Understanding the network-level behavior of spammers
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Information Sciences: an International Journal
Taxonomy of Email Reputation Systems
ICDCSW '07 Proceedings of the 27th International Conference on Distributed Computing Systems Workshops
Filtering spam with behavioral blacklisting
Proceedings of the 14th ACM conference on Computer and communications security
Improved spam filtering by extraction of information from text embedded image e-mail
Proceedings of the 2009 ACM symposium on Applied Computing
The WEKA data mining software: an update
ACM SIGKDD Explorations Newsletter
Identifying and Addressing Rogue Servers in Countering Internet Email Misuse
SADFE '10 Proceedings of the 2010 Fifth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering
Predictive blacklisting as an implicit recommendation system
INFOCOM'10 Proceedings of the 29th conference on Information communications
Detecting spammers with SNARE: spatio-temporal network-level automatic reputation engine
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Survey and taxonomy of IP address lookup algorithms
IEEE Network: The Magazine of Global Internetworking
Hi-index | 0.00 |
In this work we propose a new sender reputation mechanism that is based on an aggregated historical dataset, which encodes the behavior of mail transfer agents over exponential growing time windows. The proposed mechanism is targeted mainly at large enterprises and email service providers and can be used for updating both the black and the white lists. We evaluate the proposed mechanism using 9.5M anonymized log entries obtained from the biggest Internet service provider in Europe. Experiments show that proposed method detects more than 94% of the Spam emails that escaped the blacklist (i.e., TPR), while having less than 0.5% false-alarms. Therefore, the effectiveness of the proposed method is much higher than of previously reported reputation mechanisms, which rely on emails logs. In addition, on our data-set the proposed method eliminated the need in automatic content inspection of 4 out of 5 incoming emails, which resulted in dramatic reduction in the filtering computational load.