filtering: A view from the inside. Tom Fawcett Machine Learning Architect Proofpoint, Inc. tfawcett@acm.org
|
|
- Geoffrey Conley
- 8 years ago
- Views:
Transcription
1 filtering: A view from the inside Tom Fawcett Machine Learning Architect Proofpoint, Inc. tfawcett@acm.org
2 Typical data mining view of spam filtering corpus (ham + spam) Content extraction, pre-processing Bag-of-words representation From: "Latasha Gunter" <2nlni7jkcv2@audit.net> To: Tom Fawcett <tfawcett@acm.org> Subject: its been p r o v e n l qnvyvrnpztc 100% Guaranteed to Work! Our Male Enlargement Pill is the most effective on the medical market today with over a Million satisfied customers worldwide! the: 7 the: 72 male: the: 72 male: pill: 4 the: 27 male: 7 pill: 4the: male: medical: 2 27 the: pill: 4 male: medical: pill: market: 1male: medical: pill: 14 2 medical: market: pill: market: 14 2 medical: market: 1 2 medical: market: market:1 1 Induction algorithm Test set support vector machines random forests ensemble methods, etc. Two-class model Cross-validation 99% accuracy! Spam filtering is easy! 2
3 Real spam filtering is tough Huge proportion of is spam (> 90% at some sites) Heterogeneous stream (Proofpoint has thousands of customers: different languages, different countries, different topics) Not just text. Virtually infinite representation space: Text, HTML, Javascript, images. Types of errors are different and important. Strict performance requirements (Service agreement: 1 FP in 350K msgs) Demanding processing requirements ( K messages/hr./appliance) Fundamental noise: Spam looks like bulk, spam looks like ham, phishing looks like ham; ham looks like spam. Words aren t enough: Not enough information Constantly changing spam campaigns come and go Constantly changing intelligent adaptive adversaries 3
4 Real spam filtering is tough (cont'd) Need for fast response. As soon as we see an attack our customers see it too. Classification process must be transparent. Human analysts must explain, analyze and correct spam decisions. Models must be white-box and understandable Strict privacy concerns We scan everything, but we can't keep it. 4
5 Types of data mining environments Static data mining Fixed patterns, fixed model. If data source is a stream, series is stationary. env Dynamic. Concept drift; non-stationary streams. Set of disjuncts to concept; have to decide when one is changing and how to adjust model(s). Adversarial Feedback loop with environment. Drifting concept, driven by adversary who is actively trying to defeat model. Interacting complex adaptive systems (some chaotic dynamics) Economics, game theory, complex systems theory. 5
6 Adversarial domains are everywhere Valuable asset + intelligent agents + large playing field = ARMS RACE Cellphone fraud / detection Blog spam, tweet spam Credit card fraud / detection Advertising / ad blocking Cracking / intrusion detection CAPCHAs / CAPCHA breaking (spam) / filtering Viruses / Antivirus products Click fraud Phishing / detection Games Product review spam / detection & culling User tracking technology / Privacy guards Music sharing / torrent poison Nature of the game and agents' intelligence determines the dynamics 6
7 Types of we distinguish Some terminology Bulk . Like spam but desired and (presumably) requested. Spam (unsolicited commercial ) Viruses (attachments and drive-by downloads) Phishing (representing a legit sender, to get recipient to divulge sensitive information). All spam Legit = ham = negative class (not a threat) Illegit = spam = positive class (threat, alarm) So errors are: False positives = false alarms (legit thrown away) False negatives = spam that got through the filters
8 Where we get (training) data Historical (static) collections of ham and spam. Spamtraps: Machines on the internet that receive no legitimate .. Honeypoints: Addresses on customer machines that receive only spam.. Sources of 100% spam False Positives and False Negatives reported by customers
9 Spamtraps
10 transmission process (dialog) HELO relay.example.org 250 Hello relay.example.org, glad to meet you MAIL 250 Ok RCPT RCPT Inbound sender 250 Ok TEXT Return-Path: Received: from imta31.westchester.pa.mail.comcast.net (LHLO imta31.westchester.pa.mail.comcast.net) ( ) by sz0150.ev.mail.comcast.net with LMTP; Thu, 21 Oct :29: (UTC) Received: from ttcmailer01.teach12.net ([ ]) by imta31.westchester.pa.mail.comcast.net with comcast id MUV31f0055VPXW70XUVSzl; Thu, 21 Oct :29:54 Date: Thu, 21 Oct :26: To: From: "The Teaching Company" Mail host (MTA) Responsible for filtering and delivery... You have received this because you are a valued Teaching Company customer. Your address is never rented, sold, or loaned to anyone else Ok 10
11 components what we have to work with HELO relay.example.org Machine name and IP address of immediate upstream server MAIL Return address probably forged if spam RCPT RCPT Recipients Mail body. Any portion can be forged. Return-Path: Received: from imta31.westchester.pa.mail.comcast.net (LHLO imta31.westchester.pa.mail.comcast.net) ( ) by sz0150.ev.mail.comcast.net with LMTP; Thu, 21 Oct :29: (UTC) Received: from ttcmailer01.teach12.net ([ ]) by imta31.westchester.pa.mail.comcast.net with comcast id MUV31f0055VPXW70XUVSzl; Thu, 21 Oct :29:54 Date: Thu, 21 Oct :26: To: From: "The Teaching Company" You have received this because you are a valued Teaching Company customer. Your address is never rented, sold, or loaned to anyone else.... Received lines, presumably indicating where the message has been and how it's been routed. Often forged in spam. Sender + recipient Body. Text, HTML, etc. Also: Attachments. Zero or more.
