Detecting spammers via aggregated historical data set

Eitan Menahem; Rami Pusiz; Yuval Elovici

doi:10.1007/978-3-642-34601-9_19

Detecting spammers via aggregated historical data set

Eitan Menahem, Rami Pusiz, Yuval Elovici

Department of Software and Information Systems Engineering

Ben-Gurion University of the Negev

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

In this work we propose a new sender reputation mechanism that is based on an aggregated historical dataset, which encodes the behavior of mail transfer agents over exponential growing time windows. The proposed mechanism is targeted mainly at large enterprises and email service providers and can be used for updating both the black and the white lists. We evaluate the proposed mechanism using 9.5M anonymized log entries obtained from the biggest Internet service provider in Europe. Experiments show that proposed method detects more than 94% of the Spam emails that escaped the blacklist (i.e., TPR), while having less than 0.5% false-alarms. Therefore, the effectiveness of the proposed method is much higher than of previously reported reputation mechanisms, which rely on emails logs. In addition, on our data-set the proposed method eliminated the need in automatic content inspection of 4 out of 5 incoming emails, which resulted in dramatic reduction in the filtering computational load.

Original language	American English
Title of host publication	Network and System Security - 6th International Conference, NSS 2012, Proceedings
Pages	248-262
Number of pages	15
DOIs	https://doi.org/10.1007/978-3-642-34601-9_19
State	Published - 31 Dec 2012
Event	6th International Conference on Network and System Security, NSS 2012 - Wuyishan, Fujian, China Duration: 21 Nov 2012 → 23 Nov 2012

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	7645 LNCS

Conference

Conference	6th International Conference on Network and System Security, NSS 2012
Country/Territory	China
City	Wuyishan, Fujian
Period	21/11/12 → 23/11/12

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

SDG 9 Industry, Innovation, and Infrastructure

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-642-34601-9_19

Cite this

Menahem, E., Pusiz, R., & Elovici, Y. (2012). Detecting spammers via aggregated historical data set. In Network and System Security - 6th International Conference, NSS 2012, Proceedings (pp. 248-262). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7645 LNCS). https://doi.org/10.1007/978-3-642-34601-9_19

@inproceedings{50d7114df65f4cd3a09461a649359203,

title = "Detecting spammers via aggregated historical data set",

abstract = "In this work we propose a new sender reputation mechanism that is based on an aggregated historical dataset, which encodes the behavior of mail transfer agents over exponential growing time windows. The proposed mechanism is targeted mainly at large enterprises and email service providers and can be used for updating both the black and the white lists. We evaluate the proposed mechanism using 9.5M anonymized log entries obtained from the biggest Internet service provider in Europe. Experiments show that proposed method detects more than 94\% of the Spam emails that escaped the blacklist (i.e., TPR), while having less than 0.5\% false-alarms. Therefore, the effectiveness of the proposed method is much higher than of previously reported reputation mechanisms, which rely on emails logs. In addition, on our data-set the proposed method eliminated the need in automatic content inspection of 4 out of 5 incoming emails, which resulted in dramatic reduction in the filtering computational load.",

author = "Eitan Menahem and Rami Pusiz and Yuval Elovici",

year = "2012",

month = dec,

day = "31",

doi = "10.1007/978-3-642-34601-9\_19",

language = "American English",

isbn = "9783642346002",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "248--262",

booktitle = "Network and System Security - 6th International Conference, NSS 2012, Proceedings",

note = "6th International Conference on Network and System Security, NSS 2012 ; Conference date: 21-11-2012 Through 23-11-2012",

}

Menahem, E, Pusiz, R & Elovici, Y 2012, Detecting spammers via aggregated historical data set. in Network and System Security - 6th International Conference, NSS 2012, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 7645 LNCS, pp. 248-262, 6th International Conference on Network and System Security, NSS 2012, Wuyishan, Fujian, China, 21/11/12. https://doi.org/10.1007/978-3-642-34601-9_19

Detecting spammers via aggregated historical data set. / Menahem, Eitan; Pusiz, Rami; Elovici, Yuval.
Network and System Security - 6th International Conference, NSS 2012, Proceedings. 2012. p. 248-262 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7645 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Detecting spammers via aggregated historical data set

AU - Menahem, Eitan

AU - Pusiz, Rami

AU - Elovici, Yuval

PY - 2012/12/31

Y1 - 2012/12/31

N2 - In this work we propose a new sender reputation mechanism that is based on an aggregated historical dataset, which encodes the behavior of mail transfer agents over exponential growing time windows. The proposed mechanism is targeted mainly at large enterprises and email service providers and can be used for updating both the black and the white lists. We evaluate the proposed mechanism using 9.5M anonymized log entries obtained from the biggest Internet service provider in Europe. Experiments show that proposed method detects more than 94% of the Spam emails that escaped the blacklist (i.e., TPR), while having less than 0.5% false-alarms. Therefore, the effectiveness of the proposed method is much higher than of previously reported reputation mechanisms, which rely on emails logs. In addition, on our data-set the proposed method eliminated the need in automatic content inspection of 4 out of 5 incoming emails, which resulted in dramatic reduction in the filtering computational load.

AB - In this work we propose a new sender reputation mechanism that is based on an aggregated historical dataset, which encodes the behavior of mail transfer agents over exponential growing time windows. The proposed mechanism is targeted mainly at large enterprises and email service providers and can be used for updating both the black and the white lists. We evaluate the proposed mechanism using 9.5M anonymized log entries obtained from the biggest Internet service provider in Europe. Experiments show that proposed method detects more than 94% of the Spam emails that escaped the blacklist (i.e., TPR), while having less than 0.5% false-alarms. Therefore, the effectiveness of the proposed method is much higher than of previously reported reputation mechanisms, which rely on emails logs. In addition, on our data-set the proposed method eliminated the need in automatic content inspection of 4 out of 5 incoming emails, which resulted in dramatic reduction in the filtering computational load.

UR - http://www.scopus.com/inward/record.url?scp=84871585705&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-34601-9_19

DO - 10.1007/978-3-642-34601-9_19

M3 - Conference contribution

SN - 9783642346002

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 248

EP - 262

BT - Network and System Security - 6th International Conference, NSS 2012, Proceedings

T2 - 6th International Conference on Network and System Security, NSS 2012

Y2 - 21 November 2012 through 23 November 2012

ER -

Detecting spammers via aggregated historical data set

Abstract

Publication series

Conference

UN SDGs

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this