DOCSLIB.ORG

Criminals Become Tech Savvy

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Criminals Become Tech Savvy Attack Trends Elias Levy, [email protected] Ivan Arce, [email protected] Criminals Become Tech Savvy n this installment of Attack Trends, I’ll look at the growing 2003 alone. Fraud schemes are usu- ELIAS LEVY ally peddled by individuals who Symantec convergence of technically savvy computer crackers with spam potential victims (www. brightmail.com/brc_fraud-stats. financially motivated criminals. Historically, most com- html), such as the Nigerian, or 419, scam (see the 419 Coalition’s Web puter crime on the Internet has not been financially moti- site at http://home.rica.net/alphae/ I 419coal/). But as the number of vated: it was the result of either curious or malicious technical fraud cases has increased, so has the public’s awareness of them; fraudsters attackers, called crackers. This changed Increasingly on the defensive, are increasingly forced to resort to as the Internet became more com- spammers are fighting back by be- more intricate schemes. mercialized and more of the public has coming more sophisticated, generat- We’re now seeing the practice of gone online. Financially motivated ing unique messages, and finding new “phishing” gaining popularity with actors in the fauna of the Internet’s open proxies or SMTP relays to send fraudsters. Using this scheme, crimi- seedy underbelly—spammers and messages and hide their true sources. nals create email messages with re- fraudsters—soon joined crackers to turn addresses, links, and branding exploit this new potential goldmine. Fraud that seem to come from trusted, Internet fraud has also become a se- well-known organizations; the hope Spam rious problem. In the past three is to convince the victim to disclose As anyone with a computer can tell years, Consumer Sentinel, a com- sensitive information. This practice you, the spam problem has grown plaint database developed and main- is rooted in crackers’ first attempts to to immense proportions. It now tained by the US Federal Trade fool America Online users into part- represents more than 50 percent of Commission (www.consumer.gov/ ing with their screen names and pass- all email transmitted over the Inter- sentinel/), has recorded more than words in the mid-1990s. net (see MessageLabs’ December 300,000 Internet-related fraud com- The goal these days is to extract in- 2003 Monthly View, www.messagelabs. plaints, which accounted for nearly formation from a victim that crackers com/binaries/Dec03.pdf, and US$200 million personal losses in can use for financial gain more than BrightMail’s January 2004 Spam Statistics update, www.brightmail. com/spamstats.html). Its costs, which Internet service providers (ISPs) pass on to their customers, are enormous. With spam’s ubiquity comes a whole culture and industry devoted to fighting it. Large groups of people, such as the Spamhaus Project, spend lots of effort to identify spams’ sources so as to shut down spammers’ Internet access. They’ve even created new technology to flag its sources (DNS or border gateway protocol- [BGP]- based blacklists) and spam messages (Bayesian networks, distrib- uted checksum databases, and heuristics) for filtering purposes. PUBLISHED BY THE IEEE COMPUTER SOCIETY I 1540-7993/04/$20.00 © 2004 IEEE I IEEE SECURITY & PRIVACY 65 Attack Trends Worms and viruses used in scams his is an incomplete list of malicious code that has been used by spammers and fraudsters. It is a testament to their increased sophisti- Tcation in committing online crime. Spam relays: Backdoor.Hogle—http://securityresponse.symantec.com/avcenter/venc/data/backdoor.hogle.html DDoS attacks: W32.Mimail.F—http://securityresponse.symantec.com/avcenter/venc/data/[email protected] W32.Mimail.G—http://securityresponse.symantec.com/avcenter/venc/data/[email protected] W32.Mimail.L—http://securityresponse.symantec.com/avcenter/venc/data/[email protected] Phishing scams: W32.Mimail.I—http://securityresponse.symantec.com/avcenter/venc/data/[email protected] W32.Mimail.J—http://securityresponse.symantec.com/avcenter/venc/data/[email protected] W32.Mimail.P—http://securityresponse.symantec.com/avcenter/venc/data/[email protected] W32.Mimail.Q—http://securityresponse.symantec.com/avcenter/venc/data/[email protected] W32.Mimail.S—http://securityresponse.symantec.com/avcenter/venc/data/[email protected] Trojan Septer.Trojan—http://securityresponse.symantec.com/avcenter/venc/data/septer.trojan.html Reverse HTTP proxies: Backdoor.Migmaf—http://securityresponse.symantec.com/avcenter/venc/data/backdoor.migmaf.html W32.HLLW.Fizzer—http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.fi[email protected] Stealing sensitive information: PWSteal.Bancos—http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.html W32.Bibrog—http://securityresponse.symantec.com/avcenter/venc/data/[email protected] W32.Dumuru.Y—http://securityresponse.symantec.com/avcenter/venc/data/[email