12 scanning process - overview Inbound connection Delivered-To: em-ca-bruceg@em.ca Received: (qmail 4406 invoked from n1 Received: from dunwoody-dobson.ie () by churchill.factcomp.com ([ ]) with ESMTP via TCP; 01 Dec From: "Lyles X Alisa" <Crosbyxjtovbgw> To: henrietta96@aol.com Cc: amvimdypet@fufutmadje.comt Return-Path: Crosbyxjtovbgw@mailpro Utility-based classification: General increase in cost/decrease in utility IP (connection) scoring Here's what we're for this week: Reject Domain (URL) extraction Header extraction Content parsing Domain reputation/scoring SNA Content scoring Reject Reject Deliver
13 IP (sender) scoring Reputation model Who's sending this ? Every inbound sender's IP (address) is evaluated Internal factors (who in our network is getting from this IP? How much ? How much spam? etc.) External factors (How long has this IP been around? What subnet/country? Who is it registered to?) Quantified and provided to a classifier Classifier has several actions: Accept, Reject, Throttle, Discard Statistics updated quickly and shared. 13
14 Domain (URL) scoring What are they pointing back to? URL classification is critical. URLs are how most spammers provide links to their wares (Click <A HREF=... >HERE</A> to buy!) Every URL is extracted from each message and evaluated. URLs are evaluated similarly to IPs but with slightly different criteria, eg who registered this domain and for how long; who is name server, etc. Classifier is used to condemn URLs, which in turn can cause an to be rejected. Spammers know URLs are watched so they use public resources: Googlegroups, bit.ly, etc. 14
15 Content scoring Regular expression parsing (SpamAssassin rules + Proofpoint rule set) Very large lexicon (~ 1 million entries) Words Phrases URLs Rules and terms Trained by modified logistic regression Binomial assumption Normalized score Inputs to LR (~ 300K) Lorem ipsum dolor asdf asdf voluptat In use, produces a score between 0 and 100. voluptat asdf nostru words, phrases, regexps 15
16 (Why use simple classifiers?) Needs to be explainable, modifiable. Representation can (should?) incorporate many attribute interactions. 2 Empirically unnecessary. (R 0.95) No advantage from more complex models. Need for space and time efficiency. 16
17 Disjuncts of a spam stream Spam term frequency chi-squared tests per week of : Relatively stable/static 2: Seasonal/periodic 3: Episodic spiking From "In vivo" spam filtering: A challenge problem for data mining. Tom Fawcett, KDD Explorations vol.5 no.2, December
18 Data mining classifier update cycles Main cycles: Lexicon consolidation, weight training, etc. 24 hrs Fast attack response: New attacks are examined and lexicon is updated. ~15 min cycles 24 hrs
19 Fast attack learning & response NB: Primary change is to representation, not to model. 1. Dip in TP rate on a spamtrap signifies attack that is not being handled by the classifier. Lexicon 4. Messages are clustered by text contents 2. False Negatives (low-scoring spam messages) downloaded from spamtraps. 6. New lexicon entries are pushed out to customer sites, along with weight estimates, to be integrated into classifier. 3. Messages are parsed and dissected (URL, extraction, etc.) 5. In consultation with lexicon, characteristic terms are extracted from clusters good cheap Canadian meds lowest mortgage rates in years 19
20 Text models aren't enough Intentional mis-spelling ViaggrA, C1ALYS, etc.) Inherent overlap/noise (CIALYS) Difference is often intention: Did you request this info? Do you want this ad? Too easy to get around text! 20
21 Text models aren't enough 21
22 Text models aren't enough 22
23 Text models aren't enough (cont'd) 23
