b @bel: leveraging email delivery for spam mitigation
DESCRIPTION
B @BEL: Leveraging Email Delivery for Spam Mitigation . Gianluca Stringhini , Manuel Egele , a Apostolis Zarras , Thorsten Holz , Christopher Kruegel , and Giovanni Vigna presented by rui xie. Problems on Spam. Wealthy economy behind spam 77% of emails are spam - PowerPoint PPT PresentationTRANSCRIPT
GIANLUCA STRINGHINI, MANUEL EGELE, AAPOSTOLIS ZARRAS, THORSTEN HOLZ, CHRISTOPHER KRUEGEL, AND GIOVANNI
VIGNA
PRESENTED BY RUI XIE
B@BEL: Leveraging Email Delivery for Spam Mitigation
Problems on Spam Wealthy economy behind spam 77% of emails are spam 85% of spam are sent by botnets
Traditional Spam Detection Content Analysis Origin Analysis
Approach in Article Focusing on the way that client interact
with SMTP server
Overview Techniques System design Evaluation Limitations
Techniques SMTP dialects Feedback manipulation
SMTP dialects
Feedback Manipulation
Botnet also use feedback Botmaster sends spam to bot Bot sends spam to SMTP server SMTP server sends spam to user or
replies bot no such user exists Bot replies bot master no such user
exists Bot master delete address of the user
from user list
Importance SMTP dialects
Spam detection Malware classification
Feedback manipulationSuccessful botnets are using bot feedback35% of the email addresses were
nonexistent
System design Learning SMTP dialects Build a decision model Making a decision
SMTP dialects state D =< Σ,S,s0,T, Fg,Fb >
Σ: input alphabetS : set of statess0: initial stateT : transitions Fg : good final statesFb : bad final states
Learning SMTP dialects
Collecting SMTP conversations Passive observation
Two dialects might look the same!
Active probing Intentionally sending incorrect replies, error
messages
Build a decision model
Making a decision
Passive matching Detect dialects by observing conversations
Active probing Send specific replies to “expose” differences
Evaluation Experiment has 621,919 SMTP
conversations Results
260,074 as spam218,675 as ham143,170 could not decide
Result in real life
Limitations Evading dialects detection
Implement a “faithful” SMTP engine Making spammers to look like a legitimate
client
Evading feedback manipulation
Conclusion Focusing on the way that client interact
with SMTP serverSMTP dialects Feedback manipulation
Valuable tool for spam mitigation