Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Analysis of SMTP Connection Characteristics for Detecting Spam Relays Authors: P. J. Sandford, J. M. Sandford, and D. J. Parish Speaker: Shu-Fen Chiou(

Published byCandace Walsh Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Analysis of SMTP Connection Characteristics for Detecting Spam Relays Authors: P. J. Sandford, J. M. Sandford, and D. J. Parish Speaker: Shu-Fen Chiou("— Presentation transcript:

1 1 Analysis of SMTP Connection Characteristics for Detecting Spam Relays Authors: P. J. Sandford, J. M. Sandford, and D. J. Parish Speaker: Shu-Fen Chiou( 邱淑芬 )

2 2 Outline  Introduction  Spam relay detection  Results  Conclusion  Comments

3 3 E-mail

4 4 Spam relay  Sending mail to a destination via a third- party mail server or proxy server in order to hide the address of the source of the mail.  When e-mail servers (SMTP servers) are used, it is known as an "open relay" or "SMTP relay," and this method was commonly used by spammers in the past when SMTP servers were not locked down.  Today, most spam relay is provided by proxy servers and botnets.

5 5 Prevent spam

6 6 Specific problem Spam relay Compromised host … Mail server Mail server Mail server Spam mail … Mail server Mail server Mail server Spam mail … Mail server Mail server Spam mail …

7 7 Monitoring Architecture

8 8 Legitimate users V.S. spam relays  Number of connections Legitimate users < spam relays  Connect to a mail server Legitimate users: Fewer times an hour. Spam relays: Thousands of emails every hour to hundreds of mail servers.  Daily pattern Legitimate users: Can exhibit. Spam relays: Do not exhibit.

9 9 Result(1/6)  All the example shows come from a single 24 hour period during Sep. 2005.  Total 89,748 hosts were observed. 48 hosts had established over 10,000 SMTP connections. 4 hosts had established over 50,000 SMTP connections.

10 10 Result(2/6) Total: 58,000 SMTP connections Home user

11 11 Result(3/6) 25,000 connections Mail bombs: occur where very large quantities of email are sent to the same address rendering the address unusable.

12 12 Result(4/6) 3,000 connections

13 13 Result(5/6)

14 14 Result(6/6) Total: over 1,600,000 connections

15 15 Conclusions  This paper has shown how spam relays installed on compromised hosts could be identified by the ISP networks on which they are hosted.  Given the large disparity between the SMTP connection profiles of legitimate mail clients and servers and spam relays, an automated process could easily be developed to detect spam relays.

16 16 Comments  提出了一個簡單的方法來預防 spam 。  偵測到 host 是 spam relay 的正確率,方 法的有效性 ?  如何定義連線數量的門檻值,來判定 host 為 spam relay?

Download ppt "1 Analysis of SMTP Connection Characteristics for Detecting Spam Relays Authors: P. J. Sandford, J. M. Sandford, and D. J. Parish Speaker: Shu-Fen Chiou("

Similar presentations

Zhiyun Qian, Z. Morley Mao (University of Michigan)

Zhiyun Qian, Z. Morley Mao (University of Michigan)
第二章 研究主題(研究題 目)與研究問題.

第二章 研究主題(研究題 目)與研究問題.
布林代數的應用--- 全及項(最小項)和全或項(最大項)展開式

布林代數的應用--- 全及項(最小項)和全或項(最大項)展開式
1 ID-Based Proxy Signature Using Bilinear Pairings Author: Jing Xu, Zhenfeng Zhang, and Dengguo Feng Presenter: 林志鴻.

1 ID-Based Proxy Signature Using Bilinear Pairings Author: Jing Xu, Zhenfeng Zhang, and Dengguo Feng Presenter: 林志鴻.
Chapter 2 Random Vectors 與他們之間的性質 (Random vectors and their properties)

Chapter 2 Random Vectors 與他們之間的性質 (Random vectors and their properties)
 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 

 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 
指導教授:陳淑媛 學生:李宗叡 李卿輔.  利用下列三種方法 (Edge Detection 、 Local Binary Pattern 、 Structured Local Edge Pattern) 來判斷是否為場景變換,以方便使用者來 找出所要的片段。

指導教授:陳淑媛 學生:李宗叡 李卿輔.  利用下列三種方法 (Edge Detection 、 Local Binary Pattern 、 Structured Local Edge Pattern) 來判斷是否為場景變換,以方便使用者來 找出所要的片段。
社研法助教課, 2007/04/11 如何閱讀 SPSS 圖表 (迴歸分析篇) By 黃昱珽. 小考題目 大華用 SPSS 得到以下的資料: (圖表見下面) 說明 : BABYMORT = 嬰兒死亡率, GDP_CAP = 一國國民生產毛額, LIT_FEMA = 女性識字率。 資料來源 : 聯合國,

社研法助教課, 2007/04/11 如何閱讀 SPSS 圖表 (迴歸分析篇) By 黃昱珽. 小考題目 大華用 SPSS 得到以下的資料: (圖表見下面) 說明 : BABYMORT = 嬰兒死亡率, GDP_CAP = 一國國民生產毛額, LIT_FEMA = 女性識字率。 資料來源 : 聯合國,
1 Simple Regression ( 簡單迴歸分析 ) Social Research Methods 2109 & 6507 Spring, 2006 March 8, 9, 13, 2006.

