Title :
Securing email archives through user modeling
Author :
Li, Yiru ; Somayaji, Anil
Author_Institution :
Sch. of Comput. Sci., Carleton Univ., Ottawa, Ont.
Abstract :
Online email archives are an under-protected yet extremely sensitive information resource. Email archives can store years worth of personal and business email in an easy-to-access form, one that is much easier to compromise than messages being transmitted "on the wire." Most email archives, however, are protected by reusable passwords that are often weak and can be easily compromised. To protect such archives, we propose a novel user-specific design for an anomaly-based email archive intrusion detection system. As a first step towards building such a system, we have developed a simple probabilistic model of user email behavior that correlates email senders and a user\´s disposition of emails. In tests using data gathered from three months of observed user behavior and synthetic models of attacker behavior, this model exhibits a low rate of false positives (generally one false alarm every few weeks) while still detecting most attacks. These results suggest that anomaly detection is a feasible strategy for securing email archives, one that does not require changes in user authentication or access behavior
Keywords :
electronic mail; information resources; probability; security of data; user modelling; access behavior; anomaly-based email archive intrusion detection system; attack detection; information resource; online email archive; probabilistic model; user authentication; user email behavior; user modeling; user-specific design; Access protocols; Authentication; Computer science; Drives; Electronic mail; Internet; Intrusion detection; Network servers; Protection; Web server;
Conference_Titel :
Computer Security Applications Conference, 21st Annual
Conference_Location :
Tucson, AZ
Print_ISBN :
0-7695-2461-3
DOI :
10.1109/CSAC.2005.50
