A Cross-Domain Hidden Spam Detection Method Based on Domain Name Resolution
Total Page:16
File Type:pdf, Size:1020Kb

Load more
Recommended publications
-
The Internet and Drug Markets
INSIGHTS EN ISSN THE INTERNET AND DRUG MARKETS 2314-9264 The internet and drug markets 21 The internet and drug markets EMCDDA project group Jane Mounteney, Alessandra Bo and Alberto Oteo 21 Legal notice This publication of the European Monitoring Centre for Drugs and Drug Addiction (EMCDDA) is protected by copyright. The EMCDDA accepts no responsibility or liability for any consequences arising from the use of the data contained in this document. The contents of this publication do not necessarily reflect the official opinions of the EMCDDA’s partners, any EU Member State or any agency or institution of the European Union. Europe Direct is a service to help you find answers to your questions about the European Union Freephone number (*): 00 800 6 7 8 9 10 11 (*) The information given is free, as are most calls (though some operators, phone boxes or hotels may charge you). More information on the European Union is available on the internet (http://europa.eu). Luxembourg: Publications Office of the European Union, 2016 ISBN: 978-92-9168-841-8 doi:10.2810/324608 © European Monitoring Centre for Drugs and Drug Addiction, 2016 Reproduction is authorised provided the source is acknowledged. This publication should be referenced as: European Monitoring Centre for Drugs and Drug Addiction (2016), The internet and drug markets, EMCDDA Insights 21, Publications Office of the European Union, Luxembourg. References to chapters in this publication should include, where relevant, references to the authors of each chapter, together with a reference to the wider publication. For example: Mounteney, J., Oteo, A. and Griffiths, P. -
Fully Automatic Link Spam Detection∗ Work in Progress
SpamRank – Fully Automatic Link Spam Detection∗ Work in progress András A. Benczúr1,2 Károly Csalogány1,2 Tamás Sarlós1,2 Máté Uher1 1 Computer and Automation Research Institute, Hungarian Academy of Sciences (MTA SZTAKI) 11 Lagymanyosi u., H–1111 Budapest, Hungary 2 Eötvös University, Budapest {benczur, cskaresz, stamas, umate}@ilab.sztaki.hu www.ilab.sztaki.hu/websearch Abstract Spammers intend to increase the PageRank of certain spam pages by creating a large number of links pointing to them. We propose a novel method based on the concept of personalized PageRank that detects pages with an undeserved high PageRank value without the need of any kind of white or blacklists or other means of human intervention. We assume that spammed pages have a biased distribution of pages that contribute to the undeserved high PageRank value. We define SpamRank by penalizing pages that originate a suspicious PageRank share and personalizing PageRank on the penalties. Our method is tested on a 31 M page crawl of the .de domain with a manually classified 1000-page stratified random sample with bias towards large PageRank values. 1 Introduction Identifying and preventing spam was cited as one of the top challenges in web search engines in a 2002 paper [24]. Amit Singhal, principal scientist of Google Inc. estimated that the search engine spam industry had a revenue potential of $4.5 billion in year 2004 if they had been able to completely fool all search engines on all commercially viable queries [36]. Due to the large and ever increasing financial gains resulting from high search engine ratings, it is no wonder that a significant amount of human and machine resources are devoted to artificially inflating the rankings of certain web pages. -
In-Depth Evaluation of Redirect Tracking and Link Usage
Proceedings on Privacy Enhancing Technologies ; 2020 (4):394–413 Martin Koop*, Erik Tews, and Stefan Katzenbeisser In-Depth Evaluation of Redirect Tracking and Link Usage Abstract: In today’s web, information gathering on 1 Introduction users’ online behavior takes a major role. Advertisers use different tracking techniques that invade users’ privacy It is common practice to use different tracking tech- by collecting data on their browsing activities and inter- niques on websites. This covers the web advertisement ests. To preventing this threat, various privacy tools are infrastructure like banners, so-called web beacons1 or available that try to block third-party elements. How- social media buttons to gather data on the users’ on- ever, there exist various tracking techniques that are line behavior as well as privacy sensible information not covered by those tools, such as redirect link track- [52, 69, 73]. Among others, those include information on ing. Here, tracking is hidden in ordinary website links the user’s real name, address, gender, shopping-behavior pointing to further content. By clicking those links, or or location [4, 19]. Connecting this data with informa- by automatic URL redirects, the user is being redirected tion gathered from search queries, mobile devices [17] through a chain of potential tracking servers not visible or content published in online social networks [5, 79] al- to the user. In this scenario, the tracker collects valuable lows revealing further privacy sensitive information [62]. data about the content, topic, or user interests of the This includes personal interests, problems or desires of website. Additionally, the tracker sets not only third- users, political or religious views, as well as the finan- party but also first-party tracking cookies which are far cial status. -
