Proactive Threat Detection: A DNS based approach

The second publication for the TIDE project. It has received the Best Paper Award at NOMS 2018. Snowshoe spam is a type of spam which is notoriously hard to detect. Differently from regular spam, snowshoe spammers distribute the volume among many hosts, in order to make detection harder. To be successful, however spammers need to appear as legitimate as possible, for example, by adopting email best practice like Sender Policy Framework (SPF).
Read more →

Ph.D. and Master Thesis

As of August the 30th I may call myself a Master of Science (MSc.). At that date I have successfully defended my thesis titled “Combating Snowshoe Spam with Fire”. People have often asked if ‘Fire’ is some kind of an acronym, it ain’t 😉 In the thesis we detail how DNS configurations may be used to track down snowshoe spam domains. Snowshoe spam spreads out the sending over a great number of hosts to reduce the volume per host, making the individual hosts harder to detect and blacklist.
Read more →