protected] W32.Dumuru.Z—http://securityresponse.symantec.com/avcenter/venc/data/[email protected] PWSteal.Tarno—http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.tarno.html PWSteal.Banpaes—http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.banpaes.html PWSteal.Banpaes.B—http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.banpaes.b.html Others Download.Trojan.PSK—http://securityresponse.symantec.com/avcenter/venc/data/download.trojan.psk.html W32.Mimail.A—http://securityresponse.symantec.com/avcenter/venc/data/[email protected] Downloader.Mimail—http://securityresponse.symantec.com/avcenter/venc/data/downloader.mimail.html for tweaking AOL users. A com- Malicious code Criminals have also used dialers, monly targeted item is victims’ credit- In the past, we’ve seen spammers oc- programs designed to use victims’ card information (number, expiration casionally use worms and trojans to computer modems to dial national date, card-validation value, and so on). hijack a victim’s Web browsers. They or international “premium services” Criminals also want access to Internet replace the victims’ home and search phone numbers, generating un- payment systems such as e-Bullion, e- pages with links to Web spam, as well wanted charges. (Dialers are some- gold, Evocash, INT Gold, Gold- as drop links to the spam in the vic- times used legitimately; porno- Money, PayPal, and Swiftpay; online tims’ bookmarks and on their desk- graphic Web sites use them to charge transaction services such as Autho- tops. To make money, they infect customers for access to their service.) rize.Net, iBill, and Verotel; and Inter- computers with malicious code that More recently, the line between net accessible banks such as Bank of generates fraudulent ad views (by re- spammers, fraudsters, and crackers America, Barclays Bank, Citibank, peatedly visiting Web pages with spe- has continued to blur as the former Halifax Bank, Lloyds Bank, Nation- cific ads for which the criminals are become more sophisticated and the wide Bank, and Wells Fargo. paid for driving users to view the ads). latter become financially motivated. 66 IEEE SECURITY & PRIVACY I MARCH/APRIL 2004 Attack Trends As noted in “The Making of a Spam Backdoor.Migmaf also acted as a phishing scams, so fraudsters have Zombie Army: Dissecting the Sobig SOCKS proxy server, which per- upped the ante: instead of asking re- Worms” (IEEE Security & Privacy’s mitted the spammer to send out cipients for information, they ob- Malware Recon department, July/ anonymous spam. Infected ma- tain it either from the victims’ com- August 2003, pp. 58–59), spammers chines participated in a PayPal puter system or by monitoring their now can design worms that use in- phishing scam by acting as a proxy Web activity. fected computers to send out spam. for the scam’s Web site (www. The W32.Mimail.Q worm securityfocus.com/archive/1/ steals E-Gold information stored in Spam relays 328772). Evidence suggests that users’ systems and emails it to the One trick in the spammer’s arsenal spammers similarly used an earlier worm’s author. Backdoor.Lala and is to use worms and trojans to cre- worm, W32.HLLW.Fizzer, to point Backdoor.Lala.B steal authentica- ate spam relays. Backdoor.Hogle’s to their spam Web sites. tion cookies for PayPal, e-Bullion, creator designed it specifically for Evocash and eBay, among others, this purpose. After infecting a sys- DDoSs for example. tem, it checks to see whether the Spammers also resort to using The PWSteal.Bancos series of tro- host’s IP address is listed in the worms to create armies of comput- jans and the W32.Bibrog series of blacklists that spamcop.net and ers to launch massive distributed de- worms monitor which Web pages abuse.net maintain; if it’s listed, the nial-of-service (DDoS) attacks users visit. When they detect users program terminates. Several other against spam-fighting resources on viewing a page on certain banks’ sites, worms are suspected vehicles for the Internet. (For URLs with more they display a fake Web page that looks installing proxies that spammers information, see the sidebar.) The identical to that of the banks’. This can use (for example, the current W32.Mimail.F, W32.Mimail.G, and page then directs users to enter their fi- crop of MyDoom worms). W32.Mimail.L worms, for example, nancial information and steals it. attacked spamhaus.org (www.spam Several other trojans and worms Reverse HTTP proxies haus.org/cyberattacks/), spews.org, log keystrokes (such as W32.Du- Spam sometimes points the recipient and spamcop.net. Additionally, the muru.Y, W32.Dumuru.Z, PW- back to a Web site. Antispam cru- W32.Mimail.L worm launched a joe Steal.Tarno, PWSteal.Banpaes, PW- saders attempt to track down these job attack, also called a reputation at- Steal.Banpaes.B, and the TROJ Web sites, contact the responsible tack, against the same sites. These at- _WINCAP series) or record data in ISPs, and have them shut down.
