Spam & Phishing. Aggelos Kiayias

Size: px

Start display at page:

Download "Spam & Phishing. Aggelos Kiayias"

Hilary Norris
5 years ago
Views:

1 Spam & Phishing Aggelos Kiayias

2 What is Spam?

3 What is the relation? The Spam Sketch in Monty Python s Flying Circus, 1970

4 Word Filtering Simple filtering: example: if an contains the strings offer and!!!! it is spam. Advantages: very simple to configure. Disadvantages: can be circumvented relatively easily. may kill useful messages.

5 Rule based Scoring Direct extension of word filtering. Each has a score that starts at 0. Inclusion of spam related words add to the score of the . If the score exceeds a threshold then the is classified as spam. Advantage: can be calibrated according to user; catches spam better than word-filtering. spamassasin

6 Black/White-listings Black-listing: reject all s from this list Problem: spammers change s rapidly; catches only small amount of spam White-listing: accept all s from this list Problem: receiving from people you don t know! Possible way-out: ask for verification a@a.com b@b.com c@c.com d@d.com... Example: Active Spam Killer

7 Bayesian Filtering More sophisticated than rule-based scoring. More easy to configure. Can be tuned to a specific users traffic. bogofilter also incorporated into Thunderbird, Mac-OS, Windows etc.

8 Bayesian Spam Filtering Message is treated as a set of words = {w 1,..., w N } Message is classified as spam if the SPAM probability given the words of the exceeds a threshold. Prob[SPAM w 1, w 2,... w N ] threshold

9 Computing SPAM Probability Prob[SPAM w 1, w 2,... w N ] = Prob[w 1, w 2,..., w N SPAM] Prob[SPAM] = Prob[w 1, w 2,..., w N ] Qn Prob[SPAM] i=1 Prob[w i SPAM] Q n i=1 Prob[w i] independence assumption = Prob[SPAM] Qn i=1 Prob[w i SPAM] Q n i=1 (Prob[w i SPAM] Prob[SPAM] + Prob[w i SPAM] Prob[ SPAM]

10 Training Estimation of Probabilities Prob[w SPAM] probability word appears in a SPAM Prob[w SPAM] probability word appears in a non- SPAM message Training can be achieved by using test-data, interactively etc.

11 contains viagra funny jason Example Training: Prob[viagra SPAM] = 0.81 Prob[funny SPAM] = 0.62 Prob[jason SPAM] = 0.25 Prob[viagra SPAM] = 0.10 Prob[funny SPAM] = 0.43 Prob[jason SPAM] = ( )( )( ) = 38.9% Without jason ( )( ) = 98.8%

12 Hash-based Identification mail server? 1 2 Is this spam? hash server 3 user server example: Distributed Checksum Clearinghouse Problem: hashbusters

13 Cost-Based Sending s is too cheap! Solution 1: pay for s with electronic coins. Will make it too costly to send spam. Solution 2: in order to send an do some work (e.g., solve a puzzle). Will require too much computational effort to send spam.

14 Phishing Phish personal information out of users. Typically uses spam as a lure to get a user hooked up. The next level of social engineering. Projected damages > $1,000,000,000 source

15 Phishing Example emphasis added

16 Phishing Example Sign In We ask you to sign in to protect your credit card and other personal information. Enter your address: I do not have an Amazon.com password. (You'll create a password later.) I am a returning customer, and my password is: Phishing archive for more Forgotten your password? Click here. By clicking Continue, you are signing in on our secure server. The information you enter will be encrypted and safe. If you tried to use the secure server but received an error message, sign in using our instead. Conditions of Use Privacy Notice , Amazon.com, Inc. or its affiliates.

17 Phishing Checklist Prepare fake web-site (HTML editors + ripping a legitimate web-site). Setup a web-server on a compromised host. Redirect traffic to fake web-server. How? DNS Poisoning Spam For more information see

18 Phishing Defenses Anti-spamming. User education. Improved branding techniques: User-based branding. Certification authority branding (requires modifications in the web-browser).

19 Spear Phishing Targeted Attacks RSA Attack Uconn - Your Inbox Almost Full Mandiant Report - Mandiant_APT2_Report.pdf

20 Watering Hole Attack planting malware at sites deemed most likely to be visited by the targets of interest

Security and Privacy. Xin Liu Computer Science University of California, Davis. Introduction 1-1

Security and Privacy. Xin Liu Computer Science University of California, Davis. Introduction 1-1 Security and Privacy Xin Liu Computer Science University of California, Davis Introduction 1-1 What is network security? Confidentiality: only sender, intended receiver should understand message contents