CT-ER: Breaking Email Spam Laundering
College Of William And Mary, Williamsburg VA
Investigators
Abstract
Laundering email spam through open-proxies or compromised PCs is a widely-used technique to conceal real spam sources and reduce spamming cost in underground email spam industry. The facility of breaking the spam laundering and deterring the spam activities close to their sources, which will greatly benefit not only email users but also victim ISPs, is in great demand but still missing. We propose a highly-focused and timely-demanded project to systematically investigate (1) the distinct behavior of email spam laundering and (2) how to detect and break this email spam laundering. Based on protocol semantics and timing causality, we reveal one salient characteristic of email spam laundering activities, namely packet symmetry. Utilizing the packet symmetry exhibited in spam laundering, we propose a simple and efficient countermeasure, DBSpam, to on-line detect and break spam laundering activities inside a customer network. Once spam laundering is detected, fingerprinting spam messages at the sender side is viable and spam signatures may be distributed to accelerate spam detection at other places. DBSpam is complementary to existing anti-spam techniques and can be incrementally deployed over the Internet. As an effective spam detection and suppression mechanism close to spam sources, DBSpam will play a critical to dampen the dramatically-grown spam messages. Moreover, this research will serve as a catalyst for spammer tracking and law enforcement, spam message fingerprinting, and global spam forensic analysis. The educational aspect of this project focuses on integrating education and research activities, enhancing the undergraduate and graduate security and networking curricula
View original record on NSF Award Search →