Abstract
The Malicious Email Tracking (MET) system, reported in a prior publication, is a behavior-based security system for email services. The Email Mining Toolkit (EMT) presented in this paper is an offline email archive data mining analysis system that is designed to assist computing models of malicious email behavior for deployment in an online MET system. EMT includes a variety of behavior models for email attachments, user accounts and groups of accounts. Each model computed is used to detect anomalous and errant email behaviors. We report on the set of features implemented in the current version of EMT, and describe tests of the system and our plans for extensions to the set of models.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Bhattacharyya, M., Hershkop, S., Eskin, E., Stolfo, S.J.: MET: An Experimental System for Malicious Email Tracking. In: Proceedings of the 2002 New Security Paradigms Workshop (NSPW-2002), Virginia Beach, VA (September 2002)
Zhiqiang, B., Faloustos, C.: Flip Korn: The DGX Distribution for Mining Massive, Skewed Data (2001)
Bron, C., Kerbosch, J.: Finding all cliques of an undirected graph. Comm. ACM 16(9), 575–577 (1973)
Eskin, E., Arnold, A., Prerau, M., Portnoy, L., Stolfo, S.J.: A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data. In: Data Mining for Security Applications. Kluwer, Dordrecht (2002) (to appear)
John, G.H., Langley, P.: Estimating continuous distributions in bayesian classifiers. In: Proceedings of the Eleventh Conference on Uncertainty in Artificial Intelligence, pp. 338–345 (1995)
Lee, W., Stolfo, S., Mok, K.: Mining Audit Data to Build Intrusion Detection Models. In: Wu, X., Kotagiri, R., Korb, K.B. (eds.) PAKDD 1998. LNCS, vol. 1394. Springer, Heidelberg (1998)
Lee, W., Stolfo, S., Chan, P.: Learning Patterns from Unix Process Execution Traces for Intrusion Detection. In: AAAI Workshop: AI Approaches to Fraud Detection and Risk Management (July 1997)
MySQL (2002), http://www.mysql.org
Niblack, W., et al.: The QBIC project: querying images by content using color, texture, and shape. In: Proceedings of the SPIE (February 1993)
Procmail (2002), http://www.procmail.org
Sendmail (2002), http://www.sendmail.org
Schultz, M.G., Eskin, E., Stolfo, S.J.: Malicious Email Filter – A UNIX Mail Filter that Detects Malicious Windows Executables. In: Proceedings of USENIX Annual Technical Conference — FREENIX Track, Boston, MA (June 2001)
Smith, J.R.: Integrated Spatial and Feature Image Systems: Retrieval, Compression and Analysis. PhD thesis, Columbia University (1997)
Williamson, M.M.: Throttling viruses: Restricting propagation to defeat malicious mobile code. In: Prof. ACSAC Security Conference, Las Vegas, NV (2002)
Newman, M.E., Forrest, S., Balthrup, J.: Email networks and the spread of computer viruses. The American Physical Society (2002)
Damashek, M.: Gauging similarity with n-grams: language independent categorization of text. Science 267(5199), 843–848 (1995)
Mitchell, T.M.: Machine Learning, pp. 180–183. McGraw-Hill, New York (1997)
Hogg, R.V., Craig, A.T.: Introduction to Mathematical Statistics, pp. 293–301. Prentice Hall, Englewood Cliffs (1994)
Schonlau, M., DuMouchel, W., Ju, W.H., Karr, A.F., theus, M., Vardi, Y.: Computer Intrusion Detecting Masquerades. Statistical Science 16 (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Stolfo, S.J., Hershkop, S., Wang, K., Nimeskern, O., Hu, CW. (2003). A Behavior-Based Approach to Securing Email Systems. In: Gorodetsky, V., Popyack, L., Skormin, V. (eds) Computer Network Security. MMM-ACNS 2003. Lecture Notes in Computer Science, vol 2776. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45215-7_5
Download citation
DOI: https://doi.org/10.1007/978-3-540-45215-7_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40797-3
Online ISBN: 978-3-540-45215-7
eBook Packages: Springer Book Archive