Sciweavers

IJNSEC
2008

An Effective Anomaly Detection Method in SMTP Traffic

14 years 13 days ago
An Effective Anomaly Detection Method in SMTP Traffic
We investigate an effective and robust mechanism for detecting SMTP traffic anomaly. Our detection method cumulates the deviation of current delivering status from history behavior based on the leaky integrate-and-fire model to detect anomaly. The simplicity of our detection method is that the method requires neither the set of anomalies to be detected, nor the thresholds to be supplied by the user. Furthermore the proposed method need not store history profile and has low computation overhead, which makes the detection method itself immune to attacks. The performance evaluation results show that leaky integrate-and-fire method is quite effective at detecting constant intensity attacks and increasing intensity attacks in the SMTP traffic. Compared with other anomaly detection method, our detection method has better detecting performance.
Hao Luo, Binxing Fang, Xiao-chun Yun, Zhi-Gang Wu
Added 12 Dec 2010
Updated 12 Dec 2010
Type Journal
Year 2008
Where IJNSEC
Authors Hao Luo, Binxing Fang, Xiao-chun Yun, Zhi-Gang Wu
Comments (0)