b@bel: leveraging email delivery for spam mitigation
TRANSCRIPT
GIANLUCA STRINGHINI, MANUEL EGELE, AAPOSTOLIS ZARRAS, THORSTEN HOLZ, CHRISTOPHER KRUEGEL, AND GIOVANNI
VIGNA
PRESENTED BY RUI XIE
B@BEL: Leveraging Email Delivery for Spam Mitigation
Problems on Spam
Wealthy economy behind spam 77% of emails are spam 85% of spam are sent by botnets
Traditional Spam Detection Content Analysis Origin Analysis
Approach in Article
Focusing on the way that client interact with SMTP server
Overview
Techniques System design Evaluation Limitations
Techniques
SMTP dialects Feedback manipulation
SMTP dialects
Feedback Manipulation
Botnet also use feedback Botmaster sends spam to bot Bot sends spam to SMTP server SMTP server sends spam to user or
replies bot no such user exists Bot replies bot master no such user
exists Bot master delete address of the user
from user list
Importance
SMTP dialectsSpam detection Malware classification
Feedback manipulationSuccessful botnets are using bot feedback35% of the email addresses were
nonexistent
System design
Learning SMTP dialects Build a decision model Making a decision
SMTP dialects state
D =< Σ,S,s0,T, Fg,Fb >Σ: input alphabetS : set of statess0: initial stateT : transitions Fg : good final statesFb : bad final states
Learning SMTP dialects
Collecting SMTP conversations
Passive observationTwo dialects might look the same!
Active probing Intentionally sending incorrect replies, error
messages
Build a decision model
Making a decision
Passive matching Detect dialects by observing conversations
Active probing Send specific replies to “expose” differences
Evaluation
Experiment has 621,919 SMTP conversations
Results260,074 as spam218,675 as ham143,170 could not decide
Result in real life
Limitations
Evading dialects detection Implement a “faithful” SMTP engine Making spammers to look like a legitimate
client
Evading feedback manipulation
Conclusion
Focusing on the way that client interact with SMTP serverSMTP dialects Feedback manipulation
Valuable tool for spam mitigation