Presentation | 2009-03-03 PrBL: Probabilistic BlackList for E-mail Spammers Tatsuya MORI, |
---|---|
PDF Download Page | PDF download Page Link |
Abstract(in Japanese) | (See Japanese page) |
Abstract(in English) | Recent drastic increase in the number of spam messages has caused significant overload on e-mail delivery systems. IP reputation services such as DNSBL (DNS BlackList) have been widely used as an effective way to lower the overhead of e-mail delivery system by restricting smtp connections based on the reputation listed in the blacklists. Since those reputation services require only IP address lookups, they are the most light-weight and scalable anti-spam solution. However, these approaches have fundamental limitations, namely, flexibility, extensibility, locality, and the explicit modeling of spamicity and legitimacy. In this work, we attempt to relax the limitations of existing IP repuration-based approaches by leveraging statistical technique. Hence, we call our method PrBL (probabilistic blacklist). The key idea of our approach is to make use of the property of e-mail senders in terms of geographical and logical network locations, and the intrinsic signatures derived from the analysis of TCP headers, which are independent of e-mail content. Machine-learning tool is used to establish the probabilistic classification of e-mail senders. We validate the performance of PrBL through the analysis of SMTP logs collected at an enterprise e-mail server over 4-months of period. We also show that by tuning the policy parameter, PrBL can establish much better accuracy (i.e, less false positives), compared to the widely used DNSBLs. |
Keyword(in Japanese) | (See Japanese page) |
Keyword(in English) | spam / spammer / filtering / DNSBL / supervised learning / Naive Bayes |
Paper # | NS2008-146 |
Date of Issue |
Conference Information | |
Committee | NS |
---|---|
Conference Date | 2009/2/24(1days) |
Place (in Japanese) | (See Japanese page) |
Place (in English) | |
Topics (in Japanese) | (See Japanese page) |
Topics (in English) | |
Chair | |
Vice Chair | |
Secretary | |
Assistant |
Paper Information | |
Registration To | Network Systems(NS) |
---|---|
Language | ENG |
Title (in Japanese) | (See Japanese page) |
Sub Title (in Japanese) | (See Japanese page) |
Title (in English) | PrBL: Probabilistic BlackList for E-mail Spammers |
Sub Title (in English) | |
Keyword(1) | spam |
Keyword(2) | spammer |
Keyword(3) | filtering |
Keyword(4) | DNSBL |
Keyword(5) | supervised learning |
Keyword(6) | Naive Bayes |
1st Author's Name | Tatsuya MORI |
1st Author's Affiliation | NTT Service Integration Laboratories() |
Date | 2009-03-03 |
Paper # | NS2008-146 |
Volume (vol) | vol.108 |
Number (no) | 457 |
Page | pp.pp.- |
#Pages | 6 |
Date of Issue |