With the convenient use of e-mail, the rapid spread of the Internet, and the development of Internet technology, cyber attacks via e-mail are increasing.
For example, a variety of spam is sent through e-mail, e-mail spams are on the rise, and virus propagation using e-mail is also a growing problem.
To counter these threats, spam filtering and antivirus techniques have been devised, but conventional countermeasures only detect dangerous e-mail and prevent it from causing harm on the basis of information on already-known patterns.
More specifically, when a user puts an attachment file having a specific format, i.e., extension, or a specific e-mail address, in a block list, an e-mail having an attachment file of the set format or an e-mail sent from the set e-mail address is classified as spam thereafter.
In addition, in conventional spam processing using pattern matching, respective patterns of generated spam mail are stored in a database, and when a spam mail has a matching pattern, it is blocked.
In the same way, virus signatures are stored in a database, an antivirus program checks files, and when a virus signature is detected, the file is determined to be infected with a virus. In the same way, when the signature of an Internet worm is detected, the file is determined to be infected and processed.
However, the conventional techniques are only effective if the database of known spam or virus signatures is up to date. And, they are incapable of handling new, unknown spam and viruses. Thus, the conventional techniques are no defense against a zero-day attack.