Spamming Botnets: Signatures and Characteristics
|
|
- Joseph Rogers
- 5 years ago
- Views:
Transcription
1 Spamming Botnets: Signatures and Characteristics Himanshu Jethawa Department of Computer Science Missouri University of Science and Technology October/ pdf 9 Nov 2016 Network Security Presentation 2016 Himanshu Jethawa
2 Introduction AutoRE Presentation Overview Outline Automatic URL Regular Expression Generation Results Botnet Validation Conclusion 9 Nov 2016 Network Security Presentation 2
3 Introduction AutoRE Presentation Overview Introduction Automatic URL Regular Expression Generation Results Botnet Validation Conclusion 9 Nov 2016 Network Security Presentation 3
4 Introduction Botnets have been widely used for sending spam s Goal Perform large scale analysis of spamming botnet characteristics Identify trends that can benefit future botnet detection and defense mechanisms Detect botnet membership Track sending behavior 9 Nov 2016 Network Security Presentation 4
5 Knowing botnet members allows to know future nefarious activities such as DDoS Attacks Phishing Spam s often contain multiple URLS, some are legitimate Use of AutoRE framework Identifies botnet hosts Introduction Continued Generates botnet spam signatures from s 9 Nov 2016 Network Security Presentation 5
6 Introduction AutoRE Presentation Overview Outline Automatic URL Regular Expression Generation Results Botnet Validation Conclusion 9 Nov 2016 Network Security Presentation 6
7 AutoRE Figure 9 Nov 2016 Network Security Presentation 7
8 AutoRE URL Pre-Processing Input: Untagged s(spam/not spam) Extracts URL string, source server IP address and sending time URLs are then grouped based on their web domains 9 Nov 2016 Network Security Presentation 8
9 AutoRE URL Group Selection Which group characterizes an underlying spam campaign? Selection made on bursty property Si(n)- number of IP addresses which send atleast one URL in ith group during nth-window Sharp spikes in Si(n) used to rank URL groups 9 Nov 2016 Network Security Presentation 9
10 AutoRE Signature Generation and Botnet Identification For a group of URLs from a domain, two types of signatures generated: Complete URL based signature Regular expression signature In both cases, signatures are required to satisfy properties: Bursty (5 days, no discarding) Distributed (20 ASes) Specific (information entropy metric for matching for random URL with a signature) 9 Nov 2016 Network Security Presentation 10
11 AutoRE Regular Expression Generator Used for generation of regular expression from polymorphic URLs Input: Set of polymorphic URLs Modules: Signature Tree Construction Regular Expression Generation Signature Quality Evaluation 9 Nov 2016 Network Security Presentation 11
12 AutoRE Regular Expression Generator Signature Tree Construction 9 Nov 2016 Network Security Presentation 12
13 AutoRE Regular Expression Generator Detailing: Domain specific regular expression Generalization: Conversion of domain-specific regular expression to domain-agnostic one 9 Nov 2016 Network Security Presentation 13
14 AutoRE Regular Expression Generator Signature Quality Evaluation Measure quality of signature Discard too general signatures Entropy reduction Quantify probability of random string matching signature B(u) Be(u) AutoRE discards signatures whose entropy reductions are smaller than a preset threshold 9 Nov 2016 Network Security Presentation 14
15 Introduction AutoRE Presentation Overview Outline Automatic URL Regular Expression Generation Results Botnet Validation Conclusion 9 Nov 2016 Network Security Presentation 15
16 Results Dataset Hotmail messages but not from those Ips blacklisted by SpamHaus Identified 7,721 botnet-based spam campaigns 580,466 spam messages sent from 340,050 distinct botnet host IP addresses spanning 5,916 ASes. 9 Nov 2016 Network Security Presentation 16
17 Results Graphs Figure shows comparison of number of regular expressions before generalization and after generalization for three different months It is evident and obvious that after generalization, number declines Conversion from domain-specific to domain-agnostic regular expressions 9 Nov 2016 Network Security Presentation 17
18 Results Graphs Percentage of spam generated by botnets out of the of total spams is shown in the figure Simple URLs are majority in the total number of spams by botnets around 80% Spams based on regular expressions are around 20% Percentage of spam captured by AutoRE signatures 9 Nov 2016 Network Security Presentation 18
19 Introduction AutoRE Presentation Overview Outline Automatic URL Regular Expression Generation Results Botnet Validation Conclusion 9 Nov 2016 Network Security Presentation 19
20 Validation Hotmail s are already tagged by users as spam/non-spam The labels generated by AutoRE are compared with the labels by users In the figure: CU- Complete URL RE- Regular expression Data for three different months was taken False positive rate of AutoRE signatures- fraction of non-spam s matching signature out of total non-spam s 9 Nov 2016 Network Security Presentation 20
