SpamBands: uma metodologia para identificação de infra-estruturas de spam agindo de forma orquestrada
| Ano de defesa: | 2016 |
|---|---|
| Autor(a) principal: | |
| Orientador(a): | |
| Banca de defesa: | |
| Tipo de documento: | Dissertação |
| Tipo de acesso: | Acesso aberto |
| Idioma: | por |
| Instituição de defesa: |
Universidade Federal de Minas Gerais
UFMG |
| Programa de Pós-Graduação: |
Não Informado pela instituição
|
| Departamento: |
Não Informado pela instituição
|
| País: |
Não Informado pela instituição
|
| Palavras-chave em Português: | |
| Link de acesso: | http://hdl.handle.net/1843/ESBF-AEFG4L |
Resumo: | Once the battle against spammers was due to the heavy traffic on the network caused by the high volume of spam messages sent. Today, the battle is fought for the content sent by those who practice this abuse. Generally, spam messages have two goals: make advertisements of illegal products and services or retrieve confidential information fromthe recipient. These two practices lead to social and financial losses in the order of billions of dollars per year and, therefore, the creation of mechanisms is needed to mitigate the problem. The history of the diversity of anti-spam techniques proposed in the literature shows the evolutionary behavior of spammers that also improve theirtechniques to send spam leading to a complex tools that need to combine lots of infor mation to understand the their behavior in the network. In this work we propose the SpamBand, a technique that combine content and network informations from spammessages to identify the infrastructure used by the spammer such as servers and computers infected with malwares. We apply the technique on messages collected through fourteen low-interactivity honeypots around the world that simulate open proxy and relay services. The spambands detected allow us to make important observations inthese data: we show that phishing content is closely related to groups that exploit the honeypot as an open relay, indicative of botnet machines, and are connected to western languages while illegal advertisements may be being sent by botnets and dedicated servers and are linked to oriental languages. These facts suggest that different techniques are needed to combat this abuse. We also show how the concept of spambands can be used to improve blacklists. We also present a model that identifies collaborative groups of campaigns among IP addresses in spambands over time. Our observations show that many of these groups stay active for only few days with a significant range of their activities |