Electrical Engineering
      and Computer Sciences

Electrical Engineering and Computer Sciences

COLLEGE OF ENGINEERING

UC Berkeley

Designing, Implementing, and Analyzing a System for Virus Detection

Blaine Alan Nelson

EECS Department
University of California, Berkeley
Technical Report No. UCB/EECS-2006-27
March 19, 2006

http://www.eecs.berkeley.edu/Pubs/TechRpts/2006/EECS-2006-27.pdf

In spite of advances in viral detection, the rapid proliferation of novel mass-mailing worms continues to pose a daunting threat to network administration. The crux of this problem is the slow dissemination of the up-to-date virus signatures required by traditional systems to effectively halt viral spread. Such signatures are primarily generated manually after samples of the novel worm are submitted to the anti-virus company for analysis - a process that leaves most systems open to attack for hours or days. In modern high-speed systems, this response time is becoming increasingly inadequate to prevent devastating viral epidemics that waste value network resources. In this thesis, we present and evaluate a statistical learning system for addressing the mass-mailing worm threat. We propose a multi-tiered learning system that learns user's emailing characteristics. By monitoring the behavior of outgoing email, our system was empirically able to differentiate between normal behavior and novel worm outbreaks. In our experiments on six email-born viruses with varying characteristics, our system achieved 99% accuracy in most cases, demonstrating the effectiveness of our approach. We also look beyond the current state-of-the-art in viral techniques by developing a naive model for analyzing the effectiveness of our statistical classifiers against threats poised by unforeseen viral adversaries determined to subvert our deterrents.

Advisor: Anthony D. Joseph


BibTeX citation:

@mastersthesis{Nelson:EECS-2006-27,
    Author = {Nelson, Blaine Alan},
    Title = {Designing, Implementing, and Analyzing a System for Virus Detection},
    School = {EECS Department, University of California, Berkeley},
    Year = {2006},
    Month = {Mar},
    URL = {http://www.eecs.berkeley.edu/Pubs/TechRpts/2006/EECS-2006-27.html},
    Number = {UCB/EECS-2006-27},
    Abstract = {In spite of advances in viral detection, the rapid proliferation of novel mass-mailing worms continues to pose a daunting threat to network administration.  The crux of this problem is the slow dissemination of the up-to-date virus signatures required by traditional systems to effectively halt viral spread.  Such signatures are primarily generated manually after samples of the novel worm are submitted to the anti-virus company for analysis - a process that leaves most systems open to attack for hours or days.  In modern high-speed systems, this response time is becoming increasingly inadequate to prevent devastating viral epidemics that waste value network resources.

In this thesis, we present and evaluate a statistical learning system for addressing the mass-mailing worm threat.  We propose a multi-tiered learning system that learns user's emailing characteristics.  By monitoring the behavior of outgoing email, our system was empirically able to differentiate between normal behavior and novel worm outbreaks.  In our experiments on six email-born viruses with varying characteristics, our system achieved 99% accuracy in most cases, demonstrating the effectiveness of our approach.  We also look beyond the current state-of-the-art in viral techniques by developing a naive model for analyzing the effectiveness of our statistical classifiers against threats poised by unforeseen viral adversaries determined to subvert our deterrents.}
}

EndNote citation:

%0 Thesis
%A Nelson, Blaine Alan
%T Designing, Implementing, and Analyzing a System for Virus Detection
%I EECS Department, University of California, Berkeley
%D 2006
%8 March 19
%@ UCB/EECS-2006-27
%U http://www.eecs.berkeley.edu/Pubs/TechRpts/2006/EECS-2006-27.html
%F Nelson:EECS-2006-27