Analysis, Development and Deployment of Statistical Anomaly Detection Techniques for Real E-Mail Traffic

Analysis, Development and Deployment of Statistical Anomaly Detection Techniques for Real E-Mail Traffic

Gianluca Papaleo, Davide Chiarella, Maurizio Aiello, Luca Caviglione
ISBN13: 9781613505076|ISBN10: 1613505078|EISBN13: 9781613505083
DOI: 10.4018/978-1-61350-507-6.ch003
Cite Chapter Cite Chapter

MLA

Papaleo, Gianluca, et al. "Analysis, Development and Deployment of Statistical Anomaly Detection Techniques for Real E-Mail Traffic." Information Assurance and Security Technologies for Risk Assessment and Threat Management: Advances, edited by Te-Shun Chou, IGI Global, 2012, pp. 47-71. https://doi.org/10.4018/978-1-61350-507-6.ch003

APA

Papaleo, G., Chiarella, D., Aiello, M., & Caviglione, L. (2012). Analysis, Development and Deployment of Statistical Anomaly Detection Techniques for Real E-Mail Traffic. In T. Chou (Ed.), Information Assurance and Security Technologies for Risk Assessment and Threat Management: Advances (pp. 47-71). IGI Global. https://doi.org/10.4018/978-1-61350-507-6.ch003

Chicago

Papaleo, Gianluca, et al. "Analysis, Development and Deployment of Statistical Anomaly Detection Techniques for Real E-Mail Traffic." In Information Assurance and Security Technologies for Risk Assessment and Threat Management: Advances, edited by Te-Shun Chou, 47-71. Hershey, PA: IGI Global, 2012. https://doi.org/10.4018/978-1-61350-507-6.ch003

Export Reference

Mendeley
Favorite

Abstract

Even if new interaction paradigms, such as the Voice over IP (VoIP), are becoming popular and widely adopted, the e-mail is still one of the most utilized ways to communicate across the Internet. However, many malicious threats are conveyed via e-mails. Usually, the authors can exploit two different approaches: i) analyzing the logs produced by e-mail servers or ii) reconstruct the e-mail flows by capturing data directly from the network by placing ad-hoc probes. In this vein, this Chapter discusses the analysis, development and deployment of statistical detection techniques aimed at the detection of Internet worms. For what concerns i), they introduce a tool called Log Mail Analyzer (LMA), which allows to overcome the complexity of inspecting multiple logs created from a heterogeneous population of mail servers. In the perspective of ii) they briefly discuss an alternative solution, based on ad-hoc network probes, to be properly placed to collect traffic and then reconstruct the e-mail flow to be monitored. Lastly, the authors introduce a threshold mechanism, based on a simple statistical framework, to automatically detect and identify different worm activities.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.