Copyright 2010 Florida State University. All Rights Reserved MDMap: Assisting Users in Identifying Phishing Emails Patrick Dwyer Department of Computer.

Slides:



Advertisements
Similar presentations
McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 22 Simple Mail Transfer Protocol (SMTP)
Advertisements

Kalpesh Vyas & Seward Khem
How Will Authentication Reduce Global Spam? OECD Anti-Spam Task Force Pusan – September, 2004 Dave Crocker Brandenburg InternetWorking OECD Anti-Spam Task.
Jason Rich CIS  The purpose of this project is to inform the audience about the act of phishing. Phishing is when fake websites are created.
© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.
Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 23 Electronic Mail: SMTP,
Computer Assisted Communication. Terms Asynchronous Blog Bulletin Board – Discussion Board Chat Chat Room.
One Stop Mail Service Bhattacharya, Tonmoy, Bhattacharya, Tonmoy, Hariharan, Rama Krishnan, MS in Engineering Science,
Special Session PDCS’2000 Interworking of Diffserv, RSVP and MPLS for achieving QoS in the Internet Junaid Ahmed Zubairi Department of Mathematics and.
Tracking the source of spam by examining its header Anh Nguyen May 3 rd, 2010.
Networking Support In Java Nelson Padua-Perez Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 23 Electronic Mail: SMTP,
Reporting Module for Gateway Yvonne Yao. Recap: What is the Gateway? Web-base system Create, schedule, send mailings Statistics collected and presented.
Electronic Mail: SMTP, POP, and IMAP
» Explain the way that electronic mail ( ) works » Configure an client » Identify message components » Create and send messages.
Understanding Forgery Properties of Spam Delivery Paths Fernando Sanchez, Zhenhai Duan Florida State University Yingfei Dong University of Hawaii.
Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine Shuang Hao, Nadeem Ahmed Syed, Nick Feamster, Alexander G. Gray,
Electronic Mail (SMTP, POP, IMAP, MIME)
PerfSONAR Client Construction February 11 th 2010, APAN 29 – perfSONAR Workshop Jeff Boote, Assistant Director R&D.
Computer Concepts 2014 Chapter 7 The Web and .
1 Introduction AfNOG CHIX 2011 Blantyre, Malawi By Evelyn NAMARA.
PRINCIPLES – DNS – ARCHITECTURES – SPAM
© 2010 Computer Science Faculty, Kabul University ELECTRONICE MAIL CONTINUED… 6 TH LECTURE 9, May, 2010 Baseer Ahmad Baheer.
IST346 – Servies Agenda  What is ?  Policies  The technical side of  Components  Protocols  architecture  Security.
PHISHING FINANCIAL THREATS ON THE INTERNET -Alisha Esshaki 8a.
Concept demo System dashboard. Overview Dashboard use case General implementation ideas Use of MULE integration platform Collection Aggregation/Factorization.
Webmail. Agenda Why use webmail? Why use webmail? What is webmail What is webmail – basic » system MDA MDA MTA MTA MUA MUA »Protocol SMTP SMTP.
CSIE 1 Filtering mail Speaker: Chung yu Wu Adviser: Quincy Wu Date: 2005/12/07.
TCP/IP Protocol Suite 1 Chapter 20 Upon completion you will be able to: Electronic Mail: SMTP, POP, and IMAP Understand four configurations of architecture.
Internet applications Bill Chu. © Bei-Tseng Chu Aug 2000 Need for Domain Name Service (DNS) Natively, a TCP host is identified by its IP address hosts.
Section 2.2 Network Forensics TRACKING HACKERS THROUGH CYBERSPACE
Introduction to Internet Mail Abridged & Updated by Hervey Allen Noah Sematimba Based on Materials by Philip Hazel.
Mail Service Mail Service using Postfix Campus-Booster ID : **XXXXX
TCP/IP Transport and Application (Topic 6)
1 Electronic Messaging Module - Electronic Messaging ♦ Overview Electronic messaging helps you exchange messages with other computer users anywhere in.
