Departmental Papers (CIS)

Document Type

Conference Paper

Subject Area

CPS Internet of Things

Date of this Version

12-2010

Comments

Suggested Citation:
West, A.G., Aviv, A.J., Chang, J. and Lee, I. (2010). "Spam Mitigation using Spatio-Temporal Reputations from Blacklist History." Proceedings of the 26th Annual Computer Security Applications Conference. pp. 161-170. Orlando, Florida. December 5-9, 2010.

© ACM, 2010. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in Proceedings of the 26th Annual Computer Security Applications Conference. http://doi.acm.org/10.1145/1920261.1920287

Abstract

IP blacklists are a spam filtering tool employed by a large number of email providers. Centrally maintained and well regarded, blacklists can filter 80+% of spam without having to perform computationally expensive content-based filtering. However, spammers can vary which hosts send spam (often in intelligent ways), and as a result, some percentage of spamming IPs are not actively listed on any blacklist. Blacklists also provide a previously untapped resource of rich historical information. Leveraging this history in combination with spatial reasoning, this paper presents a novel reputation model (PreSTA), designed to aid in spam classification. In simulation on arriving email at a large university mail system, PreSTA is capable of classifying up to 50% of spam not identified by blacklists alone, and 93% of spam on average (when used in combination with blacklists). Further, the system is consistent in maintaining this blockage-rate even during periods of decreased blacklist performance. PreSTA is scalable and can classify over 500,000 emails an hour. Such a system can be implemented as a complementary blacklist service and used as a first-level filter or prioritization mechanism on an email server.

Keywords

Email spam, blacklists, reputation

Share

COinS
 

Date Posted: 05 January 2011

This document has been peer reviewed.