B@BEL: Leveraging Email Delivery for Spam Mitigation
Download
Report
Transcript B@BEL: Leveraging Email Delivery for Spam Mitigation
B@BEL: Leveraging Email Delivery for
Spam Mitigation
Problems on Spam
Wealthy economy behind spam
77% of emails are spam
85% of spam are sent by botnets
Traditional Spam Detection
Content Analysis
Origin Analysis
Approach in Article
Focusing on the way that client interact
with SMTP server
Overview
Techniques
System design
Evaluation
Limitations
Techniques
SMTP dialects
Feedback manipulation
SMTP dialects
Feedback Manipulation
Botnet also use feedback
Botmaster sends spam to bot
Bot sends spam to SMTP server
SMTP server sends spam to user or
replies bot no such user exists
Bot replies bot master no such user
exists
Bot master delete address of the user
from user list
Importance
SMTP dialects
Spam detection
Malware classification
Feedback manipulation
Successful botnets are using bot feedback
35% of the email addresses were
nonexistent
System design
Learning SMTP dialects
Build a decision model
Making a decision
SMTP dialects state
D =< Σ,S,s0,T, Fg,Fb >
Σ: input alphabet
S : set of states
s0: initial state
T : transitions
Fg : good final states
Fb : bad final states
Learning SMTP dialects
Collecting SMTP conversations
Passive observation
Two dialects might look the same!
Active probing
Intentionally sending incorrect replies, error
messages
Build a decision model
Making a decision
Passive matching
Detect dialects by observing conversations
Active probing
Send specific replies to “expose” differences
Evaluation
Experiment has 621,919 SMTP
conversations
Results
260,074 as spam
218,675 as ham
143,170 could not decide
Result in real life
Limitations
Evading dialects detection
Implement a “faithful” SMTP engine
Making spammers to look like a legitimate
client
Evading feedback manipulation
Conclusion
Focusing on the way that client interact
with SMTP server
SMTP dialects
Feedback manipulation
Valuable tool for spam mitigation