Abstract
With increasing security measures in network services, remote exploitation is getting harder. As a result, attackers concentrate on more reliable attack vectors like email: victims are infected using either malicious attachments or links leading to malicious websites. Therefore efficient filtering and blocking methods for spam messages are needed.
Unfortunately, most spam filtering solutions proposed so far are reactive, they require a large amount of both ham and spam messages to efficiently generate rules to differentiate between both. In this paper, we introduce a more proactive approach that allows us to directly collect spam message by interacting with the spam botnet controllers. We are able to observe current spam runs and obtain a copy of latest spam messages in a fast and efficient way. Based on the collected information we are able to generate templates that represent a concise summary of a spam run. The collected data can then be used to improve current spam filtering techniques and develop new venues to efficiently filter mails.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Andreolini, M., Bulgarelli, A., Colajanni, M., Mazzoni, F.: HoneySpam: Honeypots Fighting Spam at the Source. In: Proceedings of the SRUTI 2005 (2005)
Androutsopoulos, I., Koutsias, J., Chandrinos, K.V., Paliouras, G., Spyropoulos, C.D.: An Evaluation of Naive Bayesian Anti-Spam Filtering. In: Workshop on Machine Learning in the New Information Age (2000)
Drucker, H., Wu, D., Vapnik, V.: Support vector machines for spam categorization. IEEE Transactions on Neural Networks 10(5), 1048–1054 (1999)
Honeynet Project. Know Your Enemy Lite: Proxy Threats – Port v666 (2008), http://honeynet.org/papers/proxy/index.html
John, J.P., Moshchuk, A., Gribble, S.D., Krishnamurthy, A.: Studying Spamming Botnets Using Botlab. In: Proceedings of NSDI 2009 (2009)
Jung, J., Sit, E.: An Empirical Study of Spam Traffic and the Use of DNS Black Lists. In: Proceedings of the 4th ACM Conference on Internet Measurement (2004)
Kim, J., Chung, K., Choi, K.: Spam Filtering With Dynamically Updated URL Statistics. IEEE Security and Privacy 5(4) (2007)
Kreibich, C., Kanich, C., Levchenko, K., Enright, B., Voelker, G.M., Paxson, V., Savage, S.: On the spam campaign trail. In: Proceedings of LEET 2008 (2008)
Lemos, R.: McColo Takedown Nets Massive Drop in Spam (2008), http://www.securityfocus.com/brief/855
Pathak, A., Hu, Y.C., Mao, Z.M.: Peeking into Spammer Behavior from a Unique Vantage Point. In: Proceedings of LEET 2008 (2008)
Provos, N., McNamee, D., Mavrommatis, P., Wang, K., Modadugu, N.: The Ghost in the Browser Analysis of Web-based Malware. In: Proceedings of HotBots 2007 (2007)
Ramachandran, A., Feamster, N.: Understanding the network-level behavior of spammers. SIGCOMM Comput. Commun. Rev. 36(4), 291–302 (2006)
Ramachandran, A., Feamster, N., Dagon, D.: Revealing Botnet Membership Using DNSBL Counter-Intelligence. In: Proceedings of the SRUTI 2006 (2006)
Sahami, M., Dumais, S., Heckerman, D., Horvitz, E.: A Bayesian Approach to Filtering Junk E-Mail. In: Learning for Text Categorization. AAAI Technical Report WS-98-05 (1998)
Stewart, J.: Top Spam Botnets Exposed (April 2008), http://secureworks.com/research/threats/topbotnets/
Stewart, J.: Spam Botnets to Watch in 2009 (January 2009), http://secureworks.com/research/threats/botnets2009/
Venkataraman, S., Sen, S., Spatscheck, O., Haffner, P., Song, D.: Exploiting Network Structure for Proactive Spam Mitigation. In: Proceedings of 16th USENIX Security Symposium (2007)
Wang, Y.-M., Beck, D., Jiang, X., Roussev, R., Verbowski, C., Chen, S., King, S.T.: Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities. In: Proceedings of NDSS 2006 (2006)
Willems, C., Holz, T., Freiling, F.: CWSandbox: Towards Automated Dynamic Binary Analysis. IEEE Security and Privacy 5(2) (2007)
Xie, Y., Yu, F., Achan, K., Panigrahy, R., Hulten, G., Osipkov, I.: Spamming Botnets: Signatures and Characteristics. In: Proceedings of SIGCOMM 2008 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Göbel, J., Holz, T., Trinius, P. (2009). Towards Proactive Spam Filtering (Extended Abstract). In: Flegel, U., Bruschi, D. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2009. Lecture Notes in Computer Science, vol 5587. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02918-9_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-02918-9_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-02917-2
Online ISBN: 978-3-642-02918-9
eBook Packages: Computer ScienceComputer Science (R0)