A Multilayer Approach of Anomaly Detection for Email Systems

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Ye Wang Articles by Hussein Abdel-Wahab

11th IEEE Symposium on Computers and Communications (ISCC'06)

Cagliari, Sardinia, Italy

June 26-June 29

ISBN: 0-7695-2588-1

	ASCII Text	x
	Ye Wang, Hussein Abdel-Wahab, "A Multilayer Approach of Anomaly Detection for Email Systems," Computers and Communications, IEEE Symposium on, pp. 48-53, 11th IEEE Symposium on Computers and Communications (ISCC'06), 2006.

	BibTex	x
	@article{ 10.1109/ISCC.2006.10, author = {Ye Wang and Hussein Abdel-Wahab}, title = {A Multilayer Approach of Anomaly Detection for Email Systems}, journal ={Computers and Communications, IEEE Symposium on}, volume = {0}, year = {2006}, issn = {1530-1346}, pages = {48-53}, doi = {http://doi.ieeecomputersociety.org/10.1109/ISCC.2006.10}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computers and Communications, IEEE Symposium on TI - A Multilayer Approach of Anomaly Detection for Email Systems SN - 1530-1346 SP48 EP53 A1 - Ye Wang, A1 - Hussein Abdel-Wahab, PY - 2006 KW - null VL - 0 JA - Computers and Communications, IEEE Symposium on ER -

Ye Wang, Old Dominion University, USA

Hussein Abdel-Wahab, Old Dominion University, USA

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ISCC.2006.10

Many techniques have been applied to anomaly detection to detect novel attacks, such as statistical analysis, clustering, support vector machines, neural networks and etc. Although the results are promising, there?s still a serious problem, high false positive rates, which make anomaly detection systems practically unusable.

We observe that most network Intrusion Detection systems (IDSs) work on information that is only available on lower layers of the network or on higher layers, but not on both. We argue that by correlating the information on different layers, we can have a more efficient anomaly detection system.

We introduce an anomaly detection system based on the layer correlation. Bayesian networks and statistical analysis are used to build normal system models for the anomaly detection engine. The prototype system is tested on tcpdump traces including normal and anomalous email activities. Our experimental results show that our proposed solution is capable of reducing false alarm rates.

Citation:

Ye Wang, Hussein Abdel-Wahab, "A Multilayer Approach of Anomaly Detection for Email Systems," iscc, pp.48-53, 11th IEEE Symposium on Computers and Communications (ISCC'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.