Clique-Attacks Detection in Web Search Engine for Spamdexing Using K-Clique Percolation Technique
International Journal of Machine Learning and Computing, Vol. 2, No. 5, October 2012 Clique-Attacks Detection in Web Search Engine for Spamdexing using K-Clique Percolation Technique S. K. Jayanthi and S. Sasikala, Member, IACSIT Clique cluster groups the set of nodes that are completely Abstract—Search engines make the information retrieval connected to each other. Specifically if connections are added task easier for the users. Highly ranking position in the search between objects in the order of their distance from one engine query results brings great benefits for websites. Some another a cluster if formed when the objects forms a clique. If website owners interpret the link architecture to improve ranks. a web site is considered as a clique, then incoming and To handle the search engine spam problems, especially link farm spam, clique identification in the network structure would outgoing links analysis reveals the cliques existence in web. help a lot. This paper proposes a novel strategy to detect the It means strong interconnection between few websites with spam based on K-Clique Percolation method. Data collected mutual link interchange. It improves all websites rank, which from website and classified with NaiveBayes Classification participates in the clique cluster. In Fig. 2 one particular case algorithm. The suspicious spam sites are analyzed for of link spam, link farm spam is portrayed. That figure points clique-attacks. Observations and findings were given regarding one particular node (website) is pointed by so many nodes the spam. Performance of the system seems to be good in terms of accuracy. (websites), this structure gives higher rank for that website as per the PageRank algorithm. -
Spamming Botnets: Signatures and Characteristics
Spamming Botnets: Signatures and Characteristics Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten+,IvanOsipkov+ Microsoft Research, Silicon Valley +Microsoft Corporation {yxie,fangyu,kachan,rina,ghulten,ivano}@microsoft.com ABSTRACT botnet infection and their associated control process [4, 17, 6], little In this paper, we focus on characterizing spamming botnets by effort has been devoted to understanding the aggregate behaviors of leveraging both spam payload and spam server traffic properties. botnets from the perspective of large email servers that are popular Towards this goal, we developed a spam signature generation frame- targets of botnet spam attacks. work called AutoRE to detect botnet-based spam emails and botnet An important goal of this paper is to perform a large scale analy- membership. AutoRE does not require pre-classified training data sis of spamming botnet characteristics and identify trends that can or white lists. Moreover, it outputs high quality regular expression benefit future botnet detection and defense mechanisms. In our signatures that can detect botnet spam with a low false positive rate. analysis, we make use of an email dataset collected from a large Using a three-month sample of emails from Hotmail, AutoRE suc- email service provider, namely, MSN Hotmail. Our study not only cessfully identified 7,721 botnet-based spam campaigns together detects botnet membership across the Internet, but also tracks the with 340,050 unique botnet host IP addresses. sending behavior and the associated email content patterns that are Our in-depth analysis of the identified botnets revealed several directly observable from an email service provider. Information interesting findings regarding the degree of email obfuscation, prop- pertaining to botnet membership can be used to prevent future ne- erties of botnet IP addresses, sending patterns, and their correlation farious activities such as phishing and DDoS attacks. -
Download PDF Document, 456 KB
ENISA Position Paper No. 2 Reputation-based Systems: a security analysis Editors: Elisabetta Carrara and Giles Hogben, ENISA October 2007 Reputation-based Systems ENISA Position Papers represent expert opinion on topics ENISA considers to be important emerging risks or key security components. They are produced as the result of discussion among a group of experts who were selected for their knowledge in the area. The content was collected via wiki, mailing list and telephone conferences and edited by ENISA. This paper aims to provide a useful introduction to security issues affecting Reputation-based Systems by identifying a number of possible threats and attacks, highlighting the security requirements that should be fulfilled by these systems and providing recommendations for action and best practices to reduce the security risks to users. Examples are given from a number of providers throughout the paper. These should be taken as examples only and there is no intention to single out a specific provider for criticism or praise. The examples provided are not necessarily those most representative or important, nor is the aim of this paper to conduct any kind of market survey, as there might be other providers which are not mentioned here and nonetheless are equally or more representative of the market. Audience This paper is aimed at providers, designers, research and standardisation communities, government policy-makers and businesses. ENISA Position Paper No.2 Reputation-based Systems: a security analysis 1 Reputation-based Systems EXECUTIVE -
Redirect URL
July 2012 Redirect URL User Guide Welcome to AT&T Website Solutions SM We are focused on providing you the very best web hosting service including all the tools necessary to establish and maintain a successful website. This document contains information that will help you to redirect pages from your site to other locations. You can use it to create a new Domain Redirection as well. © 2012 AT&T Intellectual Property. All rights reserved. AT&T products and services are provided or offered by subsidiaries and affiliates of AT&T Inc. under the AT&T brand and not by AT&T Inc. AT&T, AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other trademarks are the property of their owners. This document is not an offer, commitment, representation or warranty by AT&T and is subject to change. Your Web Hosting service is subject to the Terms and Conditions (T&Cs), which may be found at http://webhosting.att.com/Terms-Conditions.aspx . Service terms and Fees are subject to change without notice. Please read the T&Cs for additional information. © 2010 AT&T Intellectual Property. All rights re served. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. Table of ContenContentstststs Introduction ........................................................................................................................................................ 3 Create a New Redirect ................................................................................................................................... -
Detection of Malicious Urls by Correlating the Chains of Redirection in an Online Social Network (Twitter)
International Journal of Research Studies in Computer Science and Engineering (IJRSCSE) Volume 1, Issue 3, July 2014, PP 33-38 ISSN 2349-4840 (Print) & ISSN 2349-4859 (Online) www.arcjournals.org Detection of Malicious URLs by Correlating the Chains of Redirection in an Online Social Network (Twitter) 1MD.Sabeeha, SK.Karimullah, 2P.Babu 1PG Schalor,CSE, Quba college of engineering and technology 2, Associate professor, QCET, NELLORE ABSTRACT: Twitter is prone to malicious tweets containing URLs for spam, phishing, and malware distribution. Conventional Twitter spam detection schemes utilize account features such as the ratio of tweets containing URLs and the account creation date, or relation features in the Twitter graph. These detection schemes are ineffective against feature fabrications or consume much time and resources. Conventional suspicious URL detection schemes utilize several features including lexical features of URLs, URL redirection, HTML content, and dynamic behavior. However, evading techniques such as time-based evasion and crawler evasion exist. In this paper, we propose WARNINGBIRD, a suspicious URL detection system for Twitter. Our system investigates correlations of URL redirect chains extracted from several tweets. Because attackers have limited resources and usually reuse them, their URL redirect chains frequently share the same URLs. We develop methods to discover correlated URL redirect chains using the frequently shared URLs and to determine their suspiciousness. We collect numerous tweets from the Twitter public timeline and build a statistical classifier using them. Evaluation results show that our classifier accurately and efficiently detects suspicious URLs. We also present WARNINGBIRD as a near real-time system for classifying suspicious URLs in the Twitter stream. -
OWASP Asia 2008 Rsnake.Pdf
1 Robert Hansen - CEO SecTheory LLC Bespoke Boutique Internet Security Web Application/Browser Security Network/OS Security http://www.sectheory.com/ Advisory capacity to VCs/start-ups Founded the web application security lab http://ha.ckers.org/ - the lab http://sla.ckers.org/ - the forum 2 iHumble I want to explain the history… Only a few know the whole story. Sit back and relax, it’s story time. 3 We’ve all heard these sentiments: “If you find a vulnerability, we ask that you share it with us. If you share it with us, we will respond to you with a time we will fix that hole.” Scott Petry – Director @ Google (We’ll be coming back to this!) 4 It all started four years ago… We found that redirection vulnerabilities were being used by phishers in a number of sites, Visa, Doubleclick, eBay and of course, Google to confuse consumers. Timeframes for fixes: Visa closed their hole down within hours Double Click within days (partially) eBay within weeks Google still hasn’t closed them (~4 years later) Every company agrees it’s a hole. Everyone 5 Word gets out – fast! http://blogs.geekdojo.net/brian/archive/2004/10/14/googlephishing.aspx http://lists.virus.org/dshield-0602/msg00156.html http://blog.eweek.com/blogs/larry_seltzer/archive/2006/03/05/8240.aspx http://thespamdiaries.blogspot.com/2006/03/google-used-as-url-cloaking-device- in.html http://www.docuverse.com/blog/donpark/EntryViewPage.aspx?guid=e08af74b- 8b86-418c-94e0-7d29a7cb91e2 http://email.about.com/od/outlooktips/qt/et043005.htm http://listserv.educause.edu/cgi- bin/wa.exe?A2=ind0511&L=security&T=0&F=&S=&P=15599 http://www.zataz.com/news/13296/google-corrige-une-faille.html http://google.blognewschannel.com/archives/2007/02/22/google-changes-redirects- adds-nofollow-to-blogger/ http://googlesystem.blogspot.com/2007/02/google-redirect-notice.html And others… 6 Everyone has vulns. -
