An Effective Defense Against Email Spam Laundering - PowerPoint PPT Presentation

1 / 28
About This Presentation
Title:

An Effective Defense Against Email Spam Laundering

Description:

An Effective Defense Against Email Spam Laundering Author: Mengjun Xie, Heng Yin, Haining Wang Presented At: CCS 06 Prepared By: Amit Shrivastava – PowerPoint PPT presentation

Number of Views:85
Avg rating:3.0/5.0
Slides: 29
Provided by: kpadm2
Learn more at: http://www.cs.ucf.edu
Category:

less

Transcript and Presenter's Notes

Title: An Effective Defense Against Email Spam Laundering


1
An Effective Defense Against Email Spam Laundering
  • Author Mengjun Xie, Heng Yin, Haining Wang
  • Presented At CCS 06
  • Prepared By Amit Shrivastava

2
Overview
  • Introduction
  • Spam Laundering
  • Anti spam techniques
  • Proxy based spam behavior
  • DBSpam
  • Evaluation
  • Review

3
Introduction
  • Presently spam makes 60 of emails
  • Spam has evolved in parallel with anti spam
    techniques.
  • Spammers hide using, proxies and compromised
    computers known as zombies

4
Introduction cont.
  • Detecting spam at its source by monitoring
    bidirectional traffic of a network
  • DBSpam uses packet symmetry to break spam
    laundering in a network

5
Spam Laundering
Spam Proxy
6
Anti Spam Techniques
  • Existing Anti spam techniques are classified
    into,
  • Recipient Oriented
  • Sender Oriented
  • HoneySpam

7
Anti Spam Techniques (contd.)
  • Recipient Oriented anti-spam techniques functions
  • They block email spam from reaching recipients
    mailbox
  • Or
  • Remove / mark spam in recipients mailbox

8
Anti Spam Techniques (contd.)
  • Recipient Oriented anti-spam techniques are
    further classified as
  • Content based
  • Email address filters
  • Heuristic filters
  • Machine learning based filters
  • Non content based

9
Anti Spam Techniques (contd.)
  • Recipient Oriented anti-spam techniques are
    further classified as
  • Content based
  • Non content based
  • DNSBL
  • MARID
  • Challenge response
  • Delaying
  • Sender behavior analysis

10
Anti Spam Techniques (contd.)
  • Sender Oriented Techniques
  • Usage Regulations
  • E.g. blocking port 25, SMTP authentication
  • Cost based approaches
  • Charge the sender (postage)

11
Anti Spam Techniques (contd.)
  • HoneySpam
  • It is a honeypot framework based on honeyD
  • It deters email address harvesters, poison spam
    address databases and blocks spam that goes
    through the open relay / proxy decoys set by
    HoneySpam

12
Proxy based spam behavior
  • Laundry path of Proxy Spamming

13
Proxy based spam behavior (contd.)
  • Connection Correlation
  • There is one-to-one mapping between the upstream
    and downstream connections along the spam laundry
    path
  • This kind of connection is a common for proxy
    based spamming
  • In normal email delivery there is only one
    connection between sender and receiving MTA

14
Proxy based spam behavior (contd.)
Spam laundering for single proxy
15
Proxy based spam behavior (contd.)
Spam laundering for multiple proxies
16
Proxy based spam behavior (contd.)
  • Message symmetry at application layer leads to
    packet symmetry at network layer
  • Exception one to one mapping between inbound and
    outbound streams can be violated
  • Reasons packet fragmentation, packet compression
    and packet retransmission

17
Proxy based spam behavior (contd.)
  • The packet symmetry is a key to distinguish the
    suspicious upstream / downstream connections
    along the spam laundry path from normal
    background traffic

18
DBSpam
  • Goals
  • Fast detection of spam laundering with high
    accuracy
  • Breaking spam laundering via throttling or
    blocking after detection
  • Support for spammer tracking
  • Support for spam message fingerprinting

19
DBSpam
  • DBSpam consists of two major components
  • Spam detection module
  • Simple connection correlation detection algorithm
  • Spam suppression module

20
DBSpam
  • Deployment of DBSpam
  • It is placed at a network vantage point which may
    connect costumer network to the Internet
  • DBSpam works well if it is deployed at the
    primary ISP edge router

21
DBSpam
  • Packet symmetry for spam TCP is 1
  • For a normal TCP connection it is one with very
    small probability of occurrence
  • DBSpam uses a statistical method, sequential
    probability ratio test (SPRT)

22
DBSpam
  • sequential probability ratio test (SPRT) checks
    probability between bounds for each observation
  • The algorithm contains a variable X which is
    checked for correlation
  • Variables A and B form the bounds
  • If X is between A and B, the algorithm does
    another observation, else it stops with a
    conclusion

23
Evaluation
  • DBSpam detection time is mainly decided by the
    SPRT detection time
  • Number of observations needed to reach a decision
  • Actual time spent by SPRT

24
Evaluation
25
Strengths
  • Can detect spam even if its content is encrypted
  • Low false positives
  • Does not degrade network performance

26
weakness
  • It cannot efficiently detect spam with short
    reply rounds
  • Its it more effective only if it can be installed
    on an ISP edge router

27
Improvements
  • DBSpam algorithm should be made more efficient so
    as to detect new evolving spam

28
  • .
  • Thank You
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "An Effective Defense Against Email Spam Laundering" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!