There are many recent studies and proposal in Anomaly Detection Techniques, especially in worm and virus detection. In this field it does matter to answer few important questions like at which ISO/OSI layer data analysis is done and which approach is used. Furthermore these works suffer of scarcity of real data due to lack of network resources or privacy problem: almost every work in this sector uses synthetic ( e.g. DARPA) or pre-made set of data. Our study is based on layer seven quantities (number of e-mail sent in a chosen period): we analyzed quantitatively our network e-mail traffic and applied our method on gathered data to detect indirect worm infection (worms which use e-mail to spread infection). The method is a threshold method and, in our dataset, it identified various worm activities. In this document we show our data analysis and results in order to stimulate new approaches and debates in Anomaly Intrusion Detection Techniques.
Statistical anomaly detection on real e-mail traffic
M Aiello;D Chiarella;G Papaleo
2009
Abstract
There are many recent studies and proposal in Anomaly Detection Techniques, especially in worm and virus detection. In this field it does matter to answer few important questions like at which ISO/OSI layer data analysis is done and which approach is used. Furthermore these works suffer of scarcity of real data due to lack of network resources or privacy problem: almost every work in this sector uses synthetic ( e.g. DARPA) or pre-made set of data. Our study is based on layer seven quantities (number of e-mail sent in a chosen period): we analyzed quantitatively our network e-mail traffic and applied our method on gathered data to detect indirect worm infection (worms which use e-mail to spread infection). The method is a threshold method and, in our dataset, it identified various worm activities. In this document we show our data analysis and results in order to stimulate new approaches and debates in Anomaly Intrusion Detection Techniques.| Campo DC | Valore | Lingua |
|---|---|---|
| dc.authority.ancejournal | JOURNAL OF INFORMATION ASSURANCE AND SECURITY | - |
| dc.authority.orgunit | Istituto di Elettronica e di Ingegneria dell'Informazione e delle Telecomunicazioni - IEIIT | - |
| dc.authority.people | M Aiello | it |
| dc.authority.people | D Chiarella | it |
| dc.authority.people | G Papaleo | it |
| dc.collection.id.s | b3f88f24-048a-4e43-8ab1-6697b90e068e | * |
| dc.collection.name | 01.01 Articolo in rivista | * |
| dc.contributor.appartenenza | Istituto di Elettronica e di Ingegneria dell'Informazione e delle Telecomunicazioni - IEIIT | * |
| dc.contributor.appartenenza | Istituto di linguistica computazionale "Antonio Zampolli" - ILC | * |
| dc.contributor.appartenenza.mi | 877 | * |
| dc.contributor.appartenenza.mi | 918 | * |
| dc.date.accessioned | 2024/02/18 22:38:14 | - |
| dc.date.available | 2024/02/18 22:38:14 | - |
| dc.date.issued | 2009 | - |
| dc.description.abstracteng | There are many recent studies and proposal in Anomaly Detection Techniques, especially in worm and virus detection. In this field it does matter to answer few important questions like at which ISO/OSI layer data analysis is done and which approach is used. Furthermore these works suffer of scarcity of real data due to lack of network resources or privacy problem: almost every work in this sector uses synthetic ( e.g. DARPA) or pre-made set of data. Our study is based on layer seven quantities (number of e-mail sent in a chosen period): we analyzed quantitatively our network e-mail traffic and applied our method on gathered data to detect indirect worm infection (worms which use e-mail to spread infection). The method is a threshold method and, in our dataset, it identified various worm activities. In this document we show our data analysis and results in order to stimulate new approaches and debates in Anomaly Intrusion Detection Techniques. | - |
| dc.description.affiliations | Maurizio Aiello1, Davide Chiarella1 2 and Gianluca Papaleo1 2 1 1 - National Research Council, IEIIT, Genoa, Italy 2 - University of Genoa, Department of Computer and Information Sciences, Italy | - |
| dc.description.allpeople | M. Aiello; D. Chiarella; G. Papaleo | - |
| dc.description.allpeopleoriginal | M. Aiello, D. Chiarella, G. Papaleo | - |
| dc.description.fulltext | none | en |
| dc.description.numberofauthors | 3 | - |
| dc.identifier.scopus | 2-s2.0-58149105782 | - |
| dc.identifier.uri | https://hdl.handle.net/20.500.14243/36122 | - |
| dc.language.iso | eng | - |
| dc.relation.firstpage | 604 | - |
| dc.relation.issue | 4 | - |
| dc.relation.lastpage | 611 | - |
| dc.relation.volume | 4 | - |
| dc.subject.keywords | Anomaly Detection Techniques | - |
| dc.subject.keywords | indirect worm | - |
| dc.subject.keywords | real e-mail traffic. | - |
