ABSTRACT
While email plays a growingly important role on the Internet, we are faced with more severe challenges brought by compromised email accounts, especially for the administrators of institutional email service providers. Inspired by the previous experience on spam filtering and compromised accounts detection, we propose several criteria, like Success Outdegree Proportion, Reverse Pagerank, Recipient Clustering Coefficient and Legitimate Recipient Proportion, for compromised email accounts detection from the perspective of graph topology in this paper. Specifically, several widely used social network analysis metrics are used and adapted according to the characteristics of mail log analysis. We evaluate our methods on a dataset constructed by mining the one month (30 days) mail log from an university with 118,617 local users and 11,460,399 mail log entries. The experimental results demonstrate that our methods achieve very positive performance, and we also prove that these methods can be efficiently applied on even larger datasets.
- Apache Giraph. http://giraph.apache.org/. Accessed: May 20, 2016.Google Scholar
- Clustering coefficient - Wikipedia, the free encyclopedia. https://en.wikipedia.org/wiki/Clustering_coefficient. Accessed: May 20, 2016.Google Scholar
- E. Bursztein, B. Benko, D. Margolis, T. Pietraszek, A. Archer, A. Aquino, A. Pitsillidis, and S. Savage. Handcrafted Fraud and Extortion: Manual Account Hijacking in the Wild. In Internet Measurement Conference, pages 347--358, 2014. Google ScholarDigital Library
- L. Djinevski, I. Mishkovski, and D. Trajanov. Accelerating clustering coefficient calculations on a GPU using OPENCL. In Communications in Computer and Information Science, volume 83 CCIS, pages 276--285, 2011.Google ScholarCross Ref
- J. Hovold. Naive Bayes Spam Filtering Using Word-Position-Based Attributes. In Proceedings of the Second Conference on Email and Anti-Spam, 2005.Google Scholar
- J. Huang, Y. Xie, F. Yu, Q. Ke, M. Abadi, E. Gillum, and Z. Mao. SocialWatch: Detection of Online Service Abuse via Large-Scale Social Graphs. In Proceedings of the 8th ACM SIGSAC symposium on Information, Computer and Communications Security, pages 2--7, 2013. Google ScholarDigital Library
- J. Jung and E. Sit. An empirical study of spam traffic and the use of DNS black lists. 4th ACM SIGCOMM conference on Internet measurement, pages 370--375, 2004. Google ScholarDigital Library
- H. Lee and A. Ng. Spam deobfuscation using a hidden markov model. In Proceedings of the Second Conference on Email and Anti-Spam, 2005.Google Scholar
- D. Lowd and C. Meek. Good Word Attacks on Statistical Spam Filters. Proceedings of the Second Conference on Email and Anti-Spam, 2005.Google Scholar
- S. Martin, B. Nelson, and A. D. Joseph. Analyzing Behavioral Features for Email Classification. In Proceedings of the Second Conference on Email and Anti-Spam, volume 3, pages 123--133, 2005.Google Scholar
- M. Messaging and M. A.-A. W. Group. M3AAWG Email Metrics Program: The network operators' perspective., 2014. Report #16 - 1st Quarter through 2nd Quarters 2014. Technical Report November, 2014.Google Scholar
- messaging, malware and mobile anti-abuse working group. m3aawg bot metrics report report #1 - 2012 and 2013. Technical Report september, 2014.Google Scholar
- L. Page, S. Brin, R. Motwani, and T. Winograd. The PageRank citation ranking: bringing order to the web. Technical Report 1999-66, 1998.Google Scholar
- S. J. Plimpton and K. D. Devine. MapReduce in MPI for Large-scale graph algorithms. Parallel Computing, 37(9):610--632, 2011. Google ScholarDigital Library
- J. Saramäki, M. Kivelä, J. P. Onnela, K. Kaski, and J. Kertész. Generalizations of the clustering coefficient to weighted complex networks. Physical Review E - Statistical, Nonlinear, and Soft Matter Physics, 75(2), 2007.Google ScholarCross Ref
- K. Thomas, F. Li, C. Grier, and V. Paxson. Consequences of Connectivity: Characterizing Account Hijacking on Twitter. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pages 489--500, 2014. Google ScholarDigital Library
- M. Xie, H. Yin, and H. Wang. An effective defense against email spam laundering. In Proceedings of the 13th ACM conference on Computer and Communications Security, page 179, 2006. Google ScholarDigital Library
- Y. Xie, F. Yu, K. Achan, E. Gillum, M. Goldszmidt, and T. Wobber. How dynamic are IP addresses? ACM SIGCOMM Computer Communication Review, 37(4):301, 2007. Google ScholarDigital Library
Detecting Compromised Email Accounts from the Perspective of Graph Topology
Recommendations
Can We CAN the Email Spam
CTC '13: Proceedings of the 2013 Fourth Cybercrime and Trustworthy Computing WorkshopThe purpose of email spam is to advertise to sell, phishing attacks, DDOS attacks and many more. Many solutions of various kinds such as blacklisting, whitelisting, grey-listing, content filtering have been proposed at the sender and receiver levels. ...
A Collaborative Abstraction Based Email Spam Filtering with Fingerprints
AbstractSpam detection in emails tends to be an endless research interest among many researchers and academicians. Even though email communication has become a major role in day to day activities, the increasing volumes of threats towards spam emails has ...
Comments