NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium 2018
DOI: 10.1109/noms.2018.8406222
|View full text |Cite
|
Sign up to set email alerts
|

Melting the snow: Using active DNS measurements to detect snowshoe spam domains

Abstract: Snowshoe spam is a type of spam that is notoriously hard to detect. Anti-abuse vendors estimate that 15% of spam can be classified as snowshoe spam. Differently from regular spam, snowshoe spammers distribute sending of spam over many hosts, in order to evade detection by spam reputation systems (blacklists). To be successful spammers need to appear as legitimate as possible, for example, by adopting email best practices, such as the Sender Policy Framework (SPF). This requires spammers to register and configu… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
10
0

Year Published

2020
2020
2023
2023

Publication Types

Select...
4
2
2

Relationship

2
6

Authors

Journals

citations
Cited by 13 publications
(10 citation statements)
references
References 18 publications
0
10
0
Order By: Relevance
“…For the explanation on how we have built and trained the classifier, we refer the reader to our original work [22].…”
Section: Methodology and Datasetmentioning
confidence: 99%
See 2 more Smart Citations
“…For the explanation on how we have built and trained the classifier, we refer the reader to our original work [22].…”
Section: Methodology and Datasetmentioning
confidence: 99%
“…The benefits of an interconnected society are immediately clear to everybody; however, it has recently become more and more evident, even to laypeople, that the Internet exposes us to cyberthreats attacking information, services, and even the Internet infrastructure itself (e.g., attacks against the Domain Name System). Chief examples are (Distributed) Denial of Service (DDoS) attacks, an old threat that has recently taken new shapes and 4:2 • O. van der Toorn and A. Sperotto proportions (e.g., the 2016 attacks against the hosting company OVH (1 Tbps) [20] and the attack against the service and DNS provider Dyn [11]) but also ever more advanced phishing attacks (e.g., CEO fraud [16]), advanced spam campaigns (e.g., snowshoe spam [22]), and other forms of insidious activities.…”
Section: Introductionmentioning
confidence: 99%
See 1 more Smart Citation
“…Chung et al [86] have collected all DNSSEC-enabled domain names, under the .com, .org, and .net TLDs through Open-INTEL active DNS measurement system [85], to study the adoption and management of DNSSEC in both authoritative name servers and DNS resolvers. Moreover, Toorn et al [148] have studied the detection of Snowshoe spams through active DNS measurement and using machine learning techniques. Discussion.…”
Section: Active Dnsmentioning
confidence: 99%
“…CEO fraud [6]), advanced spam campaigns (e.g. snowshoe spam [7]) and other forms of insidious activity.…”
Section: Motivationmentioning
confidence: 99%