SIPS: A Stateful and Flow-Based Intrusion Prevention System for Email Applications

Cheng, Bo-Chao; Chen, Ming‐Jen; Chu, Yuan-Sun; Chen, Andrew; Yap, Sujadi; Fan, Kuo-Pao

doi:10.1007/978-3-540-74784-0_34

Cited by 3 publications

(5 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Within the network spam can be detected by analyzing flows [12]. In Schatzmann et al [7], for example, the authors found that SMTP connections may either fail (because the TCP connection is not successful), be rejected by the mail server (because the sender is blacklisted, greylisted, or the recipient is unknown), or accepted.…”

Section: Related Workmentioning

confidence: 98%

Filtering spam from bad neighborhoods

Wanrooij¹,

Pras

2010

Int J Network Mgmt

View full text Add to dashboard Cite

SUMMARYOne of the most annoying problems on the Internet is spam. To fight spam, many approaches have been proposed over the years. Most of these approaches involve scanning the entire contents of e-mail messages in an attempt to detect suspicious keywords and patterns. Although such approaches are relatively effective, they also show some disadvantages. Therefore an interesting question is whether it would be possible to effectively detect spam without analyzing the entire contents of e-mail messages. The contribution of this paper is to present an alternative spam detection approach, which relies solely on analyzing the origin (IP address) of e-mail messages, as well as possible links within the e-mail messages to websites (URIs). Compared to analyzing suspicious keywords and patterns, detection and analysis of URIs is relatively simple. The IP addresses and URIs are compared to various kinds of blacklists; a hit increases the probability of the message being spam. Although the idea of using blacklists is well known, the novel idea proposed within this paper is to introduce the concept of 'bad neighborhoods'. To validate our approach, a prototype has been developed and tested on our university's mail server. The outcome was compared to SpamAssassin and mail server log files. The result of that comparison was that our prototype showed remarkably good detection capabilities (comparable to SpamAssassin), but puts only a small load on the mail server.

show abstract

Section: Related Workmentioning

confidence: 98%

Filtering spam from bad neighborhoods

Wanrooij¹,

Pras

2010

Int J Network Mgmt

View full text Add to dashboard Cite

show abstract

“…Based on our previous works [4], we modified a PAD profile to implement hardware-based parallel protocol anomaly detection for high speed network application. In order to check size, length, syntax and sequence of SMTP command and parameter in each packet, each SMTP command is modeled as a node of state.…”

Section: A Design Of Smtp Protocol Anomaly Detectionmentioning

confidence: 99%

“…6 shows the architecture of Parallel SMTP IPS. In the system design, we placed two registers which contains the Email Flow Record module [4] to monitor and classify email traffic. It will defense DoS attacks without degrading network throughput.…”

Section: B Design Of Virus Detectionmentioning

confidence: 99%

An ASIC for SMTP Intrusion Prevention System

Chen

Chien

Huang

et al. 2009

2009 IEEE International Symposium on Circuits and Systems

Self Cite

View full text Add to dashboard Cite

Email is one of the most important applications in communication. Due to the convenience and importance of emails, SMTP attack and spam mail have become the most serious problems in email service. A single security technique is not enough to protect the email system from attacks. In this paper, we propose a hardware-based design of the SMTP Intrusion Prevention System (IPS) with Virus Detection Engine. The SMTP IPS is based on stateful protocol anomaly detection and high speed virus detection. It forms an Unified Threat Management (UTM) to the email system. The ASIC of SMTP IPS can supports at least 4.12 Gbps for parallel detection of SMTP and virus attack.

show abstract

“…They therefore propose a spam detection approach based on automatic clustering and classification of sender IP addresses that show a similar behavior over a short observation time. More attention to flow approaches has been given in the works of Schatzmann et al [7,8] and Cheng et al [10]. In [7,8], the authors suggest that the average number of bytes, packets and bytes/packets of failed, rejected and accepted connections are flow properties suitable for the classification of spam flows.…”

Section: Introductionmentioning

confidence: 99%

“…The authors rely on server logs for flow classification. On the other hand, in [10], the authors propose an alternative definition of flows that allows the stateful analysis of spam traffic. Finally,Zádník et al [11] propose the use of classification trees for spam identification based on flow characteristic.…”

Section: Introductionmentioning

confidence: 99%

Detecting Spam at the Network Level

Sperotto

Vliek

Sadre

et al. 2009

The Internet of the Future

View full text Add to dashboard Cite

Abstract. Spam is increasingly a core problem affecting network security and performance. Indeed, it has been estimated that 80% of all email messages are spam. Content-based filters are a commonly deployed countermeasure, but the current research focus is now moving towards the early detection of spamming hosts. This paper investigates if spammers can be detected at the network level, based on just flow data. This problem is challenging, since no information about the content of the email message is available. In this paper we propose a spam detection algorithm, which is able to discriminate between benign and malicious hosts with 92% accuracy.

show abstract

SIPS: A Stateful and Flow-Based Intrusion Prevention System for Email Applications

Cited by 3 publications

References 7 publications

Filtering spam from bad neighborhoods

Filtering spam from bad neighborhoods

An ASIC for SMTP Intrusion Prevention System

Detecting Spam at the Network Level

Contact Info

Product

Resources

About