Load more

Recommended publications
  • Spamalytics: an Empirical Analysis of Spam Marketing Conversion
    Spamalytics: An Empirical Analysis of Spam Marketing Conversion Chris Kanich∗ Christian Kreibich† Kirill Levchenko∗ Brandon Enright∗ Geoffrey M. Voelker∗ Vern Paxson† Stefan Savage∗ † ∗ International Computer Science Institute Dept. of Computer Science and Engineering Berkeley, USA University of California, San Diego, USA [email protected],[email protected] {ckanich,klevchen,voelker,savage}@cs.ucsd.edu [email protected] ABSTRACT Unraveling such questions is essential for understanding the eco- The “conversion rate” of spam — the probability that an unso- nomic support for spam and hence where any structural weaknesses licited e-mail will ultimately elicit a “sale” — underlies the entire may lie. Unfortunately, spammers do not file quarterly financial spam value proposition. However, our understanding of this critical reports, and the underground nature of their activities makes third- behavior is quite limited, and the literature lacks any quantitative party data gathering a challenge at best. Absent an empirical foun- study concerning its true value. In this paper we present a method- dation, defenders are often left to speculate as to how successful ology for measuring the conversion rate of spam. Using a parasitic spam campaigns are and to what degree they are profitable. For ex- infiltration of an existing botnet’s infrastructure, we analyze two ample, IBM’s Joshua Corman was widely quoted as claiming that spam campaigns: one designed to propagate a malware Trojan, the spam sent by the Storm worm alone was generating “millions and other marketing on-line pharmaceuticals. For nearly a half billion millions of dollars every day” [2]. While this claim could in fact be spam e-mails we identify the number that are successfully deliv- true, we are unaware of any public data or methodology capable of ered, the number that pass through popular anti-spam filters, the confirming or refuting it.
    [Show full text]
  • Address Munging: the Practice of Disguising, Or Munging, an E-Mail Address to Prevent It Being Automatically Collected and Used
    Address Munging: the practice of disguising, or munging, an e-mail address to prevent it being automatically collected and used as a target for people and organizations that send unsolicited bulk e-mail address. Adware: or advertising-supported software is any software package which automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used. Some types of adware are also spyware and can be classified as privacy-invasive software. Adware is software designed to force pre-chosen ads to display on your system. Some adware is designed to be malicious and will pop up ads with such speed and frequency that they seem to be taking over everything, slowing down your system and tying up all of your system resources. When adware is coupled with spyware, it can be a frustrating ride, to say the least. Backdoor: in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice), or could be a modification to an existing program or hardware device. A back door is a point of entry that circumvents normal security and can be used by a cracker to access a network or computer system. Usually back doors are created by system developers as shortcuts to speed access through security during the development stage and then are overlooked and never properly removed during final implementation.
    [Show full text]
  • Antivirus Software Before It Can Detect Them
    Computer virus A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the owner. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability. A true virus can only spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer.[1][2] The term "computer virus" is sometimes used as a catch-all phrase to include all types of malware. Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, crimeware, and other malicious and unwanted software), including true viruses. Viruses are sometimes confused with computer worms and Trojan horses, which are technically different. A worm can exploit security vulnerabilities to spread itself to other computers without needing to be transferred as part of a host, and a Trojan horse is a program that appears harmless but has a hidden agenda. Worms and Trojans, like viruses, may cause harm to either a computer system's hosted data, functional performance, or networking throughput, when they are executed. Some viruses and other malware have symptoms noticeable to the computer user, but many are surreptitious.
