spamia spam filtering by quantitative profiles
play

SPAMIA: Spam filtering by quantitative profiles Marin Grendr, Jana - PowerPoint PPT Presentation

Apr 06, 2023 •443 likes •680 views

Spam and its detection Quantitative profile approach Results Conclusions SPAMIA: Spam filtering by quantitative profiles Marin Grendr, Jana kutov, Vladimr pitalsk Slovanet a.s., Zhradncka 151, 821 08 Bratislava, Slovakia

  1. Spam and its detection Quantitative profile approach Results Conclusions SPAMIA: Spam filtering by quantitative profiles Marián Grendár, Jana Škutová, Vladimír Špitalský Slovanet a.s., Záhradnícka 151, 821 08 Bratislava, Slovakia marian.grendar, jana.skutova, vladimir.spitalsky@slovanet.net Applied Statistics 2012, International conference September 23 - 26, 2012, Ribno (Bled), Slovenia This presentation was prepared as a part of the “SPAMIA” project, MŠ SR 3709/2010-11, supported by the Ministry of Education, Science, Research and Sport of the Slovak Republic, under the heading of the state budget support for research and development. Grendár, Škutová, Špitalský SPAMIA

  2. Spam and its detection Quantitative profile approach Results Conclusions Content Spam and its detection Spam Traditional approach to spam filtering Quantitative profile approach Quantitative profiles Results Test corpuses Performance of quantitative profiles Dimension of binary profiles Learning curves Conclusions Grendár, Škutová, Špitalský SPAMIA

  3. Spam and its detection Quantitative profile approach Spam Results Traditional approach to spam filtering Conclusions Spam ◮ an unsolicited email message ◮ is ussually send in a bulk to spread advert or viruses, or for phishing, scam, verification of email, . . . Grendár, Škutová, Špitalský SPAMIA

  4. Spam and its detection Quantitative profile approach Spam Results Traditional approach to spam filtering Conclusions Existing solutions for spam filtering Methods ◮ heuristic rules ◮ naive Bayes filtering ◮ text-mining methods Open-source products SpamAssassin Bogofilter DSPAM ... Comercial products Grendár, Škutová, Špitalský SPAMIA

  5. Spam and its detection Quantitative profile approach Spam Results Traditional approach to spam filtering Conclusions Disadvantages of existing solutions ◮ language dependence ◮ heuristic rules are fixed ◮ necessity to update these rules ◮ high vulnerability ◮ high computational costs Grendár, Škutová, Špitalský SPAMIA

  6. Spam and its detection Quantitative profile approach Quantitative profiles Results Conclusions Quantitative profile approach Spam and its detection Spam Traditional approach to spam filtering Quantitative profile approach Quantitative profiles Results Test corpuses Performance of quantitative profiles Dimension of binary profiles Learning curves Conclusions Grendár, Škutová, Špitalský SPAMIA

  7. Spam and its detection Quantitative profile approach Quantitative profiles Results Conclusions Quantitative profile approach ◮ an email is represented by an m -dimensional vector of numbers with m fixed in advance ◮ QPs serve as an input to a classification algorithm From the_insider@postmaster.co.uk Tue Apr 17 06:44:26 2007 Return−Path: <the_insider@postmaster.co.uk> Received: from cosmic200 (windows.globalgold.co.uk [194.1.150.45]) �by speedy.uwaterloo.ca (8.12.8/8.12.5) with ESMTP id l3HAiP0I026448 �for <ktwarwic@speedy.uwaterloo.ca>; Tue, 17 Apr 2007 06:44:26 −0400 Received: from mail pickup service by cosmic200 with Microsoft SMTPSVC; � Tue, 17 Apr 2007 11:44:10 +0100 From: "The Insider" <the_insider@postmaster.co.uk> To: "Subscriber" <ktwarwic@speedy.uwaterloo.ca> Subject: "The Insider" − News Bulletin Date: Tue, 17 Apr 2007 11:44:10 +0100 X−MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.3959 Message−ID: <COSMIC200uYDlrjbudz00002c2e@cosmic200> QP = ( qp 1 , qp 2 , . . . , qp m ) X−OriginalArrivalTime: 17 Apr 2007 10:44:10.0734 (UTC) Status: O Content−Length: 336 Lines: 10 *** BREAKING NEWS *** American gunman massacres students and staff at American university http://www.theinsider.org/news/article.asp?id=2476 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− To be removed from this mailing list please use the form provided: http://www.theinsider.org/news/emails/unsubscribe/ Grendár, Škutová, Špitalský SPAMIA

