Wide area traffic: the failure of Poisson modeling
IEEE/ACM Transactions on Networking (TON)
Web server workload characterization: the search for invariants
Proceedings of the 1996 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Communications of the ACM
Analysis of educational media server workloads
NOSSDAV '01 Proceedings of the 11th international workshop on Network and operating systems support for digital audio and video
Characterizing reference locality in the WWW
DIS '96 Proceedings of the fourth international conference on on Parallel and distributed information systems
Probability and statistics with reliability, queuing and computer science applications
Probability and statistics with reliability, queuing and computer science applications
Models of mail server workloads
Performance Evaluation
A hierarchical characterization of a live streaming media workload
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Measurement, modeling, and analysis of a peer-to-peer file-sharing workload
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
An analysis of Internet chat systems
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Analyzing client interactivity in streaming media
Proceedings of the 13th international conference on World Wide Web
Learning spam: simple techniques for freely-available software
ATEC '03 Proceedings of the annual conference on USENIX Annual Technical Conference
Email prioritization: reducing delays on legitimate mail caused by junk mail
ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
Approximate object location and spam filtering on peer-to-peer systems
Proceedings of the ACM/IFIP/USENIX 2003 International Conference on Middleware
Workload models of spam and legitimate e-mails
Performance Evaluation
A first look at modern enterprise traffic
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Push vs. pull: implications of protocol design on controlling unwanted traffic
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Improving spam detection based on structural similarity
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Revealing botnet membership using DNSBL counter-intelligence
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Proceedings of the ninth international conference on Electronic commerce
Analyzing network and content characteristics of spim using honeypots
SRUTI'07 Proceedings of the 3rd USENIX workshop on Steps to reducing unwanted traffic on the internet
Exploiting network structure for proactive spam mitigation
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
On the properties of spam-advertised URL addresses
Journal of Network and Computer Applications
Prioritized e-mail servicing to reduce non-spam delay and loss: a performance analysis
International Journal of Network Management
A spam rejection scheme during SMTP sessions based on layer-3 e-mail classification
Journal of Network and Computer Applications
Targeting spam control on middleboxes: Spam detection based on layer-3 e-mail content classification
Computer Networks: The International Journal of Computer and Telecommunications Networking
Inferring Spammers in the Network Core
PAM '09 Proceedings of the 10th International Conference on Passive and Active Network Measurement
A survey of learning-based techniques of email spam filtering
Artificial Intelligence Review
NSF: network-based spam filtering based on on-line blacklisting against spamming botnets
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Detection of spam hosts and spam bots using network flow traffic modeling
LEET'10 Proceedings of the 3rd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Can network characteristics detect spam effectively in a stand-alone enterprise?
PAM'11 Proceedings of the 12th international conference on Passive and active measurement
An empirical study of behavioral characteristics of spammers: Findings and implications
Computer Communications
A survey of emerging approaches to spam filtering
ACM Computing Surveys (CSUR)
A neural model in anti-spam systems
ICANN'06 Proceedings of the 16th international conference on Artificial Neural Networks - Volume Part II
Packet-level open-digest fingerprinting for spam detection on middleboxes
International Journal of Network Management
Longtime behavior of harvesting spam bots
Proceedings of the 2012 ACM conference on Internet measurement conference
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
The rapid increase in the volume of unsolicited commercial e-mails, also known as spam, is beginning to take its toll in system administrators, business corporations and end-users. Widely varying estimates of the cost associated with spam are available in the literature. However, a quantitative analysis of the determinant characteristics of spam traffic is still an open problem. This work fills this gap and presents what we believe to be the first extensive characterization of a spam traffic. As basis for our characterization, standard spam detection techniques are used to classify over 360 thousand incoming e-mails to a large university into two categories, namely spam and non-spam. For each of the two resulting workloads, as well as for the aggregate workload, we analyze a set of parameters, aiming at identifying the characteristics that significantly distinguish spam from non-spam traffic, assessing the qualitative impact of spam on the aggregate traffic and, possibly, drawing insights into the design of more effective spam detection techniques. Our characterization reveals significant differences in the spam and non-spam traffic patterns. E-mail arrival process, size distribution as well as the distributions of popularity and temporal locality of e-mail recipients are key workload aspects which distinguish spam from traditional e-mail traffic. We conjecture that these differences are consequence of the inherently different mode of operation of spam and non-spam senders. Whereas non-spam e-mail transmissions are typically driven by social bilateral relationships, spam transmission is usually a unilateral action, based solely on the senders's will to reach as many users as possible.