skip to main content
10.1145/2935663.2935672acmotherconferencesArticle/Chapter ViewAbstractPublication PagescfiConference Proceedingsconference-collections
research-article

Detecting Compromised Email Accounts from the Perspective of Graph Topology

Published:15 June 2016Publication History

ABSTRACT

While email plays a growingly important role on the Internet, we are faced with more severe challenges brought by compromised email accounts, especially for the administrators of institutional email service providers. Inspired by the previous experience on spam filtering and compromised accounts detection, we propose several criteria, like Success Outdegree Proportion, Reverse Pagerank, Recipient Clustering Coefficient and Legitimate Recipient Proportion, for compromised email accounts detection from the perspective of graph topology in this paper. Specifically, several widely used social network analysis metrics are used and adapted according to the characteristics of mail log analysis. We evaluate our methods on a dataset constructed by mining the one month (30 days) mail log from an university with 118,617 local users and 11,460,399 mail log entries. The experimental results demonstrate that our methods achieve very positive performance, and we also prove that these methods can be efficiently applied on even larger datasets.

References

  1. Apache Giraph. http://giraph.apache.org/. Accessed: May 20, 2016.Google ScholarGoogle Scholar
  2. Clustering coefficient - Wikipedia, the free encyclopedia. https://en.wikipedia.org/wiki/Clustering_coefficient. Accessed: May 20, 2016.Google ScholarGoogle Scholar
  3. E. Bursztein, B. Benko, D. Margolis, T. Pietraszek, A. Archer, A. Aquino, A. Pitsillidis, and S. Savage. Handcrafted Fraud and Extortion: Manual Account Hijacking in the Wild. In Internet Measurement Conference, pages 347--358, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. L. Djinevski, I. Mishkovski, and D. Trajanov. Accelerating clustering coefficient calculations on a GPU using OPENCL. In Communications in Computer and Information Science, volume 83 CCIS, pages 276--285, 2011.Google ScholarGoogle ScholarCross RefCross Ref
  5. J. Hovold. Naive Bayes Spam Filtering Using Word-Position-Based Attributes. In Proceedings of the Second Conference on Email and Anti-Spam, 2005.Google ScholarGoogle Scholar
  6. J. Huang, Y. Xie, F. Yu, Q. Ke, M. Abadi, E. Gillum, and Z. Mao. SocialWatch: Detection of Online Service Abuse via Large-Scale Social Graphs. In Proceedings of the 8th ACM SIGSAC symposium on Information, Computer and Communications Security, pages 2--7, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. J. Jung and E. Sit. An empirical study of spam traffic and the use of DNS black lists. 4th ACM SIGCOMM conference on Internet measurement, pages 370--375, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. H. Lee and A. Ng. Spam deobfuscation using a hidden markov model. In Proceedings of the Second Conference on Email and Anti-Spam, 2005.Google ScholarGoogle Scholar
  9. D. Lowd and C. Meek. Good Word Attacks on Statistical Spam Filters. Proceedings of the Second Conference on Email and Anti-Spam, 2005.Google ScholarGoogle Scholar
  10. S. Martin, B. Nelson, and A. D. Joseph. Analyzing Behavioral Features for Email Classification. In Proceedings of the Second Conference on Email and Anti-Spam, volume 3, pages 123--133, 2005.Google ScholarGoogle Scholar
  11. M. Messaging and M. A.-A. W. Group. M3AAWG Email Metrics Program: The network operators' perspective., 2014. Report #16 - 1st Quarter through 2nd Quarters 2014. Technical Report November, 2014.Google ScholarGoogle Scholar
  12. messaging, malware and mobile anti-abuse working group. m3aawg bot metrics report report #1 - 2012 and 2013. Technical Report september, 2014.Google ScholarGoogle Scholar
  13. L. Page, S. Brin, R. Motwani, and T. Winograd. The PageRank citation ranking: bringing order to the web. Technical Report 1999-66, 1998.Google ScholarGoogle Scholar
  14. S. J. Plimpton and K. D. Devine. MapReduce in MPI for Large-scale graph algorithms. Parallel Computing, 37(9):610--632, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. J. Saramäki, M. Kivelä, J. P. Onnela, K. Kaski, and J. Kertész. Generalizations of the clustering coefficient to weighted complex networks. Physical Review E - Statistical, Nonlinear, and Soft Matter Physics, 75(2), 2007.Google ScholarGoogle ScholarCross RefCross Ref
  16. K. Thomas, F. Li, C. Grier, and V. Paxson. Consequences of Connectivity: Characterizing Account Hijacking on Twitter. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pages 489--500, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. M. Xie, H. Yin, and H. Wang. An effective defense against email spam laundering. In Proceedings of the 13th ACM conference on Computer and Communications Security, page 179, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Y. Xie, F. Yu, K. Achan, E. Gillum, M. Goldszmidt, and T. Wobber. How dynamic are IP addresses? ACM SIGCOMM Computer Communication Review, 37(4):301, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  1. Detecting Compromised Email Accounts from the Perspective of Graph Topology

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in
    • Published in

      cover image ACM Other conferences
      CFI '16: Proceedings of the 11th International Conference on Future Internet Technologies
      June 2016
      126 pages
      ISBN:9781450341813
      DOI:10.1145/2935663

      Copyright © 2016 ACM

      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 15 June 2016

      Permissions

      Request permissions about this article.

      Request Permissions

      Check for updates

      Qualifiers

      • research-article
      • Research
      • Refereed limited

      Acceptance Rates

      Overall Acceptance Rate29of55submissions,53%

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader