IRMA-International.org: Creator of Knowledge
Information Resources Management Association
Advancing the Concepts & Practices of Information Resources Management in Modern Organizations
navleft navright Research IRM Open Access IRMA Journals IRM Books Proceedings Membership

The IRMA Community

Calls for Papers
Online Symposium
Newsletters

Research IRM

Click a keyword to search titles using our InfoSci-OnDemand powered search:

Analysis, Development and Deployment of Statistical Anomaly Detection Techniques for Real E-Mail Traffic

Analysis, Development and Deployment of Statistical Anomaly Detection Techniques for Real E-Mail Traffic
View Sample PDF
Author(s): Gianluca Papaleo (Istituto di Elettronica e di Ingegneria dell’Informazione e delle Telecomunicazioni, Italy & Consiglio Nazionale delle Ricerche, Italy), Davide Chiarella (Istituto di Elettronica e di Ingegneria dell’Informazione e delle Telecomunicazioni, Italy & Consiglio Nazionale delle Ricerche, Italy), Maurizio Aiello (Istituto di Elettronica e di Ingegneria dell’Informazione e delle Telecomunicazioni, Italy & Consiglio Nazionale delle Ricerche, Italy)and Luca Caviglione (Istituto di Studi sui Sistemi Intelligenti per l’Automazione, Italy &Consiglio Nazionale delle Ricerche, Italy)
 Copyright: 2012
 Pages: 25
 Source title: Information Assurance and Security Technologies for Risk Assessment and Threat Management: Advances
Source Author(s)/Editor(s): Te-Shun Chou (East Carolina University, USA)
 DOI: 10.4018/978-1-61350-507-6.ch003

Purchase

View Analysis, Development and Deployment of Statistical Anomaly Detection Techniques for Real E-Mail Traffic on the publisher's website for pricing and purchasing information.

Abstract

Even if new interaction paradigms, such as the Voice over IP (VoIP), are becoming popular and widely adopted, the e-mail is still one of the most utilized ways to communicate across the Internet. However, many malicious threats are conveyed via e-mails. Usually, the authors can exploit two different approaches: i) analyzing the logs produced by e-mail servers or ii) reconstruct the e-mail flows by capturing data directly from the network by placing ad-hoc probes. In this vein, this Chapter discusses the analysis, development and deployment of statistical detection techniques aimed at the detection of Internet worms. For what concerns i), they introduce a tool called Log Mail Analyzer (LMA), which allows to overcome the complexity of inspecting multiple logs created from a heterogeneous population of mail servers. In the perspective of ii) they briefly discuss an alternative solution, based on ad-hoc network probes, to be properly placed to collect traffic and then reconstruct the e-mail flow to be monitored. Lastly, the authors introduce a threshold mechanism, based on a simple statistical framework, to automatically detect and identify different worm activities.

Related Content

Chaymaâ Boutahiri, Ayoub Nouaiti, Aziz Bouazi, Abdallah Marhraoui Hsaini. © 2024. 14 pages.
Imane Cheikh, Khaoula Oulidi Omali, Mohammed Nabil Kabbaj, Mohammed Benbrahim. © 2024. 30 pages.
Tahiri Omar, Herrou Brahim, Sekkat Souhail, Khadiri Hassan. © 2024. 19 pages.
Sekkat Souhail, Ibtissam El Hassani, Anass Cherrafi. © 2024. 14 pages.
Meryeme Bououchma, Brahim Herrou. © 2024. 14 pages.
Touria Jdid, Idriss Chana, Aziz Bouazi, Mohammed Nabil Kabbaj, Mohammed Benbrahim. © 2024. 16 pages.
Houda Bentarki, Abdelkader Makhoute, Tőkési Karoly. © 2024. 10 pages.
IRMA Offers Over 2,500 Full Text Open Access Research Papers for Free Download Click to Start Searching Free IRM Research!

IRMA Sponsors

Sponsor IGI Global

Sponsor eContentPro

Encyclopedia of Information Science and Technology, Fourth Edition
Body Bottom
About Us | Contact | Sitemap | Legal | Policies
Copyright ©2024, Information Resources Management Association. 701 East Chocolate Avenue, Hershey, PA 17033.