Exploiting Transport-Level Characteristics of Spam

14 years 1 months ago

Download www.ceas.cc

We present a novel spam detection technique that relies on neither content nor reputation analysis. This work investigates the discriminatory power of email transport-layer characteristics, i.e. the TCP packet stream. From a corpus of messages and corresponding packets, we extract per-email TCP features. While legitimate mail flows are wellbehaved, we observe small congestion windows, frequent retransmissions, loss and large latencies in spam traffic. To learn and exploit these differences, we build "SpamFlow." Using machine learning feature selection, SpamFlow identifies the most selective flow properties, thereby adapting to different networks and users. In addition to greater than 90% classification accuracy, SpamFlow correctly identifies 78% of the false negatives from a popular content filter. By exploiting the need to source large quantities of spam on resource constrained hosts and networks, SpamFlow is not easily subvertible.

Robert Beverly, Karen R. Sollins

Real-time Traffic

CEAS 2008 | Internet Technology | Per-email Tcp Features | Spam Detection Technique | TCP Packet Stream |

claim paper

Post Info
More Details (n/a)

Added	12 Oct 2010
Updated	12 Oct 2010
Type	Conference
Year	2008
Where	CEAS
Authors	Robert Beverly, Karen R. Sollins

Comments (0)

Sciweavers

Exploiting Transport-Level Characteristics of Spam

CEAS 2008 | Internet Technology | Per-email Tcp Features | Spam Detection Technique | TCP Packet Stream |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers