b@bel: leveraging email delivery for spam mitigation
TRANSCRIPT
![Page 1: B@BEL: Leveraging Email Delivery for Spam Mitigation](https://reader033.vdocuments.site/reader033/viewer/2022051216/5697bf741a28abf838c7f764/html5/thumbnails/1.jpg)
GIANLUCA STRINGHINI, MANUEL EGELE, AAPOSTOLIS ZARRAS, THORSTEN HOLZ, CHRISTOPHER KRUEGEL, AND GIOVANNI
VIGNA
PRESENTED BY RUI XIE
B@BEL: Leveraging Email Delivery for Spam Mitigation
![Page 2: B@BEL: Leveraging Email Delivery for Spam Mitigation](https://reader033.vdocuments.site/reader033/viewer/2022051216/5697bf741a28abf838c7f764/html5/thumbnails/2.jpg)
Problems on Spam
Wealthy economy behind spam 77% of emails are spam 85% of spam are sent by botnets
![Page 3: B@BEL: Leveraging Email Delivery for Spam Mitigation](https://reader033.vdocuments.site/reader033/viewer/2022051216/5697bf741a28abf838c7f764/html5/thumbnails/3.jpg)
Traditional Spam Detection Content Analysis Origin Analysis
![Page 4: B@BEL: Leveraging Email Delivery for Spam Mitigation](https://reader033.vdocuments.site/reader033/viewer/2022051216/5697bf741a28abf838c7f764/html5/thumbnails/4.jpg)
Approach in Article
Focusing on the way that client interact with SMTP server
![Page 5: B@BEL: Leveraging Email Delivery for Spam Mitigation](https://reader033.vdocuments.site/reader033/viewer/2022051216/5697bf741a28abf838c7f764/html5/thumbnails/5.jpg)
Overview
Techniques System design Evaluation Limitations
![Page 6: B@BEL: Leveraging Email Delivery for Spam Mitigation](https://reader033.vdocuments.site/reader033/viewer/2022051216/5697bf741a28abf838c7f764/html5/thumbnails/6.jpg)
Techniques
SMTP dialects Feedback manipulation
![Page 7: B@BEL: Leveraging Email Delivery for Spam Mitigation](https://reader033.vdocuments.site/reader033/viewer/2022051216/5697bf741a28abf838c7f764/html5/thumbnails/7.jpg)
SMTP dialects
![Page 8: B@BEL: Leveraging Email Delivery for Spam Mitigation](https://reader033.vdocuments.site/reader033/viewer/2022051216/5697bf741a28abf838c7f764/html5/thumbnails/8.jpg)
Feedback Manipulation
![Page 9: B@BEL: Leveraging Email Delivery for Spam Mitigation](https://reader033.vdocuments.site/reader033/viewer/2022051216/5697bf741a28abf838c7f764/html5/thumbnails/9.jpg)
Botnet also use feedback Botmaster sends spam to bot Bot sends spam to SMTP server SMTP server sends spam to user or
replies bot no such user exists Bot replies bot master no such user
exists Bot master delete address of the user
from user list
![Page 10: B@BEL: Leveraging Email Delivery for Spam Mitigation](https://reader033.vdocuments.site/reader033/viewer/2022051216/5697bf741a28abf838c7f764/html5/thumbnails/10.jpg)
Importance
SMTP dialectsSpam detection Malware classification
Feedback manipulationSuccessful botnets are using bot feedback35% of the email addresses were
nonexistent
![Page 11: B@BEL: Leveraging Email Delivery for Spam Mitigation](https://reader033.vdocuments.site/reader033/viewer/2022051216/5697bf741a28abf838c7f764/html5/thumbnails/11.jpg)
System design
Learning SMTP dialects Build a decision model Making a decision
![Page 12: B@BEL: Leveraging Email Delivery for Spam Mitigation](https://reader033.vdocuments.site/reader033/viewer/2022051216/5697bf741a28abf838c7f764/html5/thumbnails/12.jpg)
SMTP dialects state
D =< Σ,S,s0,T, Fg,Fb >Σ: input alphabetS : set of statess0: initial stateT : transitions Fg : good final statesFb : bad final states
![Page 13: B@BEL: Leveraging Email Delivery for Spam Mitigation](https://reader033.vdocuments.site/reader033/viewer/2022051216/5697bf741a28abf838c7f764/html5/thumbnails/13.jpg)
Learning SMTP dialects
![Page 14: B@BEL: Leveraging Email Delivery for Spam Mitigation](https://reader033.vdocuments.site/reader033/viewer/2022051216/5697bf741a28abf838c7f764/html5/thumbnails/14.jpg)
Collecting SMTP conversations
Passive observationTwo dialects might look the same!
Active probing Intentionally sending incorrect replies, error
messages
![Page 15: B@BEL: Leveraging Email Delivery for Spam Mitigation](https://reader033.vdocuments.site/reader033/viewer/2022051216/5697bf741a28abf838c7f764/html5/thumbnails/15.jpg)
Build a decision model
![Page 16: B@BEL: Leveraging Email Delivery for Spam Mitigation](https://reader033.vdocuments.site/reader033/viewer/2022051216/5697bf741a28abf838c7f764/html5/thumbnails/16.jpg)
Making a decision
Passive matching Detect dialects by observing conversations
Active probing Send specific replies to “expose” differences
![Page 17: B@BEL: Leveraging Email Delivery for Spam Mitigation](https://reader033.vdocuments.site/reader033/viewer/2022051216/5697bf741a28abf838c7f764/html5/thumbnails/17.jpg)
Evaluation
Experiment has 621,919 SMTP conversations
Results260,074 as spam218,675 as ham143,170 could not decide
![Page 18: B@BEL: Leveraging Email Delivery for Spam Mitigation](https://reader033.vdocuments.site/reader033/viewer/2022051216/5697bf741a28abf838c7f764/html5/thumbnails/18.jpg)
Result in real life
![Page 19: B@BEL: Leveraging Email Delivery for Spam Mitigation](https://reader033.vdocuments.site/reader033/viewer/2022051216/5697bf741a28abf838c7f764/html5/thumbnails/19.jpg)
Limitations
Evading dialects detection Implement a “faithful” SMTP engine Making spammers to look like a legitimate
client
Evading feedback manipulation
![Page 20: B@BEL: Leveraging Email Delivery for Spam Mitigation](https://reader033.vdocuments.site/reader033/viewer/2022051216/5697bf741a28abf838c7f764/html5/thumbnails/20.jpg)
Conclusion
Focusing on the way that client interact with SMTP serverSMTP dialects Feedback manipulation
Valuable tool for spam mitigation