Information Technology Reference
In-Depth Information
protect their customers (and hence to pass along these costs in their service fees;
user's may be willing to pay more for security).
Deployment of an MET/EMT system in a corporate enterprise or enclave environ-
ment would likely have a completely different risk and cost assessment dynamic
when considering the potential damage that may be incurred corporate-wide by virus
attacks, or security policy violations (where corporate proprietary information may be
revealed). It is apparent that the tradeoffs between privacy and security and cost are
non-trivial, and ultimately are a matter of risk and benefit assessment between users
and providers who will likely ultimately find an optimal balance.
6
Concluding Remarks
We are actively gathering large amounts of email data from volunteers within the
Computer Science Department of Columbia University to test our hypotheses. We are
aiming to develop a fully deployed system and further develop the range of analyses
appropriate for such a behavior-based protection system.
There are other uses of an MET/EMT system worth noting, metering of email and
application layer profiling. There is some discussion in the popular press about the
costs of spam emails and the burden placed upon ordinary users. Some analysts have
proposed that email may one day not be a free service provided by ISP's, but rather a
fee- or usage-based service provided by ISP in order to create an economic hurdle to
spammers, and to of course recover their costs in handling massive amount of un-
wanted emails. Hence, each outbound email sent by a user account may incur a
charge. If such schemes are indeed implemented, it likely would not be long before
inbound received emails would also incur a charge (akin to “airtime” charges for
inbound cell phone calls). Obviously, a system based upon MET/EMT would there-
fore become very useful for managing billing information and service charges (since a
record of each email is maintained by MET), and is thus a natural extension to its core
functionality.
It is also interesting to note that EMT also serves as a general strategy for an
Appli-
cation-level Intrusion Detection System
. Email is after all an application. The same
principles of behavior modeling and anomaly detection may also be applied to an
arbitrary application. Thus, we are also exploring the application of a general form of
EMT to model the behavior of large-complex distribution applications to detect errant
misuses of the application.
References
1. Bhattacharyya, M., Hershkop, S., Eskin, E., and Stolfo, S. J.:
''MET: An Experimental Sys-
tem for Malicious Email Tracking.'
' In Proceedings of the 2002 New Security Paradigms
Workshop (NSPW-2002). Virginia Beach, VA, September, 2002
2. Zhiqiang Bi, Christos Faloustos, Flip Korn:
The DGX Distribution for Mining Massive,
Skewed Data
(2001)
3. Bron, C., Kerbosch, J.:
Finding all cliques of an undirected graph.
Comm. ACM 16(9)
(1973) 575-577
