Behavior Profiling of Email
- 1.5k Downloads
This paper describes the forensic and intelligence analysis capabilities of the Email Mining Toolkit (EMT) under development at the Columbia Intrusion Detection (IDS) Lab. EMT provides the means of loading, parsing and analyzing email logs, including content, in a wide range of formats. Many tools and techniques have been available from the fields of Information Retrieval (IR) and Natural Language Processing (NLP) for analyzing documents of various sorts, including emails. EMT, however, extends these kinds of analyses with an entirely new set of analyses that model “user behavior”. EMT thus models the behavior of individual user email accounts, or groups of accounts, including the “social cliques” revealed by a user’s email behavior.
KeywordsIntrusion Detection User Account Forensic Analysis Fraud Detection Cosine Distance
Unable to display preview. Download preview PDF.
- 1.M. Bhattacharyya, S. Hershkop, E. Eskin, and S. J. Stolfo. MET: An Experimental System for Malicious Email Tracking. In Proceedings of the 2002 New Security Paradigms Workshop (NSPW-2002). Virginia Beach, VA, September, 2002.Google Scholar
- 3.E. Eskin, A. Arnold, M. Prerau, L. Portnoy and S. J. Stolfo. A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data Data Mining for Security Applications. Kluwer 2002.Google Scholar
- 4.George H. John and Pat Langley. Estimating continuous distributions in bayesian classifiers In Proceedings of the Eleventh Conference on Uncertainty in Artificial Intelligence. Pages 338–345, 1995Google Scholar
- 5.Wenke Lee, Sal Stolfo, and Kui Mok. Mining Audit Data to Build Intrusion Detection Models In Proceedings of the Fourth International Conference on Knowledge Discovery and Data Mining (KDD’ 98), New York, NY, August 1998Google Scholar
- 6.Wenke Lee, Sal Stolfo, and Phil Chan. Learning Patterns from Unix Process Execution Traces for Intrusion Detection AAAI Workshop: AI Approaches to Fraud Detection and Risk Management, July 1997Google Scholar
- 7.Matthew G. Schultz, Eleazar Eskin, and Salvatore J. Stolfo. Malicious Email Filter — A UNIX Mail Filter that Detects Malicious Windows Executables. Proceedings of USENIX Annual Technical Conference-FREENIX Track. Boston, MA: June 2001.Google Scholar
- 9.Mitchell, T. Machine Learning, McGraw-Hill, 1997, pg. 180–183.Google Scholar
- 10.Hogg, R.V. Introduction to Mathematical Statistics, Prentice Hall, 1994.Google Scholar