stopping spam by extrusion detection
play

Stopping Spam by Extrusion Detection Richard Clayton - PowerPoint PPT Presentation

Jan 20, 2024 •410 likes •595 views

Stopping Spam by Extrusion Detection Richard Clayton spammer customer customer yahoo.com ISP email hotmail.com customer customer server example.com example.co.uk customer

  1. Stopping Spam by Extrusion Detection Richard Clayton ���� �� �� ����������

  2. spammer customer customer yahoo.com ISP email hotmail.com customer customer server example.com example.co.uk customer customer (smarthost) beispiel.de etc.etc.etc spammer customer customer ISP Complaints abuse@ team

  3. Current (Jul 04) problems for ISPs � Insecure customers – very few real spammers in the UK! • Open proxies – mainly “trojans on non-standard ports” • SMTP AUTH – Exchange “admin” accounts + many others • Systems still insecure “out of the box” – brand new XP is compromised before secured

  4. ISP’s Real Problem • Blacklisting of IP ranges & smarthosts – listme@listme.dsbl.org • Rapid action necessary to ensure continued service to all other customers • But reports may go to the blacklist and not to the ISP (or will lack essential details)

  5. spammer customer customer yahoo.com ISP email hotmail.com customer customer server example.com example.co.uk customer customer (smarthost) beispiel.de etc.etc.etc spammer customer customer BLACK Complaints LIST

  6. Why Spotting Spam is Hard • Expensive to examine outgoing content • Legal/contractual issues with blocking – and “false positives” could cost you customers • Volume is not a good indicator of spam – many customers with occasional mailshots • “Incorrect” sender doesn’t indicate spam – many customers with multiple domains

  7. Key Insight • Lots of spam is to ancient email addresses • Lots of spam is to invented addresses • Lots of spam is blocked by remote filters • Can process server logs to pick out this information. Spam has delivery failures whereas legitimate email mainly works

  8. spammer customer customer customer yahoo.com ISP email hotmail.com customer customer customer server example.com example.co.uk customer customer customer (smarthost) beispiel.de etc.etc.etc spammer customer customer customer Logs ISP Complaints abuse@ team

  9. My Log Processing Heuristics � Report “too many” failures to deliver – more than 40 works pretty well • Ignore “bounces” ! – have null “< >” return path, these often fail – detect rejection daemons without < > paths • Ignore “mailing lists” – most destinations work, only a few fail – more than one mailing list is a spam indicator!

  10. Bonus! Also Detects Viruses • Common for mass mailing “worms” to use address book (mainly valid addresses) • Recent trend towards scanning the browser cache and (Swen) accessing Usenet servers – so many addresses now invalid or badly formed – plus remote sites may reject incoming malware • So virus infections are also detected

  11. Evaluation at Large UK ISP • 28 day period (1-28 March 2004) • No public holidays (ie 20 working days) • 85K active customers (of 200K total) • 33.4 million emails (51.8 million destinations) • System had been in production 6 months – hence there are no edge effects (initially was spotting dozens of problems per day) • No major virus events occurred

  12. Evaluation Methodology • Manually check all reports from system – spamming patterns are very obvious • False positive occurs when report is wrong! • False negatives assessed by comparison of results with manual inspection of results from a far more sensitively tuned version. – also examined all other reports of viruses etc

  13. Results (total over 28 days) Abuse Type total false false detected positive negative Real Spammers 0 0 0 Open Servers 56 69 10 Virus Infection 29 6 4 Email loops 14 3 0

  14. Looking More Closely Abuse type total False+ve False -ve Open Servers 56 69 10 FALSE POSITIVES: 36 customers running multiple genuine mailing lists 22 customers with >40 delivery failures during one day 11 assorted other reasons (see paper) FALSE NEGATIVES: 7 (of the 10) were one “cutecandy” spammer (using a fixed sender string & remote sites accepted a dictionary attack)

  15. Future Work • Spammers will evolve! – Spam resembling bounces will be hard to spot – Valid MAIL FROM will be harder to detect – Reducing the volume will be harder to spot • Viruses will evolve! – Changing HELO isn’t doing them much good – May begin to avoid nonsense destinations

