Abstract
In this work we propose a new sender reputation mechanism that is based on an aggregated historical dataset, which encodes the behavior of mail transfer agents over exponential growing time windows. The proposed mechanism is targeted mainly at large enterprises and email service providers and can be used for updating both the black and the white lists. We evaluate the proposed mechanism using 9.5M anonymized log entries obtained from the biggest Internet service provider in Europe. Experiments show that proposed method detects more than 94% of the Spam emails that escaped the blacklist (i.e., TPR), while having less than 0.5% false-alarms. Therefore, the effectiveness of the proposed method is much higher than of previously reported reputation mechanisms, which rely on emails logs. In addition, on our data-set the proposed method eliminated the need in automatic content inspection of 4 out of 5 incoming emails, which resulted in dramatic reduction in the filtering computational load.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Alperovitch, D., Judge, P., Krasser, S.: Taxonomy of email reputation systems. In: ICDCS Workshops 2007 (2007)
Balthrop, J., Forrest, S., Newman, M.E.J., Williamson, M.M.: Technological networks and the spread of computer viruses. Science 304(5670), 527–529 (2004)
Beverly, R., Sollins, K.: Exploiting the transport-level characteristics of am. In: 5th Conference on Email and Anti-Spam, CEAS (2008)
Boykin, P., Roychowdhury, V.: Leveraging social networks to fight spam. IEEE Computer 38(4), 61–68 (2005)
Eleven. expurgate (June 2010), http://www.eleven.de/overview-antispam.html
Golbeck, J., Hendler, J.: Reputation network analysis for email filtering. In: First Conference on Email and Anti-Spam, Mountain View, California, USA (2004)
Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., Witten, I.H.: The weka data mining software: an update. SIGKDD Explorations 11(1), 10–18 (2009)
Hao, S., Syed, N.A., Feamster, N., Gray, A.G., Krasser, S.: Detecting spammers with snare: Spatiotemporal network-level automated reputation engine. In: 18th USENIX Security Symposium (2009)
Koprinska, I., Poon, J., Clark, J., Chan, J.: Learning to classify email. Inf. Sci. 177(10), 2167–2187 (2007)
Liu, W.: Identifying and addressing rogue servers in countering internet email misuse. In: IEEE SADFE, pp. 13–24 (2010)
McAfee. Trustedsource, http://www.trustedsource.org/
Namestnikova, M.: Securelist spam report (December 2011), http://www.securelist.com/en/analysis/204792212/Spam_report_December_2011
Qian, Z., Mao, Z.M., Xie, Y., Yu, F.: On network-level clusters for spam detection. In: NDSS (2010)
Ramachandran, A., Feamster, N.: Understanding the network-level behavior of spammers. In: ACM SIGCOMM, Pisa, Italy (2006)
Ramachandran, A., Feamster, N., Vempala, S.: Filtering spam with behavioral blacklisting. In: ACM CCS, pp. 342–351 (2007)
Ruiz-Sanchez, M.A., Biersack, E.W.: Survey and taxonomy of ip address lookup algorithms. IEEE Network 15(2), 8–23 (2001)
Soldo, F., Le, A., Markopoulou, A.: Predictive blacklisting as an implicit recommendation system. In: IEEE INFOCOM, pp. 1–9 (2010)
SORBS, http://www.au.sorbs.net/
SpamCop, http://www.spamcop.net/bl.shtml
Spamhaus, http://www.spamhaus.org
Tang, Y., Krasser, S., Judge, P., Zhang, Y.-Q.: Fast and effective spam sender detection with granular svm on highly imbalanced mail server havior data. In: CollaborateCom, Atlanta, Georgia, USA (2006)
West, A.G., Aviv, A.J., Chang, J., Lee, I.: Preventing malicious behavior using spatio-temporal reputation. In: ACM EUROSYS 2010 (2010)
Youn, S., McLeod, D.: Improved spam filtering by extraction of information from text embedded image email. In: ACM SAC, New York, USA, pp. 1754–1755 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Menahem, E., Pusiz, R., Elovici, Y. (2012). Detecting Spammers via Aggregated Historical Data Set. In: Xu, L., Bertino, E., Mu, Y. (eds) Network and System Security. NSS 2012. Lecture Notes in Computer Science, vol 7645. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34601-9_19
Download citation
DOI: https://doi.org/10.1007/978-3-642-34601-9_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34600-2
Online ISBN: 978-3-642-34601-9
eBook Packages: Computer ScienceComputer Science (R0)