資訊管理學報
姜琇森;施東河;黃信銓;
頁: 1-28
日期: 2007/10
摘要: 隨著網際網路的興起,電腦安全成為一個重要的議題,目前普遍使用防毒軟體來防護電腦免於病毒的破壞。這類的防毒機制主要依賴「病毒碼」與「掃毒引擎」的更新才能預防新病毒。根據研究平均每天有8~10的新病毒產生,病毒碼更新的防毒方式沒辦法更新病毒碼之前,偵測到新的病毒,系統在新病毒出現而尚未有偵測病毒碼產生的這段期間是非常脆弱且危險的。本論文提出以本體論支援郵件病毒行為偵測及其知識管理的方法,針對郵件病毒的特性建立郵件病毒知識本體,以管理郵件病毒行為相關知識並據以偵測郵件病毒,並根據郵件病毒知識本體間概念與概念之間的關係形態轉換為模糊派翠網路結構進行推論,以偵測郵件病毒。本研究提出智慧型的嵌入式郵件過濾裝置,架設於電子郵件閘道口的郵件安全系統,透過郵件病毒推論引擎,過濾郵件病毒。本研究之電子郵件過濾系統提供友善的web-based管理介面,方便管理者進行系統管理及一般使用者來收發信件。
關鍵字: 本體論;模糊派翠網路;郵件病毒;嵌入式系統;
Abstract: The widespread of Internet causes computer security becomes an important issue. Currently, anti-virus software is the primary mechanism to prevent computers from the damage of virus. Such mechanism relies on the update of virus pattern (or signature) and scan engine to detect a new virus. Eight to ten viruses are created every day and most cannot be accurately detected until signatures have been generated for them. During this time period, systems protected by signature-based algorithms are vulnerable to attacks. We propose a method that uses ontology to support the behavior detection and the knowledge management of email virus. It constructs the ontology of the email virus in accords with the behavior characteristics of the email virus. It then uses the ontology to detect as well as manage the behavior of mail virus. This paper transforms the ontology into fuzzy Petri-Nets to detect the email virus and transforms it into fuzzy Petri-Nets automatically. Finally, we use Protégé 2000 to implement and manage the email virus behavior ontology. We designed and implemented an intelligent email filter with embedded system. It acts as an email gateway to filter inbound messages by enforcing an email virus rule's policies. In the embedded system, we also provided a web-based administrative interface for the system administrators to do the system configuration and to set up their email virus rule filtering policies.
Keywords: Ontology;Fuzzy Petri Net;Email viruses;Embedded System;
瀏覽次數: 13322 下載次數: 231
引用 導入Endnote
頁: 1-28
日期: 2007/10
摘要: 隨著網際網路的興起,電腦安全成為一個重要的議題,目前普遍使用防毒軟體來防護電腦免於病毒的破壞。這類的防毒機制主要依賴「病毒碼」與「掃毒引擎」的更新才能預防新病毒。根據研究平均每天有8~10的新病毒產生,病毒碼更新的防毒方式沒辦法更新病毒碼之前,偵測到新的病毒,系統在新病毒出現而尚未有偵測病毒碼產生的這段期間是非常脆弱且危險的。本論文提出以本體論支援郵件病毒行為偵測及其知識管理的方法,針對郵件病毒的特性建立郵件病毒知識本體,以管理郵件病毒行為相關知識並據以偵測郵件病毒,並根據郵件病毒知識本體間概念與概念之間的關係形態轉換為模糊派翠網路結構進行推論,以偵測郵件病毒。本研究提出智慧型的嵌入式郵件過濾裝置,架設於電子郵件閘道口的郵件安全系統,透過郵件病毒推論引擎,過濾郵件病毒。本研究之電子郵件過濾系統提供友善的web-based管理介面,方便管理者進行系統管理及一般使用者來收發信件。
關鍵字: 本體論;模糊派翠網路;郵件病毒;嵌入式系統;
Ontology-Based Malicious Email Detection
Abstract: The widespread of Internet causes computer security becomes an important issue. Currently, anti-virus software is the primary mechanism to prevent computers from the damage of virus. Such mechanism relies on the update of virus pattern (or signature) and scan engine to detect a new virus. Eight to ten viruses are created every day and most cannot be accurately detected until signatures have been generated for them. During this time period, systems protected by signature-based algorithms are vulnerable to attacks. We propose a method that uses ontology to support the behavior detection and the knowledge management of email virus. It constructs the ontology of the email virus in accords with the behavior characteristics of the email virus. It then uses the ontology to detect as well as manage the behavior of mail virus. This paper transforms the ontology into fuzzy Petri-Nets to detect the email virus and transforms it into fuzzy Petri-Nets automatically. Finally, we use Protégé 2000 to implement and manage the email virus behavior ontology. We designed and implemented an intelligent email filter with embedded system. It acts as an email gateway to filter inbound messages by enforcing an email virus rule's policies. In the embedded system, we also provided a web-based administrative interface for the system administrators to do the system configuration and to set up their email virus rule filtering policies.
Keywords: Ontology;Fuzzy Petri Net;Email viruses;Embedded System;
瀏覽次數: 13322 下載次數: 231
引用 導入Endnote