Skip navigation
  • 中文
  • English

DSpace CRIS

  • DSpace logo
  • Home
  • Research Outputs
  • Researchers
  • Organizations
  • Projects
  • Explore by
    • Research Outputs
    • Researchers
    • Organizations
    • Projects
  • Communities & Collections
  • SDGs
  • Sign in
  • 中文
  • English
  1. National Taiwan Ocean University Research Hub

Spam Source Trace and Spam Delivery Path Analysis

View Statistics Email Alert RSS Feed

  • Information

Details

Project title
Spam Source Trace and Spam Delivery Path Analysis
Code/計畫編號
NSC101-2221-E019-069
Translated Name/計畫中文名
垃圾郵件來源追蹤與傳送路徑分析
 
Project Coordinator/計畫主持人
Chun-Chao Yeh
Funding Organization/主管機關
National Science and Technology Council
 
Department/Unit
Department of Computer Science and Engineering
Website
https://www.grb.gov.tw/search/planDetail?id=2634179
Year
2012
 
Start date/計畫起
01-08-2012
Expected Completion/計畫迄
31-07-2013
 
Bugetid/研究經費
460千元
 
ResearchField/研究領域
資訊工程--硬體工程
 

Description

Abstract
垃圾郵件來源追蹤不僅可以有效的嚇阻垃圾郵件散播者(spammers)或是阻絕散播機 器(spam hosts) ,另外一個重要目的則是對於垃圾郵件散播者或散播機器的管理者的舉 證(information security and forensics) 。因此,如何提供一個有效的垃圾郵件來源追蹤方法 一直是研究人員努力想達成的目標。根據網際網路郵件傳送協定(SMTP) ,郵件每經過 一個郵件伺服器(mail transfer agent, MTA)的傳送該郵件伺服器就會記錄傳送端與接收端 郵件伺服器的資訊,並將此資訊記錄於該郵件表頭並送往下一個郵件伺服器。因此,理 論上當郵件到達目的端終點時,該郵件表頭會紀錄完整的郵件傳送路徑。然而由於大部 分的郵件伺服器並沒有使用郵件認證(authentication) ,因此所有的郵件表頭記錄皆有可 能被竄改或僞造。有鑑於此,針對此問題目前研究人員並沒有提出有效的方法。 本研究嘗試針對此問題發展一些有效的策略與方法。根據文獻的研究與我們過去對 垃圾郵件相關議題研究的心得,我們發現大部分的竄改或僞造的動機主要是想隱藏垃圾 郵件發送者或是混淆郵件伺服器上的郵件過濾機制。本研究嘗試突破過去研究人員未解 決的問題──垃圾郵件來源追蹤與傳送路徑分析。希望透過這個計畫的執行讓我們可以 對該問題有更深的認識,掌握關鍵問題所在,並進一步發展預防/偵測/防禦等相關技術 及因應措施。 Spam source tracing is one of important and emergent research issues for developing anti-spam techniques. Spam source tracing tries to indentify the true spammers (or the spam hosts) which disseminate the spam messages. Additionally, spam source tracing can provide useful forensic evidences to fight with those who responsible to the spam behaviors. Consequently, spam source tracing is thought as one of effective measures to deter spammers. Meanwhile, through the spam source tracing, the research communities of anti-spam could have a clear view about how the spam messages propagate inside the Internet network. And, accordingly better vantage points can be identified to block spam messages. Unfortunately, to confuse the anti-spam software about the true message forwarding path, due, spammers have developed some anti-filtering techniques by forging the message forwarding information embedded in the spam messages. According to SMTP (simple mail transfer protocol, current Internet standard protocols for Internet email transfer), when an email is forwarded from MTA (mail transfer agent) X to MTA Y, denoted as X->Y, the receiving MTA (Y) would put a trace information added to the front of the email message before the MTA (Y) forwards the email to the next MTA Z, in which the MTA Z could be another intermediate MTA in the complete forwarding path or the final email receiving agent which is responsible to handle all the emails with the specified domain name same as the one the email recipients belonging to. A fake forwarding path (F1->F2->…->Fk) forged by a spammer could be inserted in any position of the true forwarding path before leaving a spamming host. Accordingly, spam source tracing is thought as an intractable problem by the research communities. So far, no effective mechanisms has been proposed and evaluated. In this research project, we are going to investigate possible effective schemes to solve the problems. We propose a strategy to identify the parts of possible forged forwarding path claimed in a spam message. The key ideas behind the proposed strategy are based on identify fingerprints of each email servers. From our previous studies, we found some invariance signatures/structures/string-patterns among those forwarding paths dropped by an email server. According to SMTP, the trace information, added by a MTA upon receiving an email message from other email agents, should conform to a specified syntax structure. Depending on the email software packages used and the configuration setting for the MTA, all records of the trace information added by same MTA present some invariance regarding the values or structures in the specific fields of the trace information. Due to lack of the knowledge for the configuration of MTA X involving in the forged forwarding paths, it is hard for a spammer to forge “correct” trace information generated by MTA X. Even if the spammers have learned how to generate “correct” trace information, the forwarding path embedded in the spam message would not be consistent with the true forwarding path embedded in a normal email message.
 
Keyword(s)
垃圾郵件
垃圾郵件來源追蹤
垃圾郵件傳送路徑分析
網際網路安全
spam
spam source tracing
dpam delivery path analysis
internet security
 
Explore by
  • Communities & Collections
  • Research Outputs
  • Researchers
  • Organizations
  • Projects
Build with DSpace-CRIS - Extension maintained and optimized by Logo 4SCIENCE Feedback