Spampot:基于分布式蜜罐的垃圾邮件捕获系统

Spampot是一个基于分布式低交互蜜罐的垃圾邮件捕获系统,在对SMTP,HTTP proxy和SOCKS协议分析研究的基础上,实现了集成开放中继(open relay)与开放代理(open proxy)服务的邮件蜜罐系统;建立了垃圾邮件发送者攻击行为特征库、新型垃圾邮件样本库、垃圾邮件发送者源IP地址黑名单库、垃圾邮件提取URL黑名单库等数据库系统.讨论了邮件蜜罐系统在实现和部署时应考虑的一些具体问题,使其既可以提高对垃圾邮件发送者的吸引力,又避免被反垃圾邮件组织列入黑名单,最大限度地降低蜜罐系统对网络资源的占用,从而可以维持蜜罐系统的长期运行和有效工作;在6个月的实际部署中捕获了大量的攻击行为和垃圾邮件样本,通过对数据进行分析,发现了垃圾邮件发送者行为新特征和垃圾邮件新技术,并发现了用于大规模发送垃圾邮件的僵尸网络.     

基于虚拟TCP／IP协议栈的仿真反垃圾邮件产品测试系统

目前反垃圾邮件产品通常采用行为判别技术作为过滤垃圾邮件的主要手段,行为识别的多种实现方法都涉及到邮件来源摩地址,因此在对反垃圾邮件产品测试中,伪装成垃圾邮件样本的原始来源IP地址发送该样本才能有效的激活反垃圾邮件产品的判别机制,从而使得测试结果更为科学。本文主要介绍了通过自行构建TCP／IP协议栈实现伪造邮件来源IP的反垃圾邮件产品测试系统,该系统可以有效地仿真出实际互联网环境中的垃圾邮件发送特征。     

垃圾邮件行为识别技术研究

对反垃圾邮件行为识别技术进行了研究。提出了一种基于会话层的垃圾邮件识别方法,在分析发送过程中的邮件行为特征基础上,提取出能够区分垃圾邮件和正常邮件的行为特征,并采用支持向量机分类算法建立行为特征识别模型,找出垃圾邮件行为规律。该方法在邮件正文发送之前对垃圾邮件进行过滤,能够有效地节省带宽。采用真实的邮件数据集合分别使用行为识别技术与基于内容的过滤技术进行实验,验证该技术具有较好的邮件分类能力。     

基于垃圾邮件发送模型的僵尸网络监测

僵尸网络可以用于发送垃圾邮件,这意味着如果能够对垃圾邮件的发送行为进行建模,也能够很好地检测僵尸网络。本文提出几种垃圾邮件发送模型,对各种垃圾邮件发送行为进行了区分,基于主题特征产生的协同程度提出了僵尸网络指数,其中重点对其在僵尸网络监测效果进行了验证,发现这个模型和指数能够用于有效发现发送邮件的僵尸网络。     

基于神经网络的"垃圾"邮件过滤系统设计

为了对垃圾邮件进行有效地过滤，以神经网络作为分类器，采用由垃圾邮件发送者进行确认的邮件认证方法设计了邮件过滤系统。神经网络的自学习、自适应能力解决了垃圾邮件特征不断变化而过滤方法相对固定的矛盾。新的垃圾邮件认证方法使发送垃圾邮件比接收垃圾邮件更费时间，减少了用户收到垃圾邮件的数量。     

基于贝叶斯算法和费舍尔算法的垃圾邮件过滤系统设计与实现

贝叶斯过滤算法和费舍尔过滤算法均是利用统计学知识对于垃圾邮件进行过滤的算法,有着良好的过滤效果。该文设计将某一词组(单词)出现概率使用加权计算的方法,改善了朴素贝叶斯算法和朴素费舍尔的邮件过滤算法对于出现较少的单词误判情况,使系统对于垃圾邮件判断的准确率上升。设计可以使用个性化的垃圾邮件过滤方案,支持使用邮件下载协议(POP3、IMAP协议)从邮件服务器下载邮件,以及使用邮件解析协议(MIME协议)对于邮件进行解析,支持邮件发送协议(SMTP协议)帮助用户发送邮件。     

