Design, Implementation and Test of an Email Virus Throttle
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Fighting the spam wars: A remailer approach with restrictive aliasing
ACM Transactions on Internet Technology (TOIT)
An empirical study of spam traffic and the use of DNS black lists
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Distributed Tarpitting: Impeding Spam Across Multiple Servers
LISA '03 Proceedings of the 17th USENIX conference on System administration
Awarded Best Paper! - Scalable Centralized Bayesian Spam Mitigation with Bogofilter
LISA '04 Proceedings of the 18th USENIX conference on System administration
A framework for MAC protocol misbehavior detection in wireless networks
Proceedings of the 4th ACM workshop on Wireless security
Combining email models for false positive reduction
Proceedings of the eleventh ACM SIGKDD international conference on Knowledge discovery in data mining
Fast statistical spam filter by approximate classifications
SIGMETRICS '06/Performance '06 Proceedings of the joint international conference on Measurement and modeling of computer systems
Understanding the network-level behavior of spammers
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Email prioritization: reducing delays on legitimate mail caused by junk mail
ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
HoneySpam: honeypots fighting spam at the source
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Distributed quota enforcement for spam control
NSDI'06 Proceedings of the 3rd conference on Networked Systems Design & Implementation - Volume 3
NSDI'06 Proceedings of the 3rd conference on Networked Systems Design & Implementation - Volume 3
Approximate object location and spam filtering on peer-to-peer systems
Proceedings of the ACM/IFIP/USENIX 2003 International Conference on Middleware
On the effectiveness of IP reputation for spam filtering
COMSNETS'10 Proceedings of the 2nd international conference on COMmunication systems and NETworks
SpaDeS: Detecting spammers at the source network
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
Laundering e-mail spam through open-proxies or compromised PCs is a widely-used trick to conceal real spam sources and reduce spamming cost in the underground e-mail spam industry. Spammers have plagued the Internet by exploiting a large number of spam proxies. The facility of breaking spam laundering and deterring spamming activities close to their sources, which would greatly benefit not only e-mail users but also victim ISPs, is in great demand but still missing. In this article, we reveal one salient characteristic of proxy-based spamming activities, namely packet symmetry, by analyzing protocol semantics and timing causality. Based on the packet symmetry exhibited in spam laundering, we propose a simple and effective technique, DBSpam, to online detect and break spam laundering activities inside a customer network. Monitoring the bidirectional traffic passing through a network gateway, DBSpam utilizes a simple statistical method, Sequential Probability Ratio Test, to detect the occurrence of spam laundering in a timely manner. To balance the goals of promptness and accuracy, we introduce a noise-reduction technique in DBSpam, after which the laundering path can be identified more accurately. Then DBSpam activates its spam suppressing mechanism to break the spam laundering. We implement a prototype of DBSpam based on libpcap, and validate its efficacy on spam detection and suppression through both theoretical analyses and trace-based experiments.