Title :
EMT/MET: systems for modeling and detecting errant email
Author :
Stolfo, Salvatore J. ; Hershkop, Shlomo ; Wang, Ke ; Nimeskern, Olivier
Abstract :
The Malicious Email Tracking (MET) system is an online "behavior-based" security system employing anomaly detection techniques to detect deviations from a system\´s or user\´s normal email behavior, rather than solely by attempting to identify known attacks against a system via signature-based methods. The Email Mining Toolkit (EMT) is an offline data analysis system designed to assist a security analyst compute, visualize and test models of email behavior for use in MET. In this paper, we enumerate the features implemented in the EMT system.
Keywords :
authorisation; data analysis; invasive software; military computing; unsolicited e-mail; DARPA; EMT; Email Mining Toolkit; MET; Malicious Email Tracking; anomaly detection techniques; behavior-based security system; model visualization; offline data analysis system; signature-based methods; Aggregates; Data analysis; Data security; Data visualization; Electronic mail; Information security; Network servers; Protection; Statistical distributions; System testing;
Conference_Titel :
DARPA Information Survivability Conference and Exposition, 2003. Proceedings
Print_ISBN :
0-7695-1897-4
DOI :
10.1109/DISCEX.2003.1194980