21 Validation It is evident from the figure that False Positive Rate(Regular Expression) << False Positive Rate(Conjunction of frequent keywords) Comparison of approaches 9 Nov 2016 Network Security Presentation 21
22 Validation It is evident that after generalization, number of spam s captured were more compared to before Number of spams captured by RE signatures 9 Nov 2016 Network Security Presentation 22
23 Conclusion Botnet hosts are widespread across the internet detecting and blacklisting individual botnet host will continue to remain a challenging task Demonstration of feasibility of detecting botnet hosts using botnet spam signatures Comparison of data from different time period concludes that botnets are getting increasingly sophisticated 9 Nov 2016 Network Security Presentation 23
24 References Xie, Yinglian, et al. "Spamming botnets: signatures and characteristics." ACM SIGCOMM Computer Communication Review 38.4 (2008): Nov 2016 Network Security Presentation 24
25 THANK YOU 9 Nov 2016 Network Security Presentation 25
Botnet Spam Campaigns Can Be Long Lasting: Evidence, Implications, and Analysis
Botnet Spam Campaigns Can Be Long Lasting: Evidence, Implications, and Analysis Abhinav Pathak, Feng Qian 2, Y. Charlie Hu, Z. Morley Mao 2, and Supranamaya Ranjan 3 Purdue University, West Lafayette,
More informationDetecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine
Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine Shuang Hao, Nadeem Ahmed Syed, Nick Feamster, Alexander G. Gray, Sven Krasser Motivation Spam: More than Just a
More informationRe-wiring Activity of Malicious Networks
Re-wiring Activity of Malicious Networks Maria Konte and Nick Feamster Georgia Institute of Technology {mkonte,feamster}@cc.gatech.edu Abstract. This paper studies the AS-level re-wiring dynamics (changes
More informationSecurity Gap Analysis: Aggregrated Results
Email Security Gap Analysis: Aggregrated Results Average rates at which enterprise email security systems miss spam, phishing and malware attachments November 2017 www.cyren.com 1 Email Security Gap Analysis:
More informationBOTMAGNIFIER: Locating Spambots on the Internet
BOTMAGNIFIER: Locating Spambots on the Internet Gianluca Stringhini, Thorsten Holz, Brett Stone-Gross, Christopher Kruegel, and Giovanni Vigna University of California, Santa Barbara Ruhr-University Bochum
More informationRevealing Botnet Membership Using DNSBL Counter-Intelligence
Revealing Botnet Membership Using DNSBL Counter-Intelligence David Dagon dagon@cc.gatech.edu Anirudh Ramachandran, Nick Feamster, College of Computing, Georgia Tech From the presses Botnets send masses
More informationDetecting Malicious Web Links and Identifying Their Attack Types
Detecting Malicious Web Links and Identifying Their Attack Types Anti-Spam Team Cellopoint July 3, 2013 Introduction References A great effort has been directed towards detection of malicious URLs Blacklisting
More information«On the Internet, nobody knows you are a dog» Twenty years later
«On the Internet, nobody knows you are a dog» Twenty years later This lecture is about identity and authenticity, but also other security properties. It is largely about the Internet, but some of this
More informationDe-anonymizing the Internet Using Unreliable IDs
De-anonymizing the Internet Using Unreliable IDs Yinglian Xie, Fang Yu, and Martín Abadi Microsoft Research Silicon Valley ABSTRACT Today s Internet is open and anonymous. While it permits free traffic
More informationPhishing Activity Trends Report October, 2004
Phishing Activity Trends Report October, 2004 Phishing is a form of online identity theft that uses spoofed emails designed to lure recipients to fraudulent websites which attempt to trick them into divulging
More informationDixit Verma Characterization and Implications of Flash Crowds and DoS attacks on websites
Characterization and Implications of Flash Crowds and DoS attacks on websites Dixit Verma Department of Electrical & Computer Engineering Missouri University of Science and Technology dv6cb@mst.edu 9 Feb
More informationReduce Your Network's Attack Surface
WHITE PAPER Reduce Your Network's Attack Surface Ixia's ThreatARMOR Frees Up Security Resources and Personnel The Threat Landscape When you re dealing with network security, one of the primary measurements
More informationCache memories are small, fast SRAM-based memories managed automatically in hardware. Hold frequently accessed blocks of main memory
Cache Memories Cache memories are small, fast SRAM-based memories managed automatically in hardware. Hold frequently accessed blocks of main memory CPU looks first for data in caches (e.g., L1, L2, and
More informationTable of Contents. What is AgencyBloc?...3. Why Metrics?...4. The Metrics Open Rate...5. Click Rate...6. List Size...
