SpamBands: uma metodologia para identificação de infra-estruturas de spam agindo de forma orquestrada

Detalhes bibliográficos
Ano de defesa: 2016
Autor(a) principal: Elverton Carvalho Fazzion
Orientador(a): Não Informado pela instituição
Banca de defesa: Não Informado pela instituição
Tipo de documento: Dissertação
Tipo de acesso: Acesso aberto
Idioma: por
Instituição de defesa: Universidade Federal de Minas Gerais
Programa de Pós-Graduação: Não Informado pela instituição
Departamento: Não Informado pela instituição
País: Não Informado pela instituição
Palavras-chave em Português:
Segurança da informação
Spam (Mensagens eletrônicasl)
Computação
Spam
Link de acesso: https://hdl.handle.net/1843/ESBF-AEFG4L
Resumo: Once the battle against spammers was due to the heavy traffic on the network caused by the high volume of spam messages sent. Today, the battle is fought for the content sent by those who practice this abuse. Generally, spam messages have two goals: make advertisements of illegal products and services or retrieve confidential information fromthe recipient. These two practices lead to social and financial losses in the order of billions of dollars per year and, therefore, the creation of mechanisms is needed to mitigate the problem. The history of the diversity of anti-spam techniques proposed in the literature shows the evolutionary behavior of spammers that also improve theirtechniques to send spam leading to a complex tools that need to combine lots of infor mation to understand the their behavior in the network. In this work we propose the SpamBand, a technique that combine content and network informations from spammessages to identify the infrastructure used by the spammer such as servers and computers infected with malwares. We apply the technique on messages collected through fourteen low-interactivity honeypots around the world that simulate open proxy and relay services. The spambands detected allow us to make important observations inthese data: we show that phishing content is closely related to groups that exploit the honeypot as an open relay, indicative of botnet machines, and are connected to western languages while illegal advertisements may be being sent by botnets and dedicated servers and are linked to oriental languages. These facts suggest that different techniques are needed to combat this abuse. We also show how the concept of spambands can be used to improve blacklists. We also present a model that identifies collaborative groups of campaigns among IP addresses in spambands over time. Our observations show that many of these groups stay active for only few days with a significant range of their activities
id UFMG_5ce0544f9eb4603dc03b7bfb2517ec12
oai_identifier_str oai:repositorio.ufmg.br:1843/ESBF-AEFG4L
network_acronym_str UFMG
network_name_str Repositório Institucional da UFMG
repository_id_str
spelling SpamBands: uma metodologia para identificação de infra-estruturas de spam agindo de forma orquestradaSegurança da informaçãoSpam (Mensagens eletrônicasl)ComputaçãoSegurança da informaçãoSpamOnce the battle against spammers was due to the heavy traffic on the network caused by the high volume of spam messages sent. Today, the battle is fought for the content sent by those who practice this abuse. Generally, spam messages have two goals: make advertisements of illegal products and services or retrieve confidential information fromthe recipient. These two practices lead to social and financial losses in the order of billions of dollars per year and, therefore, the creation of mechanisms is needed to mitigate the problem. The history of the diversity of anti-spam techniques proposed in the literature shows the evolutionary behavior of spammers that also improve theirtechniques to send spam leading to a complex tools that need to combine lots of infor mation to understand the their behavior in the network. In this work we propose the SpamBand, a technique that combine content and network informations from spammessages to identify the infrastructure used by the spammer such as servers and computers infected with malwares. We apply the technique on messages collected through fourteen low-interactivity honeypots around the world that simulate open proxy and relay services. The spambands detected allow us to make important observations inthese data: we show that phishing content is closely related to groups that exploit the honeypot as an open relay, indicative of botnet machines, and are connected to western languages while illegal advertisements may be being sent by botnets and dedicated servers and are linked to oriental languages. These facts suggest that different techniques are needed to combat this abuse. We also show how the concept of spambands can be used to improve blacklists. We also present a model that identifies collaborative groups of campaigns among IP addresses in spambands over time. Our observations show that many of these groups stay active for only few days with a significant range of their activitiesUniversidade Federal de Minas Gerais2019-08-10T08:42:36Z2025-09-08T23:22:59Z2019-08-10T08:42:36Z2016-08-18info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttps://hdl.handle.net/1843/ESBF-AEFG4LElverton Carvalho Fazzioninfo:eu-repo/semantics/openAccessporreponame:Repositório Institucional da UFMGinstname:Universidade Federal de Minas Gerais (UFMG)instacron:UFMG2025-09-08T23:22:59Zoai:repositorio.ufmg.br:1843/ESBF-AEFG4LRepositório InstitucionalPUBhttps://repositorio.ufmg.br/oairepositorio@ufmg.bropendoar:2025-09-08T23:22:59Repositório Institucional da UFMG - Universidade Federal de Minas Gerais (UFMG)false
dc.title.none.fl_str_mv SpamBands: uma metodologia para identificação de infra-estruturas de spam agindo de forma orquestrada
title SpamBands: uma metodologia para identificação de infra-estruturas de spam agindo de forma orquestrada
spellingShingle SpamBands: uma metodologia para identificação de infra-estruturas de spam agindo de forma orquestrada
Elverton Carvalho Fazzion
Segurança da informação
Spam (Mensagens eletrônicasl)
Computação
Segurança da informação
Spam
title_short SpamBands: uma metodologia para identificação de infra-estruturas de spam agindo de forma orquestrada
title_full SpamBands: uma metodologia para identificação de infra-estruturas de spam agindo de forma orquestrada
title_fullStr SpamBands: uma metodologia para identificação de infra-estruturas de spam agindo de forma orquestrada
title_full_unstemmed SpamBands: uma metodologia para identificação de infra-estruturas de spam agindo de forma orquestrada
title_sort SpamBands: uma metodologia para identificação de infra-estruturas de spam agindo de forma orquestrada
author Elverton Carvalho Fazzion
author_facet Elverton Carvalho Fazzion
author_role author
dc.contributor.author.fl_str_mv Elverton Carvalho Fazzion
dc.subject.por.fl_str_mv Segurança da informação
Spam (Mensagens eletrônicasl)
Computação
Segurança da informação
Spam
topic Segurança da informação
Spam (Mensagens eletrônicasl)
Computação
Segurança da informação
Spam
description Once the battle against spammers was due to the heavy traffic on the network caused by the high volume of spam messages sent. Today, the battle is fought for the content sent by those who practice this abuse. Generally, spam messages have two goals: make advertisements of illegal products and services or retrieve confidential information fromthe recipient. These two practices lead to social and financial losses in the order of billions of dollars per year and, therefore, the creation of mechanisms is needed to mitigate the problem. The history of the diversity of anti-spam techniques proposed in the literature shows the evolutionary behavior of spammers that also improve theirtechniques to send spam leading to a complex tools that need to combine lots of infor mation to understand the their behavior in the network. In this work we propose the SpamBand, a technique that combine content and network informations from spammessages to identify the infrastructure used by the spammer such as servers and computers infected with malwares. We apply the technique on messages collected through fourteen low-interactivity honeypots around the world that simulate open proxy and relay services. The spambands detected allow us to make important observations inthese data: we show that phishing content is closely related to groups that exploit the honeypot as an open relay, indicative of botnet machines, and are connected to western languages while illegal advertisements may be being sent by botnets and dedicated servers and are linked to oriental languages. These facts suggest that different techniques are needed to combat this abuse. We also show how the concept of spambands can be used to improve blacklists. We also present a model that identifies collaborative groups of campaigns among IP addresses in spambands over time. Our observations show that many of these groups stay active for only few days with a significant range of their activities
publishDate 2016
dc.date.none.fl_str_mv 2016-08-18
2019-08-10T08:42:36Z
2019-08-10T08:42:36Z
2025-09-08T23:22:59Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.uri.fl_str_mv https://hdl.handle.net/1843/ESBF-AEFG4L
url https://hdl.handle.net/1843/ESBF-AEFG4L
dc.language.iso.fl_str_mv por
language por
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv Universidade Federal de Minas Gerais
publisher.none.fl_str_mv Universidade Federal de Minas Gerais
dc.source.none.fl_str_mv reponame:Repositório Institucional da UFMG
instname:Universidade Federal de Minas Gerais (UFMG)
instacron:UFMG
instname_str Universidade Federal de Minas Gerais (UFMG)
instacron_str UFMG
institution UFMG
reponame_str Repositório Institucional da UFMG
collection Repositório Institucional da UFMG
repository.name.fl_str_mv Repositório Institucional da UFMG - Universidade Federal de Minas Gerais (UFMG)
repository.mail.fl_str_mv repositorio@ufmg.br
_version_ 1856413975871225856

Registros relacionados