An approach to a virus detection in email
Dissertant
University
University of Technology
Faculty
-
Department
Computer Sciences Department
University Country
Iraq
Degree
Ph.D.
Degree Date
2004
English Abstract
Computer viruses pose an increasing risk to computer data integrity.
They cause loss of valuable data and cost an enormous amount in wasted effort in restoration/duplication of lost and damaged data.
As the problem of viruses increases, we need tools to detect them and to eradicate them from our systems. In order to protect a computer system from being infected by a computer virus, many individuals install anti-virus software assuming a shield of immunity has been put between them.
But this software detects only known viruses that have a signature for it in the its database.
They do nothing about unknown viruses the real problem. In this research we proposed a method for detecting unknown viruses in electronic mail (email) because many viruses spread via email.
We will attempt to process threats by designing a new detection method used to stop spreading of email viruses.
The system which is called EPS (Email Protect System) checks the email message that is transmitted through PCs environment that runs windows software and uses outlook express application. The proposed system consists of two stages : detection, and repairing.
The first stage detection depends on detection by behavior to detect the malicious statements that could cause a virus. The EPS opens an attachment files in two different forms, binary form and text form.
It first decodes the attachment file and then converts it either into binary or into text.
In this thesis the body of the message as well as the attachments is checked.
It searches the body from malicious command written in DOS commands.
The attachment checking is done in more than one type of malicious statement.
IT First is checking Macro command that is in Word document file attached to email.
Second, is checking jump operation in the beginning of file if the attached file is COM file.
The third is checking for changing an entry point or transferring of DTA (Disk Transfer Area), if the file is EXE file.
The last check is done for all executable files.
This checking consists of two checking's.
The first one is checking the malicious code written in DOS commands, and the second is checking the binary form of file from malicious code written in machine code, The second stage of the EPS is repairing stage.
It suggests three options for solving the problem.
It removes the virus code from the message before the vims spreads through environment.
Main Subjects
Information Technology and Computer Science
Topics
American Psychological Association (APA)
Kamal, Isra Wahbi. (2004). An approach to a virus detection in email. (Doctoral dissertations Theses and Dissertations Master). University of Technology, Iraq
https://search.emarefa.net/detail/BIM-306037
Modern Language Association (MLA)
Kamal, Isra Wahbi. An approach to a virus detection in email. (Doctoral dissertations Theses and Dissertations Master). University of Technology. (2004).
https://search.emarefa.net/detail/BIM-306037
American Medical Association (AMA)
Kamal, Isra Wahbi. (2004). An approach to a virus detection in email. (Doctoral dissertations Theses and Dissertations Master). University of Technology, Iraq
https://search.emarefa.net/detail/BIM-306037
Language
English
Data Type
Arab Theses
Record ID
BIM-306037
