See this document in CiteSeerX!

An Approach for Detecting Self-Propagating Email Using Anomaly Detection (2003)  (Make Corrections)  (7 citations)
Ajay Gupta, R. Sekar



  Home/Search   Context   Related

 
View or download:
sunysb.edu/seclab/pubs/pape...raid03.ps
Cached:  PS.gz  PS  PDF   Image  Update  Help

From:  sunysb.edu/seclab/pubs/papers (more)
(Enter author homepages)

Rate this article: (best)
  Comment on this article  
(Enter summary)

Abstract: This paper develops a new approach for detecting self-propagating email viruses based on statistical anomaly detection. Our approach assumes that a key objective of an email virus attack is to eventually overwhelm mail servers and clients with a large volume of email traffic. Based on this assumption, the approach is designed to detect increases in traffic volume over what was observed during the training period. This paper describes our approach and the results of our simulation-based... (Update)

Cited by:   More
A Study of Mass-mailing Worms - Cynthia Wong Stan   (Correct)
Using Predators to Combat Worms and Viruses: - Simulation-Based Study Ajay   (Correct)
Detecting Intra-enterprise Scanning Worms based on Address.. - David Whyte Paul   (Correct)

Active bibliography (related documents):   More   All
5.6:   An Approach for Detecting Self-Propagating Email Using Anomaly .. - Gupta, Sekar (2003)   (Correct)
0.5:   Building Survivable Systems: An Integrated.. - Bowen, Chee.. (2000)   (Correct)
0.5:   Specification-based Anomaly Detection: A New.. - Sekar, Gupta.. (2002)   (Correct)

Similar documents based on text:   More   All
0.2:   An Efficient and Backwards-Compatible Transformation to.. - Xu, DuVarney, Sekar (2004)   (Correct)
0.2:   Automatic Generation of Buffer Overflow Attack Signatures: An.. - Liang, Sekar (2005)   (Correct)
0.2:   Isolated Program Execution: An Application Transparent .. - Liang.. (2003)   (Correct)

Related documents from co-citation:   More   All
4:   Netw ork Associates and (context) - Associates, mm et al. - 2000
4:   Monitoring and early warning for internet worms - Zou, Gao et al. - 2003
4:   World Wide Web (context) - Associates, Vbs et al. - 2000

BibTeX entry:   (Update)

Ajay Gupta and R. Sekar. An approach for detecting self-propagating email using anomaly detection. In Proceedings of the International Symposium on Recent Advances in Intrusion Detection, September 2003. http://citeseer.ist.psu.edu/gupta03approach.html   More

@misc{ gupta03approach,
  author = "A. Gupta and R. Sekar",
  title = "An approach for detecting self-propagating email using anomaly detection",
  text = "Ajay Gupta and R. Sekar. An approach for detecting self-propagating email
    using anomaly detection. In Proceedings of the International Symposium on
    Recent Advances in Intrusion Detection, September 2003.",
  year = "2003",
  url = "citeseer.ist.psu.edu/gupta03approach.html" }
Citations (may not include all citations):
123   Bro: A System for Detecting Network Intruders in Real-Time - Paxson - 1998
84   Data Mining Approaches for Intrusion Detection - Lee, Stolfo - 1998
74   Computer Immunology - Forrest, Hofmeyr et al. - 1997
70   A Data Mining Framework for Building Intrusion Detection Mod.. - Lee, Stolfo et al. - 1999
68   A Network Security Monitor (context) - Heberlein, Dias et al. - 1990
63   Next-generation Intrusion Detection Expert System - Anderson, Lunt et al. - 1995
56   A real-time intrusion detection expert system (context) - Lunt, Tamaru et al. - 1992
56   How to Own the Internet in Your Spare Time (context) - Staniford, Paxson et al. - 2002
53   Code Red Worm Propagation Modeling and Analysis - Zou, Gong et al. - 2002
53   Directed-graph Epidemiological Models of Computer Viruses (context) - Kephart, White - 1991
53   The Internet worm program: an analysis - Spafford - 1988
43   NADIR: An Automated System for Detecting Network Intrusion a.. (context) - Hochberg - 1993
40   Temporal Sequence Learning and Data Reduction for Anomaly De.. - Lane, Brodley - 1998
36   GrIDS: A Graph-Based Intrusion Detection System for Large Ne.. (context) - Staniford-Chen - 1996
34   Synthesizing Fast Intrusion PreventionDetection System from .. - Uppuluri, Intrusion et al. - 1999
34   NetSTAT: A Network-based Intrusion Detection Approach - Vigna, Kemmerer - 1998
31   Learning Program Behavior Profiles for Intrusion Detection - Ghosh, Schwartzbard et al. - 1999
19   The STAT Tool Suite - Vigna, Eckmann et al. - 2000
19   A High-Performance Network Intrusion Detection System - Sekar, Guang et al. - 1999
19   On Computer Viral Infection and the Effect of Immunization - Wang, Knight et al. - 2000
10   Mining Alarm Clusters to Improve Alarm Handling Efficiency - Julisch - 2001
10   Blueprint for a Computer Immune System (context) - Kephart, Sorkia et al. - 1997
10   Specificationbased anomaly detection: a new approach for det.. - Sekar, Gupta et al. - 2002
10   A New Model for Availability in the Face of Self-Propagating.. - Lin, Ricciardi et al. - 1998
7   Data Mining Methods for Detection of New Malicious Executabl.. - Schultz, Eskin et al. - 2001
7   Malicious Email Filter - A UNIX Mail Filter that Detects Mal.. (context) - Schultz, Eskin et al. - 2001
6   EMERALD: Event Monitoring Enabled Responses to Anomalous Liv.. (context) - Porras, Neumann - 1997
5   Symposium on Research Security and Privacy (context) - Heberlein, Security - 1990
4   An Environment for Controlled Worm Replication and Analysis (context) - Whalley, Arnold et al. - 2000
3   On Power-Law Relationships of the Internet (context) - Faloutsos, Faloutsos et al. - 1999
3   Cyber Ecology: Looking to Ecology for Insights into Informat.. (context) - Jorgensen, Rossignol et al. - 2001
3   A Fast Automaton-Based Approach for Learning Program Behavio.. (context) - Sekar, Bendre et al. - 2001
3   Network flight recorder (context) - Flight - 1997
2   Network Analysis of Anomalous Traffic Events (context) - Taylor, Alves-Foss - 2001
2   submitted to st NSFNIJ Symposium Intelligence and Security I.. (context) - Shlomo, Wang et al. - 2003
2   Carnegie Mellon (context) - CC, Advisories
2   Watson Research Center (context) - Kephart, Chess et al. - 1993
2   MET: An Experimental System for Malicious Email Tracking (context) - Bhattacharyya, Hershkop et al. - 2002
http://www.silicondefense.com/cr/july.html

Documents on the same site (http://seclab.cs.sunysb.edu/seclab/pubs/papers.htm):   More
A High-Performance Network Intrusion Detection System - Sekar, Guang, Verma, Shanbhag (1999)   (Correct)
Building Survivable Systems: An Integrated.. - Bowen, Chee.. (2000)   (Correct)
Automatic Generation of Buffer Overflow Attack Signatures: An.. - Liang, Sekar (2005)   (Correct)

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC