Title :
Detection of compromised email accounts used for spamming in correlation with mail user agent access activities extracted from metadata
Author_Institution :
Friedrich-Schiller-Univ. Jena, Jena, Germany
Abstract :
Every day over 29 billion spam and phishing messages are sent. Commonly the spammers use compromised email accounts to send these emails, which accounted for 57.9 percent of the global email traffic in September 2014. Previous research has primarily focused on the fast detection of abused accounts to prevent the fraudulent use of servers. State-of-the-art spam detection methods generally need the content of the email to classify it as either spam or a regular message. This content is not available within the new type of encrypted phishing emails that have become prevalent since the middle of 2014. The object of the presented research is to detect the anomaly with Mail User Agent Access Activities, which is based on the special behaviour of how to send emails without the knowledge of the email content. The proposed method detects the abused account in seconds and therefore reduces the sent spam per compromised account to less than one percent.
Keywords :
authorisation; computer crime; cryptography; meta data; unsolicited e-mail; abused account detection; compromised e-mail account detection; encrypted phishing e-mails; fraudulent server use prevention; global e-mail traffic; mail user agent access activity extraction; meta data; phishing messages; spamming; Authentication; Cryptography; IP networks; Postal services; Servers; Unsolicited electronic mail; MUAAA; Mail User Agent Access Activities; compromised email account; encrypted phishing; hacked; phishing; spam;
Conference_Titel :
Computational Intelligence for Security and Defense Applications (CISDA), 2015 IEEE Symposium on
Conference_Location :
Verona, NY
Print_ISBN :
978-1-4673-7556-6
DOI :
10.1109/CISDA.2015.7208641