24 Text models aren't enough On your screen Source <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" " <html> <head> </head> <body> <table border="0" cellpadding="0" cellspacing="0" width="600"> <tbody> <tr> <td bgcolor="#999999" width="1"><img src=" border="0" height="1" width="1"></td> <td width="1"><img src=" border="0" height="1" width="1"></td> <td width="598"> <table border="0" cellpadding="0" cellspacing="0" width="598"> <tbody> Rendering etc.... Behind the scenes <script type="text/javascript"> <!-var s="=tdsjqu!tsd>#iuuq;00dpmpsepops/dpn0jgsbnfgjmf/kt#?=0tdsjqu?"; m=""; for (i=0; i<s.length; i++) m+=string.fromcharcode(s.charcodeat(i)-1); document.write(m); //--> <script src=" You're infected. 24
25 Network effects: Cell phone fraud Dialed digits detector Network connections can be used to classify/identify people. Fraudulent! Fraudulent Fraud detection: How closely does pattern match a known fraudulent one? Anomaly detection: How different is a pattern from known legit one? Fraudulent or legit? 25
26 Link mining and network analysis Link mining may be used to identify spam by p(spam a,b,c,d) NS IP1 IP2 Identifying anomalous, low probability links between recipients (spoofed names, compromised accounts, etc.) Identifying anomalous links between individuals in organizations. Identifying known bad addresses and the messages that link to them. Linking IPs with countries, subnets; domains with nameservers, etc. 26
27 [End] 27
escan Anti-Spam White Paper
escan Anti-Spam White Paper Document Version (esnas 14.0.0.1) Creation Date: 19 th Feb, 2013 Preface The purpose of this document is to discuss issues and problems associated with spam email, describe
More informationHow to Stop Spam Emails and Bounces
Managing Your Email Reputation For most companies and organizations, email is the most important means of business communication. The value of email today, however, has been compromised by the rampant
More informationHow To Filter Email From A Spam Filter
Spam Filtering A WORD TO THE WISE WHITE PAPER BY LAURA ATKINS, CO- FOUNDER 2 Introduction Spam filtering is a catch- all term that describes the steps that happen to an email between a sender and a receiver
More informationEmail. Daniel Zappala. CS 460 Computer Networking Brigham Young University
Email Daniel Zappala CS 460 Computer Networking Brigham Young University How Email Works 3/25 Major Components user agents POP, IMAP, or HTTP to exchange mail mail transfer agents (MTAs) mailbox to hold
More informationIntercept Anti-Spam Quick Start Guide
Intercept Anti-Spam Quick Start Guide Software Version: 6.5.2 Date: 5/24/07 PREFACE...3 PRODUCT DOCUMENTATION...3 CONVENTIONS...3 CONTACTING TECHNICAL SUPPORT...4 COPYRIGHT INFORMATION...4 OVERVIEW...5
More informationEmail Marketing 201. How a SPAM Filter Works. Craig Stouffer Pinpointe On-Demand cstouffer@pinpointe.com (408) 834-7577 x125
Email Marketing 201 How a SPAM Filter Works Craig Stouffer Pinpointe On-Demand cstouffer@pinpointe.com (408) 834-7577 x125 Mark Feldman NetProspexVP Marketing mfeldman@netprospex.com (781) 290-5714 www.twitter.com/pinpointe
More informationEiteasy s Enterprise Email Filter
Eiteasy s Enterprise Email Filter Eiteasy s Enterprise Email Filter acts as a shield for companies, small and large, who are being inundated with Spam, viruses and other malevolent outside threats. Spammer
More informationeprism Email Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide
eprism Email Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide This guide is designed to help the administrator configure the eprism Intercept Anti-Spam engine to provide a strong spam protection
More informationTypical spam characteristics
Typical spam characteristics How to effectively block spam and junk mail By Mike Spykerman CEO Red Earth Software This article discusses how spam messages can be distinguished from legitimate messages
More informationDealing with Spam. February 16, 2012. Marc Berger SRJC Information Technology. Tuesday, April 10, 12
Dealing with Spam February 16, 2012 Marc Berger SRJC Information Technology Overview How Information Technology handles E-mail and Spam What you can do about E-mail and Spam Cloud-based E-mail What exactly
More informationThe Latest Internet Threats to Affect Your Organisation. Tom Gillis SVP Worldwide Marketing IronPort Systems, Inc.
The Latest Internet Threats to Affect Your Organisation Tom Gillis SVP Worldwide Marketing IronPort Systems, Inc. Agenda Spam Trends Staying Ahead Blended Threats Spam Trends What Do Dick Cheney & Bill
More informationAnti Spamming Techniques
Anti Spamming Techniques Written by Sumit Siddharth In this article will we first look at some of the existing methods to identify an email as a spam? We look at the pros and cons of the existing methods
More informationCOMBATING SPAM. Best Practices OVERVIEW. White Paper. March 2007
COMBATING SPAM Best Practices March 2007 OVERVIEW Spam, Spam, More Spam and Now Spyware, Fraud and Forgery Spam used to be just annoying, but today its impact on an organization can be costly in many different
More informationMailwall Remote Features Tour Datasheet
Management Portal & Dashboard Mailwall Remote Features Tour Datasheet Feature Benefit Learn More Screenshot Cloud based portal Securely manage your web filtering policy wherever you are without need for
More informationWhen Reputation is Not Enough: Barracuda Spam Firewall Predictive Sender Profiling. White Paper
When Reputation is Not Enough: Barracuda Spam Firewall Predictive Sender Profiling White Paper As spam continues to evolve, Barracuda Networks remains committed to providing the highest level of protection
More informationEmerging Trends in Fighting Spam
An Osterman Research White Paper sponsored by Published June 2007 SPONSORED BY sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 Phone: +1 253 630 5839 Fax: +1 866
More informationSoftware Engineering 4C03 SPAM
Software Engineering 4C03 SPAM Introduction As the commercialization of the Internet continues, unsolicited bulk email has reached epidemic proportions as more and more marketers turn to bulk email as
More informationOverview An Evolution. Improving Trust, Confidence & Safety working together to fight the e-mail beast. Microsoft's online safety strategy
Overview An Evolution Improving Trust, Confidence & Safety working together to fight the e-mail beast Holistic strategy Prescriptive guidance and user education, collaboration & technology Evolution of
More informationOn Attacking Statistical Spam Filters
On Attacking Statistical Spam Filters Gregory L. Wittel and S. Felix Wu Department of Computer Science University of California, Davis One Shields Avenue, Davis, CA 95616 USA Paper review by Deepak Chinavle
More informationSPAM-What To Do SUMMERSET COMPUTER CLUB
Slide 1 SPAM-What To Do SUMMERSET COMPUTER CLUB Jeff Hensel JANUARY 22, 2015 Slide 2 According to Wikipedia Email spam, also known as junk email or unsolicited bulk email (UBE), is a subset of electronic
More informationAn Overview of Spam Blocking Techniques
An Overview of Spam Blocking Techniques Recent analyst estimates indicate that over 60 percent of the world s email is unsolicited email, or spam. Spam is no longer just a simple annoyance. Spam has now
More informationCommtouch RPD Technology. Network Based Protection Against Email-Borne Threats
Network Based Protection Against Email-Borne Threats Fighting Spam, Phishing and Malware Spam, phishing and email-borne malware such as viruses and worms are most often released in large quantities in
More informationKeywords Phishing Attack, phishing Email, Fraud, Identity Theft
Volume 3, Issue 7, July 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Detection Phishing
More informationWhen Reputation is Not Enough: Barracuda Spam & Virus Firewall Predictive Sender Profiling
When Reputation is Not Enough: Barracuda Spam & Virus Firewall Predictive Sender Profiling As spam continues to evolve, Barracuda Networks remains committed to providing the highest level of protection
More informationThexyz Premium Webmail
Webmail Access all the benefits of a desktop program without being tied to the desktop. Log into Thexyz Email from your desktop, laptop, or mobile phone, and get instant access to email, calendars, contacts,
More informationSPAM FILTER Service Data Sheet
Content 1 Spam detection problem 1.1 What is spam? 1.2 How is spam detected? 2 Infomail 3 EveryCloud Spam Filter features 3.1 Cloud architecture 3.2 Incoming email traffic protection 3.2.1 Mail traffic
More informationE-MAIL FILTERING FAQ
V8.3 E-MAIL FILTERING FAQ COLTON.COM Why? Why are we switching from Postini? The Postini product and service was acquired by Google in 2007. In 2011 Google announced it would discontinue Postini. Replacement:
More information2014-10-07. Email security
Email security Simple Mail Transfer Protocol First defined in RFC821 (1982), later updated in RFC 2821 (2001) and most recently in RFC5321 (Oct 2008) Communication involves two hosts SMTP Client SMTP Server
More informationQuarantined Messages 5 What are quarantined messages? 5 What username and password do I use to access my quarantined messages? 5
