Detection of Virus Patterns in Emails Project

Home » Projects Ideas » Detection of Virus Patterns in Emails Project
Projects Ideas No Comments

Detection of Virus Patterns in Emails Project

Description of Problem Statement

The detection of unknown viruses is beyond the capability of many existing virus detection approaches. The objective of the project is to develop a prototype system, that will detect the virus which spread via email which have no signatures i.e new and lethal to today’s internet community by using proactive customization of system behaviors at email server. This project also aims to find the signature of the newly found virus (virus having no signature) to help curb the spread of virus at its juvenile phase.

Scope of Definition

The damage caused by computer viruses is more serious than ever in today’s society,

where personal communication, corporate business, and social infrastructures heavily depend on computer networks.

Unfortunately, email attachments have become a popular method of spreading malicious codes over the network. It has lead to the rise of anti-virus industry and it is now almost obligatory for us to have anti-virus programs on personal computers and/or email servers. Yet we keep hearing reports on new viruses and warnings that we have to update pattern files to avoid infection and further spread.

The main reason is that current anti-virus programs rely on byte-to-byte comparison between files, where binary strings taken from previously captured viruses are used as unique signatures. Since a file is recognized as a virus only if it contains matching signatures in the pattern file, it is impossible to detect previously unknown viruses.

This project aims to tackle the problem by running suspicious programs in a virtual isolated & monitored computer environment. The monitored resources in the environment are those which are common to virus for spreading itself (like address book etc). This project further go ahead to extract the signature of newly found virus to help the internet community to curb it.
Architecture Of Our Proposed Solution

Detection of Virus diagrams Detection of Virus Patterns
Detection of Virus Patterns Implementation

The prototype prevents e-mail containing new and unknown outbreak viruses from  spreading to unsuspecting users, working with  SMTP-based e-mail server to:

Intercept e-mail at the network edge.
Execute and monitor the e-mail in a secure, virtual environment, and
Quarantine any e-mail exhibiting malicious behavior before delivery to the target user.

The above mentioned steps are implemented as follows:

 Stage 1:

When the email with attachments arrives at the e-mail server it is delivered to the mail content filtering tool which extracts the attachments and transports it to the virtual machine.

Stage 2:

The attachment is executed & monitored in the secure isolated environment of virtual machine running on the same host. The malicious activities is intercepted by hooking the various resources that virus may infect or use to spread it effect.

Stage 3:

Once the malicious activity is detected in the virtual machine it is reported back to the mail server which then quarantines the e-mail containing the concerned attachment and than tries to extract signature for the scanner antivirus so next time it can be caught without having need to check its behavior.
Key benefits are as follows

Executes e-mail and attachments in a virtual environment at the network edge, before reaching the target user.
Observes the attempted behavior of suspect e-mail to determine its intent
Quarantines e-mail demonstrating suspicious or malicious behavior
Enables quarantined e-mails to be analyzed and cleaned by an administrator for future delivery.

Hardware Requirement
Linux 9 with a minimum configuration as follows

Processor         : P IV 1.5 GHz
RAM               : 256 MB
Hard disk        : 40 GB
Monitor           : 14 inch SVGA color
Peripherals       : Mouse, 101 key board, 3.5 inch floppy drive, 32X  CD-ROM drive.
Utilities           :  SMTP.

Workstations with a minimum configuration as follows

Processor         : P III – 800 MHz or equivalent
RAM               : 128 MB
Hard disk        : 10 GB
Monitor           : 14 inch SVGA color
Peripherals       : Mouse, 101 key board

 Software Requirement         

Linux (9 or above ) , Windows  X P.
VMware.

LEAVE A COMMENT