A Behavior-Based Approach To Securing Email Systems

Stolfo, Salvatore; Hershkop, Shlomo; Wang, Ke; Nimeskern, Olivier; Hu, Chia-wei

The Malicious Email Tracking (MET) system, reported in a prior publication, is a behavior-based security system for email services. The Email Mining Toolkit (EMT) presented in this paper is an offline email archive data mining analysis system that is designed to assist computing models of malicious email behavior for deployment in an online MET system. EMT includes a variety of behavior models for email attachments, user accounts and groups of accounts. Each model computed is used to detect anomalous and errant email behaviors. We report on the set of features implemented in the current version of EMT, and describe tests of the system and our plans for extensions to the set of models.



Also Published In

More About This Work

Academic Units
Computer Science
Published Here
April 30, 2010


Computer network security: Second International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security, MMM-ACNS 2003, St. Petersburg, Russia, September 21-23, 2003: proceedings, Lecture Notes in Computer Science, vol. 2776 (New York: Springer, 2003), pp. 57-81.