Internet Protocol B Bhupendra Ratha, Lecturer School of Library and Information Science Devi Ahilya University, Indore
Chapter 9 Sending and Attachments. 2Practical PC 5 th Edition Chapter 9 Getting Started In this Chapter, you will learn: − How works − How.
April 5, 2004 Prof. Paul Lin 1 CPET 355 Data Communications & Networking 7. The Application Layer: Paul I-Hai Lin, Professor Electrical and Computer.
The Savvy Cyber Teacher ® Using the Internet Effectively in the K-12 Classroom Copyright  2001 Stevens Institute of Technology, CIESE, All Rights Reserved.
WWW: an Internet application Bill Chu. © Bei-Tseng Chu Aug 2000 WWW Web and HTTP WWW web is an interconnected information servers each server maintains.
LinxChix And Exim. Mail agents MUA = Mail User Agent Interacts directly with the end user  Pine, MH, Elm, mutt, mail, Eudora, Marcel, Mailstrom,
WEB SERVER Mark Kimmet Shana Blair. The Project Web Server Application  Receives request for web pages or images from a client browser via the internet.
S305 – Network Infrastructure Chapter 5 Network and Transport Layers.
Jeopardy ProtocolsPartsPrograms General Internet HTML Q $100 Q $200 Q $300 Q $400 Q $500 Q $100 Q $200 Q $300 Q $400 Q $500 Final Jeopardy.
SMTP Tapu Ahmed Jeremy Nunn. Basics Responsible for electronic mail delivery. Responsible for electronic mail delivery. Simple ASCII protocol that runs.
  is a system of electronic communication that allows the user to exchange messages over the internet  Everyone’s address is unique  Two.
1 DMPT: Controlling Spam Through Message Delivery Differentiation Zhenhai Duan, Kartik Gopalan Florida State University Yingfei Dong University of Hawaii.
Technical Awareness on Analysis of Headers.
CITA 310 Section 6 Providing Services (Textbook Chapter 8)
The Savvy Cyber Teacher ® Using the Internet Effectively in the K-12 Classroom Copyright  2003 Stevens Institute of Technology, CIESE, All Rights Reserved.
The Savvy Cyber Teacher™ Using the Internet Effectively in the K-12 Classroom Copyright  2001 Stevens Institute of Technology, CIESE, All Rights Reserved.
1 Kyung Hee University Chapter 22 Simple Mail Transfer Protocol (SMTP)
1 Architecture 2 User Agent 3 Message Transfer Agent 4 Message Access Agent 5 MIME 6 Web-Based Mail 7 Electronic Mail Security.
Copyright 2004 MayneStay Consulting Group Ltd. - All Rights Reserved Jan-041 Security using Encryption Security Features Message Origin Authentication.
Spoofing The False Digital Identity. What is Spoofing?  Spoofing is the action of making something look like something that it is not in order to gain.
Search Engine and Optimization 1. Introduction to Web Search Engines 2.
Week-2 (Lecture-1) An electronic message sent from one computer to another. contains account i.e. How does.
Internet Security TEAMS March 18 th, ISP:Internet Service Provider.
© MMII JW RyderCS 428 Computer Networks1 Electronic Mail  822, SMTP, MIME, POP  Most widely used application service  Sometimes only way a person ever.
Anti-Spam Managing Spam with Kerio Connect
Chapter 5 Network and Transport Layers
Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.
Networking CS 3470, Section 1 Sarah Diesburg
Social Media And Global Computing Sending
Networking CS 3470, Section 1 Sarah Diesburg
Office 365 Development.
Transport Protocols An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.
Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.
Presentation transcript:

Copyright 2010 Florida State University. All Rights Reserved MDMap: Assisting Users in Identifying Phishing s Patrick Dwyer Department of Computer Science Florida State University

Copyright 2010 Florida State University. All Rights Reserved Agenda  Motivation and Background  MDMap Design and Implementation  Performance Evaluation  Summary