Fortinet反垃圾邮件解决方案

在电子邮件应用普及的同时,垃圾邮件也在泛滥。由于邮件服务商无法有效控制垃圾邮件的发送或没有有效的约束手段,导致很多邮件服务商的IP地址被国外列入垃圾邮件黑名单。本文主要介绍邮件发送认证方法,以及Fortinet的集成型和独立型反垃圾邮件解决方案。邮件发送认证体系邮件系     

基于网络会话层的垃圾邮件行为识别

目前最流行的邮件内容过滤技术工作在网络应用层,通过对邮件内容的分析来判别邮件的合法性,无法避免由于垃圾邮件的泛滥而造成的网络带宽资源的浪费。针对这种情况,论文提出一种基于网络会话层的垃圾邮件行为识别方法。该方法运用决策树算法,对邮件发送过程中的网络会话层数据进行挖掘,发现垃圾邮件的行为规律,在垃圾邮件的内容数据发送前就对其实施过滤,有效地解决了垃圾邮件占用网络带宽的问题,是对当前各种垃圾邮件过滤技术的一个有益的补充。     

Outlook 2003阻击垃圾邮件

现在垃圾邮件越来越多,最新版Outlook2003对垃圾邮件加强了防御,让你不再受骚扰之苦。防止邮件探测很多时候垃圾邮件制造者仅仅利用随机的电子邮件地址发送垃圾邮件的方法就能确认邮件地址的有效性。什么原因?这就是HTML邮件的功劳了。垃圾邮件制造者在发送垃圾邮件的时候,会在HTML邮件中插入一个图片,可能是一个广告画,或者是一个0~*0像素大小的不可见图形文件,而这个文件的链接则可以类似于“…/123@456.com/~*.gif”(其中123@456.com是收件人的邮箱地址),这样当123@456.com这个用     

基于P2P协作的垃圾邮件发送行为识别技术研究

在分析目前垃圾邮件过滤技术的基础上,并根据垃圾邮件大量发送行为特征,提出了一种基于P2P协作的垃圾邮件发送行为识别技术。该技术将各邮件服务器组成一个反垃圾邮件（Anti-Spam）P2P网络,每个邮件服务器储存可疑邮件信息并将这些信息共享在Anti-Spam P2P网络上,然后根据可疑邮件信息在Anti-Spam P2P网络上进行协作识别垃圾邮件。实验结果表明,该技术是针对垃圾邮件的群发特征而不依赖于邮件内容、语言类型或格式分析,在MTA阶段就能过滤大量垃圾邮件,提高了处理速度和准确率并节省大量的系统资源,具有良好的过滤性能。     

Improved email spam detection model with negative selection algorithm and particle swarm optimization

The adaptive nature of unsolicited email by the use of huge mailing tools prompts the need for spam detection. Implementation of different spam detection methods based on machine learning techniques was proposed to solve the problem of numerous email spam ravaging the system. Previous algorithm used in email spam detection compares each email message with spam and non-spam data before generating detectors while our proposed system inspired by the artificial immune system model with the adaptive nature of negative selection algorithm uses special features to generate detectors to cover the spam space. To cope with the trend of email spam, a novel model that improves the random generation of a detector in negative selection algorithm (NSA) with the use of stochastic distribution to model the data point using particle swarm optimization (PSO) was implemented. Local outlier factor is introduced as the fitness function to determine the local best (Pbest) of the candidate detector that gives the optimum solution. Distance measure is employed to enhance the distinctiveness between the non-spam and spam candidate detector. The detector generation process was terminated when the expected spam coverage is reached. The theoretical analysis and the experimental result show that the detection rate of NSA–PSO is higher than the standard negative selection algorithm. Accuracy for 2000 generated detectors with threshold value of 0.4 was compared. Negative selection algorithm is 68.86% and the proposed hybrid negative selection algorithm with particle swarm optimization is 91.22%.     

Personalized email management at network edges

A new technique for managing and disseminating Web-based email prefetches messages and generates dynamic pages, displaying them at the network edge. Compared to other popular Web-based email servers, the prefetching and caching emails (PACE) prototype shows an improved performance with respect to user-perceived latency. Additionally, PACE'S centralized neural-network-based personalized spam filter will filter spam and viruses at the server's origin, thus saving bandwidth. Another major concern for users is the email accounts being clogged with spam. Spam filters can be classified as server-side or client-side. Server-side filters are integrated with email servers and filter out spam at the server end.     

DMTP: Controlling spam through message delivery differentiation

Unsolicited commercial email, commonly known as spam, has become a pressing problem in today’s Internet. In this paper, we re-examine the architectural foundations of the current email delivery system that are responsible for the proliferation of email spam. We argue that the difficulties in controlling spam stem from the fact that the current email system is fundamentally sender-driven and distinctly lacks receiver control over email delivery. Based on these observations we propose a Differentiated Mail Transfer Protocol (DMTP), which grants receivers greater control over how messages from different senders should be delivered on the Internet. In addition, we also develop a simple mathematical model to study the effectiveness of DMTP in controlling spam. Through numerical experiments we demonstrate that DMTP can effectively reduce the maximum revenue that a spammer can gather. Moreover, compared to the current SMTP-based email system, the proposed email system can force spammers to stay online for longer periods of time, which may significantly improve the performance of various real-time blacklists of spammers. In addition, DMTP provides an incremental deployment path from the current SMTP-based system in today’s Internet.     

基于神经网络集成的垃圾邮件过滤系统设计

垃圾邮件的处理是电子邮件服务中非常重要的功能,该文在对标准邮件集表示为向量空间模型,降维处理处理工作的基础上,运用神经网络集成的方法来构造邮件分类器,对邮件进行过滤;该方法在垃圾邮件语料库上进行了实验,实验证明该方法对于垃圾邮件的过滤有较好的效果。     

An effective multi-layered defense framework against spam

Spam is a big problem for email users. The battle between spamming and anti-spamming technologies has been going on for many years. Though many advanced anti-spamming technologies are progressing significantly, spam is still able to bombard many email users. The problem worsens when some anti-spamming methods unintentionally filtered legitimate emails instead! In this paper, we first review existing anti-spam technologies, then propose a layered defense framework using a combination of anti-spamming methods. Under this framework, the server-level defense is targeted for common spam while the client-level defense further filters specific spam for individual users. This layered structure improves on filtering accuracy and yet reduces the number of false positives. A sub-system using our pre-challenge method is implemented as an add-on in Microsoft Outlook 2002. In addition, we extend our client-based pre-challenge method to a domain-based solution thus further reducing the individual email users' overheads.     

一种无尺度网络上垃圾邮件蠕虫的传播模型

用有向图描述了电子邮件网络的结构，并分析了电子邮件网络的无尺度特性。在此基础上，通过用户检查邮件的频率和打开邮件附件的概率建立了一种电子邮件蠕虫的传播模型。分别仿真了电子邮件蠕虫在无尺度网络和随机网络中的传播，结果表明，邮件蠕虫在无尺度网络中的传播速度比在随机网络中更快，与理论分析相一致。     

Cost-sensitive three-way email spam filtering

Email spam filtering is typically treated as a binary classification problem that can be solved by machine learning algorithms. We argue that a three-way decision approach provides a more meaningful way to users for precautionary handling their incoming emails. Three email folders instead of two are produced in a three-way spam filtering system, a suspected folder is added to allow users make further examinations of suspicious emails, thereby reducing the chances of misclassification. Different from existing ternary email spam filtering systems, we focus on two issues that are less studied, that is, the computation of required thresholds to define the three email categories, and the interpretation of the cost-sensitive characteristics of spam filtering. Instead of supplying the thresholds based on intuitive understandings of the levels of tolerance for errors, we systematically calculate the thresholds based on decision-theoretic rough set model. A loss function is interpreted as the costs of making classification decisions. A decision is made for which the overall cost is minimum. Experimental results show that the new approach reduces the error rate of misclassifying a legitimate email to spam and demonstrates a better performance for the cost-sensitivity aspect.     

基于领域知网的垃圾邮件过滤方法

垃圾过滤技术的一个重要指标是误判率。把用户的一封正常邮件误判为垃圾邮件,其损失更大。领域知网是某领域内的知识库。提出为常见垃圾邮件类别建立领域知网,当遇到难判别的邮件时,使用基于领域知网的过滤技术,可以降低垃圾邮件的误判率。还介绍了构建领域知网的方法,以及其他关键技术。     

Spam Filtering With Dynamically Updated URL Statistics

Many URL-based spam filters rely on "white" and "black" lists to classify email. The authors' proposed URL-based spam filter instead analyzes URL statistics to dynamically calculate the probabilities of whether email with specific URLs are spam or legitimate, and then classifies them accordingly.