  16. Conclusions • Spammers & viruses that hide a pattern at the destination make a pattern at the source • Some simple heuristics currently spot these patterns : with delivery failures being key • False positives mainly caused by software & users that are being especially clueless �

  17. Stopping Spam by Extrusion Detection http://www.cl.cam.ac.uk/~rnc1/ ��������������������������

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Spam, Spam, Spam Why is spam interesting? Everyone can observe spam. Spam / Anti-spam is a

Spam, Spam, Spam Why is spam interesting? Everyone can observe spam. Spam / Anti-spam is a

Spam, Spam, Spam Why is spam interesting? Everyone can observe spam. Spam / Anti-spam is a highly evolved form of information warfare. Fascinating socioeconomic study with many players - users, ISPs, spammers, technologists, legal

322 views • 17 slides
Web Spam Know Your Neighbors: Web Spam Detection using the Web Topology Presenter: Sadia Masood

Web Spam Know Your Neighbors: Web Spam Detection using the Web Topology Presenter: Sadia Masood

Seminar: Future Of Web Search University of Saarland Web Spam Know Your Neighbors: Web Spam Detection using the Web Topology Presenter: Sadia Masood Tutor : Klaus Berberich Date : 17-Jan-2008 The Agenda Focus of the First Paper

1.22k views • 53 slides
Spam-URL Detection via Redirects Heeyoung Kwon Mirza Basim Baig Leman Akoglu Era of Spam Era

Spam-URL Detection via Redirects Heeyoung Kwon Mirza Basim Baig Leman Akoglu Era of Spam Era

A Domain-Agnostic Approach to Spam-URL Detection via Redirects Heeyoung Kwon Mirza Basim Baig Leman Akoglu Era of Spam Era of Spams [1] [1] Social Media Spamming Grew By 658% Between 2013 And 2014: Entertainment, Financial And News

241 views • 20 slides
NPFL103: Information Retrieval (12) Web search, Crawling, Spam detection Pavel Pecina Institute

NPFL103: Information Retrieval (12) Web search, Crawling, Spam detection Pavel Pecina Institute

Web search Web IR Web crawling Duplicate detection Spam detection NPFL103: Information Retrieval (12) Web search, Crawling, Spam detection Pavel Pecina Institute of Formal and Applied Linguistics Faculty of Mathematics and Physics Charles

848 views • 82 slides
Defeating Extrusion Detection About matasano An Indie Product and Services Security Firm:

Defeating Extrusion Detection About matasano An Indie Product and Services Security Firm:

Defeating Extrusion Detection About matasano An Indie Product and Services Security Firm: Founded Q105, Chicago and NYC. Research: Hardware Virtualized Root-Kits Endpoint Agent vulnerabilities Windows Vista (on contract to

559 views • 38 slides
Opinion Spam Analysis and Detection Leaked Confidential Information as Ground Truth Yu-Ren Chen,

Opinion Spam Analysis and Detection Leaked Confidential Information as Ground Truth Yu-Ren Chen,

Opinion Spam Analysis and Detection Leaked Confidential Information as Ground Truth Yu-Ren Chen, Hsin Hsi Chen National Taiwan University What Is Opinion Spam? spreading commercially advantageous opinions as regular users on the Internet

1.18k views • 70 slides
Spam Fighting at CERN 28 April 2004 Emmanuel Ormancey 1 What is Spam ? What is Spam ? Spam

Spam Fighting at CERN 28 April 2004 Emmanuel Ormancey 1 What is Spam ? What is Spam ? Spam

Spam Fighting at CERN 28 April 2004 Emmanuel Ormancey 1 What is Spam ? What is Spam ? Spam is the friendly name given to unsolicited mail everyone receives in the mailbox. Comes from a Monty Python sketch, where in a caf everything

505 views • 13 slides
Opinion Spam and Analysis NITIN JINDAL &amp; BING LIU, WSDM 08 UIUC Opinion/Review Spam All

Opinion Spam and Analysis NITIN JINDAL &amp; BING LIU, WSDM 08 UIUC Opinion/Review Spam All

