A Fuzzy approach for detecting anomalous behaviour in e-mail traffic

Authors

Mark JynHuey Lim, University of Tasmania
Michael Negnevitsky, University of Tasmania
Jacky Hartnett, University of Tasmania

Document Type

Conference Proceeding

Publisher

School of Computer and Information Science, Edith Cowan University, Perth, Western Australia

Abstract

This paper investigates the use of fuzzy inference for detection of abnormal changes in email traffic communication behaviour. Several communication behaviour measures and metrics are defined for extracting information on the traffic communication behaviour of email users. The information from these behaviour measures is then combined using a hierarchy of fuzzy inference systems, to provide an abnormality rating for overall changes in communication behaviour of suspect email accounts. The use of fuzzy inference is then demonstrated with a case study investigating the email traffic behaviour of a person’s email accounts from the Enron email corpus.

Comments

4th Australian Digital Forensics Conference, Edith Cowan University, Perth Western Australia, December 4th 2006.

DOI

10.4225/75/57b132adc7053