Spam & Phishing. Aggelos Kiayias

Similar documents
Security and Privacy. Xin Liu Computer Science University of California, Davis. Introduction 1-1

Introduction This paper will discuss the best practices for stopping the maximum amount of SPAM arriving in a user's inbox. It will outline simple

Phishing Read Behind The Lines

Layer by Layer: Protecting from Attack in Office 365

Security & Phishing

CE Advanced Network Security Phishing I

Phishing Attacks. Mendel Rosenblum. CS142 Lecture Notes - Phishing Attack

Spam Protection Guide

Protection FAQs

Phishing. Eugene Davis UAH Information Security Club April 11, 2013

Security Landscape Thorsten Stoeterau Security Systems Engineer - Barracuda Networks

The Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It

Unique Phishing Attacks (2008 vs in thousands)

Robust Defenses for Cross-Site Request Forgery Review

ANATOMY OF AN ATTACK!

SSAC Public Meeting Paris. 24 June 2008

Quick Heal Total Security Multi-Device (Mac) Simple, fast and seamless protection for Mac.

Ethical Hacking and. Version 6. Spamming

Webomania Solutions Pvt. Ltd. 2017

Incident Play Book: Phishing

Protecting from Attack in Office 365

Quick Heal Total Security for Mac. Simple, fast and seamless protection for Mac.

Review of Phishing Detection Techniques

Security and Privacy

An Executive s FAQ About Authentication

Phishing Activity Trends Report August, 2006

Longline Phishing: -borne Threats, Cloud Computing, Big Data, and the Rise of Industrial Phishing Attacks. A Proofpoint White Paper WHITE PAPER

Evolution of Spear Phishing. White Paper

PROTECTING YOUR BUSINESS ASSETS

Migrating to Precis from SpamAssassin

COSC 301 Network Management. Lecture 14: Electronic Mail

Quick Heal Total Security for Mac. Simple, fast and seamless protection for Mac.

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk

Phishing Activity Trends

KASPERSKY FRAUD PREVENTION FOR ENDPOINTS

ITA NETWORKS, INC. Spam Marshall Users Guide

For example, if a message is both a virus and spam, the message is categorized as a virus as virus is higher in precedence than spam.

Gladiator Incident Alert

Frequently Asked Questions (FAQ)

Phishing Activity Trends

Spam Classification Documentation

ELECTRONIC BANKING & ONLINE AUTHENTICATION

Hit the Ground Spam(fight)ing

Chapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each.

Vendor: Microsoft. Exam Code: Exam Name: MTA Security Fundamentals Practice Test. Version: Demo

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

Content Based Spam Filtering

Choic Anti-Spam Quick Start Guide

Using WebQuarantine for Managing Quarantined Messages

BEST PRACTICES FOR PERSONAL Security

BREAKTHROUGH CYBER SECURITY FREQUENTLY ASKED QUESTIONS

SPOOFING. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

How Cyber-Criminals Steal and Profit from your Data

COPYRIGHTED MATERIAL. Contents. Part I: The Basics in Depth 1. Chapter 1: Windows Attacks 3. Chapter 2: Conventional and Unconventional Defenses 51

3.5 SECURITY. How can you reduce the risk of getting a virus?

AUTHENTICATION. Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response

FortiGuard Antispam. Frequently Asked Questions. High Performance Multi-Threat Security Solutions

How Enterprise Tackles Phishing. Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong

Web Mail and e-scout Instructions

The Rise of Phishing. Dave Brunswick Tumbleweed Communications Anti-Phishing Working Group

Phishing Activity Trends

Marshal s Defense-in-Depth Anti-Spam Engine

Elementary Computing CSC 100. M. Cheng, Computer Science

Security+ SY0-501 Study Guide Table of Contents

ADVANCED, UNKNOWN MALWARE IN THE HEART OF EUROPE

Client Portal FAQ's. Client Portal FAQ's. Why is the Portal more secure?

Synchronized Security

Security Architect Northeast US Enterprise CISSP, GCIA, GCFA Cisco Systems. BRKSEC-2052_c Cisco Systems, Inc. All rights reserved.

Accessing Encrypted s Guide for Non-NHSmail users

Emerging Technologies

Use Cases. E-Commerce. Enterprise

Our Privacy Policy. Last modified: December 12th Summary of changes can be consulted at the bottom of this Privacy Policy.


Seqrite Endpoint Security

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Fighting Spam, Phishing and Malware With Recurrent Pattern Detection

Filtering the Spectrum of Internet Threats: Defending Against Inappropriate Content, Spyware, IM, and P2P at the Perimeter

Cross-Site Request Forgery: The Sleeping Giant. Jeremiah Grossman Founder and CTO, WhiteHat Security

Security. The DynaSis Education Series for C-Level Executives

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

Service Provider View of Cyber Security. July 2017

MPEG Frame Types intrapicture predicted picture bidirectional predicted picture. I frames reference frames

Combating Common Web App Authentication Threats

The evolution of malevolence

Securing Your Business Against the Diversifying Targeted Attacks Leonard Sim

Untitled Page. Help Documentation

Remote E-Voting System

Data Communication. Chapter # 5: Networking Threats. By: William Stalling

Dissecting Data Breaches. What Keeps Going Wrong?

User s Guide. SingNet Desktop Security Copyright 2010 F-Secure Corporation. All rights reserved.

S a p m a m a n a d n d H a H m 성균관대학교 최형기

Security with FailSafe

Online Security and Safety Protect Your Computer - and Yourself!

