sponsors
help promote
usenix conference policies
Fuzzing E-mail Filters with Generative Grammars and N-Gram Analysis
Sean Palka, George Mason University; Damon McCoy, International Computer Science Institute
Phishing attacks remain a common attack vector in today’s IT threat landscape, and one of the primary means of preventing phishing attacks is e-mail filtering. Most e-mail filtering is done according to a either a signature-based approach or using Bayesian models, so when specific signatures are detected the e-mail is either quarantined or moved to a Junk mailbox. Much like antivirus, though, a signature-based approach is inadequate when it comes to detecting zero-day phishing e-mails, and can often be bypassed with slight variations in the e-mail contents. In this paper, we demonstrate an approach to evaluating the effectiveness of e-mail filters using a fuzzing strategy. We present a system that utilizes generative grammars to create large sets of unique phishing e-mails, which can then be used for fuzzing input against e-mail filters. Rather than creating random text, our approach maintains a high degree of semantic quality in generated e-mails. We demonstrate how our system is able to adapt to existing filters and identify contents that are not detected, and show how this approach can be used to ensure the delivery of e-mails without the need to white-list.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Sean Palka and Damon McCoy},
title = {Fuzzing E-mail Filters with Generative Grammars and {N-Gram} Analysis},
booktitle = {9th USENIX Workshop on Offensive Technologies (WOOT 15)},
year = {2015},
address = {Washington, D.C.},
url = {https://www.usenix.org/conference/woot15/workshop-program/presentation/palka},
publisher = {USENIX Association},
month = aug
}
connect with us