
Brainbench Linux Administration Certified

~~ Now offering Linux admin services for the home user ~~

"If violence isn't solving your problems,
you're not using enough of it.."
_______________________________________________
http://linux.nf -- [EMAIL PROTECTED]
Archives, Subscribe, Unsubscribe, Digest, Etc 
->http://linux.nf/mailman/listinfo/linux-users

Reply via email to