Fighting SPAM using Social Gatekeepers

Sean,Natasha,Chen,Yogesh

Introduction

This paper was about a new way of how to combat spam called LENS.

We will cover: The basic mechanisms of LENS and SPAM filtering techniques in general. Our opinions and additional research we have looked at in relation to this

paper Additional reading of: “the rise of social bots” and the “network, internet and

web science” papers.

We will then go on to conclude whether LENS is a realistic and applicable approach.

Why do we need spam filters? Spam emails are increasing at a rapid speed, with more junk emails in our

folders than valid ones.

Spam mail can contain viruses, key loggers, phishing attacks and more.

There are some effective measures that you can employ to stop spam entering your inbox like updating your antivirus, avoid responding to any emails that you never asked for.

The commonly used spam filters only spam from the user’s inbox, but the spam has already travelled the network and had cost network operators in terms of bandwidth and infrastructure.

Spam Filters Filtering methods that help us to alleviate spam

Spam Assassin – rely on content filtering SPF SOAP-uses social media SocialFilter-uses social network MailRank SNARE-filter is based on the frequency of emails exchanged and

not the relaibily of the content in the email. Ostra-uses social media

The Best Spam Filters of 2017*

* According to toptenreviews.com

LENS (LEveraging social Networking and trust to prevent Spam transmission)

Spam protection system which controls the receiver’s social network so anyone who is within a receiver’s community can email the recipient directly.

It is a system that can be deployed individually by small groups of users, but allows for a reach greater than Friends of Friends by providing individual view of the entire social network of email users.

The key idea in LENS is to select legitimate and authentic users, called Gatekeepers (GKs), from outside the recipients social circle and within pre-defined social distances.

Unless a GK vouches for the emails of potential senders from outside the social circle of a particular recipient, those e-mails are prevented from transmission

LENS provides each recipient reliable email delivery from a large fraction of the social network.

Sociometry Sociometry is a way of measuring the degree of relatedness among

people.

Measurement of relatedness can be useful not only in the assessment of behaviour within groups, but also for interventions to bring about positive change.

Sociometry can be a powerful tool for reducing conflict and improving communication because it allows the group to see itself objectively and to analyse its own dynamics.

It can be used in LENS to analyse the network of people ,who among them are reliable and can also help to choose Gatekeepers from the network.

Technical Vocabulary Gatekeeper – is a legitimate and authentic user who verifies that a sender is

authentic and not a spammer.

Community – a set of users who trust each other for email communications.

Friend of a friend(FoF) –this is a relationship between a friend and a friend of their community. This is a 2 hop link and says that a sender who is a friend of my friend should still be authentic.

Trust – a percentage that a given node in a network will trust another node to complete a particular action. E.g. likelihood of sending valid emails.

Confidence – trust over time: using evidence based on a set of historical previous actions as a measure. E.g. if a particular sender sends 100 legitimate emails to a recipient out of 100 then the recipient will have a high confidence in that sender.

LENS ARCHITECTURE LENS mainly focus on accepting authorized

email from authorized users instead of detecting spam.

The LENS architecture consists of four main components

1)Community Formation2)Trust Management3)Gatekeepers Selection4)Spam Report Handler

Mail server(MS), Mail Transfer Agent(MTA), Simple Mail Transfer Protocol(SMTP)

COMPONENTS AND HOW IT WORKS1) Community Formation

The Social community consist of two levels that are Friends of the user and friends-of-friend (FoF).

User can trust his friend not to send spam and vice versa. The formation of social community has two steps

First adding friends in which user can request anyone in N/w for friendship. Second adding FoF in which user can suggest two his friends to add each other into

their communities as FoF.

Example: If Yogesh is a user then firstly I can request anyone in n/w for friendship and then secondly Yogesh will suggest his 2 friends to add each other into their community.

COMPONENTS AND HOW IT WORKS2) Trust Management

To ensure that unauthorized users are not selected as GKs LENS maintain a system wide trust rating (TR) for each user in Mail Server (MS).

The main goal wide trust rating system is to give ratings to user in MS to identify user is authorized or not by rating.

Assignment of TR follows in two categories: Direct TR : In this category manual assignment of TR to user by the admin of MS is

done. Automated TR : In this category automated computation of TR based on user voting.

This vote indicates whether user is trusted by other authorized user or not.

COMPONENTS AND HOW IT WORKS3) Gatekeepers Selection In GK selection LENS selects authorized users with good reputation as GK and uses

them as to confirm users outside the community of the recipient for communication. The selection works in three stages

1)GK selection in adjacent communities2)GK Selection beyond adjacent communities3)GK selection for new communication

In GK selection in new communication It will start legitimate verification process to prove sender is not spammer.

In legitimate verification RSA based PK and SK generated for GK selection. In which PK is shared with recipient and SK issues voucher to entire community member of GK.

The legitimate verification is done in two steps first step server authentication by validating certificate by trusted CA.

Second step is to verify TR of user at MS to ensure user selected as GK is not spammer.

COMPONENTS AND HOW IT WORKS4) Spam Report Handler

Spam reports are handled by the spam report handler. When user will receive a spam he will report to his Mail server (MS) that

sender is spammer. Once the handler receives the report threshold report from trusted user

it will assign negative TR to the spammer. Handler will add attacking user to revocation list thereby preventing

further spamming.

LENS Prototype implementation Backward compatible and can be incrementally deployed

SMTP transaction based

Mail server independent components: GK selection Community formation Trust management

Overall purpose: Stop spam being transmitted in the first place

Basic scenarios when email processing with LENS

1) Message is sent to a recipient within the community Once the sender is verified with the recipients “CommsList” then the message can be

safely placed in the mailbox.

2) If message recipient is outside the community Mail server binds voucher from authorized gatekeeper with the message. Once the message is received the recipient will verify the voucher with both the public

key stored in PKList and the gatekeepers id and only if these match will the message be added to the mailbox

3) Outside the community and there is no voucher issued from any GK. The senders mail server will hold the message and start a Gatekeeper selection

procedure. Once completed, verification can be achieved in the same way at scenario 2 and in the same way the message is added to the mailbox if verified to be true

Backward compatibility for LENS Easily integrated into current SMTP servers.

4 scenarios: 1) Sender and receiver both have LENS: communication is achieved in a very

similar manner to the previous slide. 2) Only sender has LENS: Sender will send email as usual and existing spam

filters will be used 3) Only receiver has LENS: after performing a check for existence of

community or voucher LENS will pass email to existing spam filters. 4) Both sender/receiver do not have LENS: emails processed according to

existing mechanisms deplored at the respective mail servers

Limitation: both sender and receiver need LENS for it to be truly useful.

Security Concerns Forgery of from: addresses

Sender is not authenticated in SMTP by default so spammers can launch a spam attack using this if they are from the receivers community. Lens utilises iSATS and SPF filters to combat this problem.

Compromised user: either a user or gatekeeper Local effect within the community. This effect is temporary and only lasts until the victimised

user broadcasts that a incident occurred. The process for claiming back this identity is straightforward and involves the community abandoning the victims id.

Key theft Protection of keys is the responsibility of the mail server

LENS is self correcting: user at fault is treated as a spammer so this makes it unlikely a gatekeeper will vouch for a spammer

Attacking trust Trust farming: spammers vote for other spammers

But each sender can only “vote” for each other recipient once.

Voucher misuse and revocation No expiration date on vouchers Can only be used by the user issued to. Are revoked if the mail server decides this is required.

False positives and negatives: no problem as based on content filtering However, a false deduction leads to false users being accepted into

community

Weakness of Trust Relationships and Privacy Concerns

Attacker can easily automatically clone user profiles – convincing large fractions of the victims friends to establish a friendship in relation with the cloned and malicious contact.

In LENS when two users add each other it means they both trust each other to be non-spammers. But trust is based on personal acquaintance or exchange of messages which could be

simulated by bots in the near future.

Community members who prove to be malicious are reported.

Friendship information is private and LENS does not exchange contacts. All information is kept on the user’s mail server and this data is normally protected

under privacy and data protection law making an attack less likely.

Further Investigations

The problem of SPAM in the future(ideas from the Rise of Social Bots paper)

Currently: Bots can emulate simple human behaviour – appear credible and can produce

content with temporal spikes of information generation. Emotions on social media are contagious and the impact of social messaging is

strong.

AI improvements: Machine passes Turing test – would not be able to tell the difference at all.

Challenges to overcome: emotional context, sarcasm Difficult tasks which humans find easy, machines are better at performing

The difference between machine and human actions becomes ever more fuzzy. Especially over the internet where emotional context is difficult to determine

Why is the evolution of AI bad for SPAM then?

AI can SPAM many recipients quicker than a human user can.

AI can find and target certain individuals using data collected previously. Tailoring the SPAM to them.

Greater risk of misleading, exploitation and manipulation - more prevalent because machines will be able to very closely emulate legitimate content.

More intelligent SPAM can be used to slander and add noise to real facts, as well as to manipulate peoples options.

Overall: this is why a solution such as LENS is ideal because it stops SPAM at the root and so is not broadcast in the first place to the recipient.

Fake news

Today’s social bots are sophisticated and sometimes menacing. Indeed, their presence can endanger online ecosystems as well as our society.

