Detail výsledku

Is Spam Visible in Flow-Level Statistics?

ŽÁDNÍK, M.; MICHLOVSKÝ, Z. Is Spam Visible in Flow-Level Statistics?. Prague: CESNET National Research and Education Network, 2009. p. 67-78. ISBN: 978-80-904173-4-2.
Typ
zpráva odborná
Jazyk
anglicky
Autoři
Žádník Martin, Ing., Ph.D., FIT (FIT), UPSY (FIT)
Michlovský Zbyněk, Ing., FIT (FIT)
Abstrakt

This paper investigates feasibility of detection of spam connections using flow statistics collected upon SMTP connections only. To this end, the paper analyzes several days of SMTP communication collected at middle-sized email server. In order to prove that spam connections can be automatically identified at the TCP/IP layer we utilize supervised learning algorithm to construct classifier, in our case the decision tree. The quality of classifier is evaluated and results shows that the flow based statistics contain detectable fingerprint specific to spam connections. Such finding may help with further study of spam behavior in broader manner as the flow statistics can be collected on-line at the backbone links where it is possible to see SMTP traffic for more than one email server.

Klíčová slova

network measurement, spam, identification, characteristics

Rok
2009
Strany
67–78
ISBN
978-80-904173-4-2
Vydavatel
CESNET National Research and Education Network
Místo
Prague
BibTeX
@misc{BUT192710,
  author="Martin {Žádník} and Zbyněk {Michlovský}",
  title="Is Spam Visible in Flow-Level Statistics?",
  year="2009",
  pages="67--78",
  publisher="CESNET National Research and Education Network",
  address="Prague",
  isbn="978-80-904173-4-2"
}
Projekty
Výzkum informačních technologií z hlediska bezpečnosti, MŠMT, Institucionální prostředky SR ČR (např. VZ, VC), MSM0021630528, zahájení: 2007-01-01, ukončení: 2013-12-31, řešení
Pracoviště
Nahoru