Even if new interaction paradigms, such as the Voice over IP (VoIP), are becoming popular and widely adopted, the e-mail is still one of the most utilized ways to communicate across the Internet. However, many malicious threats are conveyed via e-mails. Usually, the authors can exploit two different approaches: i) analyzing the logs produced by e-mail servers or ii) reconstruct the e-mail flows by capturing data directly from the network by placing ad-hoc probes. In this vein, this Chapter discusses the analysis, development and deployment of statistical detection techniques aimed at the detection of Internet worms. For what concerns i), they introduce a tool called Log Mail Analyzer (LMA), which allows to overcome the complexity of inspecting multiple logs created from a heterogeneous population of mail servers. In the perspective of ii) they briefly discuss an alternative solution, based on ad-hoc network probes, to be properly placed to collect traffic and then reconstruct the e-mail flow to be monitored. Lastly, the authors introduce a threshold mechanism, based on a simple statistical framework, to automatically detect and identify different worm activities.
Analysis, Development and Deployment of Statistical Anomaly Detection Techniques for real e-mail Traffic
G Papaleo;D Chiarella;M Aiello;L Caviglione
2011
Abstract
Even if new interaction paradigms, such as the Voice over IP (VoIP), are becoming popular and widely adopted, the e-mail is still one of the most utilized ways to communicate across the Internet. However, many malicious threats are conveyed via e-mails. Usually, the authors can exploit two different approaches: i) analyzing the logs produced by e-mail servers or ii) reconstruct the e-mail flows by capturing data directly from the network by placing ad-hoc probes. In this vein, this Chapter discusses the analysis, development and deployment of statistical detection techniques aimed at the detection of Internet worms. For what concerns i), they introduce a tool called Log Mail Analyzer (LMA), which allows to overcome the complexity of inspecting multiple logs created from a heterogeneous population of mail servers. In the perspective of ii) they briefly discuss an alternative solution, based on ad-hoc network probes, to be properly placed to collect traffic and then reconstruct the e-mail flow to be monitored. Lastly, the authors introduce a threshold mechanism, based on a simple statistical framework, to automatically detect and identify different worm activities.| Campo DC | Valore | Lingua |
|---|---|---|
| dc.authority.orgunit | Istituto di Elettronica e di Ingegneria dell'Informazione e delle Telecomunicazioni - IEIIT | - |
| dc.authority.orgunit | Istituto di linguistica computazionale "Antonio Zampolli" - ILC | - |
| dc.authority.orgunit | Istituto di Studi sui Sistemi Intelligenti per l'Automazione - ISSIA - Sede Bari | - |
| dc.authority.people | G Papaleo | it |
| dc.authority.people | D Chiarella | it |
| dc.authority.people | M Aiello | it |
| dc.authority.people | L Caviglione | it |
| dc.collection.id.s | 8c50ea44-be95-498f-946e-7bb5bd666b7c | * |
| dc.collection.name | 02.01 Contributo in volume (Capitolo o Saggio) | * |
| dc.contributor.appartenenza | Istituto di Elettronica e di Ingegneria dell'Informazione e delle Telecomunicazioni - IEIIT | * |
| dc.contributor.appartenenza | Istituto di Matematica Applicata e Tecnologie Informatiche - IMATI - | * |
| dc.contributor.appartenenza | Istituto di linguistica computazionale "Antonio Zampolli" - ILC | * |
| dc.contributor.appartenenza.mi | 877 | * |
| dc.contributor.appartenenza.mi | 918 | * |
| dc.contributor.appartenenza.mi | 919 | * |
| dc.date.accessioned | 2024/02/17 21:04:43 | - |
| dc.date.available | 2024/02/17 21:04:43 | - |
| dc.date.issued | 2011 | - |
| dc.description.abstracteng | Even if new interaction paradigms, such as the Voice over IP (VoIP), are becoming popular and widely adopted, the e-mail is still one of the most utilized ways to communicate across the Internet. However, many malicious threats are conveyed via e-mails. Usually, the authors can exploit two different approaches: i) analyzing the logs produced by e-mail servers or ii) reconstruct the e-mail flows by capturing data directly from the network by placing ad-hoc probes. In this vein, this Chapter discusses the analysis, development and deployment of statistical detection techniques aimed at the detection of Internet worms. For what concerns i), they introduce a tool called Log Mail Analyzer (LMA), which allows to overcome the complexity of inspecting multiple logs created from a heterogeneous population of mail servers. In the perspective of ii) they briefly discuss an alternative solution, based on ad-hoc network probes, to be properly placed to collect traffic and then reconstruct the e-mail flow to be monitored. Lastly, the authors introduce a threshold mechanism, based on a simple statistical framework, to automatically detect and identify different worm activities. | - |
| dc.description.affiliations | CNR - IEIIT CNR - ISSIA | - |
| dc.description.allpeople | Papaleo, G; Chiarella, D; Aiello, M; Caviglione, L | - |
| dc.description.allpeopleoriginal | G. Papaleo, D. Chiarella, M. Aiello, L. Caviglione | - |
| dc.description.fulltext | none | en |
| dc.description.numberofauthors | 4 | - |
| dc.identifier.doi | 10.4018/978-1-61350-507-6.ch003 | - |
| dc.identifier.scopus | 2-s2.0-84898396318 | - |
| dc.identifier.uri | https://hdl.handle.net/20.500.14243/139482 | - |