One thing that we should focus form the paper “The Rise of Social Bots”

Today, it really has become an example of the possible problem.

Engineered Social Tampering Although new technology brings us so many benefits, we have to pay

attention to its potential problems when abused. Social media is no exception Malicious entities designed specifically with the purpose to harm. These

bots mislead, exploit, and manipulate social media discourse with rumors, spam, malware, misinformation, slander, or even just noise. This may result in several levels of damage to society.

Fake news , malicious content(viruses) Example-during the 2010 U.S. midterm elections, social bots were

employed to support some candidates and smear their opponents, injecting thousands of tweets pointing to websites with fake news.

Example- around the Massachusetts special election of 2010.26.Campaigns of this type are sometimes referred to as “as-troturf” or Twitter bombs

Stability of markets - effect stock market On April 23, 2013, for example, the Syrian Electronic Army

hacked the Twitter account of the Associated Press and posted a false rumor about a terror attack on the White House in which President Obama was allegedly injured. This provoked an immediate crash in the stock market.

On May 6, 2010 a flash crash occurred in the U.S. stock market, when the Dow Jones plunged over 1,000 points (about 9%) within minutes—the biggest one-day point decline in history. After a five month-long investigation, the role of high-frequency trading bots became obvious.

What if spam was more like this?

We can foresee from above: misleading, exploit, manipulative information and emails would be a serious problem in the future.

Is there a good way that we can use to prevent these problems?

LENS (Leveraging social Networking and trust to prevent Spam transmission) may be a good solution!

Evaluations

We evaluate the performance of LENS using trace-driven simulations (Sections 1,2) and Linux implementation of LENS (Sections 3,4).

Evaluations focused on: 1.Scalability 2.Effectiveness in accepting all inbound emails 3.Performance of GK selection 4.Performance of email processing with LENS

Scalability evaluation with OSN data

We developed simulations based on two large scale OSN datasets: Facebook and Flickr. We are interested in finding the number of GKs required, and the expected return, in

terms of increased reachability via those GKs. LENS is scalable in terms of number of required GKs and reachability.

Real email trace driven evaluation

To evaluate the effectiveness of LENS at accepting all legitimate inbound emails, we use two real email traces, one large commercial (Enron) and one large academic unit (log files of Kiel University’s email server)

We focus on the delivery and legitimization of emails based on friends, community (friends+FoF) and LENS on both email traces. The number of GKs required in these datasets. With the selected GKs, the reliable reachability of the R. We also distributed the selected GKs according to the number of Rs they are selected for.

These results indicate that with only dozens of GKs, a R can successfully receive all legitimate inbound emails.

Performance of GK selection protocol

In this section, an experiment has been setup to study the latency of GK selection protocol, when the MSs are located in different countries, with thehelp of 20 nodes across the globe on PlanetLab.

Both the stage 1 and stage 3 experiments finished with a success rate of 94.6% to 100%. Only on few nodes like kr, jo, eg and br the success rate was not 100% due to the node overloading by too many connections.

Performance of email processing with LENS

For evaluating the system performance of email processing with LENS, we augmented a standard mail processing system with our LENS implementation, and deployed it over the LAN.

We conducted experiments in 4 different scenarios. In scenario 1 (S1), the SMTP server runs postfix without any spam filter. In scenario 2 (S2) SpamAssassin is used as a content-based filter with Postfix. In scenario 3 (S3) we use MailAvenger on top of postfix and enabled LENS community based

filtering. Scenario 4 (S4) is similar to S3 with additional functionality of filtering emails based on the

voucher’s issued by the authorized GKs of the recipient. We run different experiments using these 4 scenarios to study the impact of message

size, end-to-end throughput and CPU, memory and bandwidth consumptions.

In short, LENS (S3 and S4) is fairly lightweight, very close to the scenarios where no spam filtering is used.

Our opinions: Presents a new and novel approach to solving the problem of spam. But

in the future more advanced techniques will be used. A better technique which performs both spam detection and prevention would

be a even better solution.

LENS focuses on accepting authorized email from authorized users. Making it a good solution for most communications

It does have security and privacy concerns when Gatekeepers are required by utilising different types of attacks.

Having read the “web science” paper we found that many other discipline areas have a role in modelling networks . E.g. sociometry, psychology and computer science.

Conclusion LENS is well designed, implemented and evaluated, it has low processing

overheads, consumes less memory, it is proved to be effective in accepting all the inbound

emails efficiently using Real Time email tracing.

It reports spam rather than just filtering them

LENS scales efficiently with increasing community size and Gatekeepers.

It has a lot of security concerns Performance is evaluated only against SpamAssassin,whereas many other

spam filters are available.

Further investigations are required into this area and in particular further testing.