A Behavior-Based Approach to Securing Email Systems


The Malicious Email Tracking (MET) system, reported in a prior publication, is a behavior-based security system for email services. The Email Mining Toolkit (EMT) presented in this paper is an offline email archive data mining analysis system that is designed to compute models of malicious email behavior for deployment in an online MET system. EMT includes a variety of behavior models for email attachments, user accounts and groups of accounts. Each model computed is used to detect anomalous and errant email behaviors. We report on the set of features implemented in the current version of EMT, and describe tests of the system and our plans for extensions to the set of models.

DOI: 10.1007/978-3-540-45215-7_5

Extracted Key Phrases

2 Figures and Tables


Citations per Year

70 Citations

Semantic Scholar estimates that this publication has 70 citations based on the available data.

See our FAQ for additional information.

Cite this paper

@inproceedings{Stolfo2003ABA, title={A Behavior-Based Approach to Securing Email Systems}, author={Salvatore J. Stolfo and Shlomo Hershkop and Ke Wang and Olivier Nimeskern and Chia-Wei Hu}, booktitle={MMM-ACNS}, year={2003} }