Title :
Detection of Compromised Email Accounts Used by a Spam Botnet with Country Counting and Theoretical Geographical Travelling Speed Extracted from Metadata
Author_Institution :
Friedrich-Schiller-Univ. Jena, Jena, Germany
Abstract :
Seventy six percent of sent spam and phishing emails have their origins in botnets. They use compromised email accounts to send junk mail through other SMTP servers to their destinations. Commonly, research is focused on the rapid detection of compromised accounts to protect the integrity of other systems. One possible way to do this is to scan the email content or limit the amount of messages that can be sent from an IP address or an account during a specified time period. An anomaly is properly detected if the limit is reached or spam emails are identified. The objective of the presented research is to detect the anomaly with geo location and country counting without the knowledge of the email content. A second method, called Theoretical Geographical Travelling Speed, was developed to raise the detection rate without false negatives. The proposed method is seven times faster than the default rate limited to the detection of a compromised account.
Keywords :
Internet; invasive software; unsolicited e-mail; SMTP server; anomaly detection; compromised email account detection; country counting; geo location; junk mail; phishing email; spam botnet; theoretical geographical travelling speed; Authentication; Geology; IP networks; Limiting; Servers; Unsolicited electronic mail; TGTS; botnet; compromised account; country counting; spam; travelling speed;
Conference_Titel :
Software Reliability Engineering Workshops (ISSREW), 2014 IEEE International Symposium on
Conference_Location :
Naples
DOI :
10.1109/ISSREW.2014.32