System Analysis of SPAM

Increasing reliance on the electronic mail (e-mail) has attracted spammers to send more and more spam e-mails in order to maximizing their financial gains. These unwanted e-mails are not only clogging the Internet traffic but are also causing storage problems at the receiving servers. Besides these, spam e-mails also serve as a vehicle to a variety of online crimes and abuses. Although several anti-spam procedures are currently employed to distinguish spam e-mails from the legitimate e-mails yet spammers and phishes obfuscate their e-mail content to circumvent anti-spam procedures. Efficiency of anti-spam procedures to combat spam entry into the system greatly depend on their level of operation and a clear insight of various possible modes of spamming. In this paper we investigate directed graph model of Internet e-mail infrastructure and spamming modes used by spammers to inject spam into the system. The paper outlines the routes, system components, devices and protocols exploited by each spamming mode

From diversity to convergence : British computer networks and the Internet, 1970-1995

The Internet's success in the 21st century has encouraged analysts to investigate the origin of this network. Much of this literature adopts a teleological approach. Works often begin by discussing the invention of packet switching, describe the design and development of the ARPANET, and then examine how this network evolved into the Internet. Although the ARPANET was a seminal computer network, these accounts usually only briefly consider the many other diverse networks that existed. In addition, apart from momentary asides to alternative internetworking solutions, such as the Open Systems Interconnection (OSI) seven-layer reference model, this literature concentrates exclusively on the ARPANET, the Internet, and the World Wide Web. While focusing on these subjects is important and therefore justified, it can leave the reader with the impression that the world of networking started with the ARPANET and ended with the Internet. This thesis is an attempt to help correct this misconception. This thesis analyses the evolution of British computer networks and the Internet between the years 1970 and 1995. After an introduction in Chapter 1, the thesis analyses several networks. In Chapters 2 and 3, the focus is on academic networks, especially JANET and SuperJANET. Attention moves to videotex networks in Chapter 4, specifically Prestel, and in Chapter 5, the dissertation examines electronic mail networks such as Telecom Gold and Cable & Wireless Easylink. Chapter 6 considers online services, including CompuServe, American Online, and the Microsoft Network, and the thesis ends with a conclusion in Chapter 7. All of the networks discussed used protocols that were incompatible with each other which limited the utility of the networks for their users. Although it was possible that OSI or another solution could have solved this problem, the Internet's protocols achieved this objective. This thesis shows how the networks converged around TCP/IP

From diversity to convergence : British computer networks and the Internet, 1970-1995

The Internet's success in the 21st century has encouraged analysts to investigate the origin of this network. Much of this literature adopts a teleological approach. Works often begin by discussing the invention of packet switching, describe the design and development of the ARPANET, and then examine how this network evolved into the Internet. Although the ARPANET was a seminal computer network, these accounts usually only briefly consider the many other diverse networks that existed. In addition, apart from momentary asides to alternative internetworking solutions, such as the Open Systems Interconnection (OSI) seven-layer reference model, this literature concentrates exclusively on the ARPANET, the Internet, and the World Wide Web. While focusing on these subjects is important and therefore justified, it can leave the reader with the impression that the world of networking started with the ARPANET and ended with the Internet. This thesis is an attempt to help correct this misconception. This thesis analyses the evolution of British computer networks and the Internet between the years 1970 and 1995. After an introduction in Chapter 1, the thesis analyses several networks. In Chapters 2 and 3, the focus is on academic networks, especially JANET and SuperJANET. Attention moves to videotex networks in Chapter 4, specifically Prestel, and in Chapter 5, the dissertation examines electronic mail networks such as Telecom Gold and Cable & Wireless Easylink. Chapter 6 considers online services, including CompuServe, American Online, and the Microsoft Network, and the thesis ends with a conclusion in Chapter 7. All of the networks discussed used protocols that were incompatible with each other which limited the utility of the networks for their users. Although it was possible that OSI or another solution could have solved this problem, the Internet's protocols achieved this objective. This thesis shows how the networks converged around TCP/IP.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Convergence of platforms and strategies of two software vendors