| dc.subject.singlekeyword | Anomaly Detection Techniques | * |
| dc.subject.singlekeyword | indirect worm | * |
| dc.subject.singlekeyword | real e-mail traffic | * |
| dc.title | Statistical anomaly detection on real e-mail traffic | en |
| dc.type.driver | info:eu-repo/semantics/article | - |
| dc.type.full | 01 Contributo su Rivista::01.01 Articolo in rivista | it |
| dc.type.miur | 262 | - |
| dc.type.referee | Sì, ma tipo non specificato | - |
| dc.ugov.descaux1 | 62323 | - |
| iris.orcid.lastModifiedDate | 2024/05/30 16:50:07 | * |
| iris.orcid.lastModifiedMillisecond | 1717080607677 | * |
| iris.scopus.extIssued | 2009 | - |
| iris.scopus.extTitle | Statistical anomaly detection on real e-mail traffic | - |
| iris.scopus.ideLinkStatusDate | 2024/05/30 16:50:07 | * |
| iris.scopus.ideLinkStatusMillisecond | 1717080607686 | * |
| iris.sitodocente.maxattempts | 1 | - |
| scopus.authority.anceserie | ADVANCES IN SOFT COMPUTING###1615-3871 | * |
| scopus.category | 1701 | * |
| scopus.category | 2206 | * |
| scopus.category | 1706 | * |
| scopus.contributor.affiliation | IEIIT | - |
| scopus.contributor.affiliation | University of Genoa | - |
| scopus.contributor.affiliation | University of Genoa | - |
| scopus.contributor.afid | 60021199 | - |
| scopus.contributor.afid | 60025153 | - |
| scopus.contributor.afid | 60025153 | - |
| scopus.contributor.auid | 56962751700 | - |
| scopus.contributor.auid | 25930765400 | - |
| scopus.contributor.auid | 6603132158 | - |
| scopus.contributor.country | Italy | - |
| scopus.contributor.country | Italy | - |
| scopus.contributor.country | Italy | - |
| scopus.contributor.dptid | - | |
| scopus.contributor.dptid | 104273246 | - |
| scopus.contributor.dptid | 104273246 | - |
| scopus.contributor.name | Maurizio | - |
| scopus.contributor.name | Davide | - |
| scopus.contributor.name | Gianluca | - |
| scopus.contributor.subaffiliation | National Research Council; | - |
| scopus.contributor.subaffiliation | Department of Computer and Information Sciences; | - |
| scopus.contributor.subaffiliation | Department of Computer and Information Sciences; | - |
| scopus.contributor.surname | Aiello | - |
| scopus.contributor.surname | Chiarella | - |
| scopus.contributor.surname | Papaleo | - |
| scopus.date.issued | 2009 | * |
| scopus.description.abstracteng | There are many recent studies and proposal in Anomaly Detection Techniques, especially in worm and virus detection. In this field it does matter to answer few important questions like at which ISO/OSI layer data analysis is done and which approach is used. Furthermore these works suffer of scarcity of real data due to lack of network resources or privacy problem: almost every work in this sector uses synthetic (e.g. DARPA) or pre-made set of data. Our study is based on layer seven quantities (number of e-mail sent in a chosen period): we analyzed quantitatively our network e-mail traffic (4 SMTP servers, 10 class C networks) and applied our method on gathered data to detect indirect worm infection (worms which use e-mail to spread infection). The method is a threshold method and, in our dataset, it identified various worm activities. In this document we show our data analysis and results in order to stimulate new approaches and debates in Anomaly Intrusion Detection Techniques. © 2009 Springer-Verlag Berlin Heidelberg. | * |
| scopus.description.allpeopleoriginal | Aiello M.; Chiarella D.; Papaleo G. | * |
| scopus.differences | scopus.relation.lastpage | * |
| scopus.differences | scopus.subject.keywords | * |
| scopus.differences | scopus.relation.firstpage | * |
| scopus.differences | scopus.description.allpeopleoriginal | * |
| scopus.differences | scopus.identifier.doi | * |
| scopus.differences | scopus.description.abstracteng | * |
| scopus.differences | scopus.relation.volume | * |
| scopus.document.type | cp | * |
| scopus.document.types | cp | * |
| scopus.identifier.doi | 10.1007/978-3-540-88181-0_22 | * |
| scopus.identifier.eissn | 1860-0794 | * |
| scopus.identifier.isbn | 9783540881803 | * |
| scopus.identifier.pui | 354019673 | * |
| scopus.identifier.scopus | 2-s2.0-58149105782 | * |
| scopus.journal.sourceid | 21100778845 | * |
| scopus.language.iso | eng | * |
| scopus.relation.firstpage | 170 | * |
| scopus.relation.lastpage | 177 | * |
| scopus.relation.volume | 53 | * |
| scopus.subject.keywords | Anomaly Detection Techniques; Indirect worm; Real e-mail traffic; | * |
| scopus.title | Statistical anomaly detection on real e-mail traffic | * |
| scopus.titleeng | Statistical anomaly detection on real e-mail traffic | * |
| Appare nelle tipologie: | 01.01 Articolo in rivista | |
File in questo prodotto:
Non ci sono file associati a questo prodotto.
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