Opinion Spam and Analysis NITIN JINDAL &amp; BING LIU, WSDM 08 UIUC Opinion/Review Spam All spam is spam but some spam is more spam than others Opinion spam similar to web spam or email spam in intent, but different in form / content Web

912 views • 38 slides
GeoPal: Friend Spam Detection in Social Networks with Private Location Proofs Bogdan Carbunar,

GeoPal: Friend Spam Detection in Social Networks with Private Location Proofs Bogdan Carbunar,

GeoPal: Friend Spam Detection in Social Networks with Private Location Proofs Bogdan Carbunar, Mizanur Rahman, Mozhgan Azimpourkivi, Debra Davis Florida International University carbunar@cs.fiu.edu Social Network Friend Spam Friend invitations

351 views • 20 slides
Link Spam Detection Based on Mass Estimation Zoltn Gyngyi , Pavel Berkhin, Hector

Link Spam Detection Based on Mass Estimation Zoltn Gyngyi , Pavel Berkhin, Hector

Link Spam Detection Based on Mass Estimation Zoltn Gyngyi , Pavel Berkhin, Hector Garcia-Molina, Jan Pedersen Roadmap Search engine spamming Link spamming PageRank contribution Spam mass Definition Estimation

618 views • 35 slides
Exploring Linguistic Features for Web Spam Detection A Preliminary Study Jakub Piskorski 1 Marcin

Exploring Linguistic Features for Web Spam Detection A Preliminary Study Jakub Piskorski 1 Marcin

Exploring Linguistic Features for Web Spam Detection A Preliminary Study Jakub Piskorski 1 Marcin Sydow 2 Dawid Weiss 3 1 Joint Research Centre of the European Commission, Ispra, Italy 2 Web Mining Lab, Polish-Japanese Institute of Information

259 views • 24 slides
ECML PKDD Discovery Challenge 2008 Spam Detection and Tag Recommendations in Social Bookmarking

ECML PKDD Discovery Challenge 2008 Spam Detection and Tag Recommendations in Social Bookmarking

ECML PKDD Discovery Challenge 2008 Spam Detection and Tag Recommendations in Social Bookmarking Systems Andreas Hotho, Dominik Benz, Beate Krause, Robert Jschke Knowledge &amp; Data Engineering Group, University of Kassel Wikis, Blogs,

553 views • 23 slides
Auto-learning of SMTP TCP Transport-Layer Features for Spam and Abusive Message Detection

Auto-learning of SMTP TCP Transport-Layer Features for Spam and Abusive Message Detection

Auto-learning of SMTP TCP Transport-Layer Features for Spam and Abusive Message Detection Georgios Kakavelakis, Robert Beverly, Joel Young Center for Measurement and Analysis of Network Data Naval Postgraduate School, Dept. Computer Science

597 views • 40 slides
The CAN-SPAM Act of 2003 D E C E M B E R 2 0 0 3 THE CAN-SPAM ACT OF 2003 Status of Legislation

The CAN-SPAM Act of 2003 D E C E M B E R 2 0 0 3 THE CAN-SPAM ACT OF 2003 Status of Legislation

The CAN-SPAM Act of 2003 D E C E M B E R 2 0 0 3 THE CAN-SPAM ACT OF 2003 Status of Legislation When Congress returns from recess on December 8, 2003, it will finish its work on the CAN-SPAM Act of 2003 (Controlling the Assault of

323 views • 4 slides
Link Spam Alliances Zoltn Gyngyi Hector Garcia-Molina Class List Spam 101 Intro to

Link Spam Alliances Zoltn Gyngyi Hector Garcia-Molina Class List Spam 101 Intro to

Link Spam Alliances Zoltn Gyngyi Hector Garcia-Molina Class List Spam 101 Intro to web spam Spam 221 Spamming PageRank Spam farm model Optimal farm structure Alliances of two farms Larger alliances Spam

876 views • 30 slides
2007 TAPPI EUROPEAN PLACE Modern Extrusion Coating Die Technology Sam Iuliano Extrusion Dies

