Analysis of e-mail attachment signatures for potential use by intrusion detection systems

Author

Archis Vijay Raje, West Virginia University

Semester

Spring

Date of Graduation

2004

Document Type

Thesis

Degree Type

MS

College

Statler College of Engineering and Mineral Resources

Department

Lane Department of Computer Science and Electrical Engineering

Committee Chair

Roy S. Nutter, Jr.

Abstract

Today, an Intrusion Detection System (IDS) is almost a necessity. The effectiveness of an IDS depends on the number of parameters it can monitor to report malicious activity. Current Intrusion Detection Systems monitor packet headers only.;This thesis investigates the possibility of monitoring network packet data as one of the parameters for IDS. This is done by finding a pattern in each type of payload. This pattern might then be related to the application to which it belongs. Based on this pattern, an attempt is made to determine if there is a difference in packets generated by different applications.;This investigation limits the classification to packets generated by E-mail attachments. Frequency of characters in packet data is used to generate a pattern. This frequency is limited to Base64 alphabets. Based on these patterns, certain E-mail attachments can be related to the source type of the attached file.

Recommended Citation

Raje, Archis Vijay, "Analysis of e-mail attachment signatures for potential use by intrusion detection systems" (2004). Graduate Theses, Dissertations, and Problem Reports. 1456.
https://researchrepository.wvu.edu/etd/1456