Abstract
In the fast-growing internet applications, email becomes more and more important in communication. SMTP attacks and spam have become one of the most serious problems. Particularly, the SMTP attacks and spam varies on email, for example spoofing address, illegal characters, sending in bulk, too many SMTP commands and so on. A single security technique is not enough to protect the system from these attacks and spam. In this paper, we propose a SMTP Intrusion Prevention System (SIPS) which bases on the concept of Stateful Protocol Anomaly Detection and Flow-based Inspection. SIPS is implemented by a finite state machine to inspect all coming email flows. It is according to the media type of email flow and their characteristics. On the test of a real email environment, our approach can prevent attacks on SMTP attack (mail bomb) average about 95.4% and spam average about 91.1%.
Chapter PDF
Similar content being viewed by others
References
Harris, D.: Drowning in Sewage: SPAM, the course of the new millennium: an overview and white paper. In: Spam Help, Available: http://www.spamhelp.org/articles/Drowning-in-sewage.pdf
Das, K.: Protocol Anomaly Detection for Network-based Intrusion Detection. In: SANS, (August 13, 2001)
CERT, State of the Practice of Intrusion Detection Technologies. Available: http://www.cert.org/archive/pdf/99tr028.pdf
Snort, Available: http://www.snort.org
Klensin, J.: Simple Mail Transport Protocol, RFC2821 (April 2001)
Saito, T.: Anti-SPAM System: Another Way of Preventing SPAM. In: Proceedings. Sixteenth International Workshop on Database and Expert System Application. 22-66 August 2005, pp. 57–61 (2005)
Qiu, X., Hao, J., Chen, M.: Flow-based anti-spam. In: Proceedings IEEE Workshop on IP Operations and Management, 11-13 October, 2004, pp. 99–103. IEEE Computer Society Press, Los Alamitos (2004)
Park, J.S., Deshpande, A.: Spam Detection: Increasing Accuracy with a Hybrid Solution. Information System Management (2006)
Brownlee, N.: Traffic Flow Measurement: Architecture, RFC2722 (October 1999)
Bass, T., Freyre, A.: E-mail bombs and countermeasures: cyber attacks on availability and brand integrity, Network IEEE (1998)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 IFIP International Federation for Information Processing
About this paper
Cite this paper
Cheng, BC., Chen, MJ., Chu, YS., Chen, A., Yap, S., Fan, KP. (2007). SIPS: A Stateful and Flow-Based Intrusion Prevention System for Email Applications. In: Li, K., Jesshope, C., Jin, H., Gaudiot, JL. (eds) Network and Parallel Computing. NPC 2007. Lecture Notes in Computer Science, vol 4672. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74784-0_34
Download citation
DOI: https://doi.org/10.1007/978-3-540-74784-0_34
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74783-3
Online ISBN: 978-3-540-74784-0
eBook Packages: Computer ScienceComputer Science (R0)