spam filtering at cern
play

Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002 23 - PowerPoint PPT Presentation

Nov 06, 2022 •157 likes •348 views

Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002 23 October 2002 Emmanuel Ormancey 1 Topics Topics Statistics Current Spam filtering at CERN Products overview Selected solution How it works Exchange 2000

  1. Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002 23 October 2002 Emmanuel Ormancey 1

  2. Topics Topics � Statistics � Current Spam filtering at CERN � Products overview � Selected solution � How it works � Exchange 2000 integration 23 October 2002 Emmanuel Ormancey 2

  3. Some statistics… Some statistics… � At CERN: � Low level existing filters: 25% of mails detected as spam and rejected. � New filtering solution identifies 10% more. � Measurements in Europe for 2001 (NetValue users panel) : � Spam increased of 80% in 2001. � 36.8% of received mails are Spam. � According to US AntiSpam company Brightmail: � Spam increased of 450% during last year � 74% of received mails are Spam. 23 October 2002 Emmanuel Ormancey 3

  4. Current Spam Filtering Current Spam Filtering � Basic checks: � Sendmail level tests. � Local lists of banned IP addresses, domains, subject keywords, emails. � Header “consistency” tests (i.e. message id format). � Mail rejected if identified as Spam. � Manual work: � Update local banned lists from abuse reports. � Remove entries when users report false positive rejections. 23 October 2002 Emmanuel Ormancey 4

  5. Commercial products Commercial products � Commercial products too basic � Basic tests: � keywords in subject/body � IP address ban � Sender / recipient ban � Action: � Delete: helpdesk will receive user complaints if false positive. � Quarantine (i.e. Norton antivirus): require manual lookup to validate real spam and good mails. 23 October 2002 Emmanuel Ormancey 5

  6. SpamAssassin testing SpamAssassin testing � How it works: � All in one: Different tests based on different techniques � Client / server version, with a ‘simple client’ allowing portability. � Good for spam detection. � Stability problem (on our Solaris). � Need to correct regular expressions bugs. � Not enough, need a mix of: � Mail content tests (SpamAssassin) � Low level “sendmail” tests (actual spam tests) � Need some custom rules and tests. � Need logs and statistics. 23 October 2002 Emmanuel Ormancey 6

  7. Solution Solution � Start from SpamAssassin base � Add existing rules and custom tests � Easy to modify and to create add-ins. � Windows based: Future Exchange 2000 C# .NET SpamKiller � Easy to develop in any language. � Compiled regular expressions, compatible with unix. � After 3 months running and stress testing: no crash, no leak: seems stable. 23 October 2002 Emmanuel Ormancey 7

  8. Detecting spam - - Tests Tests Detecting spam � Different tests: � Text only (regular expressions): � Header � Body full text � Body raw for base64 encoded spam � “Smart tests” more complex than regular expressions. � Header consistency. � Open relays blacklist check on several servers. � Catalog check: compares mail with spam catalog (calculated signatures and subjects keywords). 23 October 2002 Emmanuel Ormancey 8

  9. Detecting spam – – Scoring Scoring Detecting spam � Score calculation: � Each test returning true returns a score. � If sum of all scores is greater than ‘required hits’, mail is spam. � Lowest ‘required hits’ value is 5. Sample : Spam: True ; 5.559 / 5 Content analysis details: (5.559 hits, 5 required) 2 points: HTML-only mail, with no text version 0.21 points: 'Received:' has 'may be forged' warning 0.814 points: Subject has an exclamation mark 0.5 points: Spam phrases score is 00 to 01 (low) 2.035 points: 'remove' URL contains an email address 23 October 2002 Emmanuel Ormancey 9

  10. Detecting spam - - Action Action Detecting spam � When spam is detected: � Do not delete mail, it may be an error or a commercial mailing list subscribed by user. � Do not reply to sender “we don’t accept spam” → it helps to improve spammer techniques. � Do not quarantine mail at server level: too much traffic and too much work. � A good mail service don’t loose mails. Solution: Let the user decide � Quarantine spam mail at the user level. � Allow user to check in quarantined mails for missing mails. � Allow user to choose a spam detection level (lowest level = 5) � Allow user to choose quarantine behavior. 23 October 2002 Emmanuel Ormancey 10

  11. User choice User choice • Configure Spam Level. • Set expiration time. Cern Spam folder automatically created. 23 October 2002 Emmanuel Ormancey 11

  12. SpamKiller – – Overview Overview SpamKiller � Server: � Windows service. � Multithread "http like" server (clients on any platform can use it). � High exception catch to prevent server crash on error or bug. � Configuration: � Configuration in XML files (import from original SpamAssassin configuration possible). � Precompiled regular expressions to gain performance. � Statistics and logging: � Logs to perfmon (performance monitor) real-time statistics. � Logs statistics into XML files. 23 October 2002 Emmanuel Ormancey 12

  13. Exchange integration Exchange integration Internet Internet Incoming mail Exchange SMTP (1 to n servers) Check mail SM SMTP Event TP Event s sink nk Spam Killer service Add header if score >= 5 (1 to n servers) Return score Exchange store 1. Check user requested spam level. Asynchron Asynchronous OnSave ous OnSave 2. Check header for score. Event s Event sink nk 3. Move mail to CERN Spam if score > requested level. 23 October 2002 Emmanuel Ormancey 13

  14. Reporting Spam Reporting Spam � Outlook XP: Com Add-in adds button to report spam (moves selected mails to specific public folder). � Others: Forward mail to abuse@cern.ch 23 October 2002 Emmanuel Ormancey 14

  15. Use of reported Spam Use of reported Spam � Spam reported with add-in button: � Mail in original format. � Create signatures. � Add signatures to catalog. � Can be automated. 23 October 2002 Emmanuel Ormancey 15

  16. Use of reported Spam Use of reported Spam � Spam forwarded to abuse@cern.ch � Mail modified due to forward. � Extract header information. � Create catalog: � Subjects � IP � Senders 23 October 2002 Emmanuel Ormancey 16

  17. Statistics Statistics Online statistics available on SpamKiller website: 23 October 2002 Emmanuel Ormancey 17

  18. Conclusion Conclusion � Now available to CERN Exchange users. � Up since July. � Low manual work: populate Spam catalog with tools, tune rules. � Problem with mailing lists filtering: add white list at user level in next release. � Clients can be created on any system. (possible reuse of SpamAssassin client). 23 October 2002 Emmanuel Ormancey 18

  19. Questions ? Contact: emmanuel.ormancey@cern.ch 23 October 2002 Emmanuel Ormancey 19

Recommend

Spam Fighting at CERN 28 April 2004 Emmanuel Ormancey 1 What is Spam ? What is Spam ? Spam

Spam Fighting at CERN 28 April 2004 Emmanuel Ormancey 1 What is Spam ? What is Spam ? Spam

Spam Fighting at CERN 28 April 2004 Emmanuel Ormancey 1 What is Spam ? What is Spam ? Spam is the friendly name given to unsolicited mail everyone receives in the mailbox. Comes from a Monty Python sketch, where in a caf everything

505 views • 13 slides
Machine Learning in Spam Filtering A Crash Course in ML Konstantin Tretyakov kt@ut.ee

Machine Learning in Spam Filtering A Crash Course in ML Konstantin Tretyakov kt@ut.ee

Machine Learning in Spam Filtering A Crash Course in ML Konstantin Tretyakov kt@ut.ee Institute of Computer Science, University of Tartu Overview Spam is Evil ML for Spam Filtering: General Idea, Problems. Some Algorithms Nave Bayesian

391 views • 35 slides
Spam, Spam, Spam Why is spam interesting? Everyone can observe spam. Spam / Anti-spam is a

Spam, Spam, Spam Why is spam interesting? Everyone can observe spam. Spam / Anti-spam is a

Spam, Spam, Spam Why is spam interesting? Everyone can observe spam. Spam / Anti-spam is a highly evolved form of information warfare. Fascinating socioeconomic study with many players - users, ISPs, spammers, technologists, legal

322 views • 17 slides
Spam Filtering with Naive Bayes Classifier Yuriy Arabskyy June 6, 2017 Table of contents What

Spam Filtering with Naive Bayes Classifier Yuriy Arabskyy June 6, 2017 Table of contents What

Spam Filtering with Naive Bayes Classifier Yuriy Arabskyy June 6, 2017 Table of contents What is spam? Different spam types Anti-Spam Techniques Probability theory basics Conditional probability Bayes Theorem Naive Bayes Theorem Spam

1.04k views • 27 slides
SPAMIA: Spam filtering by quantitative profiles Marin Grendr, Jana kutov, Vladimr

SPAMIA: Spam filtering by quantitative profiles Marin Grendr, Jana kutov, Vladimr

Spam and its detection Quantitative profile approach Results Conclusions SPAMIA: Spam filtering by quantitative profiles Marin Grendr, Jana kutov, Vladimr pitalsk Slovanet a.s., Zhradncka 151, 821 08 Bratislava, Slovakia

680 views • 22 slides
Linked Latent Dirichlet Allocation in Web Spam Filtering o 1 o 1 Istv an B r D avid

Linked Latent Dirichlet Allocation in Web Spam Filtering o 1 o 1 Istv an B r D avid

Linked Latent Dirichlet Allocation in Web Spam Filtering o 1 o 1 Istv an B r D avid Sikl osi J acint Szab ur 1 Andr as A. Bencz 1 Data Mining and Web Search Group Computer and Automation Institute Hungarian Academy

627 views • 14 slides
Tightening the net: a review of current and next generation spam filtering tools James Carpinter

Tightening the net: a review of current and next generation spam filtering tools James Carpinter

Tightening the net: a review of current and next generation spam filtering tools James Carpinter & Ray Hunt Department of Computer Science and Software Engineering University of Canterbury Abstract IT infrastructure worldwide. While it

412 views • 19 slides
A Human Factors Approach to Spam Factors Approach Filtering SpamGUI Parting Thoughts Summary

A Human Factors Approach to Spam Factors Approach Filtering SpamGUI Parting Thoughts Summary

Spam & HCI R. Beverly The Problem A Human A Human Factors Approach to Spam Factors Approach Filtering SpamGUI Parting Thoughts Summary Robert Beverly MIT CSAIL rbeverly@csail.mit.edu July 27, 2009 Conference on Email and

506 views • 16 slides
Opinion Spam and Analysis NITIN JINDAL & BING LIU, WSDM 08 UIUC Opinion/Review Spam All

Opinion Spam and Analysis NITIN JINDAL & BING LIU, WSDM 08 UIUC Opinion/Review Spam All

Opinion Spam and Analysis NITIN JINDAL & BING LIU, WSDM 08 UIUC Opinion/Review Spam All spam is spam but some spam is more spam than others Opinion spam similar to web spam or email spam in intent, but different in form / content Web

912 views • 38 slides
last chance for mail service ? DKIM TFMC2 01/2006 Mail service status More and more spam,

last chance for mail service ? DKIM TFMC2 01/2006 Mail service status More and more spam,

last chance for mail service ? DKIM TFMC2 01/2006 Mail service status More and more spam, fishing, spoofing, virus More and more energy in spam fighting More and more messages lost because : Imperfect automatic filtering

334 views • 18 slides
The CAN-SPAM Act of 2003 D E C E M B E R 2 0 0 3 THE CAN-SPAM ACT OF 2003 Status of Legislation

The CAN-SPAM Act of 2003 D E C E M B E R 2 0 0 3 THE CAN-SPAM ACT OF 2003 Status of Legislation

The CAN-SPAM Act of 2003 D E C E M B E R 2 0 0 3 THE CAN-SPAM ACT OF 2003 Status of Legislation When Congress returns from recess on December 8, 2003, it will finish its work on the CAN-SPAM Act of 2003 (Controlling the Assault of

323 views • 4 slides
Link Spam Alliances Zoltn Gyngyi Hector Garcia-Molina Class List Spam 101 Intro to

Link Spam Alliances Zoltn Gyngyi Hector Garcia-Molina Class List Spam 101 Intro to

Link Spam Alliances Zoltn Gyngyi Hector Garcia-Molina Class List Spam 101 Intro to web spam Spam 221 Spamming PageRank Spam farm model Optimal farm structure Alliances of two farms Larger alliances Spam

876 views • 30 slides
Web Spam Dr. Marc Spaniol Dr. Marc Spaniol Saarbrcken, June 24, 2010 Databases and

Web Spam Dr. Marc Spaniol Dr. Marc Spaniol Saarbrcken, June 24, 2010 Databases and

Web Dynamics Web Spam Web Spam Dr. Marc Spaniol Dr. Marc Spaniol Saarbrcken, June 24, 2010 Databases and Information Systems Prof. Dr. G. Weikum MPII-Sp-0710-1/49 Agenda Web spam - Why and what? Web Spam - Spam taxonomy

669 views • 49 slides
1 An Filtering System that Monitors Document Search Engines Can Help, But Not Enough!

1 An Filtering System that Monitors Document Search Engines Can Help, But Not Enough!

Filtering May be Your Work Adaptive Information Filtering Using Bayesian Graphical Models Yi Zhang Baskin School of Engineering University of California Santa Cruz yiz@soe.ucsc.edu 1 2 Filtering May be Your Work Filtering May be Your Work

415 views • 8 slides
Expectation Propagation Tom Minka Microsoft Research, Cambridge, UK 2006 Advanced Tutorial

Expectation Propagation Tom Minka Microsoft Research, Cambridge, UK 2006 Advanced Tutorial

Expectation Propagation Tom Minka Microsoft Research, Cambridge, UK 2006 Advanced Tutorial Lecture Series, CUED 1 A typical machine learning problem A typical machine learning problem 2 Spam filtering by linear separation Not spam Spam

1.07k views • 82 slides
Web Spam Marc Spaniol Marc Spaniol Saarbrcken, July 23, 2009 Databases and Information

Web Spam Marc Spaniol Marc Spaniol Saarbrcken, July 23, 2009 Databases and Information

Web Dynamics Web Spam Web Spam Marc Spaniol Marc Spaniol Saarbrcken, July 23, 2009 Databases and Information Systems Prof. Dr. G. Weikum MPII-Sp-0709-1/49 Agenda Web spam - Why and what? Web Spam - Spam taxonomy Overview

806 views • 49 slides
Detecting Product Review Spammers using Rating Behaviors Itay Dressler What is Spam? Why

Detecting Product Review Spammers using Rating Behaviors Itay Dressler What is Spam? Why

Detecting Product Review Spammers using Rating Behaviors Itay Dressler What is Spam? Why should you care? How to detect Spam? 2 What is Spam? What is Spam? All forms of malicious manipulation of user generated data so as to

943 views • 56 slides
Proofs of communication and its application e-mails Proof-of-work for fighting spam Proof-of-

Proofs of communication and its application e-mails Proof-of-work for fighting spam Proof-of-

SOFSEM 2008 Filtering unwanted Proofs of communication and its application e-mails Proof-of-work for fighting spam Proof-of- communication Location generation Preparing proofs Verifying proof Marek Klonowski Tomasz Strumi nski Open

348 views • 23 slides
Web Spam Know Your Neighbors: Web Spam Detection using the Web Topology Presenter: Sadia Masood

Web Spam Know Your Neighbors: Web Spam Detection using the Web Topology Presenter: Sadia Masood

Seminar: Future Of Web Search University of Saarland Web Spam Know Your Neighbors: Web Spam Detection using the Web Topology Presenter: Sadia Masood Tutor : Klaus Berberich Date : 17-Jan-2008 The Agenda Focus of the First Paper

1.22k views • 53 slides
spam, ham and other food or how to distribute spam to 100k email addresses Who am I? Debian

spam, ham and other food or how to distribute spam to 100k email addresses Who am I? Debian

spam, ham and other food or how to distribute spam to 100k email addresses Who am I? Debian Developer since 2003 Listmaster Alioth Admin Maintainer of packages like iproute, icinga, nagios and a lot of other useless stu ff

219 views • 20 slides
Overview of the SPS LLRF upgrade Gregoire Hagmann (CERN) Mattia Rizzi (CERN) Philippe

Overview of the SPS LLRF upgrade Gregoire Hagmann (CERN) Mattia Rizzi (CERN) Philippe

Overview of the SPS LLRF upgrade Gregoire Hagmann (CERN) Mattia Rizzi (CERN) Philippe Baudrenghien (CERN) Javier Serrano (CERN) Javier Galindo (CERN, UPC) Lorenz Schmid (CERN) Wolgang Hofle (CERN) Arthur Spierer (CERN) Gerd Kotzian (CERN)

429 views • 27 slides
x 2 > b w T x > 0 SPAM!! x ( x , 1) w 3 x 3 w T x + b ( w , b ) T ( x , 1)

x 2 > b w T x > 0 SPAM!! x ( x , 1) w 3 x 3 w T x + b ( w , b ) T ( x , 1)

A neuron (or how our brains work) Linear models Subhransu Maji CMPSCI 670: Computer Vision November 3, 2016 Neuroscience 101 CMPSCI 670 Subhransu Maji (UMASS) 2 Perceptron Example: Spam Input are feature values Imagine 3 features (spam

682 views • 8 slides
Traffic Control Mechanisms Filtering Source address filtering Other forms of filtering

Traffic Control Mechanisms Filtering Source address filtering Other forms of filtering

Traffic Control Mechanisms Filtering Source address filtering Other forms of filtering Rate limits Protection against traffic analysis Padding Routing control Lecture 9 Page 1 CS 236 Online Source Address Filtering

366 views • 11 slides
Bloom Filter & Hashing Barna Saha Bloom Filter Checks for SET MEMBERSHIP efficiently Is

Bloom Filter & Hashing Barna Saha Bloom Filter Checks for SET MEMBERSHIP efficiently Is

Bloom Filter & Hashing Barna Saha Bloom Filter Checks for SET MEMBERSHIP efficiently Is element x in the set? MoAvaAng Example Spam Filtering We have a set of 1 billion email addresses that we consider to be non-spam. Each

535 views • 20 slides

More recommend