Detection of Anomalous Mailing Behavior Using Novel Data Mining Approaches


Da-Wei Lin, Yi-Ming Chen

Department of Information Management,

National Central University, Chung-li, Taiwan 32054, Republic of China,



The paper presents a novel method for detecting anomalous mailing behavior based on data mining approaches. Known or unknown email viruses may cause anomalous behaviors. Such behavior can be measured by deviations from a user’s normal behavior. Grouping and association analysis are used to establish a normal user profile. The building process is divided into two stages - first, group relation analysis and second, dependence relation analysis. Only group relationship analysis or both analyses may be selected, depending on the amount of data available to solve real problems.

Bulk amounts of SENDMAIL log data are analyzed and virus behavior simulated. Empirical results indicate that this method of detecting anomalous mailing behavior, based on data mining, is highly accurate. A prototype system has also been designed and constructed.


Keywords: anomalous behavior detectionmailing behaviordata mininggrouping