Sciweavers

CEAS
2011
Springer

Spam or ham?: characterizing and detecting fraudulent "not spam" reports in web mail systems

12 years 11 months ago
Spam or ham?: characterizing and detecting fraudulent "not spam" reports in web mail systems
Web mail providers rely on users to “vote” to quickly and collaboratively identify spam messages. Unfortunately, spammers have begun to use bots to control large collections of compromised Web mail accounts not just to send spam, but also to vote “not spam” on incoming spam emails in an attempt to thwart collaborative filtering. We call this practice a vote gaming attack. This attack confuses spam filters, since it causes spam messages to be mislabeled as legitimate; thus, spammer IP addresses can continue sending spam for longer. In this paper, we introduce the vote gaming attack and study the extent of these attacks in practice, using four months of email voting data from a large Web mail provider. We develop a model for vote gaming attacks, explain why existing detection mechanisms cannot detect them, and develop a new, scalable clustering-based detection method that identifies compromised accounts that en
Anirudh Ramachandran, Anirban Dasgupta, Nick Feams
Added 13 Dec 2011
Updated 13 Dec 2011
Type Journal
Year 2011
Where CEAS
Authors Anirudh Ramachandran, Anirban Dasgupta, Nick Feamster, Kilian Q. Weinberger
Comments (0)