Fuzzing e-mail Filters with generative grammars and N-Gram analysis

Sean Palka, Damon McCoy

    Research output: Contribution to conferencePaperpeer-review

    Abstract

    Phishing attacks remain a common attack vector in today’s IT threat landscape, and one of the primary means of preventing phishing attacks is e-mail filtering. Most e-mail filtering is done according to a either a signature-based approach or using Bayesian models, so when specific signatures are detected the e-mail is either quarantined or moved to a Junk mailbox. Much like anti-virus, though, a signature-based approach is inadequate when it comes to detecting zero-day phishing e-mails, and can often be bypassed with slight variations in the e-mail contents. In this paper, we demonstrate an approach to evaluating the effectiveness of e-mail filters using a fuzzing strategy. We present a system that utilizes generative grammars to create large sets of unique phishing e-mails, which can then be used for fuzzing input against e-mail filters. Rather than creating random text, our approach maintains a high degree of semantic quality in generated e-mails. We demonstrate how our system is able to adapt to existing filters and identify contents that are not detected, and show how this approach can be used to ensure the delivery of e-mails without the need to white-list.

    Original languageEnglish (US)
    StatePublished - 2015
    Event9th USENIX Workshop on Offensive Technologies, WOOT 2015 - Washington, United States
    Duration: Aug 10 2015Aug 11 2015

    Conference

    Conference9th USENIX Workshop on Offensive Technologies, WOOT 2015
    CountryUnited States
    CityWashington
    Period8/10/158/11/15

    ASJC Scopus subject areas

    • Computer Networks and Communications
    • Hardware and Architecture
    • Information Systems
    • Software

    Fingerprint Dive into the research topics of 'Fuzzing e-mail Filters with generative grammars and N-Gram analysis'. Together they form a unique fingerprint.

    Cite this