ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
MET: an experimental system for Malicious Email Tracking
Full text PdfPdf (790 KB)
Source New Security Paradigms Workshop archive
Proceedings of the 2002 workshop on New security paradigms table of contents
Virginia Beach, Virginia
SESSION: Intrusion detection and response table of contents
Pages: 3 - 10  
Year of Publication: 2002
ISBN:1-58113-598-X
Authors
Manasi Bhattacharyya  Columbia University
Shlomo Hershkop  Columbia University
Eleazar Eskin  Columbia University
Sponsor
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 10,   Downloads (12 Months): 46,   Citation Count: 9
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/844102.844104
What is a DOI?

ABSTRACT

Despite the use of state of the art methods to protect against malicious programs, they continue to threaten and damage computer systems around the world. In this paper we present MET, the Malicious Email Tracking system, designed to automatically report statistics on the flow behavior of malicious software delivered via email attachments both at a local and global level. MET can help reduce the spread of malicious software worldwide, especially self-replicating viruses, as well as provide further insight toward minimizing damage caused by malicious programs in the future. In addition, the system can help system administrators detect all of the points of entry of a malicious email into a network. The core of MET's operation is a database of statistics about the trajectory of email attachments in and out of a network system, and the culling together of these statistics across networks to present a global view of the spread of the malicious software. From a statistical perspective sampling only a small amount of traffic (for example, .1 %) of a very large email stream is sufficient to detect suspicious or otherwise new email viruses that may be undetected by standard signature-based scanners. Therefore, relatively few MET installations would be necessary to gather sufficient data in order to provide broad protection services. Small scale simulations are presented to demonstrate MET in operation and suggests how detection of new virus propagations via flow statistics can be automated.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
B. Balzer. Assuring the safety of opening email attachments. In Proceedings of DARPA Information Survivabilty Conference and Exposition II (DISCEX II), 2001.
 
2
HouseCall. Free online virus scan. Online Publication, 2002. http://housecall.antivirus.com.
 
3
W. O. International. Pc viruses in the wild. http://www.bocklabs.wisc.edu/ janda/wildlist.html.
 
4
Jeffrey O. Kephart , Steve R. White , David M. Chess, Computers and epidemiology, IEEE Spectrum, v.30 n.5, p.20-26, May 1993  [doi>10.1109/6.275061]
 
5
J. O. Kephart. A biologically inspired immune system for computers. Artificial Life IV, Proceedings of the Fourth International Workshop on Synthesis and Simulatoin of Living Systems, Rodney A. Brooks and Pattie Maes, eds., pages 130--193, 1994.
 
6
MacAfee. Macafee home page. Online Publication, 2002. http://www.mcafee.com.
 
7
T. Microsystems. Trend world virus tracking center map. http://wtc.trendmicro.com/wtc/.
 
8
Postini. Postini press release. Online Publication, 2000. http://www.postini.com/company/pr/pr100200.html.
 
9
Procmail. Procmail home page. Online Publication, 2002. http://www.procmail.org.
 
10
R. L. Rivest. The md5 message digest algorithm. http://www.ietf.org/rfc/rfc1321.txt.
 
11
M. G. Schultz, E. Eskin, S. J. Stolfo, E. Zadok, and M. Bhattacharyya. Mef: Malicious email filter - a unix mail filter that detects malicious windows executables. http://www.cs.columbia.edu/ids/mef/rel_papers.html.
 
12
Matthew G. Schultz , Eleazar Eskin , Erez Zadok , Salvatore J. Stolfo, Data Mining Methods for Detection of New Malicious Executables, Proceedings of the 2001 IEEE Symposium on Security and Privacy, p.38, May 14-16, 2001
 
13
Sendmail. Sendmail home page. Online Publication, 2002. http://www.sendmail.org.
 
14
Symantec. Symantec worldwide home page. Online Publication, 2002. http://www.symantec.com/product/.
 
15
Chenxi Wang , J. C. Knight , M. C. Elder, On computer viral infection and the effect of immunization, Proceedings of the 16th Annual Computer Security Applications Conference, p.246, December 11-15, 2000
 
16
S. R. White. Open problems in computer virus research. Online publication. http://www.research.ibm.com/antivirus/SciPapers/White/Problems/Problems.html.

CITED BY  9
Wei-Jen Li , Shlomo Hershkop , Salvatore J. Stolfo, Email archive analysis through graphical visualization, Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, October 29-29, 2004, Washington DC, USA
Dong-Her Shih , Hsiu-Sen Chiang , C. David Yen, Classification methods in the detection of new malicious emails, Information Sciences—Informatics and Computer Science: An International Journal, v.172 n.1-2, p.241-261, 9 June 2005
Shlomo Hershkop , Salvatore J. Stolfo, Combining email models for false positive reduction, Proceeding of the eleventh ACM SIGKDD international conference on Knowledge discovery in data mining, August 21-24, 2005, Chicago, Illinois, USA
Konstantinos Xinidis , Ioannis Charitakis , Spiros Antonatos , Kostas G. Anagnostakis , Evangelos P. Markatos, An Active Splitter Architecture for Intrusion Detection and Prevention, IEEE Transactions on Dependable and Secure Computing, v.3 n.1, p.31, January 2006
Shlomo Hershkop , Salvatore J. Stolfo, Identifying spam without peeking at the contents, Crossroads, v.11 n.2, p.3-3, Winter 2004
Salvatore J. Stolfo , Shlomo Hershkop , Chia-Wei Hu , Wei-Jen Li , Olivier Nimeskern , Ke Wang, Behavior-based modeling and its application to Email analysis, ACM Transactions on Internet Technology (TOIT), v.6 n.2, p.187-221, May 2006
K. G. Anagnostakis , S. Sidiroglou , P. Akritidis , K. Xinidis , E. Markatos , A. D. Keromytis, Detecting targeted attacks using shadow honeypots, Proceedings of the 14th conference on USENIX Security Symposium, p.9-9, July 31-August 05, 2005, Baltimore, MD
Fareed Zaffar , Gershon Kedem, Cooperative forensics sharing, Proceedings of the 1st international conference on Bio inspired models of network, information and computing systems, December 11-13, 2006, Cavalese, Italy
Spiros Antonatos , Kostas Anagnostakis , Evangelos Markatos, Honey@home: a new approach to large-scale threat monitoring, Proceedings of the 2007 ACM workshop on Recurring malcode, November 02-02, 2007, Alexandria, Virginia, USA

INDEX TERMS

Primary Classification:
  H. Information Systems
  H.4 INFORMATION SYSTEMS APPLICATIONS
      H.4.3 Communications Applications
          Subjects: Electronic mail

Additional Classification:
  H. Information Systems
  H.2 DATABASE MANAGEMENT
      H.2.7 Database Administration
          Subjects: Security, integrity, and protection

  K. Computing Milieux
  K.4 COMPUTERS AND SOCIETY
      K.4.1 Public Policy Issues
          Subjects: Privacy
      K.4.4 Electronic Commerce
          Subjects: Security


General Terms:
Design, Performance, Security


Keywords:
anti-virus, email attachment, email tracking, virus detection

Collaborative Colleagues:
Manasi Bhattacharyya: colleagues
Shlomo Hershkop: colleagues
Eleazar Eskin: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player