1 Analysis of SMTP Connection Characteristics for Detecting Spam Relays Authors: P. J. Sandford, J. M. Sandford, and D. J. Parish Speaker: Shu-Fen Chiou(

Slides:



Advertisements
Similar presentations
Zhiyun Qian, Z. Morley Mao (University of Michigan)
Advertisements

第二章 研究主題(研究題 目)與研究問題.
布林代數的應用--- 全及項(最小項)和全或項(最大項)展開式
1 ID-Based Proxy Signature Using Bilinear Pairings Author: Jing Xu, Zhenfeng Zhang, and Dengguo Feng Presenter: 林志鴻.
Chapter 2 Random Vectors 與他們之間的性質 (Random vectors and their properties)
 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 
指導教授:陳淑媛 學生:李宗叡 李卿輔.  利用下列三種方法 (Edge Detection 、 Local Binary Pattern 、 Structured Local Edge Pattern) 來判斷是否為場景變換,以方便使用者來 找出所要的片段。
社研法助教課, 2007/04/11 如何閱讀 SPSS 圖表 (迴歸分析篇) By 黃昱珽. 小考題目 大華用 SPSS 得到以下的資料: (圖表見下面) 說明 : BABYMORT = 嬰兒死亡率, GDP_CAP = 一國國民生產毛額, LIT_FEMA = 女性識字率。 資料來源 : 聯合國,
1 Simple Regression ( 簡單迴歸分析 ) Social Research Methods 2109 & 6507 Spring, 2006 March 8, 9, 13, 2006.
亂數產生器安全性評估 之統計測試 SEC HW7 姓名:翁玉芬 學號:
第一章 信號與系統初論 信號的簡介與DSP的處理方式。 系統特性與穩定性的判定方法。 以MATLAB驗證系統的線性、非時變、因果等特性。
大陸軍機偵測 學號 : 姓名 : 莊 啟 宏. 大綱 簡介 飛機偵測方法概述 結論 簡介 近年來各國科技發達,衛星利用日漸 廣泛。 利用間諜衛星拍攝的照片判斷他國武 力優劣。 探討如何用衛星影像做飛機偵測。
STAT0_corr1 二變數的相關性  變數之間的關係是統計研究上的一大目標  討論二分類變數的相關性,以列聯表來表示  討論二連續隨機變數時,可以作 x-y 散佈圖觀察它 們的關係強度  以相關係數來代表二者關係的強度.
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc.,All Rights Reserved. 肆 資料分析與表達.
Understanding the Network-Level Behavior of Spammers Anirudh Ramachandran Nick Feamster.
Network Connections ★★★☆☆ 題組: Contest Archive with Online Judge 題號: Network Connections 解題者:蔡宗翰 解題日期: 2008 年 10 月 20 日 題意:給你電腦之間互相連線的狀況後,題.
Greedy Algorithms. 2 Greedy Methods ( 描述 1) * 解最佳化問題的演算法, 其解題過程可看成是由一 連串的決策步驟所組成, 而每一步驟都有一組選擇 要選定. * 一個 greedy method 在每一決策步驟總是選定那目 前看來最好 的選擇. *Greedy.
: The largest Clique ★★★★☆ 題組: Contest Archive with Online Judge 題號: 11324: The largest Clique 解題者:李重儀 解題日期: 2008 年 11 月 24 日 題意: 簡單來說,給你一個 directed.
: Fast and Easy Data Compressor ★★☆☆☆ 題組: Problem Set Archive with Online Judge 題號: 10043: Fast and Easy Data Compressor 解題者:葉貫中 解題日期: 2007 年 3.
Understanding the Network-Level Behavior of Spammers Mike Delahunty Bryan Lutz Kimberly Peng Kevin Kazmierski John Thykattil By Anirudh Ramachandran and.
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
Structural Equation Modeling Chapter 6 CFA 根據每個因素有多重指標,以減少 測量誤差並可建立問卷的構念效度 驗證性因素分析.
: Help My Brother ★★★☆☆ 題組: Problem Set Archive with Online Judge 題號: 11033: Help My Brother 解題者: 呂明璁 解題日期: 2007 年 5 月 14 日.
Circuit & Application Level Gateways CS-431 Dick Steflik.
效用與需求 效用與需求 Part 3 Chapter 7 家庭的選擇 Economics, 6th, Parkin, 2004, Chapter 7: 效用與需求 [ 第 1 頁 ]
電腦的基本單位 類比訊號 (analog signal) 指的是連續的訊號 數位訊號 (digital signal) 指的是以預先定義的符號表示不連續 的訊號 one bit 8 bits=one byte 電腦裡的所有資料,包括文 字、數據、影像、音訊、視 訊,都是用二進位來表示的。
連續隨機變數 連續變數:時間、分數、重量、……
Inference for Simple Regression Social Research Methods 2109 & 6507 Spring 2006 March 15, 16, 2006.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 15 How Spam Works.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
Spam Sonia Jahid University of Illinois Fall 2007.
Spam Reduction Techniques Using greylisting and SpamAssassin.
1. Introduction The underground Internet economy Web-based malware The system analyzing the post-infection network behavior of web-based malware How do.
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
DANIEL ASHBROOK AND THAD STARNER COLLEGE OF COMPUTING GEORGIA INSTITUTE OF TECHNOLOGY PERSONAL AND UBIQUITOUS COMPUTING, 2003 Using GPS to Learn Significant.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Speaker:Chiang Hong-Ren Botnet Detection by Monitoring Group Activities in DNS Traffic.
1 Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces Speaker: Jun-Yi Zheng 2010/03/29.
Effective Web Data Extraction with Standard XML Technologies Source : International World Wide Web Conference Proceedings of the tenth international conference.
