Blocking spam by separating end‐user machines from legitimate mail server machines. Issue 4 (27th June 2012)
- Record Type:
- Journal Article
- Title:
- Blocking spam by separating end‐user machines from legitimate mail server machines. Issue 4 (27th June 2012)
- Main Title:
- Blocking spam by separating end‐user machines from legitimate mail server machines
- Authors:
- Sanchez, Fernando
Duan, Zhenhai
Dong, Yingfei - Abstract:
- Abstract: Spamming botnets present a critical challenge in the control of spam messages because of the sheer volume and wide spread of the botnet members. In this paper, we advocate the approach for recipient mail servers to filter messages directly delivered from remote end‐user (EU) machines, given that the majority of spamming bots are EU machines. We develop a support vector machine (SVM)‐based classifier to separate EU machines from legitimate mail server (LMS) machines, using a set of machine features that cannot be easily manipulated by spammers. We investigate the efficacy and performance of the SVM‐based classifier using a number of real‐world data sets. Our performance studies show that the SVM‐based classifier is indeed a feasible and effective approach in distinguishing EU machines from LMS machines. For example, training and testing on an aggregated data set containing both EU machines and LMS machines, on average, we found that the SVM‐based classifier can achieve a 99.25 % detection accuracy, with very small false positive rate (0.35%) and false negative rate (1.27%), significantly outperforming eight Domain Name System‐based blacklists widely used today. Copyright © 2012 John Wiley & Sons, Ltd. Abstract : A novel spam blocking technique is developed in the paper by separating end‐user machines from legitimate mail server machines using a support vector machine (SVM)‐based classifier. Evaluation studies using real‐world data sets show that the SVM‐basedAbstract: Spamming botnets present a critical challenge in the control of spam messages because of the sheer volume and wide spread of the botnet members. In this paper, we advocate the approach for recipient mail servers to filter messages directly delivered from remote end‐user (EU) machines, given that the majority of spamming bots are EU machines. We develop a support vector machine (SVM)‐based classifier to separate EU machines from legitimate mail server (LMS) machines, using a set of machine features that cannot be easily manipulated by spammers. We investigate the efficacy and performance of the SVM‐based classifier using a number of real‐world data sets. Our performance studies show that the SVM‐based classifier is indeed a feasible and effective approach in distinguishing EU machines from LMS machines. For example, training and testing on an aggregated data set containing both EU machines and LMS machines, on average, we found that the SVM‐based classifier can achieve a 99.25 % detection accuracy, with very small false positive rate (0.35%) and false negative rate (1.27%), significantly outperforming eight Domain Name System‐based blacklists widely used today. Copyright © 2012 John Wiley & Sons, Ltd. Abstract : A novel spam blocking technique is developed in the paper by separating end‐user machines from legitimate mail server machines using a support vector machine (SVM)‐based classifier. Evaluation studies using real‐world data sets show that the SVM‐based classifier can achieve high detection accuracy, with a very small false positive rate and false negative rate, significantly outperforming eight DNS‐based blacklists widely used today. … (more)
- Is Part Of:
- Security and communication networks. Volume 9:Issue 4(2016)
- Journal:
- Security and communication networks
- Issue:
- Volume 9:Issue 4(2016)
- Issue Display:
- Volume 9, Issue 4 (2016)
- Year:
- 2016
- Volume:
- 9
- Issue:
- 4
- Issue Sort Value:
- 2016-0009-0004-0000
- Page Start:
- 316
- Page End:
- 326
- Publication Date:
- 2012-06-27
- Subjects:
- content‐independent spam control -- spamming bot -- machine classification -- learning
Computer networks -- Security measures -- Periodicals
Computer security -- Periodicals
Cryptography -- Periodicals
005.805 - Journal URLs:
- http://onlinelibrary.wiley.com/journal/10.1002/(ISSN)1939-0122 ↗
https://www.hindawi.com/journals/scn/ ↗
http://onlinelibrary.wiley.com/ ↗ - DOI:
- 10.1002/sec.587 ↗
- Languages:
- English
- ISSNs:
- 1939-0114
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library HMNTS - ELD Digital store
- Ingest File:
- 9866.xml