A Hybrid Spam Detection Method Based on Unstructured Datasets

This document is the accepted manuscript version of the following article: Shao, Y., Trovati, M., Shi, Q. et al. Soft Comput (2017) 21: 233. The final publication is available at Springer via http://dx.doi.org/10.1007/s00500-015-1959-z. © Springer-Verlag Berlin Heidelberg 2015.The identification of non-genuine or malicious messages poses a variety of challenges due to the continuous changes in the techniques utilised by cyber-criminals. In this article, we propose a hybrid detection method based on a combination of image and text spam recognition techniques. In particular, the former is based on sparse representation-based classification, which focuses on the global and local image features, and a dictionary learning technique to achieve a spam and a ham sub-dictionary. On the other hand, the textual analysis is based on semantic properties of documents to assess the level of maliciousness. More specifically, we are able to distinguish between meta-spam and real spam. Experimental results show the accuracy and potential of our approach.Peer reviewedFinal Accepted Versio

Malware detection using DNS records and domain name features

© 2018 ACM. As billions of people depend on Internet application to perform day to day tasks, the prevalent of malwares and online attacks cause a huge loss to global Internet economy prevalent. Domain name system is one of the core components of the Internet, which allows users to type in website names and resolves them to Internet addresses. Several studies proposed using DNS for malware detection, because it is the first step before visiting a specific website. Unfortunately, majority focused on malicious URLs back listing, botnets, top-level-domain, DNS and resolvers. This paper proposes a system to detect malicious domain names, by using eight unique features that accurately identify malicious websites before being visited.We implemented our approach of malicious domain names detection using Python, and experimented with five weeks of real-world data using Weka.The experimental results reports a 77.5% and low false positive rates 22.4%. That is very promising considering the approach detect website based on feature calculated based on URL and without downloading the file

Unified Defense against DDoS Attacks

Abstract. With DoS/DDoS attacks emerging as one of the primary security threats in today’s Internet, the search is on for an efficient DDoS defense mechanism that would provide attack prevention, mitigation and traceback features, in as few packets as possible and with no collateral damage. Although several techniques have been proposed to tackle this growing menace, there exists no effective solution to date, due to the growing sophistication of the attacks and also the increasingly complex Internet architecture. In this paper, we propose an unified framework that integrates traceback and mitigation capabilities for an effective attack defense. Some significant aspects of our approach include: (1) a novel data cube model to represent the traceback information, and its slicing along the lines of path signatures rather than router signatures, (2) characterizing traceback as a transmission scheduling problem on the data cube representation, and achieving scheduling optimality using a novel metric called utility, (3) and finally an information delivery architecture employing both packet marking and data logging in a distributed manner to achieve faster response times. The proposed scheme can thus provide both per-packet mitigation and multi-packet traceback capabilities due to effective data slicing of the cube, and can attain higher detection speeds due to novel utility rate analysis. We also contrast this unified scheme with other well-known schemes in literature to understand the performance tradeoffs, while providing an experimental evaluation of the proposed scheme on real data sets.