Copyright 2010 Florida State University. All Rights Reserved MDMap: Assisting Users in Identifying...
-
Upload
lauren-barnett -
Category
Documents
-
view
216 -
download
1
Transcript of Copyright 2010 Florida State University. All Rights Reserved MDMap: Assisting Users in Identifying...
![Page 1: Copyright 2010 Florida State University. All Rights Reserved MDMap: Assisting Users in Identifying Phishing Emails Patrick Dwyer Department of Computer.](https://reader035.fdocuments.us/reader035/viewer/2022062803/56649f4a5503460f94c6befe/html5/thumbnails/1.jpg)
Copyright 2010 Florida State University. All Rights Reserved
MDMap: Assisting Users in Identifying Phishing EmailsPatrick Dwyer
Department of Computer ScienceFlorida State University
![Page 2: Copyright 2010 Florida State University. All Rights Reserved MDMap: Assisting Users in Identifying Phishing Emails Patrick Dwyer Department of Computer.](https://reader035.fdocuments.us/reader035/viewer/2022062803/56649f4a5503460f94c6befe/html5/thumbnails/2.jpg)
Copyright 2010 Florida State University. All Rights Reserved
Agenda Motivation and Background
MDMap Design and Implementation
Performance Evaluation
Summary
![Page 3: Copyright 2010 Florida State University. All Rights Reserved MDMap: Assisting Users in Identifying Phishing Emails Patrick Dwyer Department of Computer.](https://reader035.fdocuments.us/reader035/viewer/2022062803/56649f4a5503460f94c6befe/html5/thumbnails/3.jpg)
Copyright 2010 Florida State University. All Rights Reserved
Motivation Motivation
Increase in Phishing emails/spam Spam filters Suspicious information in phishing emails Non-expert users Intuitive/Sensible method
Suspicious information Sender location information
![Page 4: Copyright 2010 Florida State University. All Rights Reserved MDMap: Assisting Users in Identifying Phishing Emails Patrick Dwyer Department of Computer.](https://reader035.fdocuments.us/reader035/viewer/2022062803/56649f4a5503460f94c6befe/html5/thumbnails/4.jpg)
Copyright 2010 Florida State University. All Rights Reserved
Internet Email System MUAs and MTAs
![Page 5: Copyright 2010 Florida State University. All Rights Reserved MDMap: Assisting Users in Identifying Phishing Emails Patrick Dwyer Department of Computer.](https://reader035.fdocuments.us/reader035/viewer/2022062803/56649f4a5503460f94c6befe/html5/thumbnails/5.jpg)
Copyright 2010 Florida State University. All Rights Reserved
Message Format Email envelope/content
Message header/body Headers related to sender
From: <[email protected]> Reply-To: <[email protected]> Return-Path: <[email protected]> Received:
![Page 6: Copyright 2010 Florida State University. All Rights Reserved MDMap: Assisting Users in Identifying Phishing Emails Patrick Dwyer Department of Computer.](https://reader035.fdocuments.us/reader035/viewer/2022062803/56649f4a5503460f94c6befe/html5/thumbnails/6.jpg)
Copyright 2010 Florida State University. All Rights Reserved
Received: Header FieldReceived: from almostcosmic.com (n226-
h110.gw-net.metromax.ru [83.234.226.110]) by smtpin.cs.fsu.edu with SMTP id o24DvD3r010823
from-from: almostcosmic.com from-domain: n226-h110.gw-net.metromax.ru from-address: 83.234.226.110 by-domain: smtpin.cs.fsu.edu
![Page 7: Copyright 2010 Florida State University. All Rights Reserved MDMap: Assisting Users in Identifying Phishing Emails Patrick Dwyer Department of Computer.](https://reader035.fdocuments.us/reader035/viewer/2022062803/56649f4a5503460f94c6befe/html5/thumbnails/7.jpg)
Copyright 2010 Florida State University. All Rights Reserved
Email Forgery From:/Reply-To:
Cannot be both faked for certain type of phishing emails
Received: Header First external MTA cannot be faked
Faked headers often contain conflicting information when examined collectively
![Page 8: Copyright 2010 Florida State University. All Rights Reserved MDMap: Assisting Users in Identifying Phishing Emails Patrick Dwyer Department of Computer.](https://reader035.fdocuments.us/reader035/viewer/2022062803/56649f4a5503460f94c6befe/html5/thumbnails/8.jpg)
Copyright 2010 Florida State University. All Rights Reserved
MDMap Design Revealing suspicious or conflicting
information in intuitive and sensible manner Sender location information
Message delivery path Return-Path: From: Reply-To: URL links
![Page 9: Copyright 2010 Florida State University. All Rights Reserved MDMap: Assisting Users in Identifying Phishing Emails Patrick Dwyer Department of Computer.](https://reader035.fdocuments.us/reader035/viewer/2022062803/56649f4a5503460f94c6befe/html5/thumbnails/9.jpg)
Copyright 2010 Florida State University. All Rights Reserved
Parsing Email Message
MDMap Workflow
Retrieving related header information (and URL)
Get geographical location information
Obtaining map showing sender location information
![Page 10: Copyright 2010 Florida State University. All Rights Reserved MDMap: Assisting Users in Identifying Phishing Emails Patrick Dwyer Department of Computer.](https://reader035.fdocuments.us/reader035/viewer/2022062803/56649f4a5503460f94c6befe/html5/thumbnails/10.jpg)
Copyright 2010 Florida State University. All Rights Reserved
Message Delivery Path Shows how message delivered hop-by-hop at
MTA level Construction of path from header fields
List of MTAs/MUAs from Received: headers Private address Localhost IP address
![Page 11: Copyright 2010 Florida State University. All Rights Reserved MDMap: Assisting Users in Identifying Phishing Emails Patrick Dwyer Department of Computer.](https://reader035.fdocuments.us/reader035/viewer/2022062803/56649f4a5503460f94c6befe/html5/thumbnails/11.jpg)
Copyright 2010 Florida State University. All Rights Reserved
Example Received: HeaderReceived: from smtpin.cs.fsu.edu (smtpin.cs.fsu.edu [128.186.120.196])
by mail.cs.fsu.edu (Postfix) with ESMTP id 217D5F2D32for <[email protected]>; Fri, 22 Jan 2010 17:48:30 -0500 (EST)
Received: from advanced62.inmotionhosting.com (advanced62.inmotionhosting.com [216.193.219.137])by smtpin.cs.fsu.edu (8.13.1/8.13.1) with SMTP id o0MMlbag016308for <[email protected]>; Fri, 22 Jan 2010 17:47:40 -0500
Received: from hsit (86.59.210.51)by advanced62.inmotionhosting.com; Fri, 22 Jan 2010 14:47:34 -0800
![Page 12: Copyright 2010 Florida State University. All Rights Reserved MDMap: Assisting Users in Identifying Phishing Emails Patrick Dwyer Department of Computer.](https://reader035.fdocuments.us/reader035/viewer/2022062803/56649f4a5503460f94c6befe/html5/thumbnails/12.jpg)
Copyright 2010 Florida State University. All Rights Reserved
Map IP address to Geographic location GeoLiteCity API
ls = new LookupService("GeoLiteCity.dat", LookupService.GEOIP_MEMORY_CACHE);
loc = ls.getLocation(domain_name);
loc=ls.getLocation(InetAddress.getByName (IP_address));
![Page 13: Copyright 2010 Florida State University. All Rights Reserved MDMap: Assisting Users in Identifying Phishing Emails Patrick Dwyer Department of Computer.](https://reader035.fdocuments.us/reader035/viewer/2022062803/56649f4a5503460f94c6befe/html5/thumbnails/13.jpg)
Copyright 2010 Florida State University. All Rights Reserved
Obtaining Map from Geographic Information Google Maps API
imageFile.createNewFile();HttpURLConnection httpConn = (HttpURLConnection)
url.openConnection();BufferedInputStream urlStream = new BufferedInputStream(
httpConn.getInputStream());FileOutputStream imageStream = new FileOutputStream(
ImageFile);while ((byteRead = urlStream.read()) != -1){ imageStream.write(byteRead); } Input = URL, output = Image file
Bing Maps API, Yahoo Maps API
![Page 14: Copyright 2010 Florida State University. All Rights Reserved MDMap: Assisting Users in Identifying Phishing Emails Patrick Dwyer Department of Computer.](https://reader035.fdocuments.us/reader035/viewer/2022062803/56649f4a5503460f94c6befe/html5/thumbnails/14.jpg)
Copyright 2010 Florida State University. All Rights Reserved
A Snaphot of MDMap
![Page 15: Copyright 2010 Florida State University. All Rights Reserved MDMap: Assisting Users in Identifying Phishing Emails Patrick Dwyer Department of Computer.](https://reader035.fdocuments.us/reader035/viewer/2022062803/56649f4a5503460f94c6befe/html5/thumbnails/15.jpg)
Copyright 2010 Florida State University. All Rights Reserved
Performance Evaluation Data set
100 Phishing (spam) emails From mid November 09 – March 10 Randomly Selected
Heuristics H1: MTAs along message delivery path H2: Reply-To:, From:, Return-Path: H3: URLs
![Page 16: Copyright 2010 Florida State University. All Rights Reserved MDMap: Assisting Users in Identifying Phishing Emails Patrick Dwyer Department of Computer.](https://reader035.fdocuments.us/reader035/viewer/2022062803/56649f4a5503460f94c6befe/html5/thumbnails/16.jpg)
Copyright 2010 Florida State University. All Rights Reserved
Performance
H1 H2 H3 Flagged Total
70 47 19 82 100
![Page 17: Copyright 2010 Florida State University. All Rights Reserved MDMap: Assisting Users in Identifying Phishing Emails Patrick Dwyer Department of Computer.](https://reader035.fdocuments.us/reader035/viewer/2022062803/56649f4a5503460f94c6befe/html5/thumbnails/17.jpg)
Copyright 2010 Florida State University. All Rights Reserved
Summary MDMap: simple and effective system
assisting users in identifying phishing emails Standalone Java program
Web-based email systems Mobile phones
Demo