Table of Contents In this ebook, you ll learn about why you should be measuring certain metrics within your email marketing campaigns and how to measure them. After all, without measurement, you ll never
More informationFortiGuard Antispam. Frequently Asked Questions. High Performance Multi-Threat Security Solutions
FortiGuard Antispam Frequently Asked Questions High Performance Multi-Threat Security Solutions Q: What is FortiGuard Antispam? A: FortiGuard Antispam Subscription Service (FortiGuard Antispam) is the
More informationANALYSIS AND EVALUATION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS IDENTIFICATION METHODS
ANALYSIS AND EVALUATION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS IDENTIFICATION METHODS Saulius Grusnys, Ingrida Lagzdinyte Kaunas University of Technology, Department of Computer Networks, Studentu 50,
More informationMarshal s Defense-in-Depth Anti-Spam Engine
Marshal s Defense-in-Depth Anti-Spam Engine January 2008 Contents Overview 2 Features 3 Summary 6 This whitepaper explores the underlying anti-spam and anti-phishing defense technology in Marshal s world
More informationHTTP BASED BOT-NET DETECTION TECHNIQUE USING APRIORI ALGORITHM WITH ACTUAL TIME DURATION
International Journal of Computer Engineering and Applications, Volume XI, Issue III, March 17, www.ijcea.com ISSN 2321-3469 HTTP BASED BOT-NET DETECTION TECHNIQUE USING APRIORI ALGORITHM WITH ACTUAL TIME
More informationTwi$er s Trending Topics exploita4on pa$erns
Twi$er s Trending Topics exploita4on pa$erns Despoina Antonakaki Paraskevi Fragopoulou, So6ris Ioannidis isocial Mee6ng, February 4-5th, 2014 Online Users World popula6ons percentage of online users: 39%
More informationExploring the ecosystem of malicious domain registrations in the.eu TLD
Exploring the ecosystem of malicious domain registrations in the.eu TLD Lieven Desmet OWASP BeNeLux Day 2017 Tilburg, NL Lieven.Desmet@cs.kuleuven.be @lieven_desmet Joint research between KU Leuven and
More informationIRONSCALES Federation Combines Human Intelligence with Machine Learning to Discover & Stop Spear-Phishing Attacks
IRONSCALES Federation Combines Human Intelligence with Machine Learning to Discover & Stop Spear-Phishing Attacks Phishing attacks have evolved in sophistication and frequency since they first originated
More informationNeighborWatcher: A Content-Agnostic Comment Spam Inference System
NeighborWatcher: A Content-Agnostic Comment Spam Inference System Jialong Zhang and Guofei Gu Secure Communication and Computer Systems Lab Department of Computer Science & Engineering Texas A&M University
More informationPolymorphic Blending Attacks. Slides by Jelena Mirkovic
Polymorphic Blending Attacks Slides by Jelena Mirkovic 1 Motivation! Polymorphism is used by malicious code to evade signature-based IDSs Anomaly-based IDSs detect polymorphic attacks because their byte
More informationBank of america report phishing
Search Search pages & people Search Search Search pages & people Search Bank of america report phishing email We recently discovered a new phishing scam from a Bank of America spam email some reports that
More informationDelay Injection for. Service Dependency Detection
Delay Injection for Service Dependency Detection Richard A. Kemmerer Computer Security Group Department of Computer Science University of California, Santa Barbara http://seclab.cs.ucsb.edu ARO/MURI Meeting
More informationDESIGN AND DEVELOPMENT OF MAC LAYER BASED DEFENSE ARCHITECTURE FOR ROQ ATTACKS IN WLAN
------------------- CHAPTER 4 DESIGN AND DEVELOPMENT OF MAC LAYER BASED DEFENSE ARCHITECTURE FOR ROQ ATTACKS IN WLAN In this chapter, MAC layer based defense architecture for RoQ attacks in Wireless LAN
More informationUNIK: Unsupervised Social Network Spam Detection
