EMT/MET: systems for modeling and detecting errant email

  title={EMT/MET: systems for modeling and detecting errant email},
  author={S. Stolfo and Shlomo Hershkop and Ke Wang and Olivier Nimeskern},
  journal={Proceedings DARPA Information Survivability Conference and Exposition},
  pages={290-295 vol.2}
The Malicious Email Tracking (MET) system is an online "behavior-based" security system employing anomaly detection techniques to detect deviations from a system's or user's normal email behavior, rather than solely by attempting to identify known attacks against a system via signature-based methods. The Email Mining Toolkit (EMT) is an offline data analysis system designed to assist a security analyst compute, visualize and test models of email behavior for use in MET. In this paper, we… 

Figures from this paper

A Survey on: Email Security for Targeted Malicious Attacks

This study first documents the existence of TME, characterizes it as a form of malicious email attack different than spam, phishing and other conventional illegitimate email, and proposes and implements new methods for detecting malicious email.

Performance analysis of email systems under three types of attacks

Data Analysis for Application to Cyber Forensic Investigation using Data Mining

The results obtained in the previous work on statistical analysis are enhanced and the findings on e-mail classification experiments are provided and the intent of the proposed system is to provide assistance during forensic investigation.

Trusted Behavior Based Spam Filtering

  • Cong WangJianyi Liu
  • Computer Science
    2010 International Conference on Web Information Systems and Mining
  • 2010
An integrated Anti-Spam framework is designed combining the trusted behavior recognition with Bayesian Analysis, and the effectiveness of both the trusted Behavior recognition and the integrated filter are evaluated.

Improving Digital Forensics Through Data Mining

This paper considers as a vehicle the Enron scandal, which is recognized to be the biggest audit failure in the U.S. corporate history, and focuses on the textual analysis of the electronic messages sent by Enron employees, using clustering techniques.

Spam Behavior Recognition Based on Session Layer Data Mining

This paper proposes a novel approach to counter spam based on spam behavior recognition using Decision Tree learned from data maintained during transfer sessions, combining the Behavior Classification with a Bayesian classification.

Combining behavior and Bayesian Chinese spam filter

  • Chengcheng LiJianyi Liu
  • Computer Science
    2009 IEEE International Conference on Network Infrastructure and Digital Content
  • 2009
A novel approach based on spam behavior recognition during transfer sessions which enables normal servers to detect malicious connections before email body delivered, contributes much to save network bandwidth wasted by spam emails.

Mining E-mail Content for Cyber Forensic Investigation

A proposed framework for data mining techniques and tools used extensively for extracting evidences from huge e-mail ensembles for cyber forensic investigation is described and implementation of first module,e-mail statistical analysis of the framework is given.