| dc.identifier.url | http://www.igi-global.com/chapter/attacks-systems-categories-motives/61218 | - |
| dc.language.iso | eng | - |
| dc.publisher.country | USA | - |
| dc.publisher.name | IGI Global | - |
| dc.publisher.place | Hershey | - |
| dc.relation.firstpage | 47 | - |
| dc.relation.ispartofbook | Information Assurance and Security Technologies for Risk Assessment and Threat Management: Advances | - |
| dc.relation.lastpage | 71 | - |
| dc.title | Analysis, Development and Deployment of Statistical Anomaly Detection Techniques for real e-mail Traffic | en |
| dc.type.driver | info:eu-repo/semantics/bookPart | - |
| dc.type.full | 02 Contributo in Volume::02.01 Contributo in volume (Capitolo o Saggio) | it |
| dc.type.miur | 268 | - |
| dc.type.referee | Sì, ma tipo non specificato | - |
| dc.ugov.descaux1 | 134928 | - |
| iris.orcid.lastModifiedDate | 2024/04/04 11:38:54 | * |
| iris.orcid.lastModifiedMillisecond | 1712223534241 | * |
| iris.scopus.extIssued | 2011 | - |
| iris.scopus.extTitle | Analysis, development and deployment of statistical anomaly detection techniques for real e-mail traffic | - |
| iris.sitodocente.maxattempts | 3 | - |
| iris.unpaywall.doi | 10.4018/978-1-61350-507-6.ch003 | * |
| iris.unpaywall.isoa | false | * |
| iris.unpaywall.journalisindoaj | false | * |
| iris.unpaywall.metadataCallLastModified | 17/12/2025 06:02:43 | - |
| iris.unpaywall.metadataCallLastModifiedMillisecond | 1765947763115 | - |
| iris.unpaywall.oastatus | closed | * |
| scopus.category | 1700 | * |
| scopus.contributor.affiliation | Consiglio Nazionale delle Ricerche | - |
| scopus.contributor.affiliation | Consiglio Nazionale delle Ricerche | - |
| scopus.contributor.affiliation | Consiglio Nazionale delle Ricerche | - |
| scopus.contributor.affiliation | Istituto di Studi sui Sistemi Intelligenti per l'Automazione | - |
| scopus.contributor.afid | 60021199 | - |
| scopus.contributor.afid | 60021199 | - |
| scopus.contributor.afid | 60021199 | - |
| scopus.contributor.afid | 60016217 | - |
| scopus.contributor.auid | 6603132158 | - |
| scopus.contributor.auid | 25930765400 | - |
| scopus.contributor.auid | 56962751700 | - |
| scopus.contributor.auid | 8301144200 | - |
| scopus.contributor.country | Italy | - |
| scopus.contributor.country | Italy | - |
| scopus.contributor.country | Italy | - |
| scopus.contributor.country | Italy | - |
| scopus.contributor.dptid | - | |
| scopus.contributor.dptid | - | |
| scopus.contributor.dptid | - | |
| scopus.contributor.dptid | - | |
| scopus.contributor.name | Gianluca | - |
| scopus.contributor.name | Davide | - |
| scopus.contributor.name | Maurizio | - |
| scopus.contributor.name | Luca | - |
| scopus.contributor.subaffiliation | - | |
| scopus.contributor.subaffiliation | - | |
| scopus.contributor.subaffiliation | - | |
| scopus.contributor.subaffiliation | - | |
| scopus.contributor.surname | Papaleo | - |
| scopus.contributor.surname | Chiarella | - |
| scopus.contributor.surname | Aiello | - |
| scopus.contributor.surname | Caviglione | - |
| scopus.date.issued | 2011 | * |
| scopus.description.abstracteng | Even if new interaction paradigms, such as the Voice over IP (VoIP), are becoming popular and widely adopted, the e-mail is still one of the most utilized ways to communicate across the Internet. However, many malicious threats are conveyed via e-mails. Usually, the authors can exploit two different approaches: i) analyzing the logs produced by e-mail servers or ii) reconstruct the e-mail flows by capturing data directly from the network by placing ad-hoc probes. In this vein, this Chapter discusses the analysis, development and deployment of statistical detection techniques aimed at the detection of Internet worms. For what concerns i), they introduce a tool called Log Mail Analyzer (LMA), which allows to overcome the complexity of inspecting multiple logs created from a heterogeneous population of mail servers. In the perspective of ii) they briefly discuss an alternative solution, based on ad-hoc network probes, to be properly placed to collect traffic and then reconstruct the e-mail flow to be monitored. Lastly, the authors introduce a threshold mechanism, based on a simple statistical framework, to automatically detect and identify different worm activities. © 2012, IGI Global. | * |
| scopus.description.allpeopleoriginal | Papaleo G.; Chiarella D.; Aiello M.; Caviglione L. | * |
| scopus.differences | scopus.identifier.isbn | * |
| scopus.differences | scopus.description.allpeopleoriginal | * |
| scopus.differences | scopus.description.abstracteng | * |
| scopus.document.type | ch | * |
| scopus.document.types | ch | * |
| scopus.identifier.doi | 10.4018/978-1-61350-507-6.ch003 | * |
| scopus.identifier.isbn | 9781613505076 | * |
| scopus.identifier.pui | 255338659 | * |
| scopus.identifier.scopus | 2-s2.0-84898396318 | * |
| scopus.journal.sourceid | 21100303654 | * |
| scopus.language.iso | eng | * |
| scopus.publisher.name | IGI Global | * |
| scopus.relation.firstpage | 47 | * |
| scopus.relation.lastpage | 71 | * |
| scopus.title | Analysis, development and deployment of statistical anomaly detection techniques for real e-mail traffic | * |
| scopus.titleeng | Analysis, development and deployment of statistical anomaly detection techniques for real e-mail traffic | * |
| Appare nelle tipologie: | 02.01 Contributo in volume (Capitolo o Saggio) | |
File in questo prodotto:
Non ci sono file associati a questo prodotto.
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
