11.2 Spam

Question 1

Unwanted commercial email

Answer 1

Spam

Question 2

Problem with spam

Answer 2

1) Filters: someone must separate good (HAM) from bad (SPAM)
2) Storage space
3) Security problems (i.e phishing, malware, attempts to steal passwords, etc..)

Question 3

95% of all email

Answer 3

SPAM!

Question 4

How to construct filters

Answer 4

1) Content-based filter (Viagra, bad words, etc…) -> easy to evade
2) Blacklisting (Based on an IP Address)
3) Behavioral features (mail sent a particular time of day, size of the emails, etc…)

Question 5

Quiz:

What are some problems with content-based filters?

Answer 5

Easy for attackers to evade!

Attackers can embed in images, mp3’s excel spreadsheets, etc…

Question 6

Blacklist

Answer 6

Receiver sends query for the senders IP address to a “spamhouse” to see if this IP Address is on a list.

Question 7

Behavior -> filtering on how email is sent

Answer 7

1) Geographic location of sender and receiver
2) Set of target recipients
3) Upstream ISP
4) Botnet??

Question 8

Ephemeral IP Addresses (Making blacklists ineffective)

Answer 8

1) Hijack IP Prefix
2) Send Spam
3) Withdraw

Ephemeral definition:
Ephemerality is the concept of things being transitory, existing only briefly

Question 9

Single-Packet:
    distance between sender and receiver
    Density
    Time of day
Single Message
     # of recipients
     Length of the message
 Aggregates:
     Variation in message length in a group of messages

Answer 9

SNARE - Spatial Temporal Network Level Automated Reputation engine

Combining all of the techniques shown on the left is
70% detection rate for a false positive rate of 0.1%

Only uses network level features