1 / 20

B @BEL: Leveraging Email Delivery for Spam Mitigation

B @BEL: Leveraging Email Delivery for Spam Mitigation . Gianluca Stringhini , Manuel Egele , a Apostolis Zarras , Thorsten Holz , Christopher Kruegel , and Giovanni Vigna presented by rui xie. Problems on Spam. Wealthy economy behind spam 77% of emails are spam

glynis
Download Presentation

B @BEL: Leveraging Email Delivery for Spam Mitigation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. B@BEL: Leveraging Email Delivery for Spam Mitigation GianlucaStringhini, Manuel Egele, aApostolisZarras, Thorsten Holz, Christopher Kruegel, and Giovanni Vignapresented by ruixie

  2. Problems on Spam • Wealthy economy behind spam • 77% of emails are spam • 85% of spam are sent by botnets

  3. Traditional Spam Detection • Content Analysis • Origin Analysis

  4. Approach in Article • Focusing on the way that client interact with SMTP server

  5. Overview • Techniques • System design • Evaluation • Limitations

  6. Techniques • SMTP dialects • Feedback manipulation

  7. SMTP dialects

  8. Feedback Manipulation

  9. Botnet also use feedback • Botmaster sends spam to bot • Bot sends spam to SMTP server • SMTP server sends spam to useror replies bot no such user exists • Bot replies bot master no such user exists • Bot master delete address of the user from user list

  10. Importance • SMTP dialects • Spam detection • Malware classification • Feedback manipulation • Successful botnets are using bot feedback • 35% of the email addresses were nonexistent

  11. System design • Learning SMTP dialects • Build a decision model • Making a decision

  12. SMTP dialects state • D =< Σ,S,s0,T,Fg,Fb > • Σ: input alphabet • S : set of states • s0: initial state • T : transitions • Fg: good final states • Fb: bad final states

  13. Learning SMTP dialects

  14. Collecting SMTP conversations • Passive observation • Two dialects might look the same! • Active probing • Intentionally sending incorrect replies, error messages

  15. Build a decision model

  16. Making a decision • Passive matching • Detect dialects by observing conversations • Active probing • Send specific replies to “expose” differences

  17. Evaluation • Experiment has 621,919 SMTP conversations • Results • 260,074 as spam • 218,675 as ham • 143,170 could not decide

  18. Result in real life

  19. Limitations • Evading dialects detection • Implement a “faithful” SMTP engine • Making spammers to look like a legitimate client • Evading feedback manipulation

  20. Conclusion • Focusing on the way that client interact with SMTP server • SMTP dialects • Feedback manipulation • Valuable tool for spam mitigation

More Related