1 A secure model for controlling the hubs in P2P wireless network based on trust value Authors: Y. Liu, N. Xiong, K. Xu, J. H. Park, and C. Lin Source:
Postfix Mail Server Postfix is used frequently and handle thousands of messages. compatible with sendmail at command level. high performance program easier-
Botnet behavior and detection October RONOG Silviu Sofronie – a Head of Forensics.
1 Proteomics: APPROACHES AND IMAGE ANALYSIS TOOLS FOR DRUG DISCOVERY Authors: Sophia R. HE, Edmond J. Breen and Sybille M. N. Hunt Source: ICME 2003, pp.
1 1 Slide The Simple Linear Regression Model n Simple Linear Regression Model y =  0 +  1 x +  n Simple Linear Regression Equation E( y ) =  0 + 
TEL500-Voice Communications SIP-based VoIP Traffic Behavior Profiling and Its Application Devesh Mendiratta & Sameer Deshmukh MS-Telecommunication State.
2010/05/061 Author: Monga, O.; Deriche, R.; Malandain, G.; Cocquerez, J.P. Source: Pattern Recognition, Proceedings., 10th International Conference,
1 A preliminary study on unknown word problem in Chinese word segmentation Authors: Ming -Yu Lin Tung – Hui Chiang Keh-Yih Su Speaker: Jbc.
CHAPTER 3 Classes of Attack. INTRODUCTION Network attacks come from both inside and outside firewall. Kinds of attacks: 1. Denial-of-service 2. Information.
Improvements to the JPEG-LS prediction scheme Authors: S. Bedi, E. A. Edirisinghe, and G. Grecos Source : Image and Vision Computing. Vol. 22, No. 1, 2004,
Understanding the Network-Level Behavior of Spammers Author: Anirudh Ramachandran, Nick Feamster SIGCOMM ’ 06, September 11-16, 2006, Pisa, Italy Presenter:
Partition and multi-path transmission-An encryption-free reputation sharing protocol in Gnutella-like peer-to-peer network Author: X. X. Ma, and Z. G.
1 A connection management protocol for promoting cooperation in Peer-to-Peer networks Authors: Murat Karakaya, Ibrahim Korpeoglu, and Ozgur Ulusoy Source:
Understanding the network level behavior of spammers Published by :Anirudh Ramachandran, Nick Feamster Published in :ACMSIGCOMM 2006 Presented by: Bharat.
1 Source: Journal of Chemical Information & Computer Sciences, 2003, vol.43, pp Authors: K. Kaczmarek, B. Walczak, S. de Jong, and B. G. M. Vandeginste.
Leveraging Delivery for Spam Mitigation.
1 Biometric template selection and update: a case study in fingerprints Source:Pattern Recognition, Vol. 37, 2004, pp Authors: Umut Uludag, Arun.
Local Correlation-based Fingerprint Matching
11 Shades of Grey: On the effectiveness of reputation- based “blacklists” Reporter: 林佳宜 /8/16.
Visual Cryptography for Gray-Level Images by Dithering Techniques
1 Reversible and lossless data hiding in the integer wavelet transform domain (Review) Authors: S. Yousefi, H. R. Rabiee, E. Yousefi, and M. Ghanbari Speaker:
1 Agent that models, reasons and makes decisions Authors: Miao, C.Y.; Goh, A.; Miao, Y.; Yang, Z.H. Source: Knowledge-Based Systems Volume: 15, Issue:
1 Block Truncation Coding Using Pattern Fitting Source: Pattern Recognition, vol.37, 2004, pp Authors: Bibhas Chandra Dhara, Bhabatosh Chanda.
1 Competitive fuzzy edge detection Source: Forensic Science International 155 (2005) 35–50 Authors: Che-Yen Wen*, Jing-Yue Yao Reporter : 黃 宇 睿 Teacher.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 23 Electronic Mail: SMTP,
Spoofing The False Digital Identity. What is Spoofing?  Spoofing is the action of making something look like something that it is not in order to gain.
Detecting and Locating Human Eyes in Face Images Based on Progressive Thresholding Reporter: Kai-Lin Yang Date:2012/01/06 Authors: IEEE International Conference.
Speaker : YUN–KUAN,CHANG Date : 2009/11/17
Instruction Encoding Synthesis for Architecture Exploration using Hierarchical Processor Modes Achim Nohl, Volker Greive, Rainer Leupers, Oliver Schliebusch,
Professional Web Designing For Absolute Beginners
Fix Thunderbird Error 5.7.1 Call Toll-free
Presentation transcript:

