Abstract
Previous work has shown that the network dynamics experienced by both the initial packet and an entire connection carrying an email can be leveraged to classify the email as spam or ham. In the case of packet properties, the prior work has investigated their efficacy based on models of traffic collected from around the world. In this paper, we first revisit the techniques when only using information from a single enterprise’s vantage point and find packet properties to be less useful. We also show that adding flow characteristics to a model of packet features adds modest discriminating power, and some flow features’ information is captured by packet features.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Crm114 - the controllable regex mutilator, http://crm114.sourceforge.net/
SpamAssassin, http://spamassassin.apache.org/
Allman, E., Callas, J., Delany, M., Libbey, M., Fenton, J., Thomas, M.: Domain-Based Email Authentication Using Public Keys Advertised in the DNS (DomainKeys) (May 2007) RF 4871
Beverly, R., Sollins, K.: Exploiting Transport-Level Characteristics of Spam. In: 5th Conference on Email and Anti-Spam (August 2008)
Burton, B.: SpamProbe, http://spamprobe.sourceforge.net/
Cormack, G., Lynam, T.: TREC Public Spam Corpus (2007), http://plg.uwaterloo.ca/~gvcormac/treccorpus07/
Friedman, J.H., Popescu, B.E.: Predictive learning via rule ensembles. Annals of Applied Statistics 2(3), 916–954 (2008)
Gomes, L.H., Cazita, C., Almeida, J.M., Almeida, V.A.F., Meira Jr., W.: Characterizing a spam traffic. In: IMC, pp. 356–369 (2004)
Hao, S., Feamster, N.: Personal Communication (2010)
Hao, S., Syed, N.A., Feamster, N., Gray, A.G., Krasser, S.: Detecting spammers with SNARE: Spatio-temporal network-level automatic reputation engine. In: Usenix Security Symp. (2009)
MaxMind, http://www.maxmind.com
Meyer, T., Whateley, B.: SpamBayes: Effective Open-Source, Bayesian Based, Email classification System. In: Proc. First Conference on Email and Anti-Spam (June 2004)
Ouyang, T., Ray, S., Allman, M., Rabinovich, M.: A Large-Scale Empirical Analysis of Email Spam Detection Through Transport-Level Characteristics. Technical Report 10-001, International Computer Science Institute (January 2010)
Paxson, V.: Bro: A System for Detecting Network Intruders in Real-Time. In: Proceedings of the 7th USENIX Security Symposium (January 1998)
Provost, F., Fawcett, T., Kohavi, R.: The case against accuracy estimation for comparing induction algorithms. In: 15th Int. Conf. on Machine Learning, pp. 445–453 (1998)
Quinlan, J.: C4.5: Programs for Machine Learning. Morgan Kaufmann, San Francisco (1993)
Ramachandran, A., Feamster, N.: Understanding the Network-Level Behavior of Spammers. In: ACM SIGCOMM (2006)
Witten, I.H., Frank, E.: Data Mining: Practical machine learning tools and techniques, 2nd edn. Morgan Kaufmann, San Francisco (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ouyang, T., Ray, S., Rabinovich, M., Allman, M. (2011). Can Network Characteristics Detect Spam Effectively in a Stand-Alone Enterprise?. In: Spring, N., Riley, G.F. (eds) Passive and Active Measurement. PAM 2011. Lecture Notes in Computer Science, vol 6579. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19260-9_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-19260-9_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-19259-3
Online ISBN: 978-3-642-19260-9
eBook Packages: Computer ScienceComputer Science (R0)