A Sender-Centric Approach to Spam and Phishing Control
Sanchez, Fernando X. (Fernando Xavier) (author)
Duan, Zhenhai (committee member)
Niu, Xufeng (university representative)
Yuan, Xin (committee member)
Aggarwal, Sudhir (committee member)
Department of Scientific Computing (degree granting department)
Florida State University (degree granting institution)
2011
text
The Internet email system as a popular online communication tool has been increasingly misused by ill-willed users to carry out malicious activities including spamming and phishing. Alarmingly, in recent years the nature of the email-based malicious activities has evolved from being purely annoying (with the notorious example of spamming) to being criminal (with the notorious example of phishing). Despite more than a decade of anti-spam and anti-phishing research and development efforts, both the sophistication and volume of spam and phishing messages on the Internet have continuously been on the rise over the years. A key difficulty in the control of email-based malicious activities is that malicious actors have great operational flexibility in performing email-based malicious activities, in terms of both the email delivery infrastructure and email content; moreover, existing anti-spam and anti-phishing measures allow for arms race between malicious actors and the anti-spam and anti-phishing community. In order to effectively control email-based malicious activities such as spamming and phishing, we argue that we must limit (and ideally, eliminate) the operational flexibility that malicious actors have enjoyed over the years. In this dissertation we develop and evaluate a sender-centric approach (SCA) to addressing the problem of email-based malicious activities so as to control spam and phishing emails on the Internet. SCA consists of three complementary components, which together greatly limit the operational flexibility of malicious actors in sending spam and phishing emails. The first two components of SCA focus on limiting the infrastructural flexibility of malicious actors in delivering emails, and the last component focuses on on limiting the flexibility of malicious actors in manipulating the content of emails. In the first component of SCA, we develop a machine-learning based system to prevent malicious actors from utilizing compromised machines to send spam and phishing emails. Given that the vast majority of spam and phishing emails are delivered via compromised machines on the Internet today, this system can greatly limit the infrastructural flexibility of malicious actors. Ideally, malicious actors should be forced to send spam and phishing messages from their own machines so that blacklists and reputation-based systems can be effectively used to block spam and phishing emails. The machine-learning based system we develop in this dissertation is a critical step towards this goal. In recent years, malicious actors also started to employ advanced techniques to hijack network prefixes in conducting email-based malicious activities, which makes the control and attribution of spam and phishing emails even harder. In the second component of SCA, we develop a practical approach to improve the security of the Internet inter-domain routing protocol BGP. Given that the key difficulties in adopting any mechanism to secure the Internet inter-domain routing are the overhead and incremental deployment property of the mechanism, our scheme is designed to have minimum overhead and it can be incrementally deployed by individual networks on the Internet to protect themselves (and their customer networks), so that individual networks have incentives to deploy the scheme. In addition to the infrastructural flexibility in delivering spam and phishing emails, malicious actors have enormous flexibility in manipulating the format and content of email messages. In particular, malicious actors can forge phishing messages as close to legitimate messages in terms of both format and content. Although malicious actors have immense power in manipulating the format and content of phishing emails, they cannot completely hide how a message is delivered to the recipients. Based on this observation, in the last component of SCA, we develop a system to identify phishing emails based on the sender- related information instead of the format or content of email messages. Together, the three complementary components of SCA will greatly limit the operational flexibility and capability that malicious actors have enjoyed over the years in delivering spam and phishing emails, and we believe that SCA will make a significant contribution towards addressing the spam and phishing problem on the Internet.
Flexibility, Phishing, Sender-centric, Spam
November 4, 2011.
A Dissertation submitted to the Department of Computer Science in partial fulfillment of the requirements for the degree of Doctor of Philosophy.
Includes bibliographical references.
Zhenhai Duan, Committee Member; Xufeng Niu, University Representative; Xin Yuan, Committee Member; Sudhir Aggarwal, Committee Member.
Florida State University
FSU_migr_etd-5163
This Item is protected by copyright and/or related rights. You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s). The copyright in theses and dissertations completed at Florida State University is held by the students who author them.