    [Show full text]
  • That Ain't You: Detecting Spearphishing Emails Before They
    That Ain't You: Blocking Spearphishing Emails Before They Are Sent Gianluca Stringhinix and Olivier Thonnardz xUniversity College London z Amadeus [email protected] [email protected] Abstract 1 Introduction Companies and organizations are constantly under One of the ways in which attackers try to steal sen- attack by cybercriminals trying to infiltrate corpo- sitive information from corporations is by sending rate networks with the ultimate goal of stealing sen- spearphishing emails. This type of emails typically sitive information from the company. Such an attack appear to be sent by one of the victim's cowork- is often started by sending a spearphishing email. At- ers, but have instead been crafted by an attacker. tackers can breach into a company's network in many A particularly insidious type of spearphishing emails ways, for example by leveraging advanced malware are the ones that do not only claim to come from schemes [21]. After entering the network, attackers a trusted party, but were actually sent from that will perform additional activities aimed at gaining party's legitimate email account that was compro- access to more computers in the network, until they mised in the first place. In this paper, we pro- are able to reach the sensitive information that they pose a radical change of focus in the techniques used are looking for. This process is called lateral move- for detecting such malicious emails: instead of look- ment. Attackers typically infiltrate a corporate net- ing for particular features that are indicative of at- work, gain access to internal machines within a com- tack emails, we look for possible indicators of im- pany and acquire sensitive information by sending personation of the legitimate owners.
    [Show full text]
  • Who Wrote Sobig? Copyright 2003-2004 Authors Page 1 of 48
    Who Wrote Sobig? Copyright 2003-2004 Authors Page 1 of 48 Who Wrote Sobig? Version 1.0: 19-August-2003. Version 1.1: 25-August-2003. Version 1.2: 19-November-2003. Version 1.3: 17-July-2004. This sanitized variation for public release. Scheduled for release: 1-November-2004. This document is Copyright 2003-2004 by the authors. The PGP key included within this document identifies the authors. Who Wrote Sobig? Copyright 2003-2004 Authors Page 2 of 48 Table of Contents Table of Contents................................................................................................................................................... 2 1 About This Document..................................................................................................................................... 3 2 Overview........................................................................................................................................................ 5 3 Spam and Virus Release History..................................................................................................................... 6 3.1 Identifying Tools .................................................................................................................................... 6 3.2 Identifying Individuals and Specific Groups ............................................................................................ 6 3.3 Identifying Open Proxies and Usage........................................................................................................ 8 3.4
    [Show full text]
  • Image Spam Detection: Problem and Existing Solution
    International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 02 | Feb 2019 www.irjet.net p-ISSN: 2395-0072 Image Spam Detection: Problem and Existing Solution Anis Ismail1, Shadi Khawandi2, Firas Abdallah3 1,2,3Faculty of Technology, Lebanese University, Lebanon ----------------------------------------------------------------------***--------------------------------------------------------------------- Abstract - Today very important means of communication messaging spam, Internet forum spam, junk fax is the e-mail that allows people all over the world to transmissions, and file sharing network spam [1]. People communicate, share data, and perform business. Yet there is who create electronic spam are called spammers [2]. nothing worse than an inbox full of spam; i.e., information The generally accepted version for source of spam is that it crafted to be delivered to a large number of recipients against their wishes. In this paper, we present a numerous anti-spam comes from the Monty Python song, "Spam spam spam spam, methods and solutions that have been proposed and deployed, spam spam spam spam, lovely spam, wonderful spam…" Like but they are not effective because most mail servers rely on the song, spam is an endless repetition of worthless text. blacklists and rules engine leaving a big part on the user to Another thought maintains that it comes from the computer identify the spam, while others rely on filters that might carry group lab at the University of Southern California who gave high false positive rate. it the name because it has many of the same characteristics as the lunchmeat Spam that is nobody wants it or ever asks Key Words: E-mail, Spam, anti-spam, mail server, filter.
    [Show full text]
  • Discussion Paper Countering Spam: How to Craft an Effective Anti-Spam
    DISCUSSION PAPER COUNTERING SPAM: HOW TO CRAFT AN EFFECTIVE ANTI-SPAM LAW International Telecommunication Union This paper has been prepared for the ITU World Summit on the Information Society (WSIS) thematic workshop on Countering Spam, organized under the ITU New Initiatives Programme by the Strategy and Policy Unit (SPU). The paper was written by Matthew B. Prince, CEO and co-founder of Unspam, LLC, a Chicago-based business and government consulting company helping to draft and enforce effective anti-spam laws. He is a member of the Illinois Bar and an Adjunct Professor at the John Marshall Law School. He received his J.D. from the University of Chicago Law School and his B.A. from Trinity College, Hartford, Connecticut. For more information visit: http://www.unspam.com/. The meeting project is managed by Robert Shaw ([email protected]) and Claudia Sarrocco ([email protected]) of the Strategy and Policy Unit (SPU) and the series is organized under the overall responsibility of Tim Kelly, Head, SPU. This and the other papers in the series are edited by Joanna Goodrick. The views expressed in this paper are those of the author and do not necessarily represent those of ITU or its membership. 1 Introduction Since the first anti-spam law worldwide was passed in 1997, at least 75 governments around the world have passed anti-spam laws.1 That first anti-spam law was in fact passed at state-level in the United States, by the state of Nevada.2 The anti-spam laws in existence today take the form of so-called “opt-in” or “opt-out” regulations.
