• No results found

Best Practices for Evaluating Anti-spam Solutions

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Best Practices for Evaluating Anti-spam Solutions"

Copied!
23
0
0

Loading.... (view fulltext now)

Download now ( 23 Page )

Full text

(1)

Best Practices for Evaluating

Anti-spam Solutions

Nathan Turajski Jamz Yaneza

(2)

Benchmarking Validation

• Methodologies

– Accurate – Comprehensive – Fair

• Filtering Techniques

– Pattern matching, Heuristics, IP blocking, Whitelist/Blacklist, Challenge/Response, Community …..

(3)

Anti-spam Solutions

• Current Solutions

– Software – Appliance – Services – Legislation

• Methods

– Catch rate (effectiveness) – Error rate (accuracy)

(4)

Content Defined

• Spam

– UCE, commercial bulk mail – Consumers: well defined – Enterprise: borderline

• Non-spam

– Appropriate, predictable, traceable

• Graymail

– Inappropriate to environment – Requires exception capability

(5)

Factors for Evaluating Solutions

• Primary

– Effectiveness – Accuracy – Resiliency

• Secondary

– Administration – Integration

(6)

Testing Failures

• Confused spam type classification

• Non real-world environment

• Short-term testing cycle

• Fixed regional origins

• Fixed language type

• Non-relative industry

• …. Etc.

(7)

Spam Trends

• Estimates vary, but the total amount was usually agreed to have passed 40% by the beginning of 2002

• Email was 50% SPAM by January of 2003 • 65% of all email was SPAM by 2004

• Almost 80% of all email is currently either unwanted advertising or virus-ridden

(8)

Evaluation Guidelines

Valid vs. illegitimate mail

– sampling over time period

(9)

30% Monthly Spam Growth (2005)

Total Spam Mails Received

163,425 202,867 183,269 232,194 0 50000 100000 150000 200000 250000

(10)

Evaluation Guidelines

English vs. Non-english New Spam Mails Received

March, 34% April, 49% June, 54% March, 66% April, 51% May, 62% May, 38% June, 46% English Non-English

Predominant language

(11)

Evaluation Guidelines

What Country does Spam like the Most?

21.42% 10.34% 2.21% 2.05% 1.84% 2.77% 2.97% 3.83% 3.94% 21.78% China United States Republic of Korea Brazil Japan France Spain Taiwan Israel Germany Spam Countries France 5% Brazil 4% Switzerland 4% Japan 3% Spain 3% Germany 2% Poland 2% Republic of Korea 31% China

Point of origin

– broad mixed sampling

(12)

Evaluation Guidelines Spam Categories 19% 8% 14% 36% 18% 23% 3% 24% 10% 8% 4% 1% Adult Bad Samples Commercial Financial Health Others Non-English

Industry definitions

(13)

Chinese Language (traditional)

• Summary:

– 38% commercial offers, 23% work related, 22%

Traditional Chinese (s na ps ho t) Work 23% Sexual 7% Health 4% Financial22% Commercial 38% Other 2% Spiritual 0.3% Education4% Work Spiritual Sexual Health Financial Education Commercial Other

(14)

Chinese Language (simplified)

• Summary:

– 69% commercial offers, 17% financial, 7% sex

Simplified Chinese (s na ps ho t) Spiritual 0.04% Education 4% Commercial 69% Health 2% Sexual 5% Other 2% Work 1% Financial 17% Work Spiritual Sexual Health Financial Education Commercial Other

(15)

German Language

• Summary:

– 15% sex related, 12% commercial, 71% mixed offers

German (s na ps ho t) Sexual 15% Other 71% Financial 1% C ommercial 12% Health 1% Sexual Health Financial Commercial Other

(16)

Evaluation Guidelines

Timeliness

– update frequency

– distribution strain on network/system – correction efficiency

(17)

Evaluation Guidelines

• Summary

– Efficiency and accuracy dependent on spam classification and audience

– Used testing samples to be valid and fixed – Overall results used for evaluation

– False positive graymail vs. legitimate mail – Unmodified message delivery

(18)

Other Considerations

• Product configuration and tuning

– Out of the box state

– Vendor recommended tuning

– Tolerance rating based on audience target – Long-term testing timeframe

(19)

Other Considerations

• Filter technique testing

– Signature matching

• Focus: catch efficiency and update timeliness – Heuristic rules

• Focus: false positive rate and mitigation tools – Hybrid techniques

• Focus: accuracy and update timeliness – IP filtering

(20)

Other Considerations

• Performance

– Deployment time

– Management reporting tools – Update overheard

(21)

SUMMARY

• Comprehensive evaluation includes

– scalability and resiliency

– long term performance – customer specific goals – exception handling

(22)
(23)

Mass-mailing malware spam

• Summary:

– 2003, due to Mimail, Blaster, and Sobig

Malware Tracking Center

0 500,000 1,000,000 1,500,000 2,000,000 Janu ary Febr uary Marc h April May June July Augu st Sept emberOctobe r Nove mbe r Dec ember Bulk-mailing Malware # o f re p o rte d in fe c ti o n s (u ni qe) 20022003 2004

References

Download now ( PDF - 23 Page - 694.62 KB )

Related documents

Comments. on the European Commission s legislative proposals

investment advice (for the relevant information requirement, see Article 24(3) of the MiFID II draft). Only then is it actually possible for banks to offer this service without

5-SESSION CO-OP CALLOUT

Most companies recruit for full-time and internship positions, but some indicate Co-Op as a recruiting priority, while not attending Professional Practice

D&B Country Insight Snapshot: Peru January 2015

In a surprise move, the Central Bank of Peru (BCRP) reduced its benchmark interest rate by 25 basis points (bps) to 3.25% in mid-January following disappointing economic growth data

Portland Lodge 7 The Coppice Littleport CB6 1HP

The kitchen, the dining room, the hall and even the downstairs bedroom all have French doors that open onto a large patio terrace and then the rest of the garden is laid to lawn..

What Nelson Mandela Taught the World About Leadership

de Klerk, South Africa’s last leader under the apartheid regime, Mandela found a negotiation partner who shared his vision of a peaceful transition and showed the courage to

Assessing Readiness to Seek Formal Mental Health Services: Development and Initial Validation of the Mental Health Belief Model Assessment (MHBMA)

This model posits four types of health beliefs that affect an individual’s health behavior, in this case, the decision to seek mental health services: perceived

Retributing forest carbon vs. stimulating fuelwood demand insights from the French forest sector model

The aim of this paper was to explore the effects on the French forest sector of three policies to mitigate climate change: a fuelwood consumption subsidy (substitution), a payment

University of Groningen

Electron micrographs of mannonamide aggregates from water (a-e) or xylene (f): (a and b) details of aged fiber aggregates of D-mannonamide 2 negatively stained