Skip to main content
SpringerLink
Log in
Book cover

International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment

DIMVA 2009: Detection of Intrusions and Malware, and Vulnerability Assessment pp 38–47Cite as

Towards Proactive Spam Filtering (Extended Abstract)

  • Conference paper

  • 995 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5587))

Abstract

With increasing security measures in network services, remote exploitation is getting harder. As a result, attackers concentrate on more reliable attack vectors like email: victims are infected using either malicious attachments or links leading to malicious websites. Therefore efficient filtering and blocking methods for spam messages are needed.

Unfortunately, most spam filtering solutions proposed so far are reactive, they require a large amount of both ham and spam messages to efficiently generate rules to differentiate between both. In this paper, we introduce a more proactive approach that allows us to directly collect spam message by interacting with the spam botnet controllers. We are able to observe current spam runs and obtain a copy of latest spam messages in a fast and efficient way. Based on the collected information we are able to generate templates that represent a concise summary of a spam run. The collected data can then be used to improve current spam filtering techniques and develop new venues to efficiently filter mails.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Andreolini, M., Bulgarelli, A., Colajanni, M., Mazzoni, F.: HoneySpam: Honeypots Fighting Spam at the Source. In: Proceedings of the SRUTI 2005 (2005)

    Google Scholar 

  2. Androutsopoulos, I., Koutsias, J., Chandrinos, K.V., Paliouras, G., Spyropoulos, C.D.: An Evaluation of Naive Bayesian Anti-Spam Filtering. In: Workshop on Machine Learning in the New Information Age (2000)

    Google Scholar 

  3. Drucker, H., Wu, D., Vapnik, V.: Support vector machines for spam categorization. IEEE Transactions on Neural Networks 10(5), 1048–1054 (1999)

    Article  Google Scholar 

  4. Honeynet Project. Know Your Enemy Lite: Proxy Threats – Port v666 (2008), http://honeynet.org/papers/proxy/index.html

  5. John, J.P., Moshchuk, A., Gribble, S.D., Krishnamurthy, A.: Studying Spamming Botnets Using Botlab. In: Proceedings of NSDI 2009 (2009)

    Google Scholar 

  6. Jung, J., Sit, E.: An Empirical Study of Spam Traffic and the Use of DNS Black Lists. In: Proceedings of the 4th ACM Conference on Internet Measurement (2004)

    Google Scholar 

  7. Kim, J., Chung, K., Choi, K.: Spam Filtering With Dynamically Updated URL Statistics. IEEE Security and Privacy 5(4) (2007)

    Google Scholar 

  8. Kreibich, C., Kanich, C., Levchenko, K., Enright, B., Voelker, G.M., Paxson, V., Savage, S.: On the spam campaign trail. In: Proceedings of LEET 2008 (2008)

    Google Scholar 

  9. Lemos, R.: McColo Takedown Nets Massive Drop in Spam (2008), http://www.securityfocus.com/brief/855

  10. Pathak, A., Hu, Y.C., Mao, Z.M.: Peeking into Spammer Behavior from a Unique Vantage Point. In: Proceedings of LEET 2008 (2008)

    Google Scholar 

  11. Provos, N., McNamee, D., Mavrommatis, P., Wang, K., Modadugu, N.: The Ghost in the Browser Analysis of Web-based Malware. In: Proceedings of HotBots 2007 (2007)

    Google Scholar 

  12. Ramachandran, A., Feamster, N.: Understanding the network-level behavior of spammers. SIGCOMM Comput. Commun. Rev. 36(4), 291–302 (2006)

    Article  Google Scholar 

  13. Ramachandran, A., Feamster, N., Dagon, D.: Revealing Botnet Membership Using DNSBL Counter-Intelligence. In: Proceedings of the SRUTI 2006 (2006)

    Google Scholar 

  14. Sahami, M., Dumais, S., Heckerman, D., Horvitz, E.: A Bayesian Approach to Filtering Junk E-Mail. In: Learning for Text Categorization. AAAI Technical Report WS-98-05 (1998)

    Google Scholar 

  15. Stewart, J.: Top Spam Botnets Exposed (April 2008), http://secureworks.com/research/threats/topbotnets/

  16. Stewart, J.: Spam Botnets to Watch in 2009 (January 2009), http://secureworks.com/research/threats/botnets2009/

  17. Venkataraman, S., Sen, S., Spatscheck, O., Haffner, P., Song, D.: Exploiting Network Structure for Proactive Spam Mitigation. In: Proceedings of 16th USENIX Security Symposium (2007)

    Google Scholar 

  18. Wang, Y.-M., Beck, D., Jiang, X., Roussev, R., Verbowski, C., Chen, S., King, S.T.: Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities. In: Proceedings of NDSS 2006 (2006)

    Google Scholar 

  19. Willems, C., Holz, T., Freiling, F.: CWSandbox: Towards Automated Dynamic Binary Analysis. IEEE Security and Privacy 5(2) (2007)

    Google Scholar 

  20. Xie, Y., Yu, F., Achan, K., Panigrahy, R., Hulten, G., Osipkov, I.: Spamming Botnets: Signatures and Characteristics. In: Proceedings of SIGCOMM 2008 (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Laboratory for Dependable Distributed Systems, University of Mannheim, Germany

    Jan Göbel, Thorsten Holz & Philipp Trinius

Authors
  1. Jan Göbel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Thorsten Holz
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Philipp Trinius
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. SAP Research Center Karlsruhe, Karlsruhe, Germany

    Ulrich Flegel

  2. Dipartimento di Informatica e Comunicazione, Università degli Studi di Milano, Milano, Italy

    Danilo Bruschi

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Göbel, J., Holz, T., Trinius, P. (2009). Towards Proactive Spam Filtering (Extended Abstract). In: Flegel, U., Bruschi, D. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2009. Lecture Notes in Computer Science, vol 5587. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02918-9_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-02918-9_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-02917-2

  • Online ISBN: 978-3-642-02918-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation