Behavior-based modeling and its application to Email analysis

Stolfo, Salvatore J.; Hershkop, Shlomo; Hu, Chia-Wei; Li, Wei‐Jen; Nimeskern, Olivier; Wang, Ke

doi:10.1145/1149121.1149125

Cited by 88 publications

(37 citation statements)

References 19 publications

(16 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…• When a system is attacked its workload may be significantly different from the normal workload [96,664,708,117]. For example, this happens with distributed denial-of-service (DDoS) attacks, and may also happen when it is infected by a computer virus.…”

Section: Modeling For Anomaly Detectionmentioning

confidence: 99%

“…An alternative is to devise several independent tests for abnormality and use them together. In the context of virus spreading by email, these tests can include user cliques (the sets of users that typically communicate with each other), the relative popularity of different users (not all users receive the same amount of email), and the rates at which emails are sent (again different users have different profiles) [664]. If several of these change, virus activity may be suspected.…”

Section: Modeling For Anomaly Detectionmentioning

confidence: 99%

“…Given a log of activity on a server, large outbreaks may indicate automated attacks. Identifying them and separating them from the general workload model then achieves two objectives: it prevents optimization of the server to handle attack loads, and it enables the development of tools that will identify and counteract attacks [664].…”

Section: Workload Flurries and Flash Crowdsmentioning

confidence: 99%

“…However, there is little data about its composition, except the obvious characteristics of bulk email: huge numbers of copies of the same messages. As for viruses that spread by email, analysis of user behavioral patterns (and especially deviations from them) has been suggested as an effective identification method, independent of the actual mail contents [664].…”

Section: Emailmentioning

confidence: 99%

See 3 more Smart Citations

Workload Modeling for Computer Systems Performance Evaluation

Feitelson

2015

191

131

View full text Add to dashboard Cite

Reliable performance evaluations require the use of representative workloads. This is no easy task since modern computer systems and their workloads are complex, with many interrelated attributes and complicated structures. Experts often use sophisticated mathematics to analyze and describe workload models, making these models difficult for practitioners to grasp. This book aims to close this gap by emphasizing the intuition and the reasoning behind the definitions and derivations related to the workload models. It provides numerous examples from real production systems, with hundreds of graphs. Using this book, readers will be able to analyze collected workload data and clean it if necessary, derive statistical models that include skewed marginal distributions and correlations, and consider the need for generative models and feedback from the system. The descriptive statistics techniques covered are also useful for other domains.

show abstract

Section: Modeling For Anomaly Detectionmentioning

confidence: 99%

Section: Modeling For Anomaly Detectionmentioning

confidence: 99%

Section: Workload Flurries and Flash Crowdsmentioning

confidence: 99%

Section: Emailmentioning

confidence: 99%

See 2 more Smart Citations

Workload Modeling for Computer Systems Performance Evaluation

Feitelson

2015

191

131

View full text Add to dashboard Cite

show abstract

“…Intrusion Detection System (IDS) is a mature technology that detects intrusion by monitoring activities in several aspects of the network or operating systems, piecing scattered information together for some insights [1]. Likewise, emails could be traced and related to the user profiles for modeling behavior [2]. A lot of research effort has been devoted to intrusion detection on virtual platform.…”

Section: Introductionmentioning

confidence: 99%

A Security Model for Detecting Suspicious Patterns in Physical Environment

Fong¹,

Zhou²

2007

Third International Symposium on Information Assurance and Security

View full text Add to dashboard Cite

show abstract

Analyzing group E‐mail exchange to detect data leakage

Zilberman

Katz

Shabtai

et al. 2013

J Am Soc Inf Sci Tec

View full text Add to dashboard Cite

Today's organizations spend a great deal of time and effort on e-mail leakage prevention. However, there are still no satisfactory solutions; addressing mistakes are not detected and in some cases correct recipients are wrongly marked as potential mistakes. In this article we present a new approach for preventing e-mail addressing mistakes in organizations. The approach is based on an analysis of e-mail exchanges among members of an organization and the identification of groups based on common topics. When a new e-mail is about to be sent, each recipient is analyzed. A recipient is approved if the e-mail's content belongs to at least one common topic to both the sender and the recipient. This can be applied even if the sender and recipient have never communicated directly before. The new approach was evaluated using the Enron e-mail data set and was compared with a well known method for the detection of e-mail addressing mistakes. The results show that the proposed approach is capable of detecting 87% of nonlegitimate recipients while incorrectly classifying only 0.5% of the legitimate recipients. These results outperform previous work, which reports a detection rate of 82% without reference to the false positive rate.

show abstract

Behavior-based modeling and its application to Email analysis

Cited by 88 publications

References 19 publications

Workload Modeling for Computer Systems Performance Evaluation

Workload Modeling for Computer Systems Performance Evaluation

A Security Model for Detecting Suspicious Patterns in Physical Environment

Analyzing group E‐mail exchange to detect data leakage

Contact Info

Product

Resources

About