The IRMA Community
Newsletters
Research IRM
Click a keyword to search titles using our InfoSci-OnDemand powered search:
|
Analysis, Development and Deployment of Statistical Anomaly Detection Techniques for Real E-Mail Traffic
|
Author(s): Gianluca Papaleo (Istituto di Elettronica e di Ingegneria dell’Informazione e delle Telecomunicazioni, Italy & Consiglio Nazionale delle Ricerche, Italy), Davide Chiarella (Istituto di Elettronica e di Ingegneria dell’Informazione e delle Telecomunicazioni, Italy & Consiglio Nazionale delle Ricerche, Italy), Maurizio Aiello (Istituto di Elettronica e di Ingegneria dell’Informazione e delle Telecomunicazioni, Italy & Consiglio Nazionale delle Ricerche, Italy)and Luca Caviglione (Istituto di Studi sui Sistemi Intelligenti per l’Automazione, Italy &Consiglio Nazionale delle Ricerche, Italy)
Copyright: 2012
Pages: 25
Source title:
Information Assurance and Security Technologies for Risk Assessment and Threat Management: Advances
Source Author(s)/Editor(s): Te-Shun Chou (East Carolina University, USA)
DOI: 10.4018/978-1-61350-507-6.ch003
Purchase
|
Abstract
Even if new interaction paradigms, such as the Voice over IP (VoIP), are becoming popular and widely adopted, the e-mail is still one of the most utilized ways to communicate across the Internet. However, many malicious threats are conveyed via e-mails. Usually, the authors can exploit two different approaches: i) analyzing the logs produced by e-mail servers or ii) reconstruct the e-mail flows by capturing data directly from the network by placing ad-hoc probes. In this vein, this Chapter discusses the analysis, development and deployment of statistical detection techniques aimed at the detection of Internet worms. For what concerns i), they introduce a tool called Log Mail Analyzer (LMA), which allows to overcome the complexity of inspecting multiple logs created from a heterogeneous population of mail servers. In the perspective of ii) they briefly discuss an alternative solution, based on ad-hoc network probes, to be properly placed to collect traffic and then reconstruct the e-mail flow to be monitored. Lastly, the authors introduce a threshold mechanism, based on a simple statistical framework, to automatically detect and identify different worm activities.
Related Content
Chaymaâ Boutahiri, Ayoub Nouaiti, Aziz Bouazi, Abdallah Marhraoui Hsaini.
© 2024.
14 pages.
|
Imane Cheikh, Khaoula Oulidi Omali, Mohammed Nabil Kabbaj, Mohammed Benbrahim.
© 2024.
30 pages.
|
Tahiri Omar, Herrou Brahim, Sekkat Souhail, Khadiri Hassan.
© 2024.
19 pages.
|
Sekkat Souhail, Ibtissam El Hassani, Anass Cherrafi.
© 2024.
14 pages.
|
Meryeme Bououchma, Brahim Herrou.
© 2024.
14 pages.
|
Touria Jdid, Idriss Chana, Aziz Bouazi, Mohammed Nabil Kabbaj, Mohammed Benbrahim.
© 2024.
16 pages.
|
Houda Bentarki, Abdelkader Makhoute, Tőkési Karoly.
© 2024.
10 pages.
|
|
|