research-article

Detecting Compromised Email Accounts from the Perspective of Graph Topology

Authors:

Changling Zhou,

Hao MaAuthors Info & Claims

CFI '16: Proceedings of the 11th International Conference on Future Internet Technologies

Pages 76 - 82

https://doi.org/10.1145/2935663.2935672

Published: 15 June 2016 Publication History

Abstract

While email plays a growingly important role on the Internet, we are faced with more severe challenges brought by compromised email accounts, especially for the administrators of institutional email service providers. Inspired by the previous experience on spam filtering and compromised accounts detection, we propose several criteria, like Success Outdegree Proportion, Reverse Pagerank, Recipient Clustering Coefficient and Legitimate Recipient Proportion, for compromised email accounts detection from the perspective of graph topology in this paper. Specifically, several widely used social network analysis metrics are used and adapted according to the characteristics of mail log analysis. We evaluate our methods on a dataset constructed by mining the one month (30 days) mail log from an university with 118,617 local users and 11,460,399 mail log entries. The experimental results demonstrate that our methods achieve very positive performance, and we also prove that these methods can be efficiently applied on even larger datasets.

References

[1]

Apache Giraph. http://giraph.apache.org/. Accessed: May 20, 2016.

[2]

Clustering coefficient - Wikipedia, the free encyclopedia. https://en.wikipedia.org/wiki/Clustering_coefficient. Accessed: May 20, 2016.

[3]

E. Bursztein, B. Benko, D. Margolis, T. Pietraszek, A. Archer, A. Aquino, A. Pitsillidis, and S. Savage. Handcrafted Fraud and Extortion: Manual Account Hijacking in the Wild. In Internet Measurement Conference, pages 347--358, 2014.

Digital Library

[4]

L. Djinevski, I. Mishkovski, and D. Trajanov. Accelerating clustering coefficient calculations on a GPU using OPENCL. In Communications in Computer and Information Science, volume 83 CCIS, pages 276--285, 2011.

[5]

J. Hovold. Naive Bayes Spam Filtering Using Word-Position-Based Attributes. In Proceedings of the Second Conference on Email and Anti-Spam, 2005.

[6]

J. Huang, Y. Xie, F. Yu, Q. Ke, M. Abadi, E. Gillum, and Z. Mao. SocialWatch: Detection of Online Service Abuse via Large-Scale Social Graphs. In Proceedings of the 8th ACM SIGSAC symposium on Information, Computer and Communications Security, pages 2--7, 2013.

Digital Library

[7]

J. Jung and E. Sit. An empirical study of spam traffic and the use of DNS black lists. 4th ACM SIGCOMM conference on Internet measurement, pages 370--375, 2004.

Digital Library

[8]

H. Lee and A. Ng. Spam deobfuscation using a hidden markov model. In Proceedings of the Second Conference on Email and Anti-Spam, 2005.

[9]

D. Lowd and C. Meek. Good Word Attacks on Statistical Spam Filters. Proceedings of the Second Conference on Email and Anti-Spam, 2005.

[10]

S. Martin, B. Nelson, and A. D. Joseph. Analyzing Behavioral Features for Email Classification. In Proceedings of the Second Conference on Email and Anti-Spam, volume 3, pages 123--133, 2005.

[11]

M. Messaging and M. A.-A. W. Group. M3AAWG Email Metrics Program: The network operators' perspective., 2014. Report #16 - 1st Quarter through 2nd Quarters 2014. Technical Report November, 2014.

[12]

messaging, malware and mobile anti-abuse working group. m3aawg bot metrics report report #1 - 2012 and 2013. Technical Report september, 2014.

[13]

L. Page, S. Brin, R. Motwani, and T. Winograd. The PageRank citation ranking: bringing order to the web. Technical Report 1999-66, 1998.

[14]

S. J. Plimpton and K. D. Devine. MapReduce in MPI for Large-scale graph algorithms. Parallel Computing, 37(9):610--632, 2011.

Digital Library

[15]

J. Saramäki, M. Kivelä, J. P. Onnela, K. Kaski, and J. Kertész. Generalizations of the clustering coefficient to weighted complex networks. Physical Review E - Statistical, Nonlinear, and Soft Matter Physics, 75(2), 2007.

[16]

K. Thomas, F. Li, C. Grier, and V. Paxson. Consequences of Connectivity: Characterizing Account Hijacking on Twitter. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pages 489--500, 2014.

Digital Library

[17]

M. Xie, H. Yin, and H. Wang. An effective defense against email spam laundering. In Proceedings of the 13th ACM conference on Computer and Communications Security, page 179, 2006.

Digital Library

[18]

Y. Xie, F. Yu, K. Achan, E. Gillum, M. Goldszmidt, and T. Wobber. How dynamic are IP addresses? ACM SIGCOMM Computer Communication Review, 37(4):301, 2007.