    [Show full text]
  • Characterizing Spam Traffic and Spammers
    2007 International Conference on Convergence Information Technology Characterizing Spam traffic and Spammers Cynthia Dhinakaran and Jae Kwang Lee , Department of Computer Engineering Hannam University, South Korea Dhinaharan Nagamalai Wireilla Net Solutions Inc, Chennai, India, Abstract upraise of Asian power houses like China and India, the number of email users have increased tremendously There is a tremendous increase in spam traffic [15]. These days spam has become a serious problem these days [2]. Spam messages muddle up users inbox, to the Internet Community [8]. Spam is defined as consume network resources, and build up DDoS unsolicited, unwanted mail that endangers the very attacks, spread worms and viruses. Our goal is to existence of the e-mail system with massive and present a definite figure about the characteristics of uncontrollable amounts of message [4]. Spam brings spam and spammers. Since spammers change their worms, viruses and unwanted data to the user’s mode of operation to counter anti spam technology, mailbox. Spammers are different from hackers. continues evaluation of the characteristics of spam and Spammers are well organized business people or spammers technology has become mandatory. These organizations that want to make money. DDoS attacks, evaluations help us to enhance the existing technology spy ware installations, worms are not negligible to combat spam effectively. We collected 400 thousand portion of spam traffic. According to research [5] most spam mails from a spam trap set up in a corporate spam originates from USA, South Korea, and China mail server for a period of 14 months form January respectively. Nearly 80% of all spam are received from 2006 to February 2007.
    [Show full text]
  • An Empirical Analysis of Spam Marketing Conversion by Chris Kanich, Christian Kreibich, Kirill Levchenko, Brandon Enright, Geoffrey M
    DOI:10.1145/1562164.1562190 Spamalytics: An Empirical Analysis of Spam Marketing Conversion By Chris Kanich, Christian Kreibich, Kirill Levchenko, Brandon Enright, Geoffrey M. Voelker, Vern Paxson, and Stefan Savage Abstract third-party spam senders and through the pricing and gross The “conversion rate” of spam—the probability that an margins offered by various Interne marketing “affiliate unsolicited email will ultimately elicit a “sale”—underlies programs.”a However, the conversion rate depends funda- the entire spam value proposition. However, our under- mentally on group actions—on what hundreds of millions standing of this critical behavior is quite limited, and the of Internet users do when confronted with a new piece of literature lacks any quantitative study concerning its true spam—and is much harder to obtain. While a range of anec- value. In this paper we present a methodology for measuring dotal numbers exist, we are unaware of any well-documented the conversion rate of spam. Using a parasitic infiltration of measurement of the spam conversion rate.b an existing botnet’s infrastructure, we analyze two spam In part, this problem is methodological. There are no campaigns: one designed to propagate a malware Trojan, apparent methods for indirectly measuring spam conver- the other marketing online pharmaceuticals. For nearly a sion. Thus, the only obvious way to extract this data is to half billion spam emails we identify the number that are build an e-commerce site, market it via spam, and then successfully delivered, the number that pass through popu- record the number of sales. Moreover, to capture the spam- lar antispam filters, the number that elicit user visits to the mer’s experience with full fidelity, such a study must also advertised sites, and the number of “sales” and “infections” mimic their use of illicit botnets for distributing email and produced.
