Detecting Spam Zombies
by Monitoring Outgoing Messages
ABSTRACT:
Compromised machines are one of the key
security threats on the Internet; they are often used to launch various
security attacks such as spamming and spreading malware, DDoS, and identity theft.
Given that spamming provides a key economic incentive for attackers to recruit
the large number of compromised machines, we focus on the detection of the
compromised machines in a network that are involved in the spamming activities,
commonly known as spam zombies. We develop an effective spam zombie detection
system named SPOT by monitoring outgoing messages of a network. SPOT is
designed based on a powerful statistical tool called Sequential Probability
Ratio Test, which has bounded false positive and false negative error rates. In
addition, we also evaluate the performance of the developed SPOT system using a
two-month e-mail trace collected in a large US campus network. Our evaluation
studies show that SPOT is an effective and efficient system in automatically
detecting compromised machines in a network.
For example, among the 440 internal IP
addresses observed in the e-mail trace, SPOT identifies 132 of them as being
associated with compromised machines. Out of the 132 IP addresses identified by
SPOT, 126 can be either independently confirmed (110) or highly likely (16) to
be compromised. Moreover, only seven internal IP addresses associated with
compromised machines in the trace are missed by SPOT. In addition, we also
compare the performance of SPOT with two other spam zombie detection algorithms
based on the number and percentage of spam messages originated or forwarded by
internal machines, respectively, and show that SPOT outperforms these two
detection algorithms.
NETWORK
MODEL:
SYSTEM ARCHITECTURE:
EXISTING
SYSTEM:
Major security challenge on the Internet
is the existence of the large number of compromised machines. Such machines
have been increasingly used to launch various security attacks including
spamming and spreading malware, DDoS, and identity theft
DISADVANTAGES
OF EXISTING SYSTEM:
They are often used to launch various
security attacks such as spamming and spreading malware, DDoS, and identity
theft.
A major security challenge on the
Internet is the existence of the large number of compromised machines.
Their approaches are
better suited for large e-mail service providers to understand the aggregate
global characteristics of spamming botnets instead of being deployed by
individual networks to detect internal compromised machines. Moreover, their
approaches cannot support the online detection requirement in the network
environment considered in this paper.
The existing algorithm
is less effective.
Identifying and
cleaning compromised machines in a network remain a significant challenge for
system administrators of networks of all sizes.
PROPOSED
SYSTEM:
In this paper, we focus on the detection
of the compromised machines in a network that are used for sending spam messages,
which are commonly referred to as spam zombies.
The nature of sequentially observing
outgoing messages gives rise to the sequential detection problem. In this
paper, we will develop a spam zombie detection system, named SPOT, by
monitoring outgoing messages. SPOT is designed based on a statistical method
called Sequential Probability Ratio Test (SPRT), As a simple and powerful
statistical method, SPRT has a number of desirable features. It minimizes the expected
number of observations required to reach a decision among all the sequential
and non-sequential statistical tests with no greater error rates. This means
that the SPOT detection system can identify a compromised machine quickly.
In proposed system to develop an
effective spam zombie detection system named SPOT.
SPOT is used to monitoring outgoing
messages of a network.
SPOT is designed based on a statistical
method called sequential probability ratio test (SPRT).
SPOT can be used to test between two
hypotheses whether the machine is compromised or not.
ADVANTAGES
OF PROPOSED SYSEM:
SPOT is an effective and efficient
system in automatically detecting compromised machines in a network. For
example, among the 440 internal IP addresses observed in the e-mail trace, SPOT
identifies 132 of them as being associated with compromised machines. Out of
the 132 IP addresses identified by SPOT, 126 can be either independently confirmed
(110) or are highly likely (16) to be compromised.
SPOT has bounded false positive and
false negative error rates.
It also minimizes the number of required
observations to detect a spam zombie.
LIST
OF MODULES:
1)
Account authentication
2)
Sending mails
3)
SPOT detection
i.
capture IP
ii.
SPOT filter
iii.
SPOT results
4)
CT detection.
5)
PT detection
MODULES
DESCRIPTION:
1.
Account authentication
§ In
this module to check the mail id and password.
§ If
these two fields are valid, the account is authenticated.
§ Otherwise
is not valid.
2. Sending mails
§ In
this module a single person to send one or more mails to other person.
§ This
mails either spam or non spam.
§ Spam
means the more copies of the single message are send.
§ And
it contains more than 20 lines.
3. SPOT detection
§ In
this module to capture the IP address of the system.
§ That
system mails are applied to filtering process.
§ In
this process, the mail content is filtered.
§ Finally
to produce the result of filter.
4. CT detection
§ In
this module to set the threshold value Cs
.
§ Cs
denotes the fixed length of spam mail.
§ Also
to count the number of lines in each mail.
§ If
the each mail, counts are greater than equal to threshold value.
§ So,
these mails are spam mail.
5. PT detection
§ In
this module to set two threshold values.
§ 1)
Ca- specifies the minimum number of mail that machine must send. 2) P-
specifies the maximum spam mail percentage of a normal machine.
§ This
algorithm is used to compute the count of total mails and the count of spam
mails of machine.
§ To
check this count of total mails are greater than equal to Cs and the count of
spam mails are greater than equal to P.
§ If
it’s true these mails are spam mail.
SYSTEM
REQUIREMENTS:
HARDWARE
REQUIREMENTS:
•
System : Pentium IV 2.4 GHz.
•
Hard
Disk : 40 GB.
•
Floppy
Drive : 1.44 Mb.
•
Monitor : 15 VGA Colour.
•
Mouse : Logitech.
•
Ram : 512 Mb.
SOFTWARE
REQUIREMENTS:
•
Operating system : - Windows XP.
•
Coding Language : JAVA
•
DATABASE :
MYSQL
CONCLUSION:
v SPOT
can work extremely well in the environment of dynamic IP address.
v SPOT
is an effective and efficient system in automatically detecting compromised machines
in a network.
REFERENCE:
Zhenhai Duan, Senior Member, IEEE, Peng
Chen, Fernando Sanchez, Yingfei Dong, Member, IEEE, Mary Stephenson, and James
Michael Barker,” Detecting Spam Zombies by Monitoring Outgoing Messages”, IEEE TRANSACTIONS ON DEPENDABLE AND SECURE
COMPUTING, VOL. 9, NO. 2, MARCH/APRIL 2012.