Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright 2010 Florida State University. All Rights Reserved MDMap: Assisting Users in Identifying Phishing Emails Patrick Dwyer Department of Computer.

Published byLauren Barnett Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright 2010 Florida State University. All Rights Reserved MDMap: Assisting Users in Identifying Phishing Emails Patrick Dwyer Department of Computer."— Presentation transcript:

1 Copyright 2010 Florida State University. All Rights Reserved MDMap: Assisting Users in Identifying Phishing Emails Patrick Dwyer Department of Computer Science Florida State University

2 Copyright 2010 Florida State University. All Rights Reserved Agenda  Motivation and Background  MDMap Design and Implementation  Performance Evaluation  Summary

3 Copyright 2010 Florida State University. All Rights Reserved Motivation  Motivation Increase in Phishing emails/spam Spam filters Suspicious information in phishing emails Non-expert users Intuitive/Sensible method  Suspicious information Sender location information

4 Copyright 2010 Florida State University. All Rights Reserved Internet Email System  MUAs and MTAs

5 Copyright 2010 Florida State University. All Rights Reserved Message Format  Email envelope/content Message header/body  Headers related to sender From: Reply-To: Return-Path: Received:

6 Copyright 2010 Florida State University. All Rights Reserved Received: Header Field Received: from almostcosmic.com (n226- h110.gw-net.metromax.ru [83.234.226.110]) by smtpin.cs.fsu.edu with SMTP id o24DvD3r010823 from-from: almostcosmic.com from-domain: n226-h110.gw-net.metromax.ru from-address: 83.234.226.110 by-domain: smtpin.cs.fsu.edu

7 Copyright 2010 Florida State University. All Rights Reserved Email Forgery  From:/Reply-To: Cannot be both faked for certain type of phishing emails  Received: Header First external MTA cannot be faked  Faked headers often contain conflicting information when examined collectively

8 Copyright 2010 Florida State University. All Rights Reserved MDMap Design  Revealing suspicious or conflicting information in intuitive and sensible manner  Sender location information Message delivery path Return-Path: From: Reply-To: URL links

9 Copyright 2010 Florida State University. All Rights Reserved Parsing Email Message MDMap Workflow Retrieving related header information (and URL) Get geographical location information Obtaining map showing sender location information

10 Copyright 2010 Florida State University. All Rights Reserved Message Delivery Path  Shows how message delivered hop-by-hop at MTA level  Construction of path from header fields List of MTAs/MUAs from Received: headers  Private address  Localhost IP address

11 Copyright 2010 Florida State University. All Rights Reserved Example Received: Header Received: from smtpin.cs.fsu.edu (smtpin.cs.fsu.edu [128.186.120.196]) by mail.cs.fsu.edu (Postfix) with ESMTP id 217D5F2D32 for ; Fri, 22 Jan 2010 17:48:30 -0500 (EST) Received: from advanced62.inmotionhosting.com (advanced62.inmotionhosting.com [216.193.219.137]) by smtpin.cs.fsu.edu (8.13.1/8.13.1) with SMTP id o0MMlbag016308 for ; Fri, 22 Jan 2010 17:47:40 -0500 Received: from hsit (86.59.210.51) by advanced62.inmotionhosting.com; Fri, 22 Jan 2010 14:47:34 -0800

12 Copyright 2010 Florida State University. All Rights Reserved Map IP address to Geographic location  GeoLiteCity API ls = new LookupService("GeoLiteCity.dat", LookupService.GEOIP_MEMORY_CACHE); loc = ls.getLocation(domain_name); loc=ls.getLocation(InetAddress.getByName (IP_address));

13 Copyright 2010 Florida State University. All Rights Reserved Obtaining Map from Geographic Information  Google Maps API imageFile.createNewFile(); HttpURLConnection httpConn = (HttpURLConnection) url.openConnection(); BufferedInputStream urlStream = new BufferedInputStream( httpConn.getInputStream()); FileOutputStream imageStream = new FileOutputStream( ImageFile); while ((byteRead = urlStream.read()) != -1) { imageStream.write(byteRead); } Input = URL, output = Image file  Bing Maps API, Yahoo Maps API

14 Copyright 2010 Florida State University. All Rights Reserved A Snaphot of MDMap

15 Copyright 2010 Florida State University. All Rights Reserved Performance Evaluation  Data set 100 Phishing (spam) emails  From mid November 09 – March 10  Randomly Selected  Heuristics H1:MTAs along message delivery path H2:Reply-To:, From:, Return-Path: H3:URLs

16 Copyright 2010 Florida State University. All Rights Reserved Performance H1H2H3FlaggedTotal 70471982100

17 Copyright 2010 Florida State University. All Rights Reserved Summary  MDMap: simple and effective system assisting users in identifying phishing emails  Standalone Java program Web-based email systems Mobile phones  Demo

Download ppt "Copyright 2010 Florida State University. All Rights Reserved MDMap: Assisting Users in Identifying Phishing Emails Patrick Dwyer Department of Computer."

