On network-aware clustering of Web clients
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
An empirical study of spam traffic and the use of DNS black lists
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Fighting Spam with Reputation Systems
Queue - Social Computing
Understanding the network-level behavior of spammers
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Email prioritization: reducing delays on legitimate mail caused by junk mail
ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
NSDI'06 Proceedings of the 3rd conference on Networked Systems Design & Implementation - Volume 3
Towards attack-agnostic defenses
HOTSEC'06 Proceedings of the 1st USENIX Workshop on Hot Topics in Security
Identifying dynamic IP address blocks serendipitously through background scanning traffic
CoNEXT '07 Proceedings of the 2007 ACM CoNEXT conference
Peeking into spammer behavior from a unique vantage point
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Towards Proactive Spam Filtering (Extended Abstract)
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
An information-theoretic view of network-aware malware attacks
IEEE Transactions on Information Forensics and Security
On the effectiveness of IP reputation for spam filtering
COMSNETS'10 Proceedings of the 2nd international conference on COMmunication systems and NETworks
A collaboration-based autonomous reputation system for email services
INFOCOM'10 Proceedings of the 29th conference on Information communications
Suppressing bot traffic with accurate human attestation
Proceedings of the first ACM asia-pacific workshop on Workshop on systems
Detection of spam hosts and spam bots using network flow traffic modeling
LEET'10 Proceedings of the 3rd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Spam mitigation using spatio-temporal reputations from blacklist history
Proceedings of the 26th Annual Computer Security Applications Conference
An empirical study of behavioral characteristics of spammers: Findings and implications
Computer Communications
BOTMAGNIFIER: locating spambots on the internet
SEC'11 Proceedings of the 20th USENIX conference on Security
Towards the effective temporal association mining of spam blacklists
Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference
Spam or ham?: characterizing and detecting fraudulent "not spam" reports in web mail systems
Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference
Optimal source-based filtering of malicious traffic
IEEE/ACM Transactions on Networking (TON)
EigenBot: foiling spamming botnets with matrix algebra
Proceedings of the ACM SIGKDD Workshop on Intelligence and Security Informatics
B@bel: leveraging email delivery for spam mitigation
Security'12 Proceedings of the 21st USENIX conference on Security symposium
SpaDeS: Detecting spammers at the source network
Computer Networks: The International Journal of Computer and Telecommunications Networking
Characterization of blacklists and tainted network traffic
PAM'13 Proceedings of the 14th international conference on Passive and Active Measurement
Early detection of outgoing spammers in large-scale service provider networks
DIMVA'13 Proceedings of the 10th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Hi-index | 0.00 |
E-mail has become indispensable in today's networked society. However, the huge and ever-growing volume of spam has become a serious threat to this important communication medium. It not only affects e-mail recipients, but also causes a significant overload to mail servers which handle the e-mail transmission. We perform an extensive analysis of IP addresses and IP aggregates given by network-aware clusters in order to investigate properties that can distinguish the bulk of the legitimate mail and spam. Our analysis indicates that the bulk of the legitimate mail comes from long-lived IP addresses. We also find that the bulk of the spam comes from network clusters that are relatively long-lived. Our analysis suggests that network-aware clusters may provide a good aggregation scheme for exploiting the history and structure of IP addresses. We then consider the implications of this analysis for prioritizing legitimate mail. We focus on the situation when mail server is overloaded, and the goal is to maximize the legitimate mail that it accepts. We demonstrate that the history and the structure of the IP addresses can reduce the adverse impact of mail server overload, by increasing the number of legitimate e-mails accepted by a factor of 3.