SpaDeS: Detecting spammers at the source network

  • Authors:
  • Pedro H. B. Las-Casas;Dorgival Guedes;Jussara M. Almeida;Artur Ziviani;Humberto T. Marques-Neto

  • Affiliations:
  • Universidade Federal de Minas Gerais (UFMG), 31.270-010 Belo Horizonte, Brazil;Universidade Federal de Minas Gerais (UFMG), 31.270-010 Belo Horizonte, Brazil and International Computer Science Institute (ICSI), Berkeley, USA;Universidade Federal de Minas Gerais (UFMG), 31.270-010 Belo Horizonte, Brazil;National Laboratory for Scientific Computing (LNCC/MCTI), 25.651-075 Petrópolis, Brazil;Pontifícia Universidade Católica de Minas Gerais (PUC Minas), 30.535-901 Belo Horizonte, Brazil

  • Venue:
  • Computer Networks: The International Journal of Computer and Telecommunications Networking
  • Year:
  • 2013

Quantified Score

Hi-index 0.00

Visualization

Abstract

Despite the large variety and wide adoption of different techniques to detect and filter unsolicited messages (spams), the total amount of such messages over the Internet remains very large. Some reports point out that around 80% of all emails are spams. As a consequence, significant amounts of network resources are still wasted as filtering strategies are usually performed only at the email destination server. Moreover, a considerable part of these unsolicited messages is sent by users who are unaware of their spamming activity and may thus inadvertently be classified as spammers. In this case, these oblivious users act as spambots, i.e., members of a spamming botnet. This paper proposes a new method for detecting spammers at the source network, whether they are individual malicious users or oblivious members of a spamming botnet. Our method, called SpaDeS, is based on a supervised classification technique and relies only on network-level metrics, thus not requiring inspection of message content. We evaluate SpaDeS using real datasets collected from a Brazilian broadband ISP. Our results show that our method is quite effective, correctly classifying the vast majority (87%) of the spammers while misclassifying only around 2% of the legitimate users.