{"title":"通过用户建模保护电子邮件存档","authors":"Yiru Li, Anil Somayaji","doi":"10.1109/CSAC.2005.50","DOIUrl":null,"url":null,"abstract":"Online email archives are an under-protected yet extremely sensitive information resource. Email archives can store years worth of personal and business email in an easy-to-access form, one that is much easier to compromise than messages being transmitted \"on the wire.\" Most email archives, however, are protected by reusable passwords that are often weak and can be easily compromised. To protect such archives, we propose a novel user-specific design for an anomaly-based email archive intrusion detection system. As a first step towards building such a system, we have developed a simple probabilistic model of user email behavior that correlates email senders and a user's disposition of emails. In tests using data gathered from three months of observed user behavior and synthetic models of attacker behavior, this model exhibits a low rate of false positives (generally one false alarm every few weeks) while still detecting most attacks. These results suggest that anomaly detection is a feasible strategy for securing email archives, one that does not require changes in user authentication or access behavior","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"328 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Securing email archives through user modeling\",\"authors\":\"Yiru Li, Anil Somayaji\",\"doi\":\"10.1109/CSAC.2005.50\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Online email archives are an under-protected yet extremely sensitive information resource. Email archives can store years worth of personal and business email in an easy-to-access form, one that is much easier to compromise than messages being transmitted \\\"on the wire.\\\" Most email archives, however, are protected by reusable passwords that are often weak and can be easily compromised. To protect such archives, we propose a novel user-specific design for an anomaly-based email archive intrusion detection system. As a first step towards building such a system, we have developed a simple probabilistic model of user email behavior that correlates email senders and a user's disposition of emails. In tests using data gathered from three months of observed user behavior and synthetic models of attacker behavior, this model exhibits a low rate of false positives (generally one false alarm every few weeks) while still detecting most attacks. These results suggest that anomaly detection is a feasible strategy for securing email archives, one that does not require changes in user authentication or access behavior\",\"PeriodicalId\":422994,\"journal\":{\"name\":\"21st Annual Computer Security Applications Conference (ACSAC'05)\",\"volume\":\"328 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2005-12-05\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"21st Annual Computer Security Applications Conference (ACSAC'05)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSAC.2005.50\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"21st Annual Computer Security Applications Conference (ACSAC'05)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSAC.2005.50","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Online email archives are an under-protected yet extremely sensitive information resource. Email archives can store years worth of personal and business email in an easy-to-access form, one that is much easier to compromise than messages being transmitted "on the wire." Most email archives, however, are protected by reusable passwords that are often weak and can be easily compromised. To protect such archives, we propose a novel user-specific design for an anomaly-based email archive intrusion detection system. As a first step towards building such a system, we have developed a simple probabilistic model of user email behavior that correlates email senders and a user's disposition of emails. In tests using data gathered from three months of observed user behavior and synthetic models of attacker behavior, this model exhibits a low rate of false positives (generally one false alarm every few weeks) while still detecting most attacks. These results suggest that anomaly detection is a feasible strategy for securing email archives, one that does not require changes in user authentication or access behavior
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
