Detecting spammers via aggregated historical data set

Eitan Menahem, Rami Pusiz, Yuval Elovici

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

In this work we propose a new sender reputation mechanism that is based on an aggregated historical dataset, which encodes the behavior of mail transfer agents over exponential growing time windows. The proposed mechanism is targeted mainly at large enterprises and email service providers and can be used for updating both the black and the white lists. We evaluate the proposed mechanism using 9.5M anonymized log entries obtained from the biggest Internet service provider in Europe. Experiments show that proposed method detects more than 94% of the Spam emails that escaped the blacklist (i.e., TPR), while having less than 0.5% false-alarms. Therefore, the effectiveness of the proposed method is much higher than of previously reported reputation mechanisms, which rely on emails logs. In addition, on our data-set the proposed method eliminated the need in automatic content inspection of 4 out of 5 incoming emails, which resulted in dramatic reduction in the filtering computational load.

Original languageAmerican English
Title of host publicationNetwork and System Security - 6th International Conference, NSS 2012, Proceedings
Pages248-262
Number of pages15
DOIs
StatePublished - 31 Dec 2012
Event6th International Conference on Network and System Security, NSS 2012 - Wuyishan, Fujian, China
Duration: 21 Nov 201223 Nov 2012

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7645 LNCS

Conference

Conference6th International Conference on Network and System Security, NSS 2012
Country/TerritoryChina
CityWuyishan, Fujian
Period21/11/1223/11/12

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Detecting spammers via aggregated historical data set'. Together they form a unique fingerprint.

Cite this