scispace - formally typeset
Search or ask a question
Author

Barry Leiba

Other affiliations: IBM
Bio: Barry Leiba is an academic researcher from Huawei. The author has contributed to research in topics: The Internet & Electronic mail. The author has an hindex of 15, co-authored 47 publications receiving 881 citations. Previous affiliations of Barry Leiba include IBM.

Papers
More filters
01 May 2017
TL;DR: This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.
Abstract: RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.

227 citations

Journal ArticleDOI
Barry Leiba1
TL;DR: OAuth, a new protocol for establishing identity management standards across services, provides an alternative to sharing usernames and passwords, and exposing ourselves to attacks on the authors' online data and identities.
Abstract: Allowing one Web service to act on our behalf with another has become increasingly important as social Internet services such as blogs, photo sharing, and social networks have become widely popular. OAuth, a new protocol for establishing identity management standards across services, provides an alternative to sharing our usernames and passwords, and exposing ourselves to attacks on our online data and identities.

115 citations

Proceedings Article
01 Jan 2004
TL;DR: SpamGuru addresses the part of this multi-faceted approach that can be handled by technology on the recipient’s side, using plug- in tokenizers and parsers, plug-in classification modules, and machine-learning techniques to achieve high hit rates and low false-positive rates.
Abstract: Spam-reduction techniques have developed rapidly over the last few years, as spam volumes have increased. We believe that no one anti-spam solution is the “right” answer, and that the best approach is a multifaceted one, combining various forms of filtering with infrastructure changes, financial changes, legal recourse, and more, to provide a stronger barrier to spam than can be achieved with one solution alone. SpamGuru addresses the part of this multi-faceted approach that can be handled by technology on the recipient’s side, using plug-in tokenizers and parsers, plug-in classification modules, and machine-learning techniques to achieve high hit rates and low false-positive rates.

85 citations

Patent
Barry Leiba1, Joel Ossher1, Vadakkedathu T. Rajan1, Richard B. Segal1, Mark N. Wegman1 
03 Feb 2006
TL;DR: In this paper, the authors present a method for determining a path for an email using the delivery-path information, comparing the path with a plurality of prior email paths, and determining a measure of similarity between the path of the email received and one or more of the plurality of previous email paths.
Abstract: A method includes steps of receiving an email message comprising a plurality of packets and delivery-path information; determining a path for the email using the delivery-path information; comparing the path with a plurality of prior email paths; determining a measure of similarity between the path of the email received and one or more of the plurality of prior email paths; and determining a spam score for the email received, based on the measure of similarity. Other embodiments include a computer readable medium comprising computer code for performing the above function and an information processing system including a processor configured (i.e., hard-wired or programmed) to perform the method.

57 citations

Proceedings Article
01 Jan 2004
TL;DR: As the authors think about the history of spam reduction, they can see a gradual change in the approach over time, as the spam problem has changed.
Abstract: As we think about the history of spam reduction, we can see a gradual change in the approach over time, as the spam problem has changed. Many of us may think of spam as a new problem, but in fact, it goes back at least to 1975, as noted by the late Jon Postel.[1] At the start users were mostly “techies”, and spam mostly referred to Usenet newsgroup posts that got out of hand, wherein someone would post a message to dozens or hundreds of newsgroups – a message that was unrelated to most or all of the newsgroups to which it was posted. Then, social and administrative action was sufficient: the perpetrator was castigated, perhaps privately, perhaps publicly; repeat offenders would quickly be added to “kill lists”. And so, early spam filtering simply identified “bad senders”.

42 citations


Cited by
More filters
ReportDOI
04 Mar 2018
TL;DR: This document specifies version 1.3 of the Transport Layer Security (TLS) protocol, which allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.
Abstract: This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery. This document updates RFCs 4492, 5705, and 6066 and it obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations.

1,260 citations

Proceedings ArticleDOI
21 Oct 2011
TL;DR: In this article, the authors discuss an emerging field of study: adversarial machine learning (AML), the study of effective machine learning techniques against an adversarial opponent, and give a taxonomy for classifying attacks against online machine learning algorithms.
Abstract: In this paper (expanded from an invited talk at AISEC 2010), we discuss an emerging field of study: adversarial machine learning---the study of effective machine learning techniques against an adversarial opponent. In this paper, we: give a taxonomy for classifying attacks against online machine learning algorithms; discuss application-specific factors that limit an adversary's capabilities; introduce two models for modeling an adversary's capabilities; explore the limits of an adversary's knowledge about the algorithm, feature space, training, and input data; explore vulnerabilities in machine learning algorithms; discuss countermeasures against attacks; introduce the evasion challenge; and discuss privacy-preserving learning techniques.

947 citations

Journal ArticleDOI
TL;DR: The author briefly introduces the emerging field of adversarial machine learning, in which opponents can cause traditional machine learning algorithms to behave poorly in security applications.
Abstract: The author briefly introduces the emerging field of adversarial machine learning, in which opponents can cause traditional machine learning algorithms to behave poorly in security applications. He gives a high-level overview and mentions several types of attacks, as well as several types of defenses, and theoretical limits derived from a study of near-optimal evasion.

703 citations

Proceedings ArticleDOI
08 May 2007
TL;DR: This method is applicable, with slight modification, to detection of phishing websites, or the emails used to direct victims to these sites, and correctly identify over 96% of the phishing emails while only mis-classifying on the order of 0.1%" of the legitimate emails.
Abstract: Each month, more attacks are launched with the aim of making web users believe that they are communicating with a trusted entity for the purpose of stealing account information, logon credentials, and identity information in general. This attack method, commonly known as "phishing," is most commonly initiated by sending out emails with links to spoofed websites that harvest information. We present a method for detecting these attacks, which in its most general form is an application of machine learning on a feature set designed to highlight user-targeted deception in electronic communication. This method is applicable, with slight modification, to detection of phishing websites, or the emails used to direct victims to these sites. We evaluate this method on a set of approximately 860 such phishing emails, and 6950 non-phishing emails, and correctly identify over 96% of the phishing emails while only mis-classifying on the order of 0.1% of the legitimate emails. We conclude with thoughts on the future for such techniques to specifically identify deception, specifically with respect to the evolutionary nature of the attacks and information available.

641 citations

Journal ArticleDOI
TL;DR: This research provides information about trends in recommender systems research by examining the publication years of the articles, and provides practitioners and researchers with insight and future direction on recommender system research.
Abstract: Recommender systems have become an important research field since the emergence of the first paper on collaborative filtering in the mid-1990s. Although academic research on recommender systems has increased significantly over the past 10years, there are deficiencies in the comprehensive literature review and classification of that research. For that reason, we reviewed 210 articles on recommender systems from 46 journals published between 2001 and 2010, and then classified those by the year of publication, the journals in which they appeared, their application fields, and their data mining techniques. The 210 articles are categorized into eight application fields (books, documents, images, movie, music, shopping, TV programs, and others) and eight data mining techniques (association rule, clustering, decision tree, k-nearest neighbor, link analysis, neural network, regression, and other heuristic methods). Our research provides information about trends in recommender systems research by examining the publication years of the articles, and provides practitioners and researchers with insight and future direction on recommender systems. We hope that this paper helps anyone who is interested in recommender systems research with insight for future research direction.

604 citations