Similar presentations

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 22 Simple Mail Transfer Protocol (SMTP)

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 22 Simple Mail Transfer Protocol (SMTP)
Kalpesh Vyas & Seward Khem

Kalpesh Vyas & Seward Khem
How Will Authentication Reduce Global Spam? OECD Anti-Spam Task Force Pusan – September, 2004 Dave Crocker Brandenburg InternetWorking OECD Anti-Spam Task.

How Will Authentication Reduce Global Spam? OECD Anti-Spam Task Force Pusan – September, 2004 Dave Crocker Brandenburg InternetWorking OECD Anti-Spam Task.
Jason Rich CIS - 158 1.  The purpose of this project is to inform the audience about the act of phishing. Phishing is when fake websites are created.

Jason Rich CIS  The purpose of this project is to inform the audience about the act of phishing. Phishing is when fake websites are created.
© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.

© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.
Phishing (pronounced “fishing”) is the process of sending e-mail messages to lure Internet users into revealing personal information such as credit card.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 23 Electronic Mail: SMTP,

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 23 Electronic Mail: SMTP,
Computer Assisted Communication. Terms Asynchronous Blog Bulletin Board – Discussion Board Chat Chat Room.

Computer Assisted Communication. Terms Asynchronous Blog Bulletin Board – Discussion Board Chat Chat Room.
One Stop Mail Service Bhattacharya, Tonmoy, Bhattacharya, Tonmoy, Hariharan, Rama Krishnan, MS in Engineering Science,

One Stop Mail Service Bhattacharya, Tonmoy, Bhattacharya, Tonmoy, Hariharan, Rama Krishnan, MS in Engineering Science,
Special Session PDCS’2000 Interworking of Diffserv, RSVP and MPLS for achieving QoS in the Internet Junaid Ahmed Zubairi Department of Mathematics and.

Special Session PDCS’2000 Interworking of Diffserv, RSVP and MPLS for achieving QoS in the Internet Junaid Ahmed Zubairi Department of Mathematics and.
Tracking the source of email spam by examining its header Anh Nguyen May 3 rd, 2010.

Tracking the source of spam by examining its header Anh Nguyen May 3 rd, 2010.
Networking Support In Java Nelson Padua-Perez Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.

Networking Support In Java Nelson Padua-Perez Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 23 Electronic Mail: SMTP,

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 23 Electronic Mail: SMTP,
Reporting Module for Gateway Yvonne Yao. Recap: What is the Gateway? Web-base e-mail system Create, schedule, send mailings Statistics collected and presented.

Reporting Module for Gateway Yvonne Yao. Recap: What is the Gateway? Web-base system Create, schedule, send mailings Statistics collected and presented.
Electronic Mail: SMTP, POP, and IMAP

Electronic Mail: SMTP, POP, and IMAP
» Explain the way that electronic mail (e-mail) works » Configure an e-mail client » Identify e-mail message components » Create and send e-mail messages.

» Explain the way that electronic mail ( ) works » Configure an client » Identify message components » Create and send messages.
Understanding Forgery Properties of Spam Delivery Paths Fernando Sanchez, Zhenhai Duan Florida State University Yingfei Dong University of Hawaii.

Understanding Forgery Properties of Spam Delivery Paths Fernando Sanchez, Zhenhai Duan Florida State University Yingfei Dong University of Hawaii.
Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine Shuang Hao, Nadeem Ahmed Syed, Nick Feamster, Alexander G. Gray,

Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine Shuang Hao, Nadeem Ahmed Syed, Nick Feamster, Alexander G. Gray,
Electronic Mail (SMTP, POP, IMAP, MIME)

Electronic Mail (SMTP, POP, IMAP, MIME)
PerfSONAR Client Construction February 11 th 2010, APAN 29 – perfSONAR Workshop Jeff Boote, Assistant Director R&D.

PerfSONAR Client Construction February 11 th 2010, APAN 29 – perfSONAR Workshop Jeff Boote, Assistant Director R&D.

Similar presentations

Ads by Google