Towards Proactive Spam Filtering (Extended Abstract)

  • Jan Göbel
  • Thorsten Holz
  • Philipp Trinius
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5587)


With increasing security measures in network services, remote exploitation is getting harder. As a result, attackers concentrate on more reliable attack vectors like email: victims are infected using either malicious attachments or links leading to malicious websites. Therefore efficient filtering and blocking methods for spam messages are needed.

Unfortunately, most spam filtering solutions proposed so far are reactive, they require a large amount of both ham and spam messages to efficiently generate rules to differentiate between both. In this paper, we introduce a more proactive approach that allows us to directly collect spam message by interacting with the spam botnet controllers. We are able to observe current spam runs and obtain a copy of latest spam messages in a fast and efficient way. Based on the collected information we are able to generate templates that represent a concise summary of a spam run. The collected data can then be used to improve current spam filtering techniques and develop new venues to efficiently filter mails.


Regular Expression Email Message Mail Server Spam Email Spam Message 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Andreolini, M., Bulgarelli, A., Colajanni, M., Mazzoni, F.: HoneySpam: Honeypots Fighting Spam at the Source. In: Proceedings of the SRUTI 2005 (2005)Google Scholar
  2. 2.
    Androutsopoulos, I., Koutsias, J., Chandrinos, K.V., Paliouras, G., Spyropoulos, C.D.: An Evaluation of Naive Bayesian Anti-Spam Filtering. In: Workshop on Machine Learning in the New Information Age (2000)Google Scholar
  3. 3.
    Drucker, H., Wu, D., Vapnik, V.: Support vector machines for spam categorization. IEEE Transactions on Neural Networks 10(5), 1048–1054 (1999)CrossRefGoogle Scholar
  4. 4.
    Honeynet Project. Know Your Enemy Lite: Proxy Threats – Port v666 (2008),
  5. 5.
    John, J.P., Moshchuk, A., Gribble, S.D., Krishnamurthy, A.: Studying Spamming Botnets Using Botlab. In: Proceedings of NSDI 2009 (2009)Google Scholar
  6. 6.
    Jung, J., Sit, E.: An Empirical Study of Spam Traffic and the Use of DNS Black Lists. In: Proceedings of the 4th ACM Conference on Internet Measurement (2004)Google Scholar
  7. 7.
    Kim, J., Chung, K., Choi, K.: Spam Filtering With Dynamically Updated URL Statistics. IEEE Security and Privacy 5(4) (2007)Google Scholar
  8. 8.
    Kreibich, C., Kanich, C., Levchenko, K., Enright, B., Voelker, G.M., Paxson, V., Savage, S.: On the spam campaign trail. In: Proceedings of LEET 2008 (2008)Google Scholar
  9. 9.
    Lemos, R.: McColo Takedown Nets Massive Drop in Spam (2008),
  10. 10.
    Pathak, A., Hu, Y.C., Mao, Z.M.: Peeking into Spammer Behavior from a Unique Vantage Point. In: Proceedings of LEET 2008 (2008)Google Scholar
  11. 11.
    Provos, N., McNamee, D., Mavrommatis, P., Wang, K., Modadugu, N.: The Ghost in the Browser Analysis of Web-based Malware. In: Proceedings of HotBots 2007 (2007)Google Scholar
  12. 12.
    Ramachandran, A., Feamster, N.: Understanding the network-level behavior of spammers. SIGCOMM Comput. Commun. Rev. 36(4), 291–302 (2006)CrossRefGoogle Scholar
  13. 13.
    Ramachandran, A., Feamster, N., Dagon, D.: Revealing Botnet Membership Using DNSBL Counter-Intelligence. In: Proceedings of the SRUTI 2006 (2006)Google Scholar
  14. 14.
    Sahami, M., Dumais, S., Heckerman, D., Horvitz, E.: A Bayesian Approach to Filtering Junk E-Mail. In: Learning for Text Categorization. AAAI Technical Report WS-98-05 (1998)Google Scholar
  15. 15.
    Stewart, J.: Top Spam Botnets Exposed (April 2008),
  16. 16.
    Stewart, J.: Spam Botnets to Watch in 2009 (January 2009),
  17. 17.
    Venkataraman, S., Sen, S., Spatscheck, O., Haffner, P., Song, D.: Exploiting Network Structure for Proactive Spam Mitigation. In: Proceedings of 16th USENIX Security Symposium (2007)Google Scholar
  18. 18.
    Wang, Y.-M., Beck, D., Jiang, X., Roussev, R., Verbowski, C., Chen, S., King, S.T.: Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities. In: Proceedings of NDSS 2006 (2006)Google Scholar
  19. 19.
    Willems, C., Holz, T., Freiling, F.: CWSandbox: Towards Automated Dynamic Binary Analysis. IEEE Security and Privacy 5(2) (2007)Google Scholar
  20. 20.
    Xie, Y., Yu, F., Achan, K., Panigrahy, R., Hulten, G., Osipkov, I.: Spamming Botnets: Signatures and Characteristics. In: Proceedings of SIGCOMM 2008 (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Jan Göbel
    • 1
  • Thorsten Holz
    • 1
  • Philipp Trinius
    • 1
  1. 1.Laboratory for Dependable Distributed SystemsUniversity of MannheimGermany

Personalised recommendations