We propose a new technique to detect internet worm. We base our research on the fact that an indirect worm (a worm spreading by e-mail) needs to spread quickly and so it sends a lot of e-mail in a short while, producing an anomalous behaviour. Moreover we found stealthy worms through detecting traffic anomalies. We worked on a mail-server log of a real network and the results obtained drove us to detect indirect worm with different approaches based on various parameters (global email flow, single host e-mail flow, reject, sender field analysis).
Worm detection using e-mail data mining
M Aiello;D Chiarella;G Papaleo
2006
Abstract
We propose a new technique to detect internet worm. We base our research on the fact that an indirect worm (a worm spreading by e-mail) needs to spread quickly and so it sends a lot of e-mail in a short while, producing an anomalous behaviour. Moreover we found stealthy worms through detecting traffic anomalies. We worked on a mail-server log of a real network and the results obtained drove us to detect indirect worm with different approaches based on various parameters (global email flow, single host e-mail flow, reject, sender field analysis).| Campo DC | Valore | Lingua |
|---|---|---|
| dc.authority.orgunit | Istituto di Elettronica e di Ingegneria dell'Informazione e delle Telecomunicazioni - IEIIT | - |
| dc.authority.people | M Aiello | it |
| dc.authority.people | D A Avanzini | it |
| dc.authority.people | D Chiarella | it |
| dc.authority.people | G Papaleo | it |
| dc.collection.id.s | 71c7200a-7c5f-4e83-8d57-d3d2ba88f40d | * |
| dc.collection.name | 04.01 Contributo in Atti di convegno | * |
| dc.contributor.appartenenza | Istituto di Elettronica e di Ingegneria dell'Informazione e delle Telecomunicazioni - IEIIT | * |
| dc.contributor.appartenenza | Istituto di linguistica computazionale "Antonio Zampolli" - ILC | * |
| dc.contributor.appartenenza.mi | 877 | * |
| dc.contributor.appartenenza.mi | 918 | * |
| dc.date.accessioned | 2024/02/19 15:59:06 | - |
| dc.date.available | 2024/02/19 15:59:06 | - |
| dc.date.issued | 2006 | - |
| dc.description.abstracteng | We propose a new technique to detect internet worm. We base our research on the fact that an indirect worm (a worm spreading by e-mail) needs to spread quickly and so it sends a lot of e-mail in a short while, producing an anomalous behaviour. Moreover we found stealthy worms through detecting traffic anomalies. We worked on a mail-server log of a real network and the results obtained drove us to detect indirect worm with different approaches based on various parameters (global email flow, single host e-mail flow, reject, sender field analysis). | - |
| dc.description.affiliations | National Research Council, Institute IEIIT, Genoa | - |
| dc.description.allpeople | Aiello, M; A Avanzini, D; Chiarella, D; Papaleo, G | - |
| dc.description.allpeopleoriginal | M. Aiello, D. A. Avanzini, D. Chiarella, G. Papaleo | - |
| dc.description.fulltext | none | en |
| dc.description.numberofauthors | 4 | - |
| dc.identifier.uri | https://hdl.handle.net/20.500.14243/104535 | - |
| dc.language.iso | eng | - |
| dc.relation.conferencedate | 2006 | - |
| dc.relation.conferencename | PRISE | - |
| dc.subject.keywords | Data Mining | - |
| dc.subject.keywords | - | |
| dc.subject.keywords | Early Detection | - |
| dc.subject.keywords | Worm | - |
| dc.subject.singlekeyword | Data Mining | * |
| dc.subject.singlekeyword | * | |
| dc.subject.singlekeyword | Early Detection | * |
| dc.subject.singlekeyword | Worm | * |
| dc.title | Worm detection using e-mail data mining | en |
| dc.type.driver | info:eu-repo/semantics/conferenceObject | - |
| dc.type.full | 04 Contributo in convegno::04.01 Contributo in Atti di convegno | it |
| dc.type.miur | 273 | - |
| dc.ugov.descaux1 | 107650 | - |
| iris.orcid.lastModifiedDate | 2024/04/04 17:23:09 | * |
| iris.orcid.lastModifiedMillisecond | 1712244189722 | * |
| iris.sitodocente.maxattempts | 1 | - |
| Appare nelle tipologie: | 04.01 Contributo in Atti di convegno | |
File in questo prodotto:
Non ci sono file associati a questo prodotto.
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
