GIANLUCA STRINGHINI, MANUEL EGELE, AAPOSTOLIS ZARRAS, THORSTEN HOLZ, CHRISTOPHER KRUEGEL, AND GIOVANNI

VIGNA

PRESENTED BY RUI XIE

B@BEL: Leveraging Email Delivery for Spam Mitigation

Problems on Spam Wealthy economy behind spam 77% of emails are spam 85% of spam are sent by botnets

Traditional Spam Detection Content Analysis Origin Analysis

Approach in Article Focusing on the way that client interact

with SMTP server

Overview Techniques System design Evaluation Limitations

Techniques SMTP dialects Feedback manipulation

SMTP dialects

Feedback Manipulation

Botnet also use feedback Botmaster sends spam to bot Bot sends spam to SMTP server SMTP server sends spam to user or

replies bot no such user exists Bot replies bot master no such user

exists Bot master delete address of the user

from user list

Importance SMTP dialects

Spam detection Malware classification

Feedback manipulationSuccessful botnets are using bot feedback35% of the email addresses were

nonexistent

System design Learning SMTP dialects Build a decision model Making a decision

SMTP dialects state D =< Σ,S,s0,T, Fg,Fb >

Σ: input alphabetS : set of statess0: initial stateT : transitions Fg : good final statesFb : bad final states

Learning SMTP dialects

Collecting SMTP conversations Passive observation

Two dialects might look the same!

Active probing Intentionally sending incorrect replies, error

messages

Build a decision model

Making a decision

Passive matching Detect dialects by observing conversations

Active probing Send specific replies to “expose” differences

Evaluation Experiment has 621,919 SMTP

conversations Results

260,074 as spam218,675 as ham143,170 could not decide

Result in real life

Limitations Evading dialects detection

Implement a “faithful” SMTP engine Making spammers to look like a legitimate

client

Evading feedback manipulation

Conclusion Focusing on the way that client interact

with SMTP serverSMTP dialects Feedback manipulation

Valuable tool for spam mitigation