spam and anti-spam by aditi desai yousuf haider. agenda introduction purpose of spam types of spam...
Post on 24-Dec-2015
245 Views
Preview:
TRANSCRIPT
Agenda
Introduction Purpose of Spam Types of Spam Spam Techniques Anti spam Why Spam is so Easy Anti Spam Techniques Ongoing research Conclusion
Introduction Spam- unwanted “junk" e-mail sent to a large
number of people to promote products or services. 1 out of 4 Network Administrators spend more than 1 hour a day
combating spam 1 out of 2 organization’s bandwidth usage is at least 10% spam.
Emphasis on email spam. Discussion on AntiSpam and its Techniques.
Purpose of Spam High potential payoffs in return for very little
effort on the spammer’s part.
Spammers succeed when even a small number of people reply to and purchase some spam-based offering for the spammers to succeed
E.g. Lawrence Canter and Martha Siegel are two of the original, and perhaps most notorious, spammers on the Internet. These immigration attorneys earned their 15 minutes of fame by posting
green card lottery ads on thousands of Usenet groups in 1993.
Mediums of Spam
E-mail spam Instant Messaging and Chat Room spam Chat spam Newsgroup spam and forum spam Mobile phone spam Online game messaging spam Spam targeting search engines (spamdexing) Blog, wiki, and guestbook spam Spam targeting video sharing sites Noncommercial spam
Types of Internet Spam
Unsolicited commercial mails - 68% Adult - 15% Jokes - 9% Chain letters - 4.5% Large file attachments with non-work
related content - 3%.
Types of Spamming Techniques
Email spammingBulk email softwareDictionary spammingDirectory harvest attackSpambotPink contract
Security Implications of Spam Some of the security concerns of spam are:
Unwanted spam messages eat up a tremendous amount of storage space.
Large no. of messages coming in network can overload & create a DoS condition leading to serious email system downtime.
Consequences: email system unavailability, improper message send receive.
,
Network intrusions along with malware, Viruses,Trojan horses, Web bugs wreak havoc on networks, server, and end user systems.
Some of the spam is actually social engineering at work.
Cost Estimates of Spam Despite agreeing that spam is free speech, it costs
people and organizations time and money Taking a real world corporate example,
25 emails/day 150/week7800/year 2 secs. to handle each 4.33/year $40/hr pay 173.33/user/year (???) Each msg is 5KB 7800x 5 = 38MB clutter
These figures count big for large firms with 1000+ employees.
Anti-Spam
The Goal Prevent or minimize the effectiveness of
spammers to send spam to a large number of recipients.
Emphasis on Email Anti Spam
Why Spam is so Easy
Cost of Harvesting or collecting email addresses.
Monetary Cost of sending spam email. Computational Cost of sending spam
email. Legal Cost of sending spam email. Anonymity of the sender.
Anti-Spam Techniques
3 Categories End User Techniques. Automated Techniques for Email
Administrators. Automated Techniques for Email Senders.
End User Techniques
Address ‘Munging’ myname at email dot com Transparent address munging more effective
Disable HTML in e-mail If not disabled might execute malicious scripts Validate email addresses
Reporting spam Track down spammer’s ISP and report Difficult for End user to do and will not work for
botnets or netblocks.
End User Techniques…(contd.)
Disposable Email addresses Disposable temporary address forwards email to
valid address No Response to Spam
Responding validates address Aggressive Response to Spam
Controversial, spam the spammer Automated tools to submit forms on spammer sites Might not work with zombies on botnets
Automated Techniques for Email Administrators Rule Based Systems
Parse incoming email for specific keywords or content and then apply set of rules
May have Distributed community approach Members mark spam Add to database Infer Rules from database
Valid emails may end up in Spam box
Automated Techniques for Email Administrators… (contd.) Challenge-Response Systems
Exploits the spammer anonymity factor. White List – Email from addresses on white list
accepted. Black List – Email from addresses on Black List
rejected For unknown addresses :
Send Challenge to unknown address If valid response received accept the original message.
Automated Techniques for Email Administrators… (contd.) Authentication and Reputation
Reputation system for legitimate servers. Used in conjunction with spam filtering.
Checksum-based filtering Maintain database of checksums of spam emails Compare chechsum of incoming email to detect
DNS Based Blackhole Lists Different kind of lists to indicate servers that send spam
Greylisting Temporarily reject messages from unknown senders Spammers will usually not try resending
Automated Techniques for Email Senders Background checks on new users and
customers Confirmed opt-in for mailing lists
Ongoing Research
Ham passwords Attach ham passwords to email subject line
to verify validity of message Cost-based systems
Stamps - Monetary cost, micro-payments Proof-of-work systems – Computational cost Bonds or Sender-at-risk – Pay cost if
suspicious sender
Conclusion
Arms race between spammers and anti spam techniques
Effective and efficient use of various Anti-Spam techniques as discussed can make spamming less profitable and can prove a way to help FIGHT SPAM.
Distributed Community approach most effective
top related