Managing Spam Under IPv6
Bricmont, Jordan
Promotor(s) : Donnet, Benoît
Date of defense : 7-Sep-2017/8-Sep-2017 • Permalink : http://hdl.handle.net/2268.2/3355
Details
Title : | Managing Spam Under IPv6 |
Translated title : | [fr] Gérer le spam en IPv6 |
Author : | Bricmont, Jordan |
Date of defense : | 7-Sep-2017/8-Sep-2017 |
Advisor(s) : | Donnet, Benoît |
Committee's member(s) : | Mathy, Laurent
Leduc, Guy Vyncke, Eric |
Language : | English |
Number of pages : | 68 |
Keywords : | [en] spam [en] ipv6 [en] behavioral blacklisting |
Discipline(s) : | Engineering, computing & technology > Computer science |
Target public : | Researchers Professionals of domain Student General public |
Institution(s) : | Université de Liège, Liège, Belgique |
Degree: | Master en ingénieur civil en informatique, à finalité spécialisée en "computer systems and networks" |
Faculty: | Master thesis of the Faculté des Sciences appliquées |
Abstract
[en] DNS Blacklisting (DSNBL) is a fast and efficient method to detect spam messages. Relying on IP addresses, it can be used by mail servers to filter emails at the early stage of the SMTP connection - that is, without needing to retrieve the message content - which provides a considerable saving in terms of bandwidth and computational power. High detecting rate and low false positive ratio is insured provided that DNSBLs are updated in near real time. Under IPv4 this is not a problem but things will radically change when mail servers will start using IPv6. Spammers will very likely use the immense number of available IPv6 addresses to defeat DNSBLs.
Behavioral blacklisting is an alternative spam filtering technique consisting in using network-level features of messages to differentiate spams from legitimate messages. Even though good results were achieved, the method has never been deployed because DNSBLs always outperformed it. This work aims at evaluating whether behavioral techniques will be negatively affected by a future IPv6 transition.
The lack of relevant data made the task complicated but it has been discovered that some features (like the AS number of the sender's IP address) seem particularly promising for an IPv6 usage, while others will more likely become useless.
File(s)
Document(s)
Annexe(s)
Cite this master thesis
The University of Liège does not guarantee the scientific quality of these students' works or the accuracy of all the information they contain.