E-mail bombs and countermeasures: cyber attacks on availability and brand integrity
IEEE Network: The Magazine of Global Internetworking
Detecting Spam at the Network Level
EUNICE '09 Proceedings of the 15th Open European Summer School and IFIP TC6.6 Workshop on The Internet of the Future
Filtering spam from bad neighborhoods
International Journal of Network Management
Hi-index | 0.01 |
In the fast-growing internet applications, email becomes more and more important in communication. SMTP attacks and spam have become one of the most serious problems. Particularly, the SMTP attacks and spam varies on email, for example spoofing address, illegal characters, sending in bulk, too many SMTP commands and so on. A single security technique is not enough to protect the system from these attacks and spam. In this paper, we propose a SMTP Intrusion Prevention System (SIPS) which bases on the concept of Stateful Protocol Anomaly Detection and Flow-based Inspection. SIPS is implemented by a finite state machine to inspect all coming email flows. It is according to the media type of email flow and their characteristics. On the test of a real email environment, our approach can prevent attacks on SMTP attack (mail bomb) average about 95.4% and spam average about 91.1%.