1 Simple Regression ( 簡單迴歸分析 ) Social Research Methods 2109 & 6507 Spring, 2006 March 8, 9, 13, 2006.
亂數產生器安全性評估 之統計測試 SEC HW7 姓名:翁玉芬 學號:89321037.

亂數產生器安全性評估 之統計測試 SEC HW7 姓名:翁玉芬 學號:
第一章 信號與系統初論 信號的簡介與DSP的處理方式。 系統特性與穩定性的判定方法。 以MATLAB驗證系統的線性、非時變、因果等特性。

第一章 信號與系統初論 信號的簡介與DSP的處理方式。 系統特性與穩定性的判定方法。 以MATLAB驗證系統的線性、非時變、因果等特性。
大陸軍機偵測 學號 :907134 姓名 : 莊 啟 宏. 大綱 簡介 飛機偵測方法概述 結論 簡介 近年來各國科技發達,衛星利用日漸 廣泛。 利用間諜衛星拍攝的照片判斷他國武 力優劣。 探討如何用衛星影像做飛機偵測。

大陸軍機偵測 學號 : 姓名 : 莊 啟 宏. 大綱 簡介 飛機偵測方法概述 結論 簡介 近年來各國科技發達,衛星利用日漸 廣泛。 利用間諜衛星拍攝的照片判斷他國武 力優劣。 探討如何用衛星影像做飛機偵測。
STAT0_corr1 二變數的相關性  變數之間的關係是統計研究上的一大目標  討論二分類變數的相關性,以列聯表來表示  討論二連續隨機變數時,可以作 x-y 散佈圖觀察它 們的關係強度  以相關係數來代表二者關係的強度.

STAT0_corr1 二變數的相關性  變數之間的關係是統計研究上的一大目標  討論二分類變數的相關性,以列聯表來表示  討論二連續隨機變數時,可以作 x-y 散佈圖觀察它 們的關係強度  以相關係數來代表二者關係的強度.
17-1. 17-2 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc.,All Rights Reserved. 肆 資料分析與表達.

McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc.,All Rights Reserved. 肆 資料分析與表達.
Understanding the Network-Level Behavior of Spammers Anirudh Ramachandran Nick Feamster.

Understanding the Network-Level Behavior of Spammers Anirudh Ramachandran Nick Feamster.
1 793 - Network Connections ★★★☆☆ 題組: Contest Archive with Online Judge 題號: 793 - Network Connections 解題者:蔡宗翰 解題日期: 2008 年 10 月 20 日 題意:給你電腦之間互相連線的狀況後,題.

Network Connections ★★★☆☆ 題組: Contest Archive with Online Judge 題號: Network Connections 解題者:蔡宗翰 解題日期: 2008 年 10 月 20 日 題意:給你電腦之間互相連線的狀況後,題.
Greedy Algorithms. 2 Greedy Methods ( 描述 1) * 解最佳化問題的演算法, 其解題過程可看成是由一 連串的決策步驟所組成, 而每一步驟都有一組選擇 要選定. * 一個 greedy method 在每一決策步驟總是選定那目 前看來最好 的選擇. *Greedy.

Greedy Algorithms. 2 Greedy Methods ( 描述 1) * 解最佳化問題的演算法, 其解題過程可看成是由一 連串的決策步驟所組成, 而每一步驟都有一組選擇 要選定. * 一個 greedy method 在每一決策步驟總是選定那目 前看來最好 的選擇. *Greedy.
1 11324: The largest Clique ★★★★☆ 題組: Contest Archive with Online Judge 題號: 11324: The largest Clique 解題者:李重儀 解題日期: 2008 年 11 月 24 日 題意: 簡單來說,給你一個 directed.

: The largest Clique ★★★★☆ 題組: Contest Archive with Online Judge 題號: 11324: The largest Clique 解題者:李重儀 解題日期: 2008 年 11 月 24 日 題意: 簡單來說,給你一個 directed.
1 11043: Fast and Easy Data Compressor ★★☆☆☆ 題組: Problem Set Archive with Online Judge 題號: 10043: Fast and Easy Data Compressor 解題者:葉貫中 解題日期: 2007 年 3.

: Fast and Easy Data Compressor ★★☆☆☆ 題組: Problem Set Archive with Online Judge 題號: 10043: Fast and Easy Data Compressor 解題者:葉貫中 解題日期: 2007 年 3.
Understanding the Network-Level Behavior of Spammers Mike Delahunty Bryan Lutz Kimberly Peng Kevin Kazmierski John Thykattil By Anirudh Ramachandran and.

Understanding the Network-Level Behavior of Spammers Mike Delahunty Bryan Lutz Kimberly Peng Kevin Kazmierski John Thykattil By Anirudh Ramachandran and.

Similar presentations

Ads by Google