WORM DETECTION: a monitoring behaviour based system

Electronic mail has become, in the recent years, with the growth of internet one of the most used methods of communication among people, institutions and companies. Some recent enhancement to the e-mail technology, like digital signature, drove to certified email, which will substitute standard communications like registered letters. Therefore it is simple to bet that electronic messages will continue to increase in the near and far future. Due to this phenomenon, virus and worm creators choose electronic messages as a preferred way for the diffusion of their executable codes and, as a result, hosts on the net are constantly under attack by malicious programs attached to e-mails. During my graduate thesis I developed a tool which analyzes e-mail traffic through a mail log server and it searches for anomalous behaviour. At the moment the system analyzes mailserver log off-line. I propose to furtherly develop this system: my purpose is to create an on-line monitoring system which can identify anomalies on a selected network and can react against them. The final and most important objective of the thesis is to find a behavioural signature for worm, so we can free antivirus software from daily updates.