UNIK: Unsupervised Social Network Spam Detection Enhua Tan,LeiGuo 2,SongqingChen 3,XiaodongZhang 2,andYihong(Eric)Zhao 4 LinkedIn entan@linkedin.com 2 Ohio State University 3 George Mason {lguo,zhang}@cse.ohiostate.edu
More informationVulnerability Disclosure in the Age of Social Media: Exploiting Twitter for Predicting Real-World Exploits
Vulnerability Disclosure in the Age of Social Media: Exploiting Twitter for Predicting Real-World Exploits Carl Sabottke Octavian Suciu Tudor Dumitraș University of Maryland 2 Problem Increasing number
More informationHillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis
Hillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis Keywords: Intelligent Next-Generation Firewall (ingfw), Unknown Threat, Abnormal Parameter, Abnormal Behavior,
More informationDetecting Botnets Using Cisco NetFlow Protocol
Detecting Botnets Using Cisco NetFlow Protocol Royce Clarenz C. Ocampo 1, *, and Gregory G. Cu 2 1 Computer Technology Department, College of Computer Studies, De La Salle University, Manila 2 Software
More informationDocument version Cohorts
Document version 1.1 2018 Cohorts Table of contents 1 Cohorts overview 2 Date of first visit 2.1 Predefined analyses 2.2 Daily and weekly cohorts 2.3 Filtering cohorts 2.4 Use Cases 3 Time since first
More informationHOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL
HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL CONTENTS EXECUTIVE SUMMARY 1 WEB APPLICATION SECURITY CHALLENGES 2 INSIST ON BEST-IN-CLASS CORE CAPABILITIES 3 HARNESSING ARTIFICIAL INTELLIGENCE
More informationTraceback Attacks in Cloud Pebbletrace Botnet nd International Conference on Distributed Computing Systems Workshops Wenjie Lin, David Lee
Traceback Attacks in Cloud Pebbletrace Botnet 2012 32nd International Conference on Distributed Computing Systems Workshops Wenjie Lin, David Lee Outline Introduction Key Identification Botnet attack in
More informationBeyond Blind Defense: Gaining Insights from Proactive App Sec
Beyond Blind Defense: Gaining Insights from Proactive App Sec Speaker Rami Essaid CEO Distil Networks Blind Defense Means Trusting Half Your Web Traffic 46% of Web Traffic is Bots Source: Distil Networks
More informationProtecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper
Protecting DNS Critical Infrastructure Solution Overview Radware Attack Mitigation System (AMS) - Whitepaper Table of Contents Introduction...3 DNS DDoS Attacks are Growing and Evolving...3 Challenges
More informationDeveloping the Sensor Capability in Cyber Security
Developing the Sensor Capability in Cyber Security Tero Kokkonen, Ph.D. +358504385317 tero.kokkonen@jamk.fi JYVSECTEC JYVSECTEC - Jyväskylä Security Technology - is the cyber security research, development
More informationTemporal Correlations between Spam and Phishing Websites
Temporal Correlations between Spam and Phishing Websites, Richard Clayton and Henry Stern Center for Research on Computation and Society Harvard University USENIX LEET 09 Boston, MA April 21, 2009 Outline
More informationAnalyzing Dshield Logs Using Fully Automatic Cross-Associations
Analyzing Dshield Logs Using Fully Automatic Cross-Associations Anh Le 1 1 Donald Bren School of Information and Computer Sciences University of California, Irvine Irvine, CA, 92697, USA anh.le@uci.edu
More informationSymantec Protection Suite Add-On for Hosted Security
Symantec Protection Suite Add-On for Hosted Email Security Overview Malware and spam pose enormous risk to the health and viability of IT networks. Cyber criminal attacks are focused on stealing money
More informationDiscovering Phishing Dropboxes Using Metadata