2007 TAPPI EUROPEAN PLACE Modern Extrusion Coating Die Technology Sam Iuliano Extrusion Dies

2007 TAPPI EUROPEAN PLACE Modern Extrusion Coating Die Technology Sam Iuliano Extrusion Dies Industries, LLC Performance Needs Precise control of coat weight uniformity Trouble-free coating width variation Ability to reduce edge

606 views • 25 slides
Mathematics Through 3D Printing a GMU capstone class Evelyn Sander Geometry Labs United, July

Mathematics Through 3D Printing a GMU capstone class Evelyn Sander Geometry Labs United, July

Mathematics Through 3D Printing a GMU capstone class Evelyn Sander Geometry Labs United, July 16, 2020, Evelyn Sander (GMU) Mathematics Through 3D Printing July 16, 2020 1 / 27 GMU Math Makerlab: A little background Work with students to

1.01k views • 35 slides
MICE (1) MICE Shigeru Ishimoto (KEK) (2) and (3)

MICE (1) MICE Shigeru Ishimoto (KEK) (2) and (3)

RCNP OCT-20, 2008 MICE (1) MICE Shigeru Ishimoto (KEK) (2) and (3)

908 views • 52 slides
- CIIDTAP - Interinstitutional Collaboration for Reserch and Development of Particle Accelerator

- CIIDTAP - Interinstitutional Collaboration for Reserch and Development of Particle Accelerator

XXXII Annual Meeting of the Division of Particles and Fields 28-30 May 2018, Instituto de Ciencias Nucleares, UNAM - CIIDTAP - Interinstitutional Collaboration for Reserch and Development of Particle Accelerator Technology in Mxico Karla

441 views • 18 slides
Polymer Engineering Polymer Engineering (MM3POE) (MM3POE) INJECTION MOULDING INJECTION

Polymer Engineering Polymer Engineering (MM3POE) (MM3POE) INJECTION MOULDING INJECTION

Polymer Engineering Polymer Engineering (MM3POE) (MM3POE) INJECTION MOULDING INJECTION MOULDING http://www.nottingham.ac.uk/~eazacl/MM3POE Injection Moulding 1 Contents Contents Principles of injection moulding Reciprocating

559 views • 29 slides
Welcome to Solidworks Look at what we can do now Computer-Aided Virtual Reality Stress

Welcome to Solidworks Look at what we can do now Computer-Aided Virtual Reality Stress

Welcome to Solidworks Look at what we can do now Computer-Aided Virtual Reality Stress Analysis Drafting (CAD) Compared to back when OLD (1970-1990) Technical Pen Templates Pencil (0.5 mm) OLDER (pre 1970) Ruling

376 views • 25 slides
CuZr-Mo bimetals for CLIC accelerating structures for CLIC accelerating structures Introduction

CuZr-Mo bimetals for CLIC accelerating structures for CLIC accelerating structures Introduction

CuZr-Mo bimetals for CLIC accelerating structures for CLIC accelerating structures Introduction Introduction HIP diffusion bonding Explosion bonding p g Brazing-thermal treating Others Forum on Materal and Surface Technologies - 1 CERN

510 views • 35 slides
Collision Detection CSE169: Computer Animation Instructor: Steve Rotenberg UCSD, Winter 2017

Collision Detection CSE169: Computer Animation Instructor: Steve Rotenberg UCSD, Winter 2017

Collision Detection CSE169: Computer Animation Instructor: Steve Rotenberg UCSD, Winter 2017 Collisions Collision Detection Collision detection is a geometric problem Given two moving objects defined in an initial and final

617 views • 49 slides
2: Deriva*ve Geometry Using Exis)ng Geometry 1. Snap to it Trace edges (object snaps) Use

2: Deriva*ve Geometry Using Exis)ng Geometry 1. Snap to it Trace edges (object snaps) Use

2: Deriva*ve Geometry Using Exis)ng Geometry 1. Snap to it Trace edges (object snaps) Use it in Boolean Opera*ons 2. Use it as profile or path for other opera)ons Extrude door/window trim Sweep picture frames 3D shapes, 2D

280 views • 14 slides

More recommend