Paper Info
Title
Detecting methods of virus email based on mail header and encoding anomaly
Abstract
In this paper, we try to develop a machine learning-based virus email detection method. The key feature of this paper is employing Mail Header and Encoding Anomaly(MHEA) [1]. MHEA is capable to distinguish virus emails from normal emails, and is composed of only 5 variables, which are obtained from particular email header fields. Generating signature from MHEA is easier than generating signature by analyzing a virus code, therefore, we feature MHEA as signature to distinguish virus emails. At first, we refine the element of MHEA by association analysis with our email dataset which is composed of 4,130 virus emails and 2,508 normal emails. The results indicate that the one element of MHEA should not be used to generate MHEA. Next, we explore a way to apply MHEA into detection methods against virus emails. Our proposed method is a hybrid of matching signature from MHEA (signature-based detection) and detecting with AdaBoost (anomaly detection). Our preliminary evaluation shows that f1 measure is 0.9928 and error rate is 0.75% in the case of our hybrid method, which outperforms other types of detection methods.
Year
Venue
Keywords
2008
ICONIP (1)
email dataset,anomaly detection,hybrid method,machine learning-based virus email,mail header,virus code,detection method,signature-based detection,encoding anomaly,generating signature,normal emails,virus emails,detecting method,error rate,association analysis,machine learning
Field
DocType
Volume
Anomaly detection,Data mining,AdaBoost,Pattern recognition,Computer science,Word error rate,Artificial intelligence,Header,Encoding (memory)
Conference
5506
ISSN
ISBN
Citations 
0302-9743
3-642-02489-0
2
PageRank 
References 
Authors
0.35
2
3
Name
Order
Citations
PageRank
Daisuke Miyamoto1324.20
Hiroaki Hazeyama216516.75
Youki Kadobayashi346365.10