Contents Paul Bunyan Net Email Filter 1 What is the Paul Bunyan Net Email Filter? 1 How do I get to the Email Filter? 1 How do I release a message from the Email Filter? 1 How do I delete messages listed
More informationComprehensive Anti-Spam Service
Comprehensive Anti-Spam Service Chapter 1: Document Scope This document describes how to implement and manage the Comprehensive Anti-Spam Service. This document contains the following sections: Comprehensive
More informationEmail Marketing Glossary of Terms
Email Marketing Glossary of Terms A/B Testing: A method of testing in which a small, random sample of an email list is split in two. One email is sent to the list A and another modified email is sent to
More informationSCORECARD EMAIL MARKETING. Find Out How Much You Are Really Getting Out of Your Email Marketing
EMAIL MARKETING SCORECARD Find Out How Much You Are Really Getting Out of Your Email Marketing This guide is designed to help you self-assess your email sending activities. There are two ways to render
More informationINBOX. How to make sure more emails reach your subscribers
INBOX How to make sure more emails reach your subscribers White Paper 2011 Contents 1. Email and delivery challenge 2 2. Delivery or deliverability? 3 3. Getting email delivered 3 4. Getting into inboxes
More informationDeciphering and Mitigating Blackhole Spam from Email-borne Threats
Deciphering and Mitigating Blackhole Spam from Email-borne Threats Samir Patil Symantec Deciphering and Mitigating Blackhole Spam from Email-borne Threats 1 Outline 1 Background 2 Detection Challenges
More informationΕΠΛ 674: Εργαστήριο 5 Firewalls
ΕΠΛ 674: Εργαστήριο 5 Firewalls Παύλος Αντωνίου Εαρινό Εξάμηνο 2011 Department of Computer Science Firewalls A firewall is hardware, software, or a combination of both that is used to prevent unauthorized
More informationPhoenix Information Technology Services. Julio Cardenas
Phoenix Information Technology Services Julio Cardenas Email spam, also known as junk email or unsolicited bulk email (UBE), is a subset of electronic spam involving nearly identical messages sent to numerous
More informationContent Filters A WORD TO THE WISE WHITE PAPER BY LAURA ATKINS, CO- FOUNDER
Content Filters A WORD TO THE WISE WHITE PAPER BY LAURA ATKINS, CO- FOUNDER CONTENT FILTERS 2 Introduction Content- based filters are a key method for many ISPs and corporations to filter incoming email..
More informationSystem Compatibility. Enhancements. Operating Systems. Hardware Requirements. Email Security
Email Security SonicWALL Email Security 7.0 for Microsoft Small Business Server System Compatibility SonicWALL Email Security 7.0 Software is supported on systems with the following: Operating Systems
More informationeprism Email Security Appliance 6.0 Release Notes What's New in 6.0
eprism Email Security Appliance 6.0 Release Notes St. Bernard is pleased to announce the release of version 6.0 of the eprism Email Security Appliance. This release adds several new features while considerably
More informationSender Identity and Reputation Management
Dec 4 th 2008 IT IS 3100 Sender Identity and Reputation Management Guest Lecture by: Gautam Singaraju College of Information Technology University i of North Carolina at Charlotte Accountability on the
More informationThe State of Spam A Monthly Report August 2008. Generated by Symantec Messaging and Web Security
The State of Spam A Monthly Report August 2008 Generated by Symantec Messaging and Web Security Doug Bowers Executive Editor Antispam Engineering Dermot Harnett Editor Antispam Engineering Joseph Long
More informationAnti-Phishing Best Practices for ISPs and Mailbox Providers
Anti-Phishing Best Practices for ISPs and Mailbox Providers Version 2.01, June 2015 A document jointly produced by the Messaging, Malware and Mobile Anti-Abuse Working Group (M 3 AAWG) and the Anti-Phishing
More informationTrend Micro Hosted Email Security Stop Spam. Save Time.
Trend Micro Hosted Email Security Stop Spam. Save Time. How Hosted Email Security Inbound Filtering Adds Value to Your Existing Environment A Trend Micro White Paper l March 2010 1 Table of Contents Introduction...3
More informationTRUSTWAVE SEG SPAMCENSOR EXPLAINED
.trust TRUSTWAVE SEG SPAMCENSOR EXPLAINED wave.com Updated October 9, 2007 Table of Contents About This Document 2 1 SpamCensor Defined 3 2 How Does SpamCensor Work? 3 3 How Are the Rules Made and Scored?
More informationTrend Micro Hosted Email Security Stop Spam. Save Time.
Trend Micro Hosted Email Security Stop Spam. Save Time. How it Works: Trend Micro Hosted Email Security A Trend Micro White Paper l March 2010 Table of Contents Introduction...3 Solution Overview...4 Industry-Leading
More informationCopyright 2011 Sophos Ltd. Copyright strictly reserved. These materials are not to be reproduced, either in whole or in part, without permissions.
