IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Mining association rules between sets of items in large databases
SIGMOD '93 Proceedings of the 1993 ACM SIGMOD international conference on Management of data
Mining in a data-flow environment: experience in network intrusion detection
KDD '99 Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining
Temporal sequence learning and data reduction for anomaly detection
ACM Transactions on Information and System Security (TISSEC)
Algorithm 457: finding all cliques of an undirected graph
Communications of the ACM
The "DGX" distribution for mining massive, skewed data
Proceedings of the seventh ACM SIGKDD international conference on Knowledge discovery and data mining
NATE: Network Analysis of Anomalous Traffic Events, a low-cost approach
Proceedings of the 2001 workshop on New security paradigms
Machine Learning
Mimicry attacks on host-based intrusion detection systems
Proceedings of the 9th ACM conference on Computer and communications security
Distributed Data Mining in Credit Card Fraud Detection
IEEE Intelligent Systems
Anomaly Detection over Noisy Data using Learned Probability Distributions
ICML '00 Proceedings of the Seventeenth International Conference on Machine Learning
MEF: Malicious Email Filter - A UNIX Mail Filter That Detects Malicious Windows Executables
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Learning Program Behavior Profiles for Intrusion Detection
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Bursty and hierarchical structure in streams
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Throttling Viruses: Restricting propagation to defeat malicious mobile code
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
"Why 6?" Defining the Operational Limits of Stide, an Anomaly-Based Intrusion Detector
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
MET: an experimental system for Malicious Email Tracking
Proceedings of the 2002 workshop on New security paradigms
Information-Theoretic Measures for Anomaly Detection
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Intrusion detection using sequences of system calls
Journal of Computer Security
Detecting malicious software by monitoring anomalous windows registry accesses
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
ISI'03 Proceedings of the 1st NSF/NIJ conference on Intelligence and security informatics
Estimating continuous distributions in Bayesian classifiers
UAI'95 Proceedings of the Eleventh conference on Uncertainty in artificial intelligence
Summarizing email conversations with clue words
Proceedings of the 16th international conference on World Wide Web
High-speed detection of unsolicited bulk emails
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
AIC'07 Proceedings of the 7th Conference on 7th WSEAS International Conference on Applied Informatics and Communications - Volume 7
Automated social hierarchy detection through email network analysis
Proceedings of the 9th WebKDD and 1st SNA-KDD 2007 workshop on Web mining and social network analysis
Segmentation and Automated Social Hierarchy Detection through Email Network Analysis
Advances in Web Mining and Web Usage Analysis
Email Accessibility and Social Networking
OCSC '09 Proceedings of the 3d International Conference on Online Communities and Social Computing: Held as Part of HCI International 2009
SMS-Watchdog: Profiling Social Behaviors of SMS Users for Anomaly Detection
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
BARTER: Behavior Profile Exchange for Behavior-Based Admission and Access Control in MANETs
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Hit-list worm detection and bot identification in large networks using protocol graphs
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
In-depth behavior understanding and use: The behavior informatics approach
Information Sciences: an International Journal
Outsourcing home network security
Proceedings of the 2010 ACM SIGCOMM workshop on Home networks
Analyzing group communication for preventing data leakage via email
CollSec'10 Proceedings of the 2010 international conference on Collaborative methods for security and privacy
The data modeling considered correlation of information leakage detection and privacy violation
ACIIDS'11 Proceedings of the Third international conference on Intelligent information and database systems - Volume Part II
ICDCN'10 Proceedings of the 11th international conference on Distributed computing and networking
Social feature-based enterprise email classification without examining email contents
Journal of Network and Computer Applications
Behaviour-Based web spambot detection by utilising action time and action frequency
ICCSA'10 Proceedings of the 2010 international conference on Computational Science and Its Applications - Volume Part II
When daily deal services meet Twitter: understanding Twitter as a daily deal marketing platform
Proceedings of the 3rd Annual ACM Web Science Conference
Hi-index | 0.00 |
The Email Mining Toolkit (EMT) is a data mining system that computes behavior profiles or models of user email accounts. These models may be used for a multitude of tasks including forensic analyses and detection tasks of value to law enforcement and intelligence agencies, as well for as other typical tasks such as virus and spam detection. To demonstrate the power of the methods, we focus on the application of these models to detect the early onset of a viral propagation without “content-base ” (or signature-based) analysis in common use in virus scanners. We present several experiments using real email from 15 users with injected simulated viral emails and describe how the combination of different behavior models improves overall detection rates. The performance results vary depending upon parameter settings, approaching 99 % true positive (TP) (percentage of viral emails caught) in general cases and with 0.38 % false positive (FP) (percentage of emails with attachments that are mislabeled as viral). The models used for this study are based upon volume and velocity statistics of a user's email rate and an analysis of the user's (social) cliques revealed in the person's email behavior. We show by way of simulation that virus propagations are detectable since viruses may emit emails at rates different than human behavior suggests is normal, and email is directed to groups of recipients in ways that violate the users' typical communications with their social groups.