Toronto Networking Seminar
Organized by Department of Computer Science and
Department of Electrical and Computer Engineering, University of Toronto
Network-Level Spam Filtering
Nick Feamster
School of Computer Science
Georgia Tech
Date: Friday, December 5, 2pm
Location: BA 1210
Abstract:
Recent estimates suggest that spam constitutes about 95% of all email traffic.
Beyond simply being a nuisance, spam exhausts network resources and can also
serve as a vector for other types of attacks, including phishing attacks and
online scams. Conventional approaches to stopping these types of attacks
typically rely on a combination of the reputation of a sender's IP address and
the contents of the message. Unfortunately, these features are brittle:
Spammers can easily change the IP addresses from which they send spam and the
content that they use as the "cover medium" for the email message itself. In
this talk, I will describe a new, complementary approach to stopping unwanted
email traffic on the Internet: Rather than classifying spam based on either the
content of the message or the identity of the sender, we classify email
messages based on how the spam is being sent and the properties of the spamming
infrastructure. I will first summarize the highlights of a 13-month study of
the network-level behavior of spammers using data from a large spam trap. I
will then describe a new approach to spammer classification called "behavioral
blacklisting" and present a detailed study of network-level features that can
be used to identify spammers. Often these features can classify a spammer on
the first packet received from that sender, without even receiving the message.
I will also describe a preliminary implementation of a real-time, dynamic
sender reputation system, SpamSpotter, that incorporates our behavioral
blacklisting algorithms, as well as how this system handles challenges of both
the dynamism of sender behavior and the scale of email volumes.
This talk includes joint work with Anirudh Ramachandran, Shuang Hao, Nadeem
Syed, Santosh Vempala, Sven Krasser, and Alex Gray.
Bio:
Nick Feamster is an assistant professor in the College of Computing at Georgia
Tech. He received his Ph.D. in Computer science from MIT in 2005, and his S.B.
and M.Eng. degrees in Electrical Engineering and Computer Science from MIT in
2000 and 2001, respectively. His research focuses on many aspects of computer
networking and networked systems, including the design, measurement, and
analysis of network routing protocols, network operations and security, and
anonymous communication systems. His honors include a Sloan Research
Fellowship, the NSF CAREER award, the IBM Faculty Fellowship, and award papers
at SIGCOMM 2006 (network-level behavior of spammers), the NSDI 2005 conference
(fault detection in router configuration), Usenix Security 2002 (circumventing
web censorship using Infranet), and Usenix Security 2001 (web cookie analysis).
Host of the talk
Yashar Ganjali (yganjali@cs.toronto.edu)
|