    [Show full text]
  • Locating Political Power in Internet Infrastructure by Ashwin Jacob
    Where in the World is the Internet? Locating Political Power in Internet Infrastructure by Ashwin Jacob Mathew A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Information in the Graduate Division of the University of California, Berkeley Committee in charge: Professor John Chuang, Co-chair Professor Coye Cheshire, Co-chair Professor Paul Duguid Professor Peter Evans Fall 2014 Where in the World is the Internet? Locating Political Power in Internet Infrastructure Copyright 2014 by Ashwin Jacob Mathew This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.1 1The license text is available at http://creativecommons.org/licenses/by-nc-sa/4.0/. 1 Abstract Where in the World is the Internet? Locating Political Power in Internet Infrastructure by Ashwin Jacob Mathew Doctor of Philosophy in Information University of California, Berkeley Professor John Chuang, Co-chair Professor Coye Cheshire, Co-chair With the rise of global telecommunications networks, and especially with the worldwide spread of the Internet, the world is considered to be becoming an information society: a society in which social relations are patterned by information, transcending time and space through the use of new information and communications technologies. Much of the popular press and academic literature on the information society focuses on the dichotomy between the technologically-enabled virtual space of information, and the physical space of the ma- terial world. However, to understand the nature of virtual space, and of the information society, it is critical to understand the politics of the technological infrastructure through which they are constructed.
    [Show full text]
  • Distributed Data Streaming Algorithms for Network Anomaly Detection Wenji Chen Iowa State University
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by Digital Repository @ Iowa State University Iowa State University Capstones, Theses and Graduate Theses and Dissertations Dissertations 2017 Distributed Data Streaming Algorithms for Network Anomaly Detection Wenji Chen Iowa State University Follow this and additional works at: https://lib.dr.iastate.edu/etd Part of the Computer Engineering Commons Recommended Citation Chen, Wenji, "Distributed Data Streaming Algorithms for Network Anomaly Detection" (2017). Graduate Theses and Dissertations. 15278. https://lib.dr.iastate.edu/etd/15278 This Dissertation is brought to you for free and open access by the Iowa State University Capstones, Theses and Dissertations at Iowa State University Digital Repository. It has been accepted for inclusion in Graduate Theses and Dissertations by an authorized administrator of Iowa State University Digital Repository. For more information, please contact [email protected]. Distributed data streaming algorithms for network anomaly detection by Wenji Chen A dissertation submitted to the graduate faculty in partial fulfillment of the requirements for the degree of DOCTOR OF PHILOSOPHY Major: Computer Engineering Program of Study Committee: Yong Guan, Major Professor Jennifer Lee Newman Srikanta Tirthapura Daji Qiao Doug Jacobson Iowa State University Ames, Iowa 2017 Copyright c Wenji Chen, 2017. All rights reserved. ii TABLE OF CONTENTS LIST OF TABLES vi LIST OF FIGURES vii ACKNOWLEDGEMENTSx ABSTRACT xi CHAPTER 1. OVERVIEW1 1.1 Motivations . .1 1.1.1 Network Attacks and Anomalies . .1 1.1.2 Countermeasures . .2 1.2 Challenges . .5 CHAPTER 2. PRELIMINARIES6 2.1 Data Streaming Models . .6 2.2 Basic Techniques .
    [Show full text]
  • Opting out of Spam: a Domain Level Do-Not-Spam Registry
    Opting Out of Spam: A Domain Level Do-Not-Spam Registry Rebecca Bolint INTRODUCTION Spain, or unsolicited commercial email,' drastically lowers the costs of advertising directly to prospective consumers by exploiting open electronic mail protocols. And it has become an obnoxious big business. Markets, norms, and technological measures 2 have all failed to change sufficiently the economics of the spain business model. Spare is clogging businesses' servers and users' inboxes, and costing too much money and time in return for too little benefit. This Note argues that despite widespread criticism, current federal spain law has in fact effectively targeted the most egregious senders. But it has also created an entitlement to send spam--one free message-before a recipient's wish to avoid spain must be honored. This reverses the entitlement set in other media and ignores consumer demand for privacy and a Do-Not-Call Registry for email. Part I of this Note describes spain, its scale, and its costs and benefits. Part II analyzes attempts to use the market and state legislation to fix the problem. It explains why these efforts failed, and why federal legislation was required. Part III outlines the successes of CAN-SPAM, the groundbreaking federal spain law, as well as the interlocking set of state laws used to combat spainmers. Part IV compares spain law to policies addressing unsolicited commercial speech in other media and proposes a policy suggested in CAN-SPAM, but ultimately overlooked: a Do-Not-Call Registry for email. This Note concludes that a Do- Not-Spain Registry balances the easy detection of a strict liability rule with the t Yale Law School, J.D.
    [Show full text]