Thesis (S.M.)--Massachusetts Institute of Technology, System Design and Management Program, 2008.This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.Includes bibliographical references (p. 145-157).Unified Communications: Convergence of Platforms and Strategies of Two Software Vendors by Muhammad Zia Hydari ABSTRACT Unified communication (UC) is the convergence of various modes of communication - voice telephony, email, instant messaging (IM), video conferencing and so on - used by enterprise workers. Academic literature exists that discusses digital convergence in various domains. Although UC has received considerable attention in the business press, we are not aware of any academic study within the domain of UC that explains the convergence of platforms and its links to the technology strategy of UC firms. This thesis presents an academic analysis of some platforms underlying UC and the emerging strategies of two software firms within the UC market. The theory of network effects originally developed by Rohlfs is central to the analysis in this thesis. The analysis of platform strategies of the UC firms is informed by the theoretical work on platform leadership (Gawer & Cusumano), convergence (Greenstein et al.), platform envelopment (Eisenmann et al.), and two-sided platforms (Tirole et al.). The thesis first describes four platform applications underlying UC viz. voice telephony, email, IM, and video communication. The analysis of email, IM and video communication in this thesis is unique as it takes a long term view to explain the current market situation within these domains. In particular, the thesis describes technological factors, network effects, standard battles, and competition that have led to the current market state. The thesis also links insights from these platforms to repercussions for UC supplier firms. The thesis then describes the strategies of two software vendors - Microsoft and IBM - using elements from Gawer & Cusumano's work on platform leadership.(cont.) Microsoft has defined a broad scope of innovation for its converged UC platform requiring it to enter the voice telephony market. The thesis posits that Microsoft's strategy for success is platform envelopment i.e. Microsoft is using shared components and installed user base from its email and IM platforms to create a multi-platform bundle and compete with entrenched platforms in the voice market. The thesis argues that IBM's choice for a narrower platform scope stems from its inferior market position in the email and IM markets as well as scope differences (vis-a-vis Microsoft). Convergence has created system integration opportunities that IBM's services unit has targeted. The thesis describes the implications of IBM's decisions on its ecosystem.by Muhammad Zia Hydari.S.M

Inferring malicious network events in commercial ISP networks using traffic summarisation

With the recent increases in bandwidth available to home users, traffic rates for commercial national networks have also been increasing rapidly. This presents a problem for any network monitoring tool as the traffic rate they are expected to monitor is rising on a monthly basis. Security within these networks is para- mount as they are now an accepted home of trade and commerce. Core networks have been demonstrably and repeatedly open to attack; these events have had significant material costs to high profile targets. Network monitoring is an important part of network security, providing in- formation about potential security breaches and in understanding their impact. Monitoring at high data rates is a significant problem; both in terms of processing the information at line rates, and in terms of presenting the relevant information to the appropriate persons or systems. This thesis suggests that the use of summary statistics, gathered over a num- ber of packets, is a sensible and effective way of coping with high data rates. A methodology for discovering which metrics are appropriate for classifying signi- ficant network events using statistical summaries is presented. It is shown that the statistical measures found with this methodology can be used effectively as a metric for defining periods of significant anomaly, and further classifying these anomalies as legitimate or otherwise. In a laboratory environment, these metrics were used to detect DoS traffic representing as little as 0.1% of the overall network traffic. The metrics discovered were then analysed to demonstrate that they are ap- propriate and rational metrics for the detection of network level anomalies. These metrics were shown to have distinctive characteristics during DoS by the analysis of live network observations taken during DoS events. This work was implemented and operated within a live system, at multiple sites within the core of a commercial ISP network. The statistical summaries are generated at city based points of presence and gathered centrally to allow for spacial and topological correlation of security events. The architecture chosen was shown to be exible in its application. The system was used to detect the level of VoIP traffic present on the network through the implementation of packet size distribution analysis in a multi-gigabit environment. It was also used to detect unsolicited SMTP generators injecting messages into the core. ii Monitoring in a commercial network environment is subject to data protec- tion legislation. Accordingly the system presented processed only network and transport layer headers, all other data being discarded at the capture interface. The system described in this thesis was operational for a period of 6 months, during which a set of over 140 network anomalies, both malicious and benign were observed over a range of localities. The system design, example anomalies and metric analysis form the majority of this thesis

Top 10 technology opportunities : tips and tools

https://egrove.olemiss.edu/aicpa_guides/1610/thumbnail.jp

Endpoints and Interdependencies in Internet of Things Residual Artifacts: Measurements, Analyses, and Insights into Defenses

The usage of Internet of Things (IoT) devices is growing fast. Moreover, the lack of security measures among the IoT devices and their persistent online connection give adversaries an opportunity to exploit them for multiple types of attacks, such as distributed denial-of-service (DDoS). To understand the risks of IoT devices, we analyze IoT malware from an endpoint standpoint. We investigate the relationship between endpoints infected and attacked by IoT malware, and gain insights into the underlying dynamics in the malware ecosystem. We observe the affinities and different patterns among endpoints. Towards this, we reverse-engineer 2,423 IoT malware samples and extract IP addresses from them. We further gather information about these endpoints from Internet-wide scans. For masked IP addresses, we examine their network distribution, with networks accumulating more than 100 million endpoints. Moreover, we conduct a network penetration analysis, leveraging information such as active ports, vulnerabilities, and organizations. We discover the possibility of ports being an entry point of attack and observe the low presence of vulnerable services in dropzones. Our analysis shows the tolerance of organizations towards endpoints with malicious intent. To understand the dependencies among malware, we highlight dropzone characteristics including spatial, network, and organizational affinities. Towards the analysis of dropzones\u27 interdependencies and dynamics, we identify dropzones chains. In particular, we identify 56 unique chains, which unveil coordination among different malware families. Our further analysis of chains suggests a centrality-based defense and monitoring mechanism to limit malware propagation. Finally, we propose a defense based on the observed measures, such as the blocked/blacklisted IP addresses or ports. In particular, we investigate network-level and country-level defenses, by blocking a list of ports that are not commonly used by benign applications, and study the underlying issues and possible solutions of such a defense