1 Analysis of SMTP Connection Characteristics for Detecting Spam Relays Authors: P. J. Sandford, J. M. Sandford, and D. J. Parish Speaker: Shu-Fen Chiou( 邱淑芬 )

2 Outline  Introduction  Spam relay detection  Results  Conclusion  Comments

3

4 Spam relay  Sending mail to a destination via a third- party mail server or proxy server in order to hide the address of the source of the mail.  When servers (SMTP servers) are used, it is known as an "open relay" or "SMTP relay," and this method was commonly used by spammers in the past when SMTP servers were not locked down.  Today, most spam relay is provided by proxy servers and botnets.

5 Prevent spam

6 Specific problem Spam relay Compromised host … Mail server Mail server Mail server Spam mail … Mail server Mail server Mail server Spam mail … Mail server Mail server Spam mail …

7 Monitoring Architecture

8 Legitimate users V.S. spam relays  Number of connections Legitimate users < spam relays  Connect to a mail server Legitimate users: Fewer times an hour. Spam relays: Thousands of s every hour to hundreds of mail servers.  Daily pattern Legitimate users: Can exhibit. Spam relays: Do not exhibit.

9 Result(1/6)  All the example shows come from a single 24 hour period during Sep  Total 89,748 hosts were observed. 48 hosts had established over 10,000 SMTP connections. 4 hosts had established over 50,000 SMTP connections.

10 Result(2/6) Total: 58,000 SMTP connections Home user

11 Result(3/6) 25,000 connections Mail bombs: occur where very large quantities of are sent to the same address rendering the address unusable.

12 Result(4/6) 3,000 connections

13 Result(5/6)

14 Result(6/6) Total: over 1,600,000 connections

15 Conclusions  This paper has shown how spam relays installed on compromised hosts could be identified by the ISP networks on which they are hosted.  Given the large disparity between the SMTP connection profiles of legitimate mail clients and servers and spam relays, an automated process could easily be developed to detect spam relays.

16 Comments  提出了一個簡單的方法來預防 spam 。  偵測到 host 是 spam relay 的正確率,方 法的有效性 ?  如何定義連線數量的門檻值,來判定 host 為 spam relay?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.