No, not the canned spiced ham (spam) popular in Hawaii, but the annoyingly consistent spam emails that turn up in our e-mail inbox every day. Microsoft Research, by monitoring spam, have come up with AutoRE, a technique that allows them to capture up to 16-18% of spam that is not usually detected by common spam filters. AutoRE works well because it has a low false positive rate and is the first (known) automated system to be able to generate regular expression signatures, a technique that was previously only possible by human experts.
The most interesting thing about the paper published on AutoRE, is that the spam monitor is not a comprehensive spam reduction tool. Most papers try and focus on the amount of spam that can be stopped, while the AutoRE paper focuses on stopping spam created by botnets that have been difficult to stop in the past.
Perhaps the weirdest part of the paper was the anti-climactic ending, where AutoRE has not been tested on data in real-time, although it supposedly would be easy to do so. It is interesting that a paper like this was published at SIGCOMM when it appears that the actual implementation was unfinished, even though the preliminary results were fairly good.
In terms of network security, as my professor explained in class, it is just a cat and mouse game. People will find ways around these incredible innovations and that will essentially drive the research in Network Security. This paper is a great example as it explores the changing trends in botnets to try and avoid current spam filters.
No comments:
Post a Comment