Discovering Phishing Dropboxes Using Email Metadata Tyler Moore 1 and Richard Clayton 2 Computer Science & Engineering Department, Southern Methodist University, Dallas, TX 1 Computer Laboratory, University
More informationContent Success Factors Data-Driven Performance Insights For 2016
Content Success Factors Data-Driven Performance Insights For 2016 Slides! hmny.co/lotsofcontentdata 2 So let s get the definition of success out of the way. 3 Your Goal: Brand Awareness Engagement Conversion
More informationFlowzilla: A Methodology for Detecting Data Transfer Anomalies in Research Networks. Anna Giannakou, Daniel Gunter, Sean Peisert
Flowzilla: A Methodology for Detecting Data Transfer Anomalies in Research Networks Anna Giannakou, Daniel Gunter, Sean Peisert Research Networks Scientific applications that process large amounts of data
More informationAdaptiveMobile Security Practice
AdaptiveMobile Security Practice Overview & Case Study AdaptiveMobile s Security Practice provide a suite of managed security services undertaking analysis of potential threats in networks and delivering
More informationNetwork Security Detection With Data Analytics (PREDATOR)
CIS-601 Graduate Seminar Network Security Detection With Data Analytics (PREDATOR) PRESENTED BY :RAJAN SHARMA CSU ID: 2659829 GUIDED BY : Dr. SUNNIE CHUNG Overview Introduction Feature Extraction and Machine
More informationdeseo: Combating Search-Result Poisoning Yu USF
deseo: Combating Search-Result Poisoning Yu Jin @MSCS USF Your Google is not SAFE! SEO Poisoning - A new way to spread malware! Why choose SE? 22.4% of Google searches in the top 100 results > 50% for
More informationMonthly SEO Report. Example Client 16 November 2012 Scott Lawson. Date. Prepared by
Date Monthly SEO Report Prepared by Example Client 16 November 212 Scott Lawson Contents Thanks for using TrackPal s automated SEO and Analytics reporting template. Below is a brief explanation of the
More informationPDF Mirage: Content Masking Attack Against Information-Based Online Services
PDF Mirage: Content Masking Attack Against Information-Based Online Services Ian Markwood*, Dakun Shen*, Yao Liu, and Zhuo Lu University of South Florida *Co-first authors Presented by Ian Markwood Outline
More informationThe evolution of malevolence
Detection of spam hosts and spam bots using network traffic modeling Anestis Karasaridis Willa K. Ehrlich, Danielle Liu, David Hoeflin 4/27/2010. All rights reserved. AT&T and the AT&T logo are trademarks
More informationPerimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN
T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN Perimeter Defenses Enterprises need to take their security strategy beyond stacking up layers of perimeter defenses to building up predictive
More informationCybersecurity. Anna Chan, Marketing Director, Akamai Technologies
Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile Business devices and Continuity data collection. & Cybersecurity Anna Chan, Marketing Director,
More informationBe certain. MessageLabs Intelligence: May 2006
Be certain MessageLabs Intelligence: May 2006 Introduction Welcome to the May edition of the MessageLabs Intelligence monthly report. This report provides the latest threat trends for May 2006 to keep
More informationAn Empirical Study of Behavioral Characteristics of Spammers: Findings and Implications
An Empirical Study of Behavioral Characteristics of Spammers: Findings and Implications Zhenhai Duan, Kartik Gopalan, Xin Yuan Abstract In this paper we present a detailed study of the behavioral characteristics
More informationCorrelation and Phishing
A Trend Micro Research Paper Email Correlation and Phishing How Big Data Analytics Identifies Malicious Messages RungChi Chen Contents Introduction... 3 Phishing in 2013... 3 The State of Email Authentication...
More informationChapter 2 Malicious Networks for DDoS Attacks
Chapter 2 Malicious Networks for DDoS Attacks Abstract In this chapter, we explore botnet, the engine of DDoS attacks, in cyberspace. We focus on two recent techniques that hackers are using to sustain
More informationMinimizing Collateral Damage by Proactive Surge Protection
Minimizing Collateral Damage by Proactive Surge Protection Jerry Chou, Bill Lin University of California, San Diego Subhabrata Sen, Oliver Spatscheck AT&T Labs-Research ACM SIGCOMM LSAD Workshop, Kyoto,
More informationProbabilistic Performance Analysis of Moving Target and Deception Reconnaissance Defenses
Probabilistic Performance Analysis of Moving Target and Deception Reconnaissance Defenses Michael Crouse, Bryan Prosser and Errin W. Fulp WAKE FOREST U N I V E R S I T Y Department of Computer Science
More informationStudying Spamming Botnets Using Botlab
Studying Spamming Botnets Using Botlab John P. John Alexander Moshchuk Steven D. Gribble Arvind Krishnamurthy Abstract In this paper we present Botlab, a platform that continually monitors and analyzes
More informationCommtouch Messaging Security for Hosting Providers
Commtouch Messaging Security for Hosting Providers September 2009 nospam@commtouch.com www.commtouch.com blog.commtouch.com About Commtouch Since 1991 NASDAQ: CTCH Profitable Double digit growth Over 100
More informationProlexic Attack Report Q4 2011
Prolexic Attack Report Q4 2011 Prolexic believes the nature of DDoS attacks are changing: they are becoming more concentrated and damaging. Packet-per-second volume is increasing dramatically, while attack
More informationMethod to Study and Analyze Fraud Ranking In Mobile Apps
Method to Study and Analyze Fraud Ranking In Mobile Apps Ms. Priyanka R. Patil M.Tech student Marri Laxman Reddy Institute of Technology & Management Hyderabad. Abstract: Ranking fraud in the mobile App
More informationTest-king q
Test-king 700-280 64q Number: 700-280 Passing Score: 800 Time Limit: 120 min File Version: 28.5 http://www.gratisexam.com/ 700-280 Email Security for Field Engineers Passed on 2-02-15 with an 890. Dump
More informationCORE for Anti-Spam. - Innovative Spam Protection - Mastering the challenge of spam today with the technology of tomorrow
CORE for Anti-Spam - Innovative Spam Protection - Mastering the challenge of spam today with the technology of tomorrow Contents 1 Spam Defense An Overview... 3 1.1 Efficient Spam Protection Procedure...
More informationTechnical Brief: Domain Risk Score Proactively uncover threats using DNS and data science
Technical Brief: Domain Risk Score Proactively uncover threats using DNS and data science 310 Million + Current Domain Names 11 Billion+ Historical Domain Profiles 5 Million+ New Domain Profiles Daily
More informationPassword Guessing Resistant Protocol
RESEARCH ARTICLE OPEN ACCESS Password Guessing Resistant Protocol Arya Kumar #1, A. K. Gupta *2 # Student, M.E. Computer, JSCOE, Pune, University of Pune * Associate Professor, JSCOE, Pune, University
More informationBotGraph: Large Scale Spamming Botnet Detec5on
BotGraph: Large Scale Spamming Botnet Detec5on Yao Zhao Yinglian Xie *, Fang Yu *, Qifa Ke *, Yuan Yu *, Yan Chen and Eliot Gillum EECS Department, Northwestern University MicrosoK Research Silicon Valley
More informationVenusense UTM Introduction
Venusense UTM Introduction Featuring comprehensive security capabilities, Venusense Unified Threat Management (UTM) products adopt the industry's most advanced multi-core, multi-thread computing architecture,
More informationEmpirically Based Analysis: The DDoS Case
Empirically Based Analysis: The DDoS Case Jul 22 nd, 2004 CERT Analysis Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 The CERT Analysis Center is part of the
More informationAn Empirical Study of Spam and Spam Vulnerable Accounts
An Empirical Study of Spam and Spam Vulnerable email Accounts Abstract Spam messages muddle up users inbox, consume network resources, and build up DDoS attacks, spread malware. Our goal is to present
More informationAutomating Security Response based on Internet Reputation
Add Your Logo here Do not use master Automating Security Response based on Internet Reputation IP and DNS Reputation for the IPS Platform Anthony Supinski Senior Systems Engineer www.h3cnetworks.com www.3com.com
More informationKorea Phishing Activity Trends Report
Korea Phishing Activity Trends Report June, 2006 Issued by KrCERT/CC, Korea Internet Security Center Korea Phishing Activity Trends Report analyzes phishing attacks reported to KrCERT/CC via the organization
More informationAssessing the Gap: Measure the Impact of Phishing on an Organization
Annual ADFSL Conference on Digital Forensics, Security and Law 2016 May 26th, 9:00 AM Assessing the Gap: Measure the Impact of Phishing on an Organization Brad Wardman PayPal Inc., brad.wardman@yahoo.com
More informationReal-Time Model-Free Detection of Low-Quality Synchrophasor Data
Real-Time Model-Free Detection of Low-Quality Synchrophasor Data Meng Wu and Le Xie Department of Electrical and Computer Engineering Texas A&M University College Station, TX NASPI Work Group meeting March
More informationTowards Traffic Anomaly Detection via Reinforcement Learning and Data Flow
Towards Traffic Anomaly Detection via Reinforcement Learning and Data Flow Arturo Servin Computer Science, University of York aservin@cs.york.ac.uk Abstract. Protection of computer networks against security
More informationSecuring Behavior-based Opinion Spam Detection
Securing Behavior-based Opinion Spam Detection Shuaijun Ge, Guiiang Ma, Sihong Xie and Philip S. Yu Dec 13, 2018 @BigData Fake reviews? 2 Online reviews Source: https://www.brightlocal.com/learn/local-consumer-review-survey/
More informationDNSSM: A Large Scale Passive DNS Security Monitoring Framework
samuel.marchal@uni.lu 16/04/12 DNSSM: A Large Scale Passive DNS Security Monitoring Framework Samuel Marchal, Jérôme François, Cynthia Wagner, Radu State, Alexandre Dulaunoy, Thomas Engel, Olivier Festor
More informationAugust 2009 Report #22
August 2009 Report #22 The data in this report is aggregated from a combination of sources including Symantec s Phish Report Network (PRN), strategic partners, customers and security solutions. This report
More informationPreSTA: Preventing Malicious Behavior Using Spatio-Temporal Reputation. Andrew G. West November 4, 2009 ONR-MURI Presentation
PreSTA: Preventing Malicious Behavior Using Spatio-Temporal Reputation Andrew G. West November 4, 2009 ONR-MURI Presentation PreSTA: Preventative Spatio-Temporal Aggregation PROBLEM ---------- SOLUTION
More informationInformation Retrieval
Information Retrieval CSC 375, Fall 2016 An information retrieval system will tend not to be used whenever it is more painful and troublesome for a customer to have information than for him not to have
More informationUnsupervised Clustering of Web Sessions to Detect Malicious and Non-malicious Website Users
Unsupervised Clustering of Web Sessions to Detect Malicious and Non-malicious Website Users ANT 2011 Dusan Stevanovic York University, Toronto, Canada September 19 th, 2011 Outline Denial-of-Service and
More informationRadware DefensePro DDoS Mitigation Release Notes Software Version Last Updated: December, 2017
Radware DefensePro DDoS Mitigation Release Notes Software Version 8.13.01 Last Updated: December, 2017 2017 Cisco Radware. All rights reserved. This document is Cisco Public. Page 1 of 9 TABLE OF CONTENTS
More informationDetecting Spam Zombies by Monitoring Outgoing Messages
Detecting Spam Zombies by Monitoring Outgoing Messages Zhenhai Duan, Peng Chen, Fernando Sanchez Florida State University {duan, pchen, sanchez}@cs.fsu.edu Yingfei Dong University of Hawaii yingfei@hawaii.edu
More informationBasic Concepts in Intrusion Detection
Technology Technical Information Services Security Engineering Roma, L Università Roma Tor Vergata, 23 Aprile 2007 Basic Concepts in Intrusion Detection JOVAN GOLIĆ Outline 2 Introduction Classification
More informationADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY
ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY OUTLINE Advanced Threat Landscape (genv) Why is endpoint protection essential? Types of attacks and how to prevent them
More informationA Comparison of Text-Categorization Methods applied to N-Gram Frequency Statistics
A Comparison of Text-Categorization Methods applied to N-Gram Frequency Statistics Helmut Berger and Dieter Merkl 2 Faculty of Information Technology, University of Technology, Sydney, NSW, Australia hberger@it.uts.edu.au
More informationDifferent attack manifestations Network packets OS calls Audit records Application logs Different types of intrusion detection Host vs network IT
Different attack manifestations Network packets OS calls Audit records Application logs Different types of intrusion detection Host vs network IT environment (e.g., Windows vs Linux) Levels of abstraction
More informationGlobal DDoS Measurements. Jose Nazario, Ph.D. NSF CyberTrust Workshop
Global DDoS Measurements Jose Nazario, Ph.D. jose@arbor.net NSF CyberTrust Workshop Quick Outline, Conclusions o Measurements - We re screwed o Observations - We know who o The wrong approach: point solutions
More informationINTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGIES, VOL. 02, ISSUE 01, JAN 2014 ISSN
CONSTANT INCREASE RATE DDOS ATTACKS DETECTION USING IP TRACE BACK AND INFORMATION DISTANCE METRICS 1 VEMULA GANESH, 2 B. VAMSI KRISHNA 1 M.Tech CSE Dept, MRCET, Hyderabad, Email: vmlganesh@gmail.com. 2
More informationFighting Phishing I: Get phish or die tryin.
Fighting Phishing I: Get phish or die tryin. Micah Nelson and Max Hyppolite bit.ly/nercomp_sap918 Please, don t forget to submit your feedback for today s session at the above URL. If you use social media
More informationLecture 2: Streaming Algorithms for Counting Distinct Elements
Lecture 2: Streaming Algorithms for Counting Distinct Elements 20th August, 2008 Streaming Algorithms Streaming Algorithms Streaming algorithms have the following properties: 1 items in the stream are
More informationUnderground economy. Economics of Security and Privacy (BMEVIHIAV15) Mark Felegyhazi. assistant professor CrySyS Lab.
Underground economy Economics of Security and Privacy (BMEVIHIAV15) Mark Felegyhazi assistant professor CrySyS Lab. Underground economy BME Department of Telecommunications (Híradástechnikai Tanszék) mfelegyhazi(atat)crysys(dot)hu
More informationDistributed Denial of Service (DDoS)
Global Leader in DDoS Mitigation Threat Report Distributed Denial of Service (DDoS) Threat Report Q1 2017 456 Montgomery Street, Suite 800 San Francisco, CA 94104 USA +1 415 299 8550 Contents 1. Methodology...................
More informationTemplate Extraction from Heterogeneous Web Pages
Template Extraction from Heterogeneous Web Pages 1 Mrs. Harshal H. Kulkarni, 2 Mrs. Manasi k. Kulkarni Asst. Professor, Pune University, (PESMCOE, Pune), Pune, India Abstract: Templates are used by many
More informationCE Advanced Network Security Network Forensics
CE 817 - Advanced Network Security Network Forensics Lecture 22 Mehdi Kharrazi Department of Computer Engineering Sharif University of Technology Acknowledgments: Some of the slides are fully or partially
More informationA Firewall Architecture to Enhance Performance of Enterprise Network
A Firewall Architecture to Enhance Performance of Enterprise Network Hailu Tegenaw HiLCoE, Computer Science Programme, Ethiopia Commercial Bank of Ethiopia, Ethiopia hailutegenaw@yahoo.com Mesfin Kifle
More informationDetecting Abuse in TLDs
Detecting Abuse in TLDs A NameSentry TM presentation by Greg Aaron and Michael Young ICANN Toronto: 15 October 2012 2012 Illumintel Inc. All rights reserved. 1 Defining Abuse Every service provider has
More informationSending out an SMS: Characterizing the Security of the SMS Ecosystem with Public Gateways
Sending out an SMS: Characterizing the Security of the SMS Ecosystem with Public Gateways Bradley Reaves, Nolen Scaife, Dave Tian, Logan Blue, Patrick Traynor, Kevin R. B. Butler SMS Ecosystem Cell Network
More informationPhishEye: Live Monitoring of Sandboxed Phishing Kits. Xiao Han Nizar Kheir Davide Balzarotti
PhishEye: Live Monitoring of Sandboxed Phishing Kits Xiao Han Nizar Kheir Davide Balzarotti Summary Motivation Sandboxed phishing kits Implementation Results [APWG Phishing Activity Trends Report 2 nd
More informationCisco Firepower with Radware DDoS Mitigation
Cisco Firepower with Radware DDoS Mitigation Business Decision Maker Presentation Eric Grubel VP Business development, Radware February 2017 DDoS in the news French hosting firm flooded with 1 Tbps traffic
More informationThe State of Spam A Monthly Report June Generated by Symantec Messaging and Web Security
The State of Spam A Monthly Report June 2007 Generated by Symantec Messaging and Web Security Monthly Spam Landscape Spam activity in May 2007 was overall consistent with trends observed in previous months.
More informationThe Domain Abuse Activity Reporting System (DAAR)
The Domain Abuse Activity Reporting System (DAAR) Dave Piscitello APWG EU October 2017 The Domain Abuse Activity Reporting system What is the Domain Abuse Activity Reporting system? A system for reporting
More information