Show simple item record

dc.contributor.authorRamachandran, Anirudh Vadakkedathen_US
dc.date.accessioned2011-09-22T17:47:17Z
dc.date.available2011-09-22T17:47:17Z
dc.date.issued2011-08-04en_US
dc.identifier.urihttp://hdl.handle.net/1853/41068
dc.description.abstractSpam is an increasing menace in email: 90% of email is spam, and over 90% of spam is sent by botnets---networks of compromised computers under the control of miscreants. In this dissertation, we introduce email spam filtering using network-level features of spammers. Network-level features are based on lightweight measurements that can be made in the network, often without processing or storing a message. These features stay relevant for longer periods, are harder for criminals to alter at will (e.g., a bot cannot act independently of other bots in the botnet), and afford the unique opportunity to observe the coordinated behavior of spammers. We find that widely-used IP address-based reputation systems (e.g., IP blacklists) cannot keep up with the threats of spam from previously unseen IP addresses, and from new and stealthy attacks---to thwart IP-based reputation systems, spammers are reconnoitering IP Blacklists and sending spam from hijacked IP address space. Finally, spammers are "gaming" collaborative filtering by users in Web-based email by casting fraudulent "Not Spam" votes on spam email. We present three systems that detect each attack that uses spammer behavior rather than their IP address. First, we present IP blacklist counter-intelligence, a system that can passively enumerate spammers performing IP blacklist reconnaissance. Second, we present SpamTracker, a system that distinguishes spammers from legitimate senders by applying clustering on the set of domains to which email is sent. Third, we analyze vote-gaming attacks in large Web-based email systems that pollutes user feedback on spam emails, and present an efficient clustering-based method to mitigate such attacks.en_US
dc.publisherGeorgia Institute of Technologyen_US
dc.subjectClassificationen_US
dc.subjectSpamen_US
dc.subjectNetwork-levelen_US
dc.subject.lcshSpam (Electronic mail)
dc.subject.lcshSpam filtering (Electronic mail)
dc.subject.lcshAlgorithms
dc.titleMitigating spam using network-level featuresen_US
dc.typeDissertationen_US
dc.description.degreePh.D.en_US
dc.contributor.departmentComputingen_US
dc.description.advisorCommittee Chair: Feamster, Nicholas; Committee Member: Dasgupta, Anirban; Committee Member: Lee, Wenke; Committee Member: Traynor, Patrick; Committee Member: Weinberger, Kilianen_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record