Departmental Papers (CIS)

Date of this Version

12-2010

Document Type

Conference Paper

Comments

26th Annual Computer Security Applications Conference, Orlando, Florida, December 5-9, 2010.

Abstract

IP blacklists are a spam filtering tool employed by a large number of email providers. Centrally maintained and well regarded, blacklists can filter 80+% of spam without having to perform computationally expensive content-based filtering. However, spammers can vary which hosts send spam (often in intelligent ways), and as a result, some percentage of spamming IPs are not actively listed on any blacklist. Blacklists also provide a previously untapped resource of rich historical information. Leveraging this history in combination with spatial reasoning, this paper presents a novel reputation model (PreSTA), designed to aid in spam classification. In simulation on arriving email at a large university mail system, PreSTA is capable of classifying up to 50% of spam not identified by blacklists alone, and 93% of spam on average (when used in combination with blacklists). Further, the system is consistent in maintaining this blockage-rate even during periods of decreased blacklist performance. PreSTA is scalable and can classify over 500,000 emails an hour. Such a system can be implemented as a complementary blacklist service and used as a first-level filter or prioritization mechanism on an email server.

Subject Area

CPS Internet of Things

Publication Title

26th Annual Computer Security Applications Conference (ACSAC '10)

First Page

161

Last Page

170

DOI

10.1145/1920261.1920287

Permission Statement

© ACM 2010. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC '10), http://dx.doi.org/10.1145/1920261.1920287.

Keywords

Email spam, blacklists, reputation

Share

COinS
 

Date Posted: 05 January 2011

This document has been peer reviewed.