Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security

MMM-ACNS 2003: Computer Network Security pp 57–81Cite as

A Behavior-Based Approach to Securing Email Systems

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2776))

Abstract

The Malicious Email Tracking (MET) system, reported in a prior publication, is a behavior-based security system for email services. The Email Mining Toolkit (EMT) presented in this paper is an offline email archive data mining analysis system that is designed to assist computing models of malicious email behavior for deployment in an online MET system. EMT includes a variety of behavior models for email attachments, user accounts and groups of accounts. Each model computed is used to detect anomalous and errant email behaviors. We report on the set of features implemented in the current version of EMT, and describe tests of the system and our plans for extensions to the set of models.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bhattacharyya, M., Hershkop, S., Eskin, E., Stolfo, S.J.: MET: An Experimental System for Malicious Email Tracking. In: Proceedings of the 2002 New Security Paradigms Workshop (NSPW-2002), Virginia Beach, VA (September 2002)

    Google Scholar 

  2. Zhiqiang, B., Faloustos, C.: Flip Korn: The DGX Distribution for Mining Massive, Skewed Data (2001)

    Google Scholar 

  3. Bron, C., Kerbosch, J.: Finding all cliques of an undirected graph. Comm. ACM 16(9), 575–577 (1973)

    Article  MATH  Google Scholar 

  4. Eskin, E., Arnold, A., Prerau, M., Portnoy, L., Stolfo, S.J.: A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data. In: Data Mining for Security Applications. Kluwer, Dordrecht (2002) (to appear)

    Google Scholar 

  5. John, G.H., Langley, P.: Estimating continuous distributions in bayesian classifiers. In: Proceedings of the Eleventh Conference on Uncertainty in Artificial Intelligence, pp. 338–345 (1995)

    Google Scholar 

  6. Lee, W., Stolfo, S., Mok, K.: Mining Audit Data to Build Intrusion Detection Models. In: Wu, X., Kotagiri, R., Korb, K.B. (eds.) PAKDD 1998. LNCS, vol. 1394. Springer, Heidelberg (1998)

    Google Scholar 

  7. Lee, W., Stolfo, S., Chan, P.: Learning Patterns from Unix Process Execution Traces for Intrusion Detection. In: AAAI Workshop: AI Approaches to Fraud Detection and Risk Management (July 1997)

    Google Scholar 

  8. MySQL (2002), http://www.mysql.org

  9. Niblack, W., et al.: The QBIC project: querying images by content using color, texture, and shape. In: Proceedings of the SPIE (February 1993)

    Google Scholar 

  10. Procmail (2002), http://www.procmail.org

  11. Sendmail (2002), http://www.sendmail.org

  12. Schultz, M.G., Eskin, E., Stolfo, S.J.: Malicious Email Filter – A UNIX Mail Filter that Detects Malicious Windows Executables. In: Proceedings of USENIX Annual Technical Conference — FREENIX Track, Boston, MA (June 2001)

    Google Scholar 

  13. Smith, J.R.: Integrated Spatial and Feature Image Systems: Retrieval, Compression and Analysis. PhD thesis, Columbia University (1997)

    Google Scholar 

  14. Williamson, M.M.: Throttling viruses: Restricting propagation to defeat malicious mobile code. In: Prof. ACSAC Security Conference, Las Vegas, NV (2002)

    Google Scholar 

  15. Newman, M.E., Forrest, S., Balthrup, J.: Email networks and the spread of computer viruses. The American Physical Society (2002)

    Google Scholar 

  16. Damashek, M.: Gauging similarity with n-grams: language independent categorization of text. Science 267(5199), 843–848 (1995)

    Article  Google Scholar 

  17. Mitchell, T.M.: Machine Learning, pp. 180–183. McGraw-Hill, New York (1997)

    MATH  Google Scholar 

  18. Hogg, R.V., Craig, A.T.: Introduction to Mathematical Statistics, pp. 293–301. Prentice Hall, Englewood Cliffs (1994)

    Google Scholar 

  19. Schonlau, M., DuMouchel, W., Ju, W.H., Karr, A.F., theus, M., Vardi, Y.: Computer Intrusion Detecting Masquerades. Statistical Science 16 (2001)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Fu Foundation School of Engineering & Applied Science Computer Science Dept., Columbia University, 450 Computer Science Building, USA

    Salvatore J. Stolfo, Shlomo Hershkop, Ke Wang, Olivier Nimeskern & Chia-Wei Hu

Authors
  1. Salvatore J. Stolfo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shlomo Hershkop
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ke Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Olivier Nimeskern
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Chia-Wei Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. St. Petersburg Intitute for Informaticsand Automation, 39, 14-th Liniya, 199178, St. Petersburg, Russia

    Vladimir Gorodetsky

  2. AFRL/IF, 525 Brooks Rd., 13441-4505, Rome, NY, USA

    Leonard Popyack

  3. US Air Force, Binghamton University (SUNYI), 13902, Binghamton, NY, USA

    Victor Skormin

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Stolfo, S.J., Hershkop, S., Wang, K., Nimeskern, O., Hu, CW. (2003). A Behavior-Based Approach to Securing Email Systems. In: Gorodetsky, V., Popyack, L., Skormin, V. (eds) Computer Network Security. MMM-ACNS 2003. Lecture Notes in Computer Science, vol 2776. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45215-7_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-45215-7_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-40797-3

  • Online ISBN: 978-3-540-45215-7

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation