Date of this Version
Andrew G. West, Adam J. Aviv, Jian Chang, and Insup Lee, "Spam Mitigation Using Spatio-Temporal Reputations From Blacklist History", 26th Annual Computer Security Applications Conference (ACSAC '10) , 161-170. December 2010. http://dx.doi.org/10.1145/1920261.1920287
IP blacklists are a spam filtering tool employed by a large number of email providers. Centrally maintained and well regarded, blacklists can filter 80+% of spam without having to perform computationally expensive content-based filtering. However, spammers can vary which hosts send spam (often in intelligent ways), and as a result, some percentage of spamming IPs are not actively listed on any blacklist. Blacklists also provide a previously untapped resource of rich historical information. Leveraging this history in combination with spatial reasoning, this paper presents a novel reputation model (PreSTA), designed to aid in spam classification. In simulation on arriving email at a large university mail system, PreSTA is capable of classifying up to 50% of spam not identified by blacklists alone, and 93% of spam on average (when used in combination with blacklists). Further, the system is consistent in maintaining this blockage-rate even during periods of decreased blacklist performance. PreSTA is scalable and can classify over 500,000 emails an hour. Such a system can be implemented as a complementary blacklist service and used as a first-level filter or prioritization mechanism on an email server.
CPS Internet of Things
26th Annual Computer Security Applications Conference (ACSAC '10)
© ACM 2010. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC '10), http://dx.doi.org/10.1145/1920261.1920287.
Email spam, blacklists, reputation
Date Posted: 05 January 2011
This document has been peer reviewed.