Identifying features to improve real time clustering and domain blacklisting
Pages 238 - 243
Abstract
Feature analysis is an important task in the area of information extraction. Appropriate features give improved performance for any classification or clustering algorithm. In this paper we try to analyze different features that can be used to cluster spam emails at real time and thus improve IP blacklisting. Domain blacklisting becomes easy when these features are used because masses of IP address get grouped easily. We have explored several features in this paper like sender and subject of the email; email attachments, stylistic and semantic features. These features ensure appropriate clustering of spam originating from dominant hosts. We compute the effectiveness of these features in terms of how well they group emails, gather domain/IP information and thus improve domain blacklisting.
References
[1]
Ramachandran, A., Feamster, N. and Dagon, D. Revealing botnet membership using DNSBL counter-intelligence. In Proc.of the second conference on Steps to Reducing Unwanted Traffic on the Internet. San Jose, CA. 2006.
[2]
Gu G., Perdisci R., Zhang J., and Lee W. BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection. In Proc. of the 17 th conference USENIX Security Symposium, Boston, MA. 2008, 139--154.
[3]
Guerra P., Pires D., Guedes D. Spam Miner: A Platform for Detecting and Characterizing Spam Campaigns. In Proc. of the 6th Conf. on Email and Anti-Spam, CEAS, 2008.
[4]
Pu, C., and Webb, S. Observed trends in spam construction techniques: A case study of spam evolution. The 3rd Conference on Email and Anti-Spam. Mountain View, CA. 2006.
[5]
Wei C., Sprague A., Warner G., Skjellum A. Identifying New Spam Domains by Hosting IPs: Improving Domain blacklisting. In Proc. of the 7th Conf. on Email and Anti-Spam, CEAS, 2010.
[6]
Pillay S., Solorio T. Authorship Attribution of Web Forum Posts, In Proc. of the eCrime Researchers' Summit, Dallas, 2010.
[7]
Salton G., McGill M. J. Introduction to modern information retrieval, McGraw-Hill
[8]
Aranganayagi, S., Thangavel, K. Clustering Categorical Data Using Silhouette Coefficient as a Relocating Measure. In Proc. of Conference on Computational Intelligence and Multimedia Applications, India, 2007
[9]
Wei C., Sprague A. P., Warner G., Skjellum A. Clustering spam domains and targeting spam origin for forensic analysis, J. Digital Forensics, Security, and Law, 5: 2010.
[10]
Klein D. and Manning C. D. Accurate Unlexicalized Parsing. In Proc of the 41st Meeting of the Association for Computational Linguistics, pp. 423--430, 2003.
[11]
Hall M., Frank E., Holmes G., Pfahringer B., Reutemann P., Witten I. H. The WEKA data mining software: An update, SIGKDD Explorations, Volume 11, Issue 1, 2009.
Recommendations
Filtering spam with behavioral blacklisting
CCS '07: Proceedings of the 14th ACM conference on Computer and communications securitySpam filters often use the reputation of an IP address (or IP address range) to classify email senders. This approach worked well when most spam originated from senders with fixed IP addresses, but spam today is also sent from IP addresses for which ...
Research on domain-specific features clustering based spectral clustering
ICSI'12: Proceedings of the Third international conference on Advances in Swarm Intelligence - Volume Part IIDomain-Specific features clustering aims to cluster the features from related domains into K clusters. Although traditional clustering algorithms can be used to domain-specific features clustering, the performance may not good as the features have ...
Improved Blacklisting: Inspecting the Structural Neighborhood of Malicious URLs
Filtering based on blacklists is a major countermeasure against malicious websites. However, blacklists must be updated because malicious URLs tend to be short-lived, and they can be partially mutated to avoid blacklisting. Due to these characteristics, ...
Comments
Information & Contributors
Information
Published In
March 2012
424 pages
ISBN:9781450312035
DOI:10.1145/2184512
- Conference Chair:
- Randy K. Smith,
- Program Chair:
- Susan V. Vrbsky
Copyright � 2012 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 29 March 2012
Check for updates
Qualifiers
- Research-article
Conference
ACM SE '12
Sponsor:
Acceptance Rates
ACMSE '12 Paper Acceptance Rate 28 of 56 submissions, 50%;
Overall Acceptance Rate 502 of 1,023 submissions, 49%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 127Total Downloads
- Downloads (Last 12 months)7
- Downloads (Last 6 weeks)0
Reflects downloads up to 16 Oct 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in