Can network characteristics detect spam effectively in a stand-alone enterprise?

Authors:
Tu Ouyang;Soumya Ray;Michael Rabinovich;Mark Allman
Affiliations:
Case Western Reserve University, Cleveland, OH;Case Western Reserve University, Cleveland, OH;Case Western Reserve University, Cleveland, OH;International Computer Science Institute, Berkeley, CA
Venue:
PAM'11 Proceedings of the 12th international conference on Passive and active measurement
Year:
2011

Citing 7
Cited 4

C4.5: programs for machine learning

C4.5: programs for machine learning
The Case against Accuracy Estimation for Comparing Induction Algorithms

ICML '98 Proceedings of the Fifteenth International Conference on Machine Learning
Characterizing a spam traffic

Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Understanding the network-level behavior of spammers

Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems)

Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems)
Bro: a system for detecting network intruders in real-time

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Detecting spammers with SNARE: spatio-temporal network-level automatic reputation engine

SSYM'09 Proceedings of the 18th conference on USENIX security symposium

Auto-learning of SMTP TCP transport-layer features for spam and abusive message detection

LISA'11 Proceedings of the 25th international conference on Large Installation System Administration
SpaDeS: Detecting spammers at the source network

Computer Networks: The International Journal of Computer and Telecommunications Networking
Greystar: fast and accurate detection of SMS spam numbers in large cellular networks using grey phone space

SEC'13 Proceedings of the 22nd USENIX conference on Security
A large-scale empirical analysis of email spam detection through network characteristics in a stand-alone enterprise

Computer Networks: The International Journal of Computer and Telecommunications Networking

Quantified Score

Hi-index	0.00

Visualization

Abstract

Previous work has shown that the network dynamics experienced by both the initial packet and an entire connection carrying an email can be leveraged to classify the email as spam or ham. In the case of packet properties, the prior work has investigated their efficacy based on models of traffic collected from around the world. In this paper, we first revisit the techniques when only using information from a single enterprise's vantage point and find packet properties to be less useful. We also show that adding flow characteristics to a model of packet features adds modest discriminating power, and some flow features' information is captured by packet features.