Combining Behavior Models to Secure Email Systems

  title={Combining Behavior Models to Secure Email Systems},
  author={S. Stolfo and Chia-Wei Hu and Wei-Jen Li and Shlomo Hershkop and Ke Wang and Olivier Nimeskern},
We introduce the Email Mining Toolkit (EMT), a system that implements behavior-based methods to improve security of email systems. Behavior models of email flows and email account usage may be used for a variety of detection tasks. Behavior-based models are quite different from "content-based" models in common use today, such as virus scanners. We evaluate the soundness of these techniques for the detection of the onset of viral propagations. The results achieved for the detection of the onset… 

Toward Email Archive Intrusion Detection

A simple probabilistic model of user email behavior that correlates email senders and users’ dispositions of email messages is developed, suggesting that anomaly detection is a feasible strategy for securing email archives, one that does not require changes in user authentication or access patterns.

A uniform approach for multilevel email security using image authentication, compression, OTP & cryptography

This work proposes a safe confirmation administration construction modelling ISA-CC (Image Sequence Authentication-Compression & Cryptography) that is picture based and wipes out the requirement for content passwords.

Detection of Anomalous Mailing Behavior Using Novel Data Mining Approaches

Empirical results indicate that this method of detecting anomalous mailing behavior, based on data mining, is highly accurate.

A survey on E-mail Security and Authentication Process

This paper focuses on novel information concealing methods gave by the field of steganography to confirm an encoded computerized signature, covered up in an advanced picture, using a calculation which utilizes these two procedures together and examines the execution of the framework.

Cipher Technique to Secure Email Contents

The paper provides a system called as the ‘Advance Cipher Technique (ACT)’ to secure the contents of the emails before it is sent over the email.

Indirect Human Computer Interaction-Based Biometrics for Intrusion Detection Systems

  • R.V. Yampolskiy
  • Computer Science
    2007 41st Annual IEEE International Carnahan Conference on Security Technology
  • 2007
This paper concentrates on the review and analysis of indirect human computer interaction-based biometrics frequently used in intrusion detection systems and an experimental demonstration of an intrusion detection system based on network traffic analysis.

One Class Model Training for Zero-Day Virus Detection

This version of MEF is an improvement over prior MEF version that was based upon training models to detect new viruses using examples of known viruses and known benign attachments, and trains models ONLY using known viral attachments.

An anti‐phishing enterprise environ model using feed‐forward backpropagation and Levenberg‐Marquardt method

A novel anti‐phishing model for enterprise using artificial neural network is proposed that effectively identifies whether the phishing email is known phishing or unknown phishing to reduce the trust and familiarity‐based email phishing enterprise environ.



MET: an experimental system for Malicious Email Tracking

MET is a database of statistics about the trajectory of email attachments in and out of a network system, and the culling together of these statistics across networks to present a global view of the spread of the malicious software.

MEF: Malicious Email Filter - A UNIX Mail Filter That Detects Malicious Windows Executables

A freely distributed malicious binary filter incorporated into Procmail that can detect malicious Windows attachments by integrating with a UNIX mail server and allows for the efficient propagation of detection models from a central server.

Learning Patterns from Unix Process Execution Traces for Intrusion Detection

The preliminary experiments to extend the work pioneered by Forrest on learning the (normal abnormal) patterns of Unix processes can be used to identify misuses of and intrusions in Unix systems indicate that machine learning can play an important role by generalizing stored sequence information to perhaps provide broader intrusion detection services.

Throttling viruses: restricting propagation to defeat malicious mobile code

  • Matthew M. Williamson
  • Computer Science
    18th Annual Computer Security Applications Conference, 2002. Proceedings.
  • 2002
A simple technique to limit the rate of connections to "new" machines that is remarkably effective at both slowing and halting virus propagation without affecting normal traffic is described.

Mining Audit Data to Build Intrusion Detection Models

A data mining framework for constructing intrusion detection models to mine system audit data for consistent and useful patterns of program and user behavior, and use the set of relevant system features presented in the patterns to compute classifiers that can recognize anomalies and known intrusions.

Email networks and the spread of computer viruses.

Empirically the structure of this network of connections between individuals over which the virus spreads is investigated using data drawn from a large computer installation, and the implications for the understanding and prevention of computer virus epidemics are discussed.

The "DGX" distribution for mining massive, skewed data

This paper proposes a new probability distribution, the Discrete Gaussian Exponential (DGX), to achieve excellent fits in a wide variety of settings; this new distribution includes the Zipf distribution as a special case.

Gauging Similarity with n-Grams: Language-Independent Categorization of Text

A language-independent means of gauging topical similarity in unrestricted text by combining information derived from n-grams with a simple vector-space technique that makes sorting, categorization, and retrieval feasible in a large multilingual collection of documents.

Computer Intrusion: Detecting Masquerades

This document is intended to be used for educational purposes only, and should not be used as a guide to deal with individuals or groups unfamiliar with the use of these services.

Estimating Continuous Distributions in Bayesian Classifiers

This paper abandon the normality assumption and instead use statistical methods for nonparametric density estimation for kernel estimation, which suggests that kernel estimation is a useful tool for learning Bayesian models.