Real-Time Detection System for Suspicious Urls Krishna Prasad Chouty Governors State University
Governors State University OPUS Open Portal to University Scholarship All Capstone Projects Student Capstone Projects Fall 2015 Real-Time Detection System for Suspicious URLs Krishna Prasad Chouty Governors State University Anup Chandra Thogiti Governors State University Kranthi Sudha Vudatha Governors State University Follow this and additional works at: http://opus.govst.edu/capstones Part of the Digital Communications and Networking Commons, and the Information Security Commons Recommended Citation Chouty, Krishna Prasad; Thogiti, Anup Chandra; and Vudatha, Kranthi Sudha, "Real-Time Detection System for Suspicious URLs" (2015). All Capstone Projects. 164. http://opus.govst.edu/capstones/164 For more information about the academic degree, extended learning, and certificate programs of Governors State University, go to http://www.govst.edu/Academics/Degree_Programs_and_Certifications/ Visit the Governors State Computer Science Department This Project Summary is brought to you for free and open access by the Student Capstone Projects at OPUS Open Portal to University Scholarship. It has been accepted for inclusion in All Capstone Projects by an authorized administrator of OPUS Open Portal to University Scholarship. For more information, please contact [email protected]. REAL-TIMEDETECTION SYSTEM FOR SUSPICIOUS URL’S By Krishna Prasad, Chouty B.Tech, JAWAHARLAL NEHURU TECHNOLOGICAL UNIVERSITY, 2012 AnupChandra, Thogiti B.Tech, JAWAHARLAL NEHURU TECHNOLOGICAL UNIVERSITY, 2011 Kranthi Sudha, Vudatha B.Tech, JAWAHARLAL NEHURU TECHNOLOGICAL UNIVERSITY, -
Towards Electronic Persistence Using ARK Identifiers
Towards Electronic Persistence Using ARK Identifiers John A. Kunze California Digital Library University of California, Office of the President, Oakland, CA 94612, USA [email protected] Abstract. The ARK (Archival Resource Key) is the only persistent naming scheme for internet information objects that squarely faces the service issues underlying practical electronic permanence. The ARK is a specially constructed, actionable URL encapsulating a globally unique identity that is independent of the current service provider. Each ARK is by definition bound to three things: (a) object access, (b) object meta- data, and (c) a faceted commitment statement. These service bindings provide the best way for service providers to communicate their varied commitments to objects. It is for these reasons that the California Digital Library is pursuing the use of ARKs. 1 Introduction Web users know the irritation of broken URLs [2]. Returning to a web address only to find the desired object missing is more than an irritation for scholars and catalogers, whose trades rely on persistent reference. If there is one thing that distinguishes a digital library from a mere web site, it is that libraries do their best to provide reliable, persistent access through durable links. To that end much discussion and development activity has focused on persistent identifiers, in other words, on links that continue to provide access into the indefinite fu- ture. The popular vision of ubiquitous, technologically-hardened identifiers has a deceptively simple problem statement: 1. The goal: long-term identifiers. 2. The problem: URLs break. 3. Why URLs break: because objects are moved, removed, and replaced. -
Detection of Malicious Url Redirection and Distribution
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology ISSN 2320–088X IJCSMC, Vol. 2, Issue. 5, May 2013, pg.1 – 5 RESEARCH ARTICLE DETECTION OF MALICIOUS URL REDIRECTION AND DISTRIBUTION T. Manjula Devi 1, R. Krishnaveni 2 1School of Computing Sciences, Hindustan University, India 2School of Computing Sciences, Hindustan University, India 1 [email protected]; 2 [email protected] Abstract— Web-based malicious software (malware) has been increasing over the Internet .It poses threats to computer users through web sites. Computers are infected with Web-based malware by drive-by-download attacks. Drive-by-download attacks force users to download and install the Web-based malware without being aware of it .these attacks evade detection by using automatic redirections to various websites. It is difficult to detect these attacks because each redirection uses the obfuscation technique. This paper analyzes the HTTP communication data of drive-by-download attacks. The results show significant features of the malicious redirections that are used effectively when we detect malware. Key Terms: - Web-based malware; drive-by-download attacks; packet capturing I. INTRODUCTION Damage resulting from Web-based malware has been increasing. Web-based malware uses a drive-by- download technique as its attack methods. Drive-by-download attacks force computer users to download and install malware without being aware of it by exploiting the vulnerabilities in a Web browser or some external components [1]. Figure 1 illustrates a typical drive-by- download attack. A user accessing an entrance site is redirected to malicious Web sites in sequence.