usenix conference policies
You are here
MEF, Malicious Email Filter–A UNIX Mail Filter That Detects Malicious Windows Executables
Error message
You are not authorized to post comments.We present Malicious Email Filter, MEF, a freely distributed malicious binary filter incorporated into Procmail that can detect malicious Windows attachments by integrating with a UNIX mail server. The system has three capabilities: detection of known and unknown malicious attachments, tracking the propagation of malicious attachments and efficient model update algorithms.
The system filters multiple malicious attachments in an email by using detection models obtained from data mining over known malicious attachments. It leverages preliminary research in data mining applied to malicious executables which allows the detection of previously unseen, malicious attachments. In addition, the system provides a method for monitoring and measurement of the spread of malicious attachments. Finally, the system also allows for the efficient propagation of detection models from a central server. These updated models can be downloaded by a system administrator and easily incorporated into the current model. The system will be released under GPL in June 2001.
author = {Matthew G. Schultz and Eleazar Eskin and Manasi Bhattacharyya and Salvatore J. Stolfo},
title = {{MEF}, Malicious Email {Filter{\textendash}A} {UNIX} Mail Filter That Detects Malicious Windows Executables},
booktitle = {2001 USENIX Annual Technical Conference (USENIX ATC 01)},
year = {2001},
address = {Boston, MA},
url = {https://www.usenix.org/conference/2001-usenix-annual-technical-conference/mef-malicious-email-filter{\textendash}-unix-mail-filter},
publisher = {USENIX Association},
month = jun
}
connect with us