Abstract
Spam is increasingly a core problem affecting network security and performance. Indeed, it has been estimated that 80% of all email messages are spam. Content-based filters are a commonly deployed countermeasure, but the current research focus is now moving towards the early detection of spamming hosts. This paper investigates if spammers can be detected at the network level, based on just flow data. This problem is challenging, since no information about the content of the email message is available. In this paper we propose a spam detection algorithm, which is able to discriminate between benign and malicious hosts with 92% accuracy.
Chapter PDF
Similar content being viewed by others
References
Symantec Enterprise Security: The state of spam, a monthly report (February 2009)
Spamassassin (March 2009), http://spamassassin.apache.org
Quittek, J., Zseby, T., Claise, B., Zander, S.: Requirements for IP Flow Information Export (IPFIX). RFC 3917 (Informational)
Sperotto, A., Schaffrath, G., Sadre, R., Morariu, C., Pras, A., Stiller, B.: An Overview of IP Flow-based Intrusion Detection. IEEE Surverys & Tutorials (to appear, 2009)
Vliek, G.: Detecting spam machines, a Netflow–data based approach. Master’s thesis (Feburary 2009), http://essay.utwente.nl/58583/1/scriptie_G_Vliek.pdf
Ramachandran, A., Feamster, N., Vempala, S.: Filtering spam with behavioral blacklisting. In: Proc. of the 14th ACM conference on Computer and Communications Security, CCS 2007 (2007)
Schatzmann, D., Burkhart, M., Spyropoulos, T.: Flow-level Characteristics of Spam and Ham. Technical Report TIK Report Nr. 291, Computer Engineering and Networks Laboratory, ETH, Zurich (August 2008)
Schatzmann, D., Burkhart, M., Spyropoulos, T.: Inferring Spammers in the Network Core. In: Proc. of 10th International Conference on Passive and Active Network Measurement, PAM 2009 (2009)
Desikan, P., Srivastava, J.: Analyzing Network Traffic to Detect E–Mail Spamming Machines. In: Proc. of the 2004 ICDM Workshop on Privacy and Security Aspects of Data Mining, PSDM 2004 (2004)
Cheng, B.-C., Chen, M.-J., Chu, Y.-S., Chen, A., Yap, S., Fan, K.-P.: SIPS: A stateful and flow-based intrusion prevention system for email applications. In: Li, K., Jesshope, C., Jin, H., Gaudiot, J.-L. (eds.) NPC 2007. LNCS, vol. 4672, pp. 334–343. Springer, Heidelberg (2007)
ŽádnÃk, M., Michlovský, Z.: Is spam visible in flow-level statistic? Technical report, CESNET 6/2008 (2008)
Iverson, A.: Blacklist statistic center (March 2009), http://stats.dnsbl.com/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sperotto, A., Vliek, G., Sadre, R., Pras, A. (2009). Detecting Spam at the Network Level. In: Oliver, M., Sallent, S. (eds) The Internet of the Future. EUNICE 2009. Lecture Notes in Computer Science, vol 5733. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03700-9_22
Download citation
DOI: https://doi.org/10.1007/978-3-642-03700-9_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03699-6
Online ISBN: 978-3-642-03700-9
eBook Packages: Computer ScienceComputer Science (R0)