A real-time system for abusive network traffic detection
Young, Joel D.
MetadataShow full item record
Abusive network traffic--to include unsolicited e-mail, malware propagation, and denial-of-service attacks--remains a constant problem in the Internet. Despite extensive research in, and subsequent deployment of, abusive-traffic detection infrastructure, none of the available techniques addresses the problem effectively or completely. The fundamental failing of existing methods is that spammers and attack perpetrators rapidly adapt to and circumvent new mitigation techniques. Analyzing network traffic by exploiting transport-layer characteristics can help remedy this and provide effective detection of abusive traffic. Within this framework, we develop a real-time, online system that integrates transport layer characteristics into the existing SpamAssasin tool for detecting unsolicited commercial e-mail (spam). Specifically, we implement the previously proposed, but undeveloped, SpamFlow technique. We determine appropriate algorithms based on classification performance, training required, adaptability, and computational load. We evaluate system performance in a virtual test bed and live environment and present analytical results. Finally, we evaluate our system in the context of Spam Assassin's auto-learning mode, providing an effective method to train the system without explicit user interaction or feedback.
Approved for public release; distribution is unlimited
Showing items related by title, author, creator and subject.
Nolan, Le E. (Monterey, California. Naval Postgraduate School, 2012-09);This thesis investigates a novel approach to identifying discriminating features of communications involving abusive hosts. The technique uses per-packet TCP header and timing features to identify congestion, flow-control, ...
Nichols, Tony (Monterey, California. Naval Postgraduate School, 2013-03);This thesis investigates the ability for recently devised packet-level Transmission Control Protocols (TCP) transport classifiers to discover abusive traffic flows, especially those not found via traditional methods, e.g., ...
Kakavelakis, Georgios; Beverly, Robert; Young, Joel (2011);Botnets are a significant source of abusive messaging (spam, phishing, etc) and other types of malicious traffic. A promising approach to help mitigate botnet-generated traffic is signal analysis of transport-layer (\ie ...