• DocumentCode
    3473696
  • Title

    Anomaly Detection in SMTP Traffic

  • Author

    Luo, Hao ; Fang, Binxing ; Yun, Xiaochun

  • Author_Institution
    Sch. of Comput. Sci. & Technol., Harbin Inst. of Technol.
  • fYear
    2006
  • fDate
    10-12 April 2006
  • Firstpage
    408
  • Lastpage
    413
  • Abstract
    We investigate an effective and robust mechanism for detecting SMTP traffic anomaly. Our detection method cumulates the deviation of current delivering status from history behavior based on a weighted sum method called the leaky integrate-and-fire model to detect anomaly. The simplicity of our detection method is that the method need not store history profile and low computation overhead, which makes the detection method itself immunes to attacks. The performance is investigated in terms of detection probability, the false alarm ratio, and the detection delay. Our results show that leaky integrate-and-fire method is quite effective at detecting anomaly in the SMTP traffic. Compared with non-parametric cumulative sum method, the evaluation results show that our detection method has lower false alarm ratio and higher detection probability
  • Keywords
    electronic mail; telecommunication security; telecommunication traffic; transport protocols; SMTP traffic; anomaly detection; leaky integrate-and-fire model; weighted sum method; Computer crime; Computer science; Computer viruses; History; Internet; Leak detection; Monitoring; Postal services; Robustness; Traffic control;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Technology: New Generations, 2006. ITNG 2006. Third International Conference on
  • Conference_Location
    Las Vegas, NV
  • Print_ISBN
    0-7695-2497-4
  • Type

    conf

  • DOI
    10.1109/ITNG.2006.34
  • Filename
    1611627
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3473696