A Behavior-Based Approach to Securing Email Systems

@inproceedings{Stolfo2003ABA,
  title={A Behavior-Based Approach to Securing Email Systems},
  author={S. Stolfo and S. Hershkop and Ke Wang and Olivier Nimeskern and Chia-Wei Hu},
  booktitle={MMM-ACNS},
  year={2003}
}
The Malicious Email Tracking (MET) system, reported in a prior publication, is a behavior-based security system for email services. [...] Key Method EMT includes a variety of behavior models for email attachments, user accounts and groups of accounts. Each model computed is used to detect anomalous and errant email behaviors. We report on the set of features implemented in the current version of EMT, and describe tests of the system and our plans for extensions to the set of models.Expand
WORM DETECTION: a monitoring behaviour based system
TLDR
The purpose is to create an on-line monitoring system which can identify anomalies on a selected network and can react against them, and to find a behavioural signature for worm, so antivirus software from daily updates is free. Expand
A Framework to Detect Novel Computer Viruses via System Calls
TLDR
A framework for detecting self-propagating email viruses based on deterministic system calls derived from associated email client’s dynamic link libraries (DLLs) and how to monitor and detect abnormal system calls in real-time from an email application. Expand
Behavior-based email analysis with application to spam detection
TLDR
The Email Mining Toolkit is a data mining toolkit designed to analyze offline email corpora, including the entire set of email sent and received by an individual user, revealing much information about individual users as well as the behavior of groups of users in an organization. Expand
Analyzing Behavioral Features for Email Classification
TLDR
The use of empirical analysis is used to select an optimum, novel collection of behavioral features of a user’s email traffic that enables the rapid detection of abnormal email activity and a demonstration of the effectiveness of outgoing email analysis using an application that detects worm propagation is demonstrated. Expand
A Multilayer Approach of Anomaly Detection for Email Systems
TLDR
This work introduces an anomaly detection system based on the layer correlation, which is capable of reducing false alarm rates and Bayesian networks and statistical analysis are used to build normal system models for the anomaly detection engine. Expand
Analyzing Network Traffic to Detect E-Mail Spamming Machines
E-Mail spam detection is a key problem in Cyber Security; and has evoked great interest to the research community. Various classification based and signature based systems have been proposed forExpand
Stopping Spam by Extrusion Detection
End users are often unaware that their systems have been compromised and are being used to send bulk unsolicited email (spam). We show how automated processing of the email logs recorded on theExpand
Email communications analysis: how to use computational intelligence methods and tools?
  • M. Negnevitsky, M. Lim, J. Hartnett, L. Reznik
  • Computer Science
  • CIHSPS 2005. Proceedings of the 2005 IEEE International Conference on Computational Intelligence for Homeland Security and Personal Safety, 2005.
  • 2005
TLDR
A review of the work related to the areas of dynamic modeling and link prediction of social networks, and anomaly detection for detecting changes in the behavior of e-mail usage and the feasibility of neural networks and fuzzy logic methodologies applications for a change detection system design are discussed. Expand
Research on Behavior Statistic Based Spam Filter
TLDR
Combing the common features of email messages, especially most of spam presence of hyperlink, the URL model is built and several behavior recognizing models can cooperate to detect spam. Expand
Email Communities of Interest
TLDR
The flow and frequency of user email is measured toward the identification of communities of interest (COI)–groups of users that have a common bond that will be useful in automating email management, e.g., topical classification, flagging important missives, and SPAM mitigation. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 21 REFERENCES
MET: an experimental system for Malicious Email Tracking
TLDR
MET is a database of statistics about the trajectory of email attachments in and out of a network system, and the culling together of these statistics across networks to present a global view of the spread of the malicious software. Expand
MEF: Malicious Email Filter - A UNIX Mail Filter That Detects Malicious Windows Executables
TLDR
A freely distributed malicious binary filter incorporated into Procmail that can detect malicious Windows attachments by integrating with a UNIX mail server and allows for the efficient propagation of detection models from a central server. Expand
Learning Patterns from Unix Process Execution Traces for Intrusion Detection
TLDR
The preliminary experiments to extend the work pioneered by Forrest on learning the (normal abnormal) patterns of Unix processes can be used to identify misuses of and intrusions in Unix systems indicate that machine learning can play an important role by generalizing stored sequence information to perhaps provide broader intrusion detection services. Expand
Mining Audit Data to Build Intrusion Detection Models
TLDR
A data mining framework for constructing intrusion detection models to mine system audit data for consistent and useful patterns of program and user behavior, and use the set of relevant system features presented in the patterns to compute classifiers that can recognize anomalies and known intrusions. Expand
Throttling viruses: restricting propagation to defeat malicious mobile code
  • Matthew M. Williamson
  • Computer Science
  • 18th Annual Computer Security Applications Conference, 2002. Proceedings.
  • 2002
TLDR
A simple technique to limit the rate of connections to "new" machines that is remarkably effective at both slowing and halting virus propagation without affecting normal traffic is described. Expand
Email networks and the spread of computer viruses.
TLDR
Empirically the structure of this network of connections between individuals over which the virus spreads is investigated using data drawn from a large computer installation, and the implications for the understanding and prevention of computer virus epidemics are discussed. Expand
Gauging Similarity with n-Grams: Language-Independent Categorization of Text
TLDR
A language-independent means of gauging topical similarity in unrestricted text by combining information derived from n-grams with a simple vector-space technique that makes sorting, categorization, and retrieval feasible in a large multilingual collection of documents. Expand
The "DGX" distribution for mining massive, skewed data
TLDR
This paper proposes a new probability distribution, the Discrete Gaussian Exponential (DGX), to achieve excellent fits in a wide variety of settings; this new distribution includes the Zipf distribution as a special case. Expand
Computer Intrusion: Detecting Masquerades
TLDR
This document is intended to be used for educational purposes only, and should not be used as a guide to deal with individuals or groups unfamiliar with the use of these services. Expand
Research and Development in Knowledge Discovery and Data Mining
TLDR
This work presents an approach to goal recognition which uses a Dynamic Belief Network to represent domain features needed to identify users' goals and plans, and applies simple learning techniques to learn significant actions in the domain. Expand
...
1
2
3
...