Analysis, Development and Deployment of Statistical Anomaly Detection Techniques for real e-mail Traffic (Contributo in volume (capitolo o saggio))

Type
Label
  • Analysis, Development and Deployment of Statistical Anomaly Detection Techniques for real e-mail Traffic (Contributo in volume (capitolo o saggio)) (literal)
Anno
  • 2011-01-01T00:00:00+01:00 (literal)
Http://www.cnr.it/ontology/cnr/pubblicazioni.owl#doi
  • 10.4018/978-1-61350-507-6.ch003 (literal)
Alternative label
  • G. Papaleo, D. Chiarella, M. Aiello, L. Caviglione (2011)
    Analysis, Development and Deployment of Statistical Anomaly Detection Techniques for real e-mail Traffic
    IGI Global, Hershey (Stati Uniti d'America) in Information Assurance and Security Technologies for Risk Assessment and Threat Management: Advances, 2011
    (literal)
Http://www.cnr.it/ontology/cnr/pubblicazioni.owl#autori
  • G. Papaleo, D. Chiarella, M. Aiello, L. Caviglione (literal)
Pagina inizio
  • 47 (literal)
Pagina fine
  • 71 (literal)
Http://www.cnr.it/ontology/cnr/pubblicazioni.owl#url
  • http://www.igi-global.com/chapter/attacks-systems-categories-motives/61218 (literal)
Http://www.cnr.it/ontology/cnr/pubblicazioni.owl#titoloVolume
  • Information Assurance and Security Technologies for Risk Assessment and Threat Management: Advances (literal)
Http://www.cnr.it/ontology/cnr/pubblicazioni.owl#note
  • Editor: Te-Shun Chou (literal)
Note
  • Scopu (literal)
  • Google Scholar (literal)
Http://www.cnr.it/ontology/cnr/pubblicazioni.owl#affiliazioni
  • CNR - IEIIT CNR - ISSIA (literal)
Titolo
  • Analysis, Development and Deployment of Statistical Anomaly Detection Techniques for real e-mail Traffic (literal)
Http://www.cnr.it/ontology/cnr/pubblicazioni.owl#inCollana
  • Information Assurance and Security Technologies for Risk Assessment and Threat Management: Advances (literal)
Abstract
  • Even if new interaction paradigms, such as the Voice over IP (VoIP), are becoming popular and widely adopted, the e-mail is still one of the most utilized ways to communicate across the Internet. However, many malicious threats are conveyed via e-mails. Usually, the authors can exploit two different approaches: i) analyzing the logs produced by e-mail servers or ii) reconstruct the e-mail flows by capturing data directly from the network by placing ad-hoc probes. In this vein, this Chapter discusses the analysis, development and deployment of statistical detection techniques aimed at the detection of Internet worms. For what concerns i), they introduce a tool called Log Mail Analyzer (LMA), which allows to overcome the complexity of inspecting multiple logs created from a heterogeneous population of mail servers. In the perspective of ii) they briefly discuss an alternative solution, based on ad-hoc network probes, to be properly placed to collect traffic and then reconstruct the e-mail flow to be monitored. Lastly, the authors introduce a threshold mechanism, based on a simple statistical framework, to automatically detect and identify different worm activities. (literal)
Editore
Prodotto di
Autore CNR

Incoming links:


Prodotto
Autore CNR di
Editore di
data.CNR.it