Practical Cyber Security for Architects of Small Firms (1 AIA CEU)

Lecture 12. Application Layer. Application Layer 1

A Layered Approach to Fraud Mitigation. Nick White Product Manager, FIS Payments Integrated Financial Services

Phishing: When is the Enemy

2017 Annual Meeting of Members and Board of Directors Meeting

Using Centralized Security Reporting

Phishing Activity Trends Report August, 2005

Transcription:

Spam & Phishing Aggelos Kiayias

What is Spam?

What is the relation? The Spam Sketch in Monty Python s Flying Circus, 1970

Word Filtering Simple filtering: example: if an e-mail contains the strings offer and!!!! it is spam. Advantages: very simple to configure. Disadvantages: can be circumvented relatively easily. may kill useful messages.

Rule based Scoring Direct extension of word filtering. Each e-mail has a score that starts at 0. Inclusion of spam related words add to the score of the e-mail. If the score exceeds a threshold then the e-mail is classified as spam. Advantage: can be calibrated according to user; catches spam better than word-filtering. spamassasin

Black/White-listings Black-listing: reject all e-mails from this list Problem: spammers change e-mails rapidly; catches only small amount of spam a@a.com b@b.com c@c.com d@d.com... White-listing: accept all e-mails from this list Problem: receiving e-mail from people you don t know! Possible way-out: ask for e-mail verification a@a.com b@b.com c@c.com d@d.com... Example: Active Spam Killer http://a-s-k.sourceforge.net/

Bayesian Filtering More sophisticated than rule-based scoring. More easy to configure. Can be tuned to a specific users e-mail traffic. bogofilter http://bogofilter.sourceforge.net/ also incorporated into Thunderbird, Mac-OS, Windows etc.

Bayesian Spam Filtering Message is treated as a set of words email = {w 1,..., w N } Message is classified as spam if the SPAM probability given the words of the e-mail exceeds a threshold. Prob[SPAM w 1, w 2,... w N ] threshold

Computing SPAM Probability Prob[SPAM w 1, w 2,... w N ] = Prob[w 1, w 2,..., w N SPAM] Prob[SPAM] = Prob[w 1, w 2,..., w N ] Qn Prob[SPAM] i=1 Prob[w i SPAM] Q n i=1 Prob[w i] independence assumption = Prob[SPAM] Qn i=1 Prob[w i SPAM] Q n i=1 (Prob[w i SPAM] Prob[SPAM] + Prob[w i SPAM] Prob[ SPAM]

Training Estimation of Probabilities Prob[w SPAM] probability word appears in a SPAM Prob[w SPAM] probability word appears in a non- SPAM message Training can be achieved by using test-data, interactively etc.

E-mail contains viagra funny jason Example Training: Prob[viagra SPAM] = 0.81 Prob[funny SPAM] = 0.62 Prob[jason SPAM] = 0.25 Prob[viagra SPAM] = 0.10 Prob[funny SPAM] = 0.43 Prob[jason SPAM] = 0.80 0.3 0.81 0.62 0.25 (0.81 0.3 + 0.1 0.7)(0.62 0.3 + 0.43 0.7)(0.25 0.3 + 0.80 0.7) = 38.9% Without jason 0.3 0.81 0.62 (0.81 0.3 + 0.1 0.7)(0.62 0.3 + 0.43 0.7) = 98.8%

Hash-based Identification mail server? 1 2 Is this spam? email hash server email 3 user server example: Distributed Checksum Clearinghouse http://www.rhyolite.com/dcc/ Problem: hashbusters

Cost-Based Sending e-mails is too cheap! Solution 1: pay for e-mails with electronic coins. Will make it too costly to send spam. Solution 2: in order to send an e-mail do some work (e.g., solve a puzzle). Will require too much computational effort to send spam.

Phishing Phish personal information out of users. Typically uses spam as a lure to get a user hooked up. The next level of social engineering. Projected damages > $1,000,000,000 source http://www.gartner.com/5_about/press_releases/asset_71087_11.jsp

Phishing Example emphasis added

Phishing Example http://202.85.152.20/.www.amazon.com/amaz/index.html Sign In We ask you to sign in to protect your credit card and other personal information. Enter your e-mail address: I do not have an Amazon.com password. (You'll create a password later.) I am a returning customer, and my password is: Phishing archive for more http://www.antiphishing.org/phishing_archive.html Forgotten your password? Click here. By clicking Continue, you are signing in on our secure server. The information you enter will be encrypted and safe. If you tried to use the secure server but received an error message, sign in using our instead. Conditions of Use Privacy Notice 1996-2005, Amazon.com, Inc. or its affiliates.

Phishing Checklist Prepare fake web-site (HTML editors + ripping a legitimate web-site). Setup a web-server on a compromised host. Redirect traffic to fake web-server. How? DNS Poisoning Spam For more information see http://www.honeynet.org/papers/phishing/

Phishing Defenses Anti-spamming. User education. Improved branding techniques: User-based branding. Certification authority branding (requires modifications in the web-browser).

Spear Phishing Targeted Attacks RSA Attack 2011 http://blogs.rsa.com/anatomy-of-an-attack/ Uconn - Your Inbox Almost Full Mandiant Report - Mandiant_APT2_Report.pdf http://www.itbusinessedge.com/blogs/data-security/spearphishing-attack-spoofs-mandiant-report.html

Watering Hole Attack planting malware at sites deemed most likely to be visited by the targets of interest http://krebsonsecurity.com/tag/watering-hole-attack/

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback