Spam Behavior Recognition Based on Session Layer Data Mining

  • Xuan Zhang
  • Jianyi Liu
  • Yaolong Zhang
  • Cong Wang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4223)


Various approaches are presented to solve the growing spam problem. However, most of these approaches are inflexible to adapt to spam dynamically. This paper proposes a novel approach to counter spam based on spam behavior recognition using Decision Tree learned from data maintained during transfer sessions. A classification is set up according to email transfer patterns enabling normal servers to detect malicious connections before mail body delivered, which contributes much to save network bandwidth wasted by spams. An integrated Anti-Spam framework is founded combining the Behavior Classification with a Bayesian classification. Experiments show that the Behavior Classification has high precision rate with acceptable recall rate considering its bandwidth saving feature. The integrated filter has a higher recall rate than either of the sub-modules, and the precision rate remains quite close to the Bayesian Classification.


Recall Rate Normal Server Precision Rate Mail Server Behavior Recognition 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Katakis, I., Grigorios Tsoumakas, I.V.: Email Mining: Emerging Techniques for Email Management. In: Web Data Management Practices: Emerging Techniques and Technologies, vol. 32, Idea Group Publishing, USA (2006)Google Scholar
  2. 2.
    Garcia, F.D., Hoepman, J.-H., van Nieuwenhuizen, J.: Spam Filter Analysis. In: Proc. 19th IFIP International Information Security Conference, WCC2004-SEC, Toulouse, France, Kluwer Academic Publishers, Dordrecht (2004)Google Scholar
  3. 3.
    Lueg, C.: Spam and anti-spam measures: A look at potential impacts. In: Proc. Informing Science and IT Education Conference, Pori, Finland, pp. 24–27 (2003)Google Scholar
  4. 4.
    Anti-Spam Technologies: Anti-Spam Technology Overview,
  5. 5.
    Stolfo, S.J., Shlomo Hershkop, K.W., Nimeskern, O.: Emt/met: Systems for modeling and detecting errant email. In: Proc. DARPA Information Survivability Conference and Exposition, vol. 2, pp. 290–295 (2003)Google Scholar
  6. 6.
    Prasanna Desikan, J.S.: Analyzing network traffic to detect e-mail spamming. In: Proc. ICDM Workshop on Privacy and Security Aspects of Data Mining, Brighton, UK, pp. 67–76 (2004)Google Scholar
  7. 7.
    Qiu Xiaofeng, H.J., Ming, C.: Flow-based anti-spam. In: Proc. IEEE Workshop on IP Operations and Management, pp. 99–103 (2004)Google Scholar
  8. 8.
    Agrawal, B., Nitin Kumar, M.M.: Controlling spam emails at the routers. In: Proc. International Conference on Communications, Seoul, South Korea, vol. 3, pp. 1588–1592 (2005)Google Scholar
  9. 9.
    Tran, M.: Freebsd server anti-spam software using automated tcp connection control. Technical report, CAIA Technical Report 040326A (2004)Google Scholar
  10. 10.
    Forouzan, B.A., Gegan, S.C.: TCP/IP Protocol Suite. McGraw-Hill, New York (2000)Google Scholar
  11. 11.
    Liu, J., Yixin Zhong, Y.G., Wang, C.: Intelligent spam mail filtering system based on comprehensive information. In: Proc. 16th International Conference on Computer Communication, pp. 1237–1242 (2004)Google Scholar
  12. 12.
    Abbes, T., Adel Bouhoula, M.R.: Protocol analysis in intrusion detection using decision tree. In: Proc. International Conference on Information Technology: Coding and Computing, Las Vegas, Nevada, vol. 1, pp. 404–408 (2004)Google Scholar
  13. 13.
  14. 14.
    Mitchell, T.: Machine Learning. McGraw-Hill, New York (1997)MATHGoogle Scholar
  15. 15.
    Quinlan, J.R.: C4.5: Programs for Machine Learning. Morgan Kaufmann, San Mateo (1993)Google Scholar
  16. 16.
    James P. Early, C.E.B., Rosenberg, C.: Behavioral authentication of server flows. In: Proc. 19th Annual Computer Security Applications Conference, Las Vegas, Nevada, pp. 46–55 (2003)Google Scholar
  17. 17.
    Zhang, Y.: Research and application of behavior recognition technology in anti-spam system. In: Master thesis of Beijing University of Posts and Telecommunications (2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Xuan Zhang
    • 1
  • Jianyi Liu
    • 1
  • Yaolong Zhang
    • 1
  • Cong Wang
    • 1
  1. 1.School of Information EngineeringBeijing University of Posts and TelecommunicationsBeijingChina

Personalised recommendations