Design, implementation and test of an email virus throttle

Williamson, Matthew M.

doi:10.1109/csac.2003.1254312

Cited by 35 publications

(10 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The normal emailing behaviors is quite different from the behaviors of a viral email which send emails to different destinations with a much high rate [4] . This phenomenon violated the normal behavior of email users.…”

Section: A Rate Limitationmentioning

confidence: 99%

Development Model of Email Virus Based on Abnormity Detection

Jin

Deng

Liu

2008

2008 International Conference on MultiMedia and Information Technology

View full text Add to dashboard Cite

Computer viruses and worms pose serious threats to the modern society by stealing the confidential information, modifying files and destroying the operating system. Especially, the email has become the primary measure to spreading viruses. Inspired on the classical epidemiological model, an improving model based on the dynamic infected rate and immune rate is proposed. The simulation experiments are carried out by altering the correlative parameters and the experimental results provide the clue for developing the detected scheme of email virus. A promising detected scheme is proposed which detected viruses based on the abnormal behaviors of viral emails rather than the pattern of viruses. This scheme can throttle the new viruses and accords with the developing requirement of anti-virus technology.

show abstract

Section: A Rate Limitationmentioning

confidence: 99%

Development Model of Email Virus Based on Abnormity Detection

Jin

Deng

Liu

2008

2008 International Conference on MultiMedia and Information Technology

View full text Add to dashboard Cite

show abstract

“…Most delaying mechanisms, such as tarpitting [Hunter et al 2003], throttling [Williamson 2003;Woolridge et al 2004], and TCP Damping [Li et al 2004] E-mail address-based filters: There are a variety of e-mail address-based filters with different complexity. Among them, the traditional whitelists and blacklists are the simplest.…”

Section: Recipient-based Techniquesmentioning

confidence: 99%

Thwarting E-mail Spam Laundering

Xie

Yin

Wang

2008

ACM Trans. Inf. Syst. Secur.

View full text Add to dashboard Cite

Laundering e-mail spam through open-proxies or compromised PCs is a widely-used trick to conceal real spam sources and reduce spamming cost in the underground e-mail spam industry. Spammers have plagued the Internet by exploiting a large number of spam proxies. The facility of breaking spam laundering and deterring spamming activities close to their sources, which would greatly benefit not only e-mail users but also victim ISPs, is in great demand but still missing. In this article, we reveal one salient characteristic of proxy-based spamming activities, namely packet symmetry, by analyzing protocol semantics and timing causality. Based on the packet symmetry exhibited in spam laundering, we propose a simple and effective technique, DBSpam, to online detect and break spam laundering activities inside a customer network. Monitoring the bidirectional traffic passing through a network gateway, DBSpam utilizes a simple statistical method, Sequential Probability Ratio Test, to detect the occurrence of spam laundering in a timely manner. To balance the goals of promptness and accuracy, we introduce a noise-reduction technique in DBSpam, after which the laundering path can be identified more accurately. Then DBSpam activates its spam suppressing mechanism to break the spam laundering. We implement a prototype of DBSpam based on libpcap, and validate its efficacy on spam detection and suppression through both theoretical analyses and trace-based experiments.

show abstract

“…This has actually been confirmed by our preliminary simulation study showed in Section 3. As a consequence, existing epidemic models of, and countermeasures against, email worms (e.g., [5,8]) are not applicable. The simulation-based study of email worms [9] is different from ours, because the former considers a network consisting of only end users, whereas we consider a network consisting of both end users and email servers.…”

Section: Related Workmentioning

confidence: 95%

“…Such emails look perfectly legitimate, except their attachments, when "double-clicked," could infect the victim's machine and further spread by themselves. Compared with traditional email worms, they could adopt more sophisticated and crafty spreading strategies other than, e.g., a simple-minded fast-spreading that may be easily detected and contained [8]. Moreover, malicious impostor emails may be sent by an adversary that has compromised a legiti- * Supported in part by UTSA CIAS.…”

Section: Introductionmentioning

confidence: 97%

Towards Blocking Outgoing Malicious Impostor Emails

Kartaltepe

2006 International Symposium on a World of Wireless, Mobile and Multimedia Networks(WoWMoM'06)

View full text Add to dashboard Cite

Electronic mails (emails) have become an indispensable part of most people's daily routines. However, they were not designed for deployment in an adversarial environment, which explains why there have been so many incidents such as spamming and phishing. Malicious impostor emails sent by sophisticated attackers are perhaps even more damaging, because their contents, except the attachments, may look perfectly legitimate while silently targeting certain critical information such as cryptographic keys and passwords. In this paper, we explore a mechanism for blocking malicious impostor emails called ContAining Malicious Emails Locally (CAMEL), which aims at blocking compromised victim user machines from further infecting others.

show abstract

Design, implementation and test of an email virus throttle

Cited by 35 publications

References 8 publications

Development Model of Email Virus Based on Abnormity Detection

Development Model of Email Virus Based on Abnormity Detection

Thwarting E-mail Spam Laundering

Towards Blocking Outgoing Malicious Impostor Emails

Contact Info

Product

Resources

About