Anomaly Detection in SMTP Traffic

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Hao Luo Articles by Binxing Fang Articles by Xiaochun Yun

Third International Conference on Information Technology: New Generations (ITNG'06)

Las Vegas, Nevada

April 10-April 12

ISBN: 0-7695-2497-4

	ASCII Text	x
	Hao Luo, Binxing Fang, Xiaochun Yun, "Anomaly Detection in SMTP Traffic," Information Technology: New Generations, Third International Conference on, pp. 408-413, Third International Conference on Information Technology: New Generations (ITNG'06), 2006.

	BibTex	x
	@article{ 10.1109/ITNG.2006.34, author = {Hao Luo and Binxing Fang and Xiaochun Yun}, title = {Anomaly Detection in SMTP Traffic}, journal ={Information Technology: New Generations, Third International Conference on}, volume = {0}, year = {2006}, isbn = {0-7695-2497-4}, pages = {408-413}, doi = {http://doi.ieeecomputersociety.org/10.1109/ITNG.2006.34}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Information Technology: New Generations, Third International Conference on TI - Anomaly Detection in SMTP Traffic SN - 0-7695-2497-4 SP408 EP413 A1 - Hao Luo, A1 - Binxing Fang, A1 - Xiaochun Yun, PY - 2006 KW - null VL - 0 JA - Information Technology: New Generations, Third International Conference on ER -

Hao Luo, Harbin Institute of Technology

Binxing Fang, Harbin Institute of Technology

Xiaochun Yun, Harbin Institute of Technology

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ITNG.2006.34

for detecting SMTP traffic anomaly. Our detection method cumulates the deviation of current delivering status from history behavior based on a weighted sum method called the leaky integrate-and-fire model to detect anomaly. The simplicity of our detection method is that the method need not store history profile and low computation overhead, which make the detection method itself immunes to attacks. The performance is investigated in terms of detection probability, the false alarm ratio, and the detection delay. Our results show that leaky integrate-and-fire method is quite effective at detecting anomaly in the SMTP traffic. Compared with non-parametric Cumulative Sum method, the evaluation results show that our detection method has lower false alarm ratio and higher detection probability.

Citation:

Hao Luo, Binxing Fang, Xiaochun Yun, "Anomaly Detection in SMTP Traffic," itng, pp.408-413, Third International Conference on Information Technology: New Generations (ITNG'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.