Análise de fatores que afetam o comportamento de spammers na rede
| Ano de defesa: | 2011 |
|---|---|
| Autor(a) principal: | |
| Orientador(a): | |
| Banca de defesa: | |
| Tipo de documento: | Dissertação |
| Tipo de acesso: | Acesso aberto |
| Idioma: | por |
| Instituição de defesa: |
Universidade Federal de Minas Gerais
UFMG |
| Programa de Pós-Graduação: |
Não Informado pela instituição
|
| Departamento: |
Não Informado pela instituição
|
| País: |
Não Informado pela instituição
|
| Palavras-chave em Português: | |
| Link de acesso: | http://hdl.handle.net/1843/SLSS-8LBP8T |
Resumo: | The transmission of unwanted messages through the Internet, or spam, is a serious problem, still unsolved, and which leads to million-dollar losses all over the world, be it for the resources consumed by that message trafic or for the impact of scams. The goal of this work is to better understand the behavior of spammers (those responsible for sending spam messages) in the network. For that we used a metodology of factorial experiments as a structural basis that allowed us to evaluate the influence of multiple factors (connection limitations, vulnerabilities available to be exploited, among others) on relevant metrics (such as number of messages sent, origins identified, and types of attacks used). The analysis of those metrics make it possible to draw a profile of the attacks issued by spammers to disseminate their messages, revealing some important details about their practices, preferences and tecnology. To do that, a special data gathering system was designed and implemented, where a virtualized structure served as a substrate for the execution of multiple mail collecting honeypots, created to deceive spammers and store the messages they tried to send as they abused the system. Each honeypot ran as an complete, independent, virtualized machine that represented a specific scenario among the multiple available combinations of possible factors, enabling a comparative analysis of the data collected in each of the diferent scenarios. The results show that variations in configuration may drastically afect the volume of spam received, as well as its internal characteristics (type of messages, sources, etc.). In particula, this work identifed two very diverse kinds of spammers: large scale senders, which use a few machines with ample resources to send larger spam messages, with attached documents, through open proxies, and botnets, which manifest themselves as a large number of machines which abuse open mail relays and rely on test messages to identify the systems to attack, each bot sending a limited number of messages, often short, with some text and links to advertisement and sales servers, in most of the cases. |