Mitigating spam using network-level features

dc.contributor.advisor Feamster, Nick
dc.contributor.author Ramachandran, Anirudh Vadakkedath en_US
dc.contributor.committeeMember Dasgupta, Anirban
dc.contributor.committeeMember Lee, Wenke
dc.contributor.committeeMember Traynor, Patrick
dc.contributor.committeeMember Weinberger, Kilian
dc.contributor.department Computing en_US
dc.date.accessioned 2011-09-22T17:47:17Z
dc.date.available 2011-09-22T17:47:17Z
dc.date.issued 2011-08-04 en_US
dc.description.abstract Spam is an increasing menace in email: 90% of email is spam, and over 90% of spam is sent by botnets---networks of compromised computers under the control of miscreants. In this dissertation, we introduce email spam filtering using network-level features of spammers. Network-level features are based on lightweight measurements that can be made in the network, often without processing or storing a message. These features stay relevant for longer periods, are harder for criminals to alter at will (e.g., a bot cannot act independently of other bots in the botnet), and afford the unique opportunity to observe the coordinated behavior of spammers. We find that widely-used IP address-based reputation systems (e.g., IP blacklists) cannot keep up with the threats of spam from previously unseen IP addresses, and from new and stealthy attacks---to thwart IP-based reputation systems, spammers are reconnoitering IP Blacklists and sending spam from hijacked IP address space. Finally, spammers are "gaming" collaborative filtering by users in Web-based email by casting fraudulent "Not Spam" votes on spam email. We present three systems that detect each attack that uses spammer behavior rather than their IP address. First, we present IP blacklist counter-intelligence, a system that can passively enumerate spammers performing IP blacklist reconnaissance. Second, we present SpamTracker, a system that distinguishes spammers from legitimate senders by applying clustering on the set of domains to which email is sent. Third, we analyze vote-gaming attacks in large Web-based email systems that pollutes user feedback on spam emails, and present an efficient clustering-based method to mitigate such attacks. en_US
dc.description.degree Ph.D. en_US
dc.identifier.uri http://hdl.handle.net/1853/41068
dc.publisher Georgia Institute of Technology en_US
dc.subject Classification en_US
dc.subject Spam en_US
dc.subject Network-level en_US
dc.subject.lcsh Spam (Electronic mail)
dc.subject.lcsh Spam filtering (Electronic mail)
dc.subject.lcsh Algorithms
dc.title Mitigating spam using network-level features en_US
dc.type Text
dc.type.genre Dissertation
dspace.entity.type Publication
local.contributor.corporatename College of Computing
relation.isOrgUnitOfPublication c8892b3c-8db6-4b7b-a33a-1b67f7db2021
Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
2.74 MB
Adobe Portable Document Format