Digital Library

Cited By

Li YYu HLi HPan FLiu S(2024)AHD-SLE: Anomalous Hyperedge Detection on Hypergraph Symmetric Line ExpansionAxioms10.3390/axioms1306038713:6(387)Online publication date: 7-Jun-2024
https://doi.org/10.3390/axioms13060387
Zhao JYang CWu DCao YLiu YCui XLiu Q(2023)Detecting compromised email accounts via login behavior characterizationCybersecurity10.1186/s42400-023-00167-86:1Online publication date: 4-Sep-2023
https://doi.org/10.1186/s42400-023-00167-8
Islam MAmin MIslam MMahbub MShowrov MKaushal C(2021)Spam-Detection with Comparative Analysis and Spamming Words Extractions2021 9th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO)10.1109/ICRITO51393.2021.9596218(1-9)Online publication date: 3-Sep-2021
https://doi.org/10.1109/ICRITO51393.2021.9596218
Show More Cited By

Detecting Compromised Email Accounts from the Perspective of Graph Topology
1. Information systems
  1. World Wide Web
    1. Web applications
      1. Internet communications tools

Recommendations

Detecting and Combating Malicious Email
Can We CAN the Email Spam
CTC '13: Proceedings of the 2013 Fourth Cybercrime and Trustworthy Computing Workshop

The purpose of email spam is to advertise to sell, phishing attacks, DDOS attacks and many more. Many solutions of various kinds such as blacklisting, whitelisting, grey-listing, content filtering have been proposed at the sender and receiver levels. ...
A Collaborative Abstraction Based Email Spam Filtering with Fingerprints
Abstract
Spam detection in emails tends to be an endless research interest among many researchers and academicians. Even though email communication has become a major role in day to day activities, the increasing volumes of threats towards spam emails has ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

CFI '16: Proceedings of the 11th International Conference on Future Internet Technologies

June 2016

126 pages

ISBN:9781450341813

DOI:10.1145/2935663

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

In-Cooperation

AsiaFI: Asia Future Internet

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 June 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

CFI '16

CFI '16: The 11th International Conference on Future Internet Technologies

June 15 - 17, 2016

Nanjing, China

Acceptance Rates

Overall Acceptance Rate 29 of 55 submissions, 53%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
226
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)0

Reflects downloads up to 27 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Li YYu HLi HPan FLiu S(2024)AHD-SLE: Anomalous Hyperedge Detection on Hypergraph Symmetric Line ExpansionAxioms10.3390/axioms1306038713:6(387)Online publication date: 7-Jun-2024
https://doi.org/10.3390/axioms13060387
Zhao JYang CWu DCao YLiu YCui XLiu Q(2023)Detecting compromised email accounts via login behavior characterizationCybersecurity10.1186/s42400-023-00167-86:1Online publication date: 4-Sep-2023
https://doi.org/10.1186/s42400-023-00167-8
Islam MAmin MIslam MMahbub MShowrov MKaushal C(2021)Spam-Detection with Comparative Analysis and Spamming Words Extractions2021 9th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO)10.1109/ICRITO51393.2021.9596218(1-9)Online publication date: 3-Sep-2021
https://doi.org/10.1109/ICRITO51393.2021.9596218
Ouyang LZhang YWang Y(2020)Unified Graph Embedding-Based Anomalous Edge Detection2020 International Joint Conference on Neural Networks (IJCNN)10.1109/IJCNN48605.2020.9206720(1-8)Online publication date: Jul-2020
https://doi.org/10.1109/IJCNN48605.2020.9206720
Islam MAl-Shaer ERahim M(2020)Email Address Mutation for Proactive Deterrence Against Lateral Spear-Phishing AttacksSecurity and Privacy in Communication Networks10.1007/978-3-030-63086-7_1(1-22)Online publication date: 12-Dec-2020
https://doi.org/10.1007/978-3-030-63086-7_1
Shah NHo GSchweighauser MIbrahim MCidon AWagner D(2020)A Large-Scale Analysis of Attacker Activity in Compromised Enterprise AccountsDeployable Machine Learning for Security Defense10.1007/978-3-030-59621-7_1(3-27)Online publication date: 18-Oct-2020
https://doi.org/10.1007/978-3-030-59621-7_1
Ho GCidon AGavish LSchweighauser MPaxson VSavage SVoelker GWagner DHeninger NTraynor P(2019)Detecting and characterizing lateral phishing at scaleProceedings of the 28th USENIX Conference on Security Symposium10.5555/3361338.3361427(1273-1290)Online publication date: 14-Aug-2019
https://dl.acm.org/doi/10.5555/3361338.3361427
Kaur RSingh SKumar H(2019)MetaCom: Profiling Meta Data to Detect Compromised Accounts in Online Social NetworksFuture Network Systems and Security10.1007/978-3-030-34353-8_5(65-80)Online publication date: 28-Oct-2019
https://doi.org/10.1007/978-3-030-34353-8_5
Kaur RSingh SKumar H(2018)Rise of spam and compromised accounts in online social networksJournal of Network and Computer Applications10.1016/j.jnca.2018.03.015112:C(53-88)Online publication date: 15-Jun-2018
https://dl.acm.org/doi/10.1016/j.jnca.2018.03.015
Fiebig TBorgolte KHao SKruegel CVigna GFeldmann A(2018)In rDNS We Trust: Revisiting a Common Data-Source’s ReliabilityPassive and Active Measurement10.1007/978-3-319-76481-8_10(131-145)Online publication date: 2-Mar-2018
https://doi.org/10.1007/978-3-319-76481-8_10
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten