Unknown virus detection and prevention
Paul Hodgson BT Exact
This paper rejects as unrealistic the assumption that unknown novel viruses can be prevented from entering networks, and
argues that the best solution to the new and unknown virus problem is rapid detection and elimination of viral spread.
It presents a novel and minimally disruptive method to solve this problem that takes a proactive intrusion prevention
approach on corporate email systems, and demonstrates an effective defense against a real attack.
A user-definable number of records are read from the end of the Exchange Server tracking logs at definable intervals.
Originator information is extracted and mapped onto a two-dimensional grid that represents the organizational
structure of the company. As well as this being an automated solution the novel visual representation allows an
administrator to manually monitor viral spread across the company and drill down to individual client machines.
To minimize false positives, any machine emitting an above threshold number of emissions as defined by a user-profile
database is quarantined and all suspect sent messages are put into recall on all destination company servers. After viral
laboratory analysis of any suspicious sample, messages are allowed to continue or are deleted.