Copyright 2010 Florida State University. All Rights Reserved Motivation  Motivation Increase in Phishing s/spam Spam filters Suspicious information in phishing s Non-expert users Intuitive/Sensible method  Suspicious information Sender location information

Copyright 2010 Florida State University. All Rights Reserved Internet System  MUAs and MTAs

Copyright 2010 Florida State University. All Rights Reserved Message Format  envelope/content Message header/body  Headers related to sender From: Reply-To: Return-Path: Received:

Copyright 2010 Florida State University. All Rights Reserved Received: Header Field Received: from almostcosmic.com (n226- h110.gw-net.metromax.ru [ ]) by smtpin.cs.fsu.edu with SMTP id o24DvD3r from-from: almostcosmic.com from-domain: n226-h110.gw-net.metromax.ru from-address: by-domain: smtpin.cs.fsu.edu

Copyright 2010 Florida State University. All Rights Reserved Forgery  From:/Reply-To: Cannot be both faked for certain type of phishing s  Received: Header First external MTA cannot be faked  Faked headers often contain conflicting information when examined collectively

Copyright 2010 Florida State University. All Rights Reserved MDMap Design  Revealing suspicious or conflicting information in intuitive and sensible manner  Sender location information Message delivery path Return-Path: From: Reply-To: URL links

Copyright 2010 Florida State University. All Rights Reserved Parsing Message MDMap Workflow Retrieving related header information (and URL) Get geographical location information Obtaining map showing sender location information

Copyright 2010 Florida State University. All Rights Reserved Message Delivery Path  Shows how message delivered hop-by-hop at MTA level  Construction of path from header fields List of MTAs/MUAs from Received: headers  Private address  Localhost IP address

Copyright 2010 Florida State University. All Rights Reserved Example Received: Header Received: from smtpin.cs.fsu.edu (smtpin.cs.fsu.edu [ ]) by mail.cs.fsu.edu (Postfix) with ESMTP id 217D5F2D32 for ; Fri, 22 Jan :48: (EST) Received: from advanced62.inmotionhosting.com (advanced62.inmotionhosting.com [ ]) by smtpin.cs.fsu.edu (8.13.1/8.13.1) with SMTP id o0MMlbag for ; Fri, 22 Jan :47: Received: from hsit ( ) by advanced62.inmotionhosting.com; Fri, 22 Jan :47:

Copyright 2010 Florida State University. All Rights Reserved Map IP address to Geographic location  GeoLiteCity API ls = new LookupService("GeoLiteCity.dat", LookupService.GEOIP_MEMORY_CACHE); loc = ls.getLocation(domain_name); loc=ls.getLocation(InetAddress.getByName (IP_address));

Copyright 2010 Florida State University. All Rights Reserved Obtaining Map from Geographic Information  Google Maps API imageFile.createNewFile(); HttpURLConnection httpConn = (HttpURLConnection) url.openConnection(); BufferedInputStream urlStream = new BufferedInputStream( httpConn.getInputStream()); FileOutputStream imageStream = new FileOutputStream( ImageFile); while ((byteRead = urlStream.read()) != -1) { imageStream.write(byteRead); } Input = URL, output = Image file  Bing Maps API, Yahoo Maps API

Copyright 2010 Florida State University. All Rights Reserved A Snaphot of MDMap

Copyright 2010 Florida State University. All Rights Reserved Performance Evaluation  Data set 100 Phishing (spam) s  From mid November 09 – March 10  Randomly Selected  Heuristics H1:MTAs along message delivery path H2:Reply-To:, From:, Return-Path: H3:URLs

Copyright 2010 Florida State University. All Rights Reserved Performance H1H2H3FlaggedTotal

Copyright 2010 Florida State University. All Rights Reserved Summary  MDMap: simple and effective system assisting users in identifying phishing s  Standalone Java program Web-based systems Mobile phones  Demo

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.