Design, Implementation and Test of an Email Virus Throttle
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
An empirical study of spam traffic and the use of DNS black lists
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Distributed Tarpitting: Impeding Spam Across Multiple Servers
LISA '03 Proceedings of the 17th USENIX conference on System administration
Awarded Best Paper! - Scalable Centralized Bayesian Spam Mitigation with Bogofilter
LISA '04 Proceedings of the 18th USENIX conference on System administration
A framework for MAC protocol misbehavior detection in wireless networks
Proceedings of the 4th ACM workshop on Wireless security
Fast statistical spam filter by approximate classifications
SIGMETRICS '06/Performance '06 Proceedings of the joint international conference on Measurement and modeling of computer systems
Understanding the network-level behavior of spammers
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Email prioritization: reducing delays on legitimate mail caused by junk mail
ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
HoneySpam: honeypots fighting spam at the source
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Distributed quota enforcement for spam control
NSDI'06 Proceedings of the 3rd conference on Networked Systems Design & Implementation - Volume 3
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Incorporating accountability into internet email
Proceedings of the 2009 ACM symposium on Applied Computing
Who is tweeting on Twitter: human, bot, or cyborg?
Proceedings of the 26th Annual Computer Security Applications Conference
gPath: a game-theoretic path selection algorithm to protect Tor's anonymity
GameSec'10 Proceedings of the First international conference on Decision and game theory for security
Attacks against process control systems: risk assessment, detection, and response
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
E-commerce: protecting purchaser privacy to enforce trust
Electronic Commerce Research
Detecting social spam campaigns on twitter
ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
| Hi-index | 0.00 |
Laundering email spam through open-proxies or compromised PCs is a widely-used trick to conceal real spam sources and reduce spamming cost in underground email spam industry. Spammers have been plaguing the Internet by exploiting a large number of spam proxies. The facility of breaking spam laundering and deterring spamming activities close to their sources, which would greatly benefit not only email users but also victim ISPs, is in great demand but still missing. In this paper, we reveal one salient characteristic of proxy-based spamming activities, namely packet symmetry, by analyzing protocol semantics and timing causality. Based on the packet symmetry exhibited in spam laundering, we propose a simple and effective technique, DBSpam, to on-line detect and break spam laundering activities inside a customer network. Monitoring the bi-directional traffic passing through a network gateway, DBSpam utilizes a simple statistical method, Sequential Probability Ratio Test, to detect the occurrence of spam laundering in a timely manner. To balance the goals of promptness and accuracy, we introduce a noise-reduction technique in DBSpam, after which the laundering path can be identified more accurately. Then, DBSpam activates its spam suppressing mechanism to break the spam laundering. We implement a prototype of DBSpam based on libpcap, and validate its efficacy through both theoretical analyses and trace-based experiments.