9 research outputs found
An Empirical Study of Spam and Spam Vulnerable email Accounts
Spam messages muddle up users inbox, consume network resources, and build up
DDoS attacks, spread malware. Our goal is to present a definite figure about
the characteristics of spam and spam vulnerable email accounts. These
evaluations help us to enhance the existing technology to combat spam
effectively. We collected 400 thousand spam mails from a spam trap set up in a
corporate mail server for a period of 14 months form January 2006 to February
2007. Spammers use common techniques to spam end users regardless of corporate
server and public mail server. So we believe that our spam collection is a
sample of world wide spam traffic. Studying the characteristics of this sample
helps us to better understand the features of spam and spam vulnerable e-mail
accounts. We believe that this analysis is highly useful to develop more
efficient anti spam techniques. In our analysis we classified spam based on
attachment and contents. According to our study the four years old heavy users
email accounts attract more spam than four years oldlight users mail accounts.
The 14 months old relatively new email accounts don't receive spam. In some
special cases like DDoS attacks, the new email accounts receive spam. During
DDoS attack 14 months old heavy users email accounts have attracted more number
of spam than 14 months old light users mail accounts.Comment: 6 pages, 5 Figures, FGCN 2007, IEEE C
"Reminder: please update your details": Phishing Trends
Spam messes up users inbox, consumes resources and spread attacks like DDoS,
MiM, Phishing etc., Phishing is a byproduct of email and causes financial loss
to users and loss of reputation to financial institutions. In this paper we
study the characteristics of phishing and technology used by phishers. In order
to counter anti phishing technology, phishers change their mode of operation;
therefore continuous evaluation of phishing helps us to combat phishers
effectively. We have collected seven hundred thousand spam from a corporate
server for a period of 13 months from February 2008 to February 2009. From the
collected date, we identified different kinds of phishing scams and mode of
their operation. Our observation shows that phishers are dynamic and depend
more on social engineering techniques rather than software vulnerabilities. We
believe that this study would be useful to develop more efficient anti phishing
methodologies.Comment: 6 pages, 6 Figures, NETCOM 2009, IEEE C
Visual clustering of spam emails for DDoS analysis
Networking attacks embedded in spam emails are increasingly becoming numerous and sophisticated in nature. Hence this has given a growing need for spam email analysis to identify these attacks. The use of these intrusion detection systems has given rise to other two issues, 1) the presentation and understanding of large amounts of spam emails, 2) the user-assisted input and quantified adjustment during the analysis process. In this paper we introduce a new analytical model that uses two coefficient vectors: 'density' and 'weight'for the analysis of spam email viruses and attacks. We then use a visual clustering method to classify and display the spam emails. The visualization allows users to interactively select and scale down the scope of views for better understanding of different types of the spam email attacks. The experiment shows that this new model with the clustering visualization can be effectively used for network security analysis. © 2011 IEEE
Bayesian Based Comment Spam Defending Tool
Spam messes up user's inbox, consumes network resources and spread worms and
viruses. Spam is flooding of unsolicited, unwanted e mail. Spam in blogs is
called blog spam or comment spam.It is done by posting comments or flooding
spams to the services such as blogs, forums,news,email archives and guestbooks.
Blog spams generally appears on guestbooks or comment pages where spammers fill
a comment box with spam words. In addition to wasting user's time with unwanted
comments, spam also consumes a lot of bandwidth. In this paper, we propose a
software tool to prevent such blog spams by using Bayesian Algorithm based
technique. It is derived from Bayes' Theorem. It gives an output which has a
probability that any comment is spam, given that it has certain words in it.
With using our past entries and a comment entry, this value is obtained and
compared with a threshold value to find if it exceeds the threshold value or
not. By using this concept, we developed a software tool to block comment spam.
The experimental results show that the Bayesian based tool is working well.
This paper has the major findings and their significance of blog spam filter.Comment: 14 Pages,4 Figures, International Journal of Network Security & Its
Applications (IJNSA), Vol.2, No.4, October 201
Bayesian Based Comment Spam Defending Tool
Spam messes up user's inbox, consumes network resources and spread worms and
viruses. Spam is flooding of unsolicited, unwanted e mail. Spam in blogs is
called blog spam or comment spam.It is done by posting comments or flooding
spams to the services such as blogs, forums,news,email archives and guestbooks.
Blog spams generally appears on guestbooks or comment pages where spammers fill
a comment box with spam words. In addition to wasting user's time with unwanted
comments, spam also consumes a lot of bandwidth. In this paper, we propose a
software tool to prevent such blog spams by using Bayesian Algorithm based
technique. It is derived from Bayes' Theorem. It gives an output which has a
probability that any comment is spam, given that it has certain words in it.
With using our past entries and a comment entry, this value is obtained and
compared with a threshold value to find if it exceeds the threshold value or
not. By using this concept, we developed a software tool to block comment spam.
The experimental results show that the Bayesian based tool is working well.
This paper has the major findings and their significance of blog spam filter.Comment: 14 Pages,4 Figures, International Journal of Network Security & Its
Applications (IJNSA), Vol.2, No.4, October 201
Visual Clustering of Spam Emails for DDoS Analysis
Networking attacks embedded in spam emails are increasingly becoming numerous and sophisticated in nature. Hence this has given a growing need for spam email analysis to identify these attacks. The use of these intrusion detection systems has given rise to other two issues, 1) the presentation and understanding of large amounts of spam emails, 2) the user-assisted input and quantified adjustment during the analysis process. In this paper we introduce a new analytical model that uses two coefficient vectors: 'density' and 'weight'for the analysis of spam email viruses and attacks. We then use a visual clustering method to classify and display the spam emails. The visualization allows users to interactively select and scale down the scope of views for better understanding of different types of the spam email attacks. The experiment shows that this new model with the clustering visualization can be effectively used for network security analysis
EMPIRICAL STUDIES BASED ON HONEYPOTS FOR CHARACTERIZING ATTACKERS BEHAVIOR
The cybersecurity community has made substantial efforts to understand and mitigate security flaws in information systems. Oftentimes when a compromise is discovered, it is difficult to identify the actions performed by an attacker.
In this study, we explore the compromise phase, i.e., when an attacker exploits the host he/she gained access to using a vulnerability exposed by an information system. More specifically, we look at the main actions performed during the compromise and the factors deterring the attackers from exploiting the compromised systems.
Because of the lack of security datasets on compromised systems, we need to deploy systems to more adequately study attackers and the different techniques they employ to compromise computer. Security researchers employ target computers, called honeypots, that are not used by normal or authorized users.
In this study we first describe the distributed honeypot network architecture deployed at the University of Maryland and the different honeypot-based experiments enabling the data collection required to conduct the studies on attackers' behavior.
In a first experiment we explore the attackers' skill levels and the purpose of the malicious software installed on the honeypots. We determined the relative skill levels of the attackers and classified the different software installed.
We then focused on the crimes committed by the attackers, i.e., the attacks launched from the honeypots by the attackers. We defined the different computer crimes observed (e.g., brute-force attacks and denial of service attacks) and their characteristics (whether they were coordinated and/or destructive). We looked at the impact of computer resources restrictions on the crimes and then, at the deterrent effect of warning and surveillance. Lastly, we used different metrics related to the attack sessions to investigate the impact of surveillance on the attackers based on their country of origin.
During attacks, we found that attackers mainly installed IRC-based bot tools and sometimes shared their honeypot access. From the analysis on crimes, it appears that deterrence does not work; we showed attackers seem to favor certain computer resources. Lastly, we observed that the presence of surveillance had no significant impact on the attack sessions, however surveillance altered the behavior originating from a few countries