TY - GEN
T1 - Early detection of outgoing spammers in large-scale service provider networks
AU - Cohen, Yehonatan
AU - Gordon, Daniel
AU - Hendler, Danny
PY - 2013/8/12
Y1 - 2013/8/12
N2 - We present ErDOS, an Early Detection scheme for Outgoing Spam. The detection approach implemented by ErDOS combines content-based detection and features based on inter-account communication patterns. We define new account features, based on the ratio between the numbers of sent and received emails and on the distribution of emails received from different accounts. Our empirical evaluation of ErDOS is based on a real-life data-set collected by an email service provider, much larger than data-sets previously used for outgoing-spam detection research. It establishes that ErDOS is able to provide early detection for a significant fraction of the spammers population, that is, it identifies these accounts as spammers before they are detected as such by a content-based detector. Moreover, ErDOS only requires a single day of training data for providing a high-quality list of suspect accounts.
AB - We present ErDOS, an Early Detection scheme for Outgoing Spam. The detection approach implemented by ErDOS combines content-based detection and features based on inter-account communication patterns. We define new account features, based on the ratio between the numbers of sent and received emails and on the distribution of emails received from different accounts. Our empirical evaluation of ErDOS is based on a real-life data-set collected by an email service provider, much larger than data-sets previously used for outgoing-spam detection research. It establishes that ErDOS is able to provide early detection for a significant fraction of the spammers population, that is, it identifies these accounts as spammers before they are detected as such by a content-based detector. Moreover, ErDOS only requires a single day of training data for providing a high-quality list of suspect accounts.
KW - classification
KW - early detection
KW - email service provider (ESP)
KW - spam
UR - http://www.scopus.com/inward/record.url?scp=84881129075&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-39235-1_5
DO - 10.1007/978-3-642-39235-1_5
M3 - Conference contribution
AN - SCOPUS:84881129075
SN - 9783642392344
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 83
EP - 101
BT - Detection of Intrusions and Malware, and Vulnerability Assessment - 10th International Conference, DIMVA 2013, Proceedings
T2 - 10th Conference on Detection of Intrusions and Malware and Vulnerability Assessment, DIMVA 2013
Y2 - 18 July 2013 through 19 July 2013
ER -