Behavior profiling of email

Authors:
Salvatore J. Stolfo;Shlomo Hershkop;Ke Wang;Olivier Nimeskern;Chia-Wei Hu
Affiliations:
Columbia University, New York, NY;Columbia University, New York, NY;Columbia University, New York, NY;Columbia University, New York, NY;Columbia University, New York, NY
Venue:
ISI'03 Proceedings of the 1st NSF/NIJ conference on Intelligence and security informatics
Year:
2003

Citing 5
Cited 8

Algorithm 457: finding all cliques of an undirected graph

Communications of the ACM
Machine Learning

Machine Learning
MEF: Malicious Email Filter - A UNIX Mail Filter That Detects Malicious Windows Executables

Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
MET: an experimental system for Malicious Email Tracking

Proceedings of the 2002 workshop on New security paradigms
Estimating continuous distributions in Bayesian classifiers

UAI'95 Proceedings of the Eleventh conference on Uncertainty in artificial intelligence

Email mining toolkit supporting law enforcement forensic analyses

dg.o '05 Proceedings of the 2005 national conference on Digital government research
Profiling internet backbone traffic: behavior models and applications

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Combining email models for false positive reduction

Proceedings of the eleventh ACM SIGKDD international conference on Knowledge discovery in data mining
Identifying spam without peeking at the contents

Crossroads
Behavior-based modeling and its application to Email analysis

ACM Transactions on Internet Technology (TOIT)
USim: A User Behavior Simulation Framework for Training and Testing IDSes in GUI Based Systems

ANSS '06 Proceedings of the 39th annual Symposium on Simulation
Internet traffic behavior profiling for network security monitoring

IEEE/ACM Transactions on Networking (TON)
E-mail traffic analysis using visualisation and decision trees

ISI'06 Proceedings of the 4th IEEE international conference on Intelligence and Security Informatics

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper describes the forensic and intelligence analysis capabilities of the Email Mining Toolkit (EMT) under development at the Columbia Intrusion Detection (IDS) Lab. EMT provides the means of loading, parsing and analyzing email logs, including content, in a wide range of formats. Many tools and techniques have been available from the fields of Information Retrieval (IR) and Natural Language Processing (NLP) for analyzing documents of various sorts, including emails. EMT, however, extends these kinds of analyses with an entirely new set of analyses that model "user behavior". EMT thus models the behavior of individual user email accounts, or groups of accounts, including the "social cliques" revealed by a user's email behavior.