• Publications
  • Influence
Behavior-based modeling and its application to Email analysis
TLDR
It is shown by way of simulation that virus propagations are detectable since viruses may emit emails at rates different than human behavior suggests is normal, and email is directed to groups of recipients in ways that violate the users' typical communications with their social groups. Expand
A Behavior-Based Approach to Securing Email Systems
TLDR
The Email Mining Toolkit (EMT) presented in this paper is an offline email archive data mining analysis system that is designed to assist computing models of malicious email behavior for deployment in an online MET system. Expand
Behavior Profiling of Email
TLDR
The forensic and intelligence analysis capabilities of the Email Mining Toolkit (EMT) under development at the Columbia Intrusion Detection (IDS) Lab are described. Expand
Detecting Viral Propagations Using Email Behavior Profiles
TLDR
It is shown by way of simulation that virus propagations are detectable since viruses may emit emails at rates different than human behavior suggests is normal, and email is directed to groups of recipients that violates the user’s typical communication with their social groups. Expand
Combining Behavior Models to Secure Email Systems
TLDR
The results achieved for the detection of the onset of viral propagations suggest email delivery should be egress rate limited stored for a while and then forwarded or a record of recently delivered emails should be kept in order to develop sufficient statistics to verify a propagation is ongoing. Expand
EMT/MET: systems for modeling and detecting errant email
TLDR
This paper enumerates the features implemented in the EMT system, an offline data analysis system designed to assist a security analyst compute, visualize and test models of email behavior for use in Malicious Email Tracking. Expand