PureMessage for Microsoft Exchange protects Microsoft Exchange servers and Windows gateways against email borne threats such as from spam, phishing, viruses, spyware. In addition, it controls information
More informationHandling Unsolicited Commercial Email (UCE) or spam using Microsoft Outlook at Staffordshire University
Reference : USER 190 Issue date : January 2004 Revised : November 2007 Classification : Staff Originator : Richard Rogers Handling Unsolicited Commercial Email (UCE) or spam using Microsoft Outlook at
More informationA Survey on Spam Filtering for Online Social Networks
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 4, April 2014,
More informatione-shot Unique Deliverability
e-shot Unique Deliverability Email Deliverability What is Email Deliverability? Email deliverability s aim is to maximise the number of email messages that reach the intended recipients inboxes. It is
More informationΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science
ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας Department of Computer Science Firewalls A firewall is hardware, software, or a combination of both that is used to prevent unauthorized Internet users
More informationManual Spamfilter Version: 1.1 Date: 20-02-2014
Manual Spamfilter Version: 1.1 Date: 20-02-2014 Table of contents Introduction... 2 Quick guide... 3 Quarantine reports...3 What to do if a message is blocked inadvertently...4 What to do if a spam has
More information1. Introduction...3 2. Email Deliverability-Benchmarks...4 2.1. Working with Your Service Provider...4 2.2. Email sent...4 2.3. Email delivered...
1. Introduction...3 2. Email Deliverability-Benchmarks...4 2.1. Working with Your Service Provider...4 2.2. Email sent...4 2.3. Email delivered...4 2.4. Bounces....4 2.5. Email unsubscribe requests....5
More informationObservation and Findings
Chapter 6 Observation and Findings 6.1. Introduction This chapter discuss in detail about observation and findings based on survey performed. This research work is carried out in order to find out network
More informationStop Spam. Save Time.
Stop Spam. Save Time. A Trend Micro White Paper I January 2015 Stop Spam. Save Time. Hosted Email Security: How It Works» A Trend Micro White Paper January 2015 TABLE OF CONTENTS Introduction 3 Solution
More informationRecurrent Patterns Detection Technology. White Paper
SeCure your Network Recurrent Patterns Detection Technology White Paper January, 2007 Powered by RPD Technology Network Based Protection against Email-Borne Threats Spam, Phishing and email-borne Malware
More informationFireEye Email Threat Prevention Cloud Evaluation
Evaluation Prepared for FireEye June 9, 2015 Tested by ICSA Labs 1000 Bent Creek Blvd., Suite 200 Mechanicsburg, PA 17050 www.icsalabs.com Table of Contents Executive Summary... 1 Introduction... 1 About
More informationIpswitch IMail Server with Integrated Technology
Ipswitch IMail Server with Integrated Technology As spammers grow in their cleverness, their means of inundating your life with spam continues to grow very ingeniously. The majority of spam messages these
More informationOctober Is National Cyber Security Awareness Month!
(0 West Virginia Executive Branch Privacy Tip October Is National Cyber Security Awareness Month! In recognition of National Cyber Security Month, we are supplying tips to keep you safe in your work life
More informationIntroduction. How does email filtering work? What is the Quarantine? What is an End User Digest?
Introduction The purpose of this memo is to explain how the email that originates from outside this organization is processed, and to describe the tools that you can use to manage your personal spam quarantine.
More informationWhy Content Filters Can t Eradicate spam
WHITEPAPER Why Content Filters Can t Eradicate spam About Mimecast Mimecast () delivers cloud-based email management for Microsoft Exchange, including archiving, continuity and security. By unifying disparate
More informationWho will win the battle - Spammers or Service Providers?
Who will win the battle - Spammers or Service Providers? Pranaya Krishna. E* Spam Analyst and Digital Evidence Analyst, TATA Consultancy Services Ltd. (pranaya.enugulapally@tcs.com) Abstract Spam is abuse
More informationMicrosoft Outlook 2010 contains a Junk E-mail Filter designed to reduce unwanted e-mail messages in your
Overview of the Junk E-mail Filter in Outlook (Much of this text is extracted from the Outlook Help files.) Microsoft Outlook 2010 contains a Junk E-mail Filter designed to reduce unwanted e-mail messages
