Skip to main content
SpringerLink
Log in

Detecting Methods of Virus Email Based on Mail Header and Encoding Anomaly

  • Conference paper
Advances in Neuro-Information Processing (ICONIP 2008)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 5506))

Included in the following conference series:

  • 1621 Accesses

Abstract

In this paper, we try to develop a machine learning-based virus email detection method. The key feature of this paper is employing Mail Header and Encoding Anomaly(MHEA) [1]. MHEA is capable to distinguish virus emails from normal emails, and is composed of only 5 variables, which are obtained from particular email header fields. Generating signature from MHEA is easier than generating signature by analyzing a virus code, therefore, we feature MHEA as signature to distinguish virus emails. At first, we refine the element of MHEA by association analysis with our email dataset which is composed of 4,130 virus emails and 2,508 normal emails. The results indicate that the one element of MHEA should not be used to generate MHEA. Next, we explore a way to apply MHEA into detection methods against virus emails. Our proposed method is a hybrid of matching signature from MHEA(signature-based detection) and detecting with AdaBoost (anomaly detection). Our preliminary evaluation shows that f1 measure is 0.9928 and error rate is 0.75% in the case of our hybrid method, which outperforms other types of detection methods.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Arai, T.: Computer virus detection method using mail form information. In: Symposium on Cryptography and Information Security (SCIS 2007) (2007)

    Google Scholar 

  2. Sophos Corporation: Top 10 viruses reported to sophos in 2005 (2005), http://www.sophos.com/security/top-10/200512summary.html

  3. Information-technology Promotion Agency: Reporting status of computer virus - details for June 2008 (2008), http://www.ipa.go.jp/security/english/virus/press/200806/documents/Virus0806.pdf

  4. Moore, K.: MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII text. RFC 2047, Internet Engineering Task Force (1996)

    Google Scholar 

  5. Freed, N., Borenstein, N.: Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types. RFC 2046, Internet Engineering Task Force (1996)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Nara Institute of Science and Technology, 8916-5 Takayama, Ikoma, Nara, Japan

    Daisuke Miyamoto, Hiroaki Hazeyama & Youki Kadobayashi

Authors
  1. Daisuke Miyamoto
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hiroaki Hazeyama
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Youki Kadobayashi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Kyushu Institute of Technology, Network Design and Research Center, 680-4 Fukuoka, 820-8502, Kawazu, Iizuka, Japan

    Mario Köppen

  2. Knowledge Engineering and Discovery Research Institute (KEDRI), School of Computing and Mathematical Sciences, Auckland University of Technology, 350 Queen Street, 10110, Auckland, New Zealand

    Nikola Kasabov

  3. Department of Electrical and Computer Engineering, Robotics Laboratory, Auckland University of Technology, 38 Princes Street, 1142, Auckland, New Zealand

    George Coghill

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Miyamoto, D., Hazeyama, H., Kadobayashi, Y. (2009). Detecting Methods of Virus Email Based on Mail Header and Encoding Anomaly. In: Köppen, M., Kasabov, N., Coghill, G. (eds) Advances in Neuro-Information Processing. ICONIP 2008. Lecture Notes in Computer Science, vol 5506. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02490-0_67

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-02490-0_67

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-02489-4

  • Online ISBN: 978-3-642-02490-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation