Addressing SMTP-Based Mass-Mailing Activity within Enterprise Networks

Miami Beach, Florida, USA December 11-December 15

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/ACSAC.2006.11

22nd Annual Computer Security Applica ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by David Whyte Articles by P.C. van Oorschot Articles by Evangelos Kranakis

	ASCII Text	x
	David Whyte, P.C. van Oorschot, Evangelos Kranakis, "Addressing SMTP-Based Mass-Mailing Activity within Enterprise Networks," Computer Security Applications Conference, Annual, pp. 393-402, 22nd Annual Computer Security Applications Conference (ACSAC'06), 2006.

	BibTex	x
	@article{ 10.1109/ACSAC.2006.11, author = {David Whyte and P.C. van Oorschot and Evangelos Kranakis}, title = {Addressing SMTP-Based Mass-Mailing Activity within Enterprise Networks}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2006}, issn = {1063-9527}, pages = {393-402}, doi = {http://doi.ieeecomputersociety.org/10.1109/ACSAC.2006.11}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - Addressing SMTP-Based Mass-Mailing Activity within Enterprise Networks SN - 1063-9527 SP393 EP402 A1 - David Whyte, A1 - P.C. van Oorschot, A1 - Evangelos Kranakis, PY - 2006 KW - null VL - 0 JA - Computer Security Applications Conference, Annual ER -

David Whyte, Carleton University, Canada

P.C. van Oorschot, Carleton University, Canada

Evangelos Kranakis, Carleton University, Canada

Malicious mass-mailing activity on the Internet is a serious and continuing threat that includes mass-mailing worms, spam, and phishing. A mechanism commonly used to deliver such malicious mass mail is an SMTP-engine, which turns an infected system into a malicious mail server. We present a technique that enables, within a single mailing attempt in many popular network environments, detection and containment of (even zero-day) SMTP-engine based mass-mailing activity. Contrary to other mass-mailing detection techniques our approach is content independent and requires no attachment processing, network traffic correlation, statistical measures, or system behavioral analysis. It relies instead on the observation of DNS MX queries within the enterprise network. This stateless detection technique requires minimal computational resources making it ideally suited for real-time wire-speed deployment.

Citation:

David Whyte, P.C. van Oorschot, Evangelos Kranakis, "Addressing SMTP-Based Mass-Mailing Activity within Enterprise Networks," acsac, pp.393-402, 22nd Annual Computer Security Applications Conference (ACSAC'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.