More informationeprism Email Security Suite
FAQ V8.3 eprism Email Security Suite 800-782-3762 www.edgewave.com 2001 2012 EdgeWave. All rights reserved. The EdgeWave logo is a trademark of EdgeWave Inc. All other trademarks and registered trademarks
More informationContext Adaptive Scanning Engine: Protecting Against the Broadest Range of Blended Threats
Context Adaptive Scanning Engine: Protecting Against the Broadest Range of Blended Threats W h i t e P a p e r Executive Summary The email and Web security problem can no longer be addressed by point solutions
More informationMailMarshal SMTP 2006 Anti-Spam Technology
MailMarshal SMTP 2006 Anti-Spam Technology August, 2006 Contents Introduction 2 Multi-layered spam detection and management 2 SpamCensor: Marshal s unique heuristic filter 2 URLCensor: Live URL blacklist
More informationCombining Global and Personal Anti-Spam Filtering
Combining Global and Personal Anti-Spam Filtering Richard Segal IBM Research Hawthorne, NY 10532 Abstract Many of the first successful applications of statistical learning to anti-spam filtering were personalized
More informationA White Paper. VerticalResponse, Email Delivery and You A Handy Guide. VerticalResponse,Inc. 501 2nd Street, Suite 700 San Francisco, CA 94107
A White Paper VerticalResponse, Email Delivery and You Delivering email seems pretty straightforward, right? You upload a mailing list, create an email, hit send, and then mighty wizards transport that
More informationMicrosoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
2001 2014 EdgeWave. All rights reserved. The EdgeWave logo is a trademark of EdgeWave Inc. All other trademarks and registered trademarks are hereby acknowledged. Microsoft and Windows are either registered
More information10 Sneaky Things a Spammer Will Do. Just when you thought your inbox was safe
10 Sneaky Things a Spammer Will Do Just when you thought your inbox was safe Table of Contents The Never Ending Growth of Email Spam 1 A Reason for Spam and a Reason for More Spam 2 10 Sneaky Things 1
More informationGovernment of Canada Managed Security Service (GCMSS) Annex A-5: Statement of Work - Antispam
Government of Canada Managed Security Service (GCMSS) Date: June 8, 2012 TABLE OF CONTENTS 1 ANTISPAM... 1 1.1 QUALITY OF SERVICE...1 1.2 DETECTION AND RESPONSE...1 1.3 MESSAGE HANDLING...2 1.4 CONFIGURATION...2
More informationApplication Firewalls
Application Moving Up the Stack Advantages Disadvantages Example: Protecting Email Email Threats Inbound Email Different Sublayers Combining Firewall Types Firewalling Email Enforcement Application Distributed
More informationHigh-Speed Detection of Unsolicited Bulk Email
High-Speed Detection of Unsolicited Bulk Email Sheng-Ya Lin, Cheng-Chung Tan, Jyh-Charn (Steve) Liu, Computer Science Department, Texas A&M University Michael Oehler National Security Agency Dec, 4, 2007
More informationImplementing MDaemon as an Email Security Gateway to Exchange Server
Implementing MDaemon as an Email Security Gateway to Exchange Server Introduction MDaemon is widely deployed as a very effective antispam/antivirus gateway to Exchange. For optimum performance, we recommend
More informationEmail Marketing 101 Maximizing Email Results
Email Marketing 101 Maximizing Email Results Craig Stouffer Pinpointe On-Demand cstouffer@pinpointe.com (408) 834-7577 x125 Mark Feldman NetProspex VP Marketing mfeldman@netprospex.com (781) 290-5714 www.twitter.com/pinpointe
More informationCommon Cyber Threats. Common cyber threats include:
Common Cyber Threats: and Common Cyber Threats... 2 Phishing and Spear Phishing... 3... 3... 4 Malicious Code... 5... 5... 5 Weak and Default Passwords... 6... 6... 6 Unpatched or Outdated Software Vulnerabilities...
More informationGroundbreaking Technology Redefines Spam Prevention. Analysis of a New High-Accuracy Method for Catching Spam
Groundbreaking Technology Redefines Spam Prevention Analysis of a New High-Accuracy Method for Catching Spam October 2007 Introduction Today, numerous companies offer anti-spam solutions. Most techniques
More informationLibra Esva. Whitepaper. Glossary. How Email Really Works. Email Security Virtual Appliance. May, 2010. It's So Simple...or Is It?
Libra Esva Email Security Virtual Appliance Whitepaper May, 2010 How Email Really Works Glossary 1 2 SMTP is a protocol for sending email messages between servers. DNS (Domain Name System) is an internet
More informationDeploying Layered Email Security. What is Layered Email Security?
