TY - GEN
T1 - Detecting spammers via aggregated historical data set
AU - Menahem, Eitan
AU - Pusiz, Rami
AU - Elovici, Yuval
PY - 2012/12/31
Y1 - 2012/12/31
N2 - In this work we propose a new sender reputation mechanism that is based on an aggregated historical dataset, which encodes the behavior of mail transfer agents over exponential growing time windows. The proposed mechanism is targeted mainly at large enterprises and email service providers and can be used for updating both the black and the white lists. We evaluate the proposed mechanism using 9.5M anonymized log entries obtained from the biggest Internet service provider in Europe. Experiments show that proposed method detects more than 94% of the Spam emails that escaped the blacklist (i.e., TPR), while having less than 0.5% false-alarms. Therefore, the effectiveness of the proposed method is much higher than of previously reported reputation mechanisms, which rely on emails logs. In addition, on our data-set the proposed method eliminated the need in automatic content inspection of 4 out of 5 incoming emails, which resulted in dramatic reduction in the filtering computational load.
AB - In this work we propose a new sender reputation mechanism that is based on an aggregated historical dataset, which encodes the behavior of mail transfer agents over exponential growing time windows. The proposed mechanism is targeted mainly at large enterprises and email service providers and can be used for updating both the black and the white lists. We evaluate the proposed mechanism using 9.5M anonymized log entries obtained from the biggest Internet service provider in Europe. Experiments show that proposed method detects more than 94% of the Spam emails that escaped the blacklist (i.e., TPR), while having less than 0.5% false-alarms. Therefore, the effectiveness of the proposed method is much higher than of previously reported reputation mechanisms, which rely on emails logs. In addition, on our data-set the proposed method eliminated the need in automatic content inspection of 4 out of 5 incoming emails, which resulted in dramatic reduction in the filtering computational load.
UR - http://www.scopus.com/inward/record.url?scp=84871585705&partnerID=8YFLogxK
U2 - https://doi.org/10.1007/978-3-642-34601-9_19
DO - https://doi.org/10.1007/978-3-642-34601-9_19
M3 - Conference contribution
SN - 9783642346002
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 248
EP - 262
BT - Network and System Security - 6th International Conference, NSS 2012, Proceedings
T2 - 6th International Conference on Network and System Security, NSS 2012
Y2 - 21 November 2012 through 23 November 2012
ER -