Olivier Nimeskern

Learn More
The Malicious Email Tracking (MET) system, reported in a prior publication, is a behavior-based security system for email services. The Email Mining Toolkit (EMT) presented in this paper is an offline email archive data mining analysis system that is designed to compute models of malicious email behavior for deployment in an online MET system. EMT includes(More)
The Email Mining Toolkit (EMT) is a data mining system that computes <i>behavior profiles or models</i> of user email accounts. These models may be used for a multitude of tasks including forensic analyses and detection tasks of value to law enforcement and intelligence agencies, as well for as other typical tasks such as virus and spam detection. To(More)
This paper describes the forensic and intelligence analysis capabilities of the Email Mining Toolkit (EMT) under development at the Columbia Intrusion Detection (IDS) Lab. EMT provides the means of loading, parsing and analyzing email logs, including content, in a wide range of formats. Many tools and techniques have been available from the fields of(More)
The Email Mining Toolkit (EMT) is a data mining system that computes behavior profiles or models of user email accounts. These models may be used for a variety of forensic analyses and detection tasks. In this paper we focus on the application of these models to detect the early onset of a viral propagation without "contentbased" (or signature-based)(More)
We introduce the Email Mining Toolkit (EMT), a system that implements behavior-based methods to improve security of email systems. Behavior models of email flows and email account usage may be used for a variety of detection tasks. Behavior-based models are quite different from "content-based" models in common use today, such as virus scanners. We evaluate(More)
The Malicious Email Tracking (MET) system is an online "behavior-based" security system employing anomaly detection techniques to detect deviations from a system’s or user’s normal email behavior, rather than solely by attempting to identify known attacks against a system via signature-based methods. The Email Mining Toolkit (EMT) is an offline data(More)
  • 1