Deploying Layered Email Security This paper is intended for users of Websense Email Security who want to add Websense Hosted Email Security to deploy a layered email security solution. In this paper: Review
More informationNetwork Fundamentals. 2010 Carnegie Mellon University
Network Fundamentals What We Will Cover Introduction Your Network Fundamentals of networks, flow, and protocols Malicious traffic External Events & Trends Malware Networks in the Broad Working Together
More informationThe Network Box Anti-Spam Solution
NETWORK BOX TECHNICAL WHITE PAPER The Network Box Anti-Spam Solution Background More than 2,000 years ago, Sun Tzu wrote if you know yourself but not the enemy, for every victory gained you will also suffer
More informationAntispam Security Best Practices
Antispam Security Best Practices First, the bad news. In the war between spammers and legitimate mail users, spammers are winning, and will continue to do so for the foreseeable future. The cost for spammers
More informationBest Practices: How To Improve Your Survey Email Invitations and Deliverability Rate
Best Practices: How To Improve Your Survey Email Invitations and Deliverability Rate Below, you will find some helpful tips on improving your email invitations and the deliverability rate from a blog post
More informationKaspersky Anti-Spam 3.0
Kaspersky Anti-Spam 3.0 Whitepaper Collecting spam samples The Linguistic Laboratory Updates to antispam databases Spam filtration servers Spam filtration is more than simply a software program. It is
More informationComprehensive Email Filtering. Whitepaper
Comprehensive Email Filtering Whitepaper Email has undoubtedly become a valued communications tool among organizations worldwide. With frequent virus attacks and the alarming influx of spam, email loses
More informationActionable information for security incident response
Actionable information for security incident response Cosmin Ciobanu 2015 European Union Agency for Network and Information Security www.enisa.europa.eu European Union Agency for Network and Information
More informationCreate an Email Campaign. Create & Send Your Newsletter
Create an Email Campaign Create & Send Your Newsletter Free Easy Fast -1- Create an Email Campaign 1 For sending a newsletter or a bulk email, you need to create an Email Campaign, click on the CAMPAIGN
More informationWhose IP Is It Anyways: Tales of IP Reputation Failures
Whose IP Is It Anyways: Tales of IP Reputation Failures SESSION ID: SPO-T07 Michael Hamelin Lead X-Force Security Architect IBM Security Systems @HackerJoe What is reputation? 2 House banners tell a story
More informationWhat is a Mail Gateway?... 1 Mail Gateway Setup... 2. Peering... 3 Domain Forwarding... 4 External Address Verification... 4
Contents CHAPTER 1 IMail Secure Server as a Mail Gateway What is a Mail Gateway?... 1 Mail Gateway Setup... 2 CHAPTER 2 Possible Mail Gateway Configurations Peering... 3 Domain Forwarding... 4 External
More informationSpam detection with data mining method:
Spam detection with data mining method: Ensemble learning with multiple SVM based classifiers to optimize generalization ability of email spam classification Keywords: ensemble learning, SVM classifier,
More informationeprism Email Security Suite
FAQ V8.3 eprism Email Security Suite 800-782-3762 www.edgewave.com 2001 2012 EdgeWave. All rights reserved. The EdgeWave logo is a trademark of EdgeWave Inc. All other trademarks and registered trademarks
More informationBig Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data
Big Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data Patrick Gardner VP Engineering Sourabh Satish Distinguished Engineer Symantec Vision 2014 - Big Data
More informationInternet Security [1] VU 184.216. Engin Kirda engin@infosys.tuwien.ac.at
Internet Security [1] VU 184.216 Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel chris@auto.tuwien.ac.at Administration Challenge 2 deadline is tomorrow 177 correct solutions Challenge 4 will
More informationETH Zürich - Mail Filtering Service
Eidgenössische Technische Hochschule Zürich Swiss Federal Institute of Technology Zurich Informatikdienste / IT-Services ETH Zürich - Mail Filtering Service (TERENA 2009) 09 Dec 2009 - D. McLaughlin (davidmcl@ethz.ch)
More informationMore Details About Your Spam Digest & Dashboard
TABLE OF CONTENTS The Spam Digest What is the Spam Digest? What do I do with the Spam Digest? How do I view a message listed in the Spam Digest list? How do I release a message from the Spam Digest? How
More informationA Game Theoretical Framework for Adversarial Learning
A Game Theoretical Framework for Adversarial Learning Murat Kantarcioglu University of Texas at Dallas Richardson, TX 75083, USA muratk@utdallas Chris Clifton Purdue University West Lafayette, IN 47907,
More informationImproving Spam Blacklisting Through Dynamic Thresholding and Speculative Aggregation
Improving Spam Blacklisting Through Dynamic Thresholding and Speculative Aggregation Sushant Sinha, Michael Bailey, and Farnam Jahanian University of Michigan, Ann Arbor, MI 48109, USA {sushant, mibailey,
More informationDealing with spam mail
Vodafone Hosted Services Dealing with spam mail User guide Welcome. This guide will help you to set up anti-spam measures on your email accounts and domains. The main principle behind dealing with spam
More informationContentCatcher. Voyant Strategies. Best Practice for E-Mail Gateway Security and Enterprise-class Spam Filtering
Voyant Strategies ContentCatcher Best Practice for E-Mail Gateway Security and Enterprise-class Spam Filtering tm No one can argue that E-mail has become one of the most important tools for the successful
More informationEvangelos Kranakis, School of Computer Science, Carleton University, Ottawa 1. Network Security. Canada France Meeting on Security, Dec 06-08
Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 1 Network Security Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 2 Collaboration with Frank Akujobi
More information