Behavior-based modeling and its application to Email analysis

@article{Stolfo2006BehaviorbasedMA,
  title={Behavior-based modeling and its application to Email analysis},
  author={S. Stolfo and Shlomo Hershkop and Chia-Wei Hu and Wei-Jen Li and Olivier Nimeskern and Ke Wang},
  journal={ACM Trans. Internet Techn.},
  year={2006},
  volume={6},
  pages={187-221}
}
The Email Mining Toolkit (EMT) is a data mining system that computes behavior profiles or models of user email accounts. These models may be used for a multitude of tasks including forensic analyses and detection tasks of value to law enforcement and intelligence agencies, as well for as other typical tasks such as virus and spam detection. To demonstrate the power of the methods, we focus on the application of these models to detect the early onset of a viral propagation without “content-base… Expand
Classifying and Identifying of Threats in E-mails - Using Data Mining Techniques
TLDR
It is shown that Naive Bayes classification approach is useful for predicting user's behavior and to organize the emails according to users constraints. Expand
High-speed detection of unsolicited bulk emails
We propose a Progressive Email Classifier (PEC) for high-speed classification of message patterns that are commonly associated with unsolicited bulk email (UNBE). PEC is designed to operate at theExpand
Anomaly Detection over User Profiles for Intrusion Detection
TLDR
It is shown that anomaly detection could also be host-based so that the normal usage patterns of an individual user could be profiled and that the combination of characteristics can significantly decrease the time taken to detect an intruder. Expand
Simulation of the Users' Email Behavior Based on BP-BDI Model
  • Yu Sheng, Jiang Rong, Wang Xiang
  • Computer Science
  • 2015 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery
  • 2015
TLDR
The BP-BDI model is proposed to simulate the user's behavior on email and the behavior learning module with BP neural network is constructed on the basis of BDI (Belief Desire Intention) model to learn theuser's past behavior of email. Expand
E-Mail Worm Detection Using Data Mining
TLDR
It is found that the proposed TPS selection along with SVM classification achieves the best accuracy in detecting both known and unknown types of worms. Expand
’ s repository of research publications and other research outputs Email shape analysis Conference or Workshop Item
Email has become an integral part of everyday life. Without a second thought we receive bills, bank statements, and sales promotions all to our inbox. Each email has hidden features that can beExpand
Computational intelligence in E-mail trafficanalysis
E-mail is an Internet application that has become a popular form of electronic communications, allowing people to quickly send messages to others and to distribute messages to large groups ofExpand
Social feature-based enterprise email classification without examining email contents
TLDR
The emphasis on social features in the proposed email classification method is a promising alternative for solving similar email classification problems, and experimental results demonstrate the high accuracy of the proposed method in classifying emails. Expand
Mining Interaction Behaviors for Email Reply Order Prediction
TLDR
This paper investigates user engagingness and responsiveness as two interaction behaviors that give us useful insights into how users email one another and proposes four types of models to quantify engagings and responsiveness of users. Expand
University ’ s repository of research publications and other research outputs Email shape analysis Conference Item
Email has become an integral part of everyday life. Without a second thought we receive bills, bank statements, and sales promotions all to our inbox. Each email has hidden features that can beExpand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 61 REFERENCES
Behavior Profiling of Email
TLDR
The forensic and intelligence analysis capabilities of the Email Mining Toolkit (EMT) under development at the Columbia Intrusion Detection (IDS) Lab are described. Expand
MET: an experimental system for Malicious Email Tracking
TLDR
MET is a database of statistics about the trajectory of email attachments in and out of a network system, and the culling together of these statistics across networks to present a global view of the spread of the malicious software. Expand
Behavior-based modeling and its application to Email analysis
The Email Mining Toolkit (EMT) is a data mining system that computes behavior profiles or models of user email accounts. These models may be used for a multitude of tasks including forensic analyse...
MEF: Malicious Email Filter - A UNIX Mail Filter That Detects Malicious Windows Executables
TLDR
A freely distributed malicious binary filter incorporated into Procmail that can detect malicious Windows attachments by integrating with a UNIX mail server and allows for the efficient propagation of detection models from a central server. Expand
Mining Audit Data to Build Intrusion Detection Models
TLDR
A data mining framework for constructing intrusion detection models to mine system audit data for consistent and useful patterns of program and user behavior, and use the set of relevant system features presented in the patterns to compute classifiers that can recognize anomalies and known intrusions. Expand
Temporal sequence learning and data reduction for anomaly detection
TLDR
An approach that transforms temporal sequences of discrete, unordered observations into a metric space via a similarity measure that encodes intra-attribute dependencies and demonstrates that it can accurately differentiate the profiled user from alternative users when the available features encode sufficient information. Expand
A framework for constructing features and models for intrusion detection systems
TLDR
A novel framework, MADAM ID, for Mining Audit Data for Automated Models for Instrusion Detection, which uses data mining algorithms to compute activity patterns from system audit data and extracts predictive features from the patterns. Expand
Learning Program Behavior Profiles for Intrusion Detection
TLDR
Three anomaly detection techniques for profiling program behavior that evolve from memorization to generalization are presented, which start from a simple equality matching algorithm for determining anomalous behavior, and evolve to a feed-forward backpropagation neural network for learning program behavior. Expand
Mining in a data-flow environment: experience in network intrusion detection
TLDR
It is shown that in order to minimize the time required in using the classification models in a real-time environment, the “necessary conditions” associated with the lowcost features can be exploited to determine whether some high-cost features need to be computed and the corresponding classification rules need to been checked. Expand
Distributed data mining in credit card fraud detection
TLDR
The proposed methods of combining multiple learned fraud detectors under a "cost model" are general and demonstrably useful; the empirical results demonstrate that they can significantly reduce loss due to fraud through distributed data mining of fraud models. Expand
...
1
2
3
4
5
...