Early detection of spamming accounts in large-Scale service provider networks

Yehonatan Cohen, Daniel Gordon, Danny Hendler

Research output: Contribution to journalArticlepeer-review

Abstract

We present ErDOS — an algorithm for the Early Detection Of Spamming accounts. The detection approach implemented by ErDOS combines content-based labelling and features based on inter-account communication patterns. We define new account features, based on the ratio between the numbers of sent and received emails, the distribution of emails received from different accounts, and the topological features of the network induced by inter-account communication. We also present ErDOS-LVS — a variant of ErDOS that targets the detection of low-volume spammers. The empirical evaluation of both detectors is based on a real-life data set collected by an email service provider, much larger than data sets previously used for outgoing spam detection research. It establishes that both are able to provide effective early detection of the spammers population, that is, they identify these accounts as spammers before they are detected as such by a content-based detector. Moreover, both detectors require only a single day of training data for providing a high-quality list of suspect accounts.

Original languageAmerican English
Pages (from-to)241-255
Number of pages15
JournalKnowledge-Based Systems
Volume142
DOIs
StatePublished - 15 Feb 2018

Keywords

  • Email service provider
  • Email spam detection
  • Low-volume spamming
  • Outgoing spam

All Science Journal Classification (ASJC) codes

  • Software
  • Information Systems and Management
  • Artificial Intelligence
  • Management Information Systems

Fingerprint

Dive into the research topics of 'Early detection of spamming accounts in large-Scale service provider networks'. Together they form a unique fingerprint.

Cite this