IEEE Spectrum
On computer viral infection and the effect of immunization
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Data Mining Methods for Detection of New Malicious Executables
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Email archive analysis through graphical visualization
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Combining email models for false positive reduction
Proceedings of the eleventh ACM SIGKDD international conference on Knowledge discovery in data mining
Classification methods in the detection of new malicious emails
Information Sciences—Informatics and Computer Science: An International Journal
An Active Splitter Architecture for Intrusion Detection and Prevention
IEEE Transactions on Dependable and Secure Computing
Behavior-based modeling and its application to Email analysis
ACM Transactions on Internet Technology (TOIT)
Detecting targeted attacks using shadow honeypots
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Honey@home: a new approach to large-scale threat monitoring
Proceedings of the 2007 ACM workshop on Recurring malcode
Proceedings of the 1st international conference on Bio inspired models of network, information and computing systems
Classification methods in the detection of new malicious emails
Information Sciences: an International Journal
ISI'03 Proceedings of the 1st NSF/NIJ conference on Intelligence and security informatics
Evidentiary usage of e-mail forensics: real life design of a case
Proceedings of the First International Conference on Intelligent Interactive Technologies and Multimedia
Robust reactions to potential day-zero worms through cooperation and validation
ISC'06 Proceedings of the 9th international conference on Information Security
An email worm vaccine architecture
ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
Towards an integrated e-mail forensic analysis framework
Digital Investigation: The International Journal of Digital Forensics & Incident Response
| Hi-index | 0.00 |
Despite the use of state of the art methods to protect against malicious programs, they continue to threaten and damage computer systems around the world. In this paper we present MET, the Malicious Email Tracking system, designed to automatically report statistics on the flow behavior of malicious software delivered via email attachments both at a local and global level. MET can help reduce the spread of malicious software worldwide, especially self-replicating viruses, as well as provide further insight toward minimizing damage caused by malicious programs in the future. In addition, the system can help system administrators detect all of the points of entry of a malicious email into a network. The core of MET's operation is a database of statistics about the trajectory of email attachments in and out of a network system, and the culling together of these statistics across networks to present a global view of the spread of the malicious software. From a statistical perspective sampling only a small amount of traffic (for example, .1 %) of a very large email stream is sufficient to detect suspicious or otherwise new email viruses that may be undetected by standard signature-based scanners. Therefore, relatively few MET installations would be necessary to gather sufficient data in order to provide broad protection services. Small scale simulations are presented to demonstrate MET in operation and suggests how detection of new virus propagations via flow statistics can be automated.