12 research outputs found
Early detection of spam-related activity
Spam, the distribution of unsolicited bulk email, is a big security threat on the Internet. Recent studies show approximately 70-90% of the worldwide email trafficâabout 70 billion messages a dayâis spam. Spam consumes resources on the network and at mail servers, and it is also used to launch other attacks on users, such as distributing malware or phishing. Spammers have increased their virulence and resilience by sending spam from large collections of compromised machines (âbotnetsâ). Spammers also make heavy use of URLs and domains to direct victims to point-of-sale Web sites, and miscreants register large number of domains to evade blacklisting efforts. To mitigate the threat of spam, users and network administrators need proactive techniques to distinguish spammers from legitimate senders and to take down online spam-advertised sites.
In this dissertation, we focus on characterizing spam-related activities and developing systems to detect them early. Our work builds on the observation that spammers need to acquire attack agility to be profitable, which presents differences in how spammers and legitimate users interact with Internet services and exposes detectable during early period of attack. We examine several important components across the spam life cycle, including spam dissemination that aims to reach users' inboxes, the hosting process during which spammers set DNS servers and Web servers, and the naming process to acquire domain names via registration services.
We first develop a new spam-detection system based on network-level features of spamming bots. These lightweight features allow the system to scale better and to be more robust. Next, we analyze DNS resource records and lookups from top-level domain servers during the initial stage after domain registrations, which provides a global view across the Internet to characterize spam hosting infrastructure. We further examine the domain registration process and present the unique registration behavior of spammers. Finally, we build an early-warning system to identify spammer domains at time-of-registration rather than later at time-of-use.
We have demonstrated that our detection systems are effective by using real-world datasets. Our work has also had practical impact. Some of the network-level features that we identified have since been incorporated into spam filtering products at Yahoo! and McAfee, and our work on detecting spammer domains at time-of-registration has directly influenced new projects at Verisign to investigate domain registrations.Ph.D
Recommended from our members
Remedying Security Concerns at an Internet Scale
The state of security across the Internet is poor, and it has been so since the advent of the modern Internet. While the research community has made tremendous progress over the years in learning how to design and build secure computer systems, network protocols, and algorithms, we are far from a world where we can truly trust the security of deployed Internet systems. In reality, we may never reach such a world. Security concerns continue to be identified at scale through-out the software ecosystem, with thousands of vulnerabilities discovered each year. Meanwhile, attacks have become ever more frequent and consequential.As Internet systems will continue to be inevitably affected by newly found security concerns, the research community must develop more effective ways to remedy these issues. To that end, in this dissertation, we conduct extensive empirical measurements to understand how remediation occurs in practice for Internet systems, and explore methods for spurring improved remediation behavior. This dissertation provides a treatment of the complete remediation life cycle, investigating the creation, dissemination, and deployment of remedies. We start by focusing on security patches that address vulnerabilities, and analyze at scale their creation process, characteristics of the resulting fixes, and how these impact vulnerability remediation. We then investigate and systematize how administrators of Internet systems deploy software updates which patch vulnerabilities across the many machines they manage on behalf of organizations. Finally, we conduct the first systematic exploration of Internet-scale outreach efforts to disseminate information about security concerns and their remedies to system administrators, with an aim of driving their remediation decisions. Our results show that such outreach campaigns can effectively galvanize positive reactions.Improving remediation, particularly at scale, is challenging, as the problem space exhibits many dimensions beyond traditional computer technical considerations, including human, social, organizational, economic, and policy facets. To make meaningful progress, this work uses a diversity of empirical methods, from software data mining to user studies to Internet-wide network measurements, to systematically collect and evaluate large-scale datasets. Ultimately, this dissertation establishes broad empirical grounding on security remediation in practice today, as well as new approaches for improved remediation at an Internet scale
Blown to Bits: Your Life, Liberty, and Happiness After the Digital Explosion
382 p.Libro ElectrĂłnicoEach of us has been in the computing field for more than 40 years. The book is the product of a lifetime of observing and participating in the changes it has brought. Each of us has been both a teacher and a learner in the field.
This book emerged from a general education course we have taught at Harvard, but it is not a textbook. We wrote this book to share what wisdom we have with as many people as we can reach. We try to paint a big picture,
with dozens of illuminating anecdotes as the brushstrokes. We aim to entertain you at the same time as we provoke your thinking.Preface
Chapter 1 Digital Explosion
Why Is It Happening, and What Is at Stake?
The Explosion of Bits, and Everything Else
The Koans of Bits
Good and Ill, Promise and Peril
Chapter 2 Naked in the Sunlight
Privacy Lost, Privacy Abandoned
1984 Is Here, and We Like It
Footprints and Fingerprints
Why We Lost Our Privacy, or Gave It Away
Little Brother Is Watching
Big Brother, Abroad and in the U.S.
Technology Change and Lifestyle Change
Beyond Privacy
Chapter 3 Ghosts in the Machine
Secrets and Surprises of Electronic Documents
What You See Is Not What the Computer Knows
Representation, Reality, and Illusion
Hiding Information in Images
The Scary Secrets of Old Disks
Chapter 4 Needles in the Haystack
Google and Other Brokers in the Bits Bazaar
Found After Seventy Years
The Library and the Bazaar
The Fall of Hierarchy
It Matters How It Works
Who Pays, and for What?
Search Is Power
You Searched for WHAT? Tracking Searches
Regulating or Replacing the Brokers
Chapter 5 Secret Bits
How Codes Became Unbreakable
Encryption in the Hands of Terrorists, and Everyone Else
Historical Cryptography
Lessons for the Internet Age
Secrecy Changes Forever
Cryptography for Everyone
Cryptography Unsettled
Chapter 6 Balance Toppled
Who Owns the Bits?
Automated CrimesâAutomated Justice
NET Act Makes Sharing a Crime
The Peer-to-Peer Upheaval
Sharing Goes Decentralized
Authorized Use Only
Forbidden Technology
Copyright Koyaanisqatsi: Life Out of Balance
The Limits of Property
Chapter 7 You Canât Say That on the Internet
Guarding the Frontiers of Digital Expression
Do You Know Where Your Child Is on the Web Tonight?
Metaphors for Something Unlike Anything Else
Publisher or Distributor?
Neither Liberty nor Security
The Nastiest Place on Earth
The Most Participatory Form of Mass Speech
Protecting Good Samaritansâand a Few Bad Ones
Laws of Unintended Consequences
Can the Internet Be Like a Magazine Store?
Let Your Fingers Do the Stalking
Like an Annoying Telephone Call?
Digital Protection, Digital Censorshipâand Self-Censorship
Chapter 8 Bits in the Air
Old Metaphors, New Technologies, and Free Speech
Censoring the President
How Broadcasting Became Regulated
The Path to Spectrum Deregulation
What Does the Future Hold for Radio?
Conclusion After the Explosion
Bits Lighting Up the World
A Few Bits in Conclusion
Appendix The Internet as System and Spirit
The Internet as a Communication System
The Internet Spirit
Endnotes
Inde