  8. Spam and its detection Quantitative profile approach Quantitative profiles Results Conclusions Basic quantitative profiles Binary profile: distances between occurences of special character/characters (only first k = 100 occurences for each email) ◮ LP line: lengths of lines ◮ WP word: lengths of words ◮ BRP brackets: distances between brackets ◮ . . . Histogram binary profile: ◮ HWP: histogram of lengths of words ◮ HBRP: histogram of distances between brackets ◮ . . . Grendár, Škutová, Špitalský SPAMIA

  9. Spam and its detection Quantitative profile approach Quantitative profiles Results Conclusions Basic quantitative profiles Character profile: the number of occurrences of the characters ◮ CP: characters from A (ASCII character set) Grouped character profile: the number of occurrences of the groups of characters ◮ CPG9: numbers, spaces, brackets, operators, separators, upper/lower-case letters, forbidden characters, other ◮ CPG11: as CPG9, separately ! a $ d -gram grouped character profile: ◮ 2CPG11: pairs of groups of characters ◮ 3CPG11: triples of groups of characters ◮ . . . Grendár, Škutová, Špitalský SPAMIA

  10. Spam and its detection Quantitative profile approach Quantitative profiles Results Conclusions Basic quantitative profiles Moving window profile: CPGs for each parts of email ◮ MWPCPG11 Size profile: ◮ size of email ◮ sizes of selected headers ◮ sizes of parts of email according to content-type ◮ (optional) CPG of headers and parts ◮ SP ◮ SPCPG11 Grendár, Škutová, Špitalský SPAMIA

  11. Spam and its detection Quantitative profile approach Quantitative profiles Results Conclusions Graphical representation of line and character profile From the_insider@postmaster.co.uk Tue Apr 17 06:44:26 2007 Return−Path: <the_insider@postmaster.co.uk> Received: from cosmic200 (windows.globalgold.co.uk [194.1.150.45]) �by speedy.uwaterloo.ca (8.12.8/8.12.5) with ESMTP id l3HAiP0I026448 �for <ktwarwic@speedy.uwaterloo.ca>; Tue, 17 Apr 2007 06:44:26 −0400 Received: from mail pickup service by cosmic200 with Microsoft SMTPSVC; � Tue, 17 Apr 2007 11:44:10 +0100 From: "The Insider" <the_insider@postmaster.co.uk> To: "Subscriber" <ktwarwic@speedy.uwaterloo.ca> Subject: "The Insider" − News Bulletin Date: Tue, 17 Apr 2007 11:44:10 +0100 X−MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.3959 Message−ID: <COSMIC200uYDlrjbudz00002c2e@cosmic200> X−OriginalArrivalTime: 17 Apr 2007 10:44:10.0734 (UTC) Status: O Content−Length: 336 Lines: 10 *** BREAKING NEWS *** American gunman massacres students and staff at American university http://www.theinsider.org/news/article.asp?id=2476 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− To be removed from this mailing list please use the form provided: http://www.theinsider.org/news/emails/unsubscribe/ (a) Email (b) Line profile (c) Character profile Grendár, Škutová, Špitalský SPAMIA

  12. Spam and its detection Test corpuses Quantitative profile approach Performance of quantitative profiles Results Dimension of binary profiles Conclusions Learning curves Results Spam and its detection Spam Traditional approach to spam filtering Quantitative profile approach Quantitative profiles Results Test corpuses Performance of quantitative profiles Dimension of binary profiles Learning curves Conclusions Grendár, Škutová, Špitalský SPAMIA

  13. Spam and its detection Test corpuses Quantitative profile approach Performance of quantitative profiles Results Dimension of binary profiles Conclusions Learning curves Test corpuses TREC 2007 corpus of 75 419 emails (spam 66.6%) ◮ train: 50 000 (68.3%) ◮ test: 25 419 (63.1%) CEAS 2008 corpus of 137 705 emails (spam 80.3%) ◮ train: 90 000 (81.2%) ◮ test: 47 705 (77.9%) Grendár, Škutová, Špitalský SPAMIA

  14. Spam and its detection Test corpuses Quantitative profile approach Performance of quantitative profiles Results Dimension of binary profiles Conclusions Learning curves Performance measures and classification algorithm Performance measures ◮ false negative rate fnr (the ratio of misclassified spam) at fixed low values of false positive rate fpr (the ratio of misclassified ham) ◮ the receiver operating characteristic ( ROC ) curve, i.e. the graph of the true positive rate vs. the false positive rate, obtained as functions of the decision threshold Classification algorithm ◮ Random Forest classifier Grendár, Škutová, Špitalský SPAMIA

  15. Spam and its detection Test corpuses Quantitative profile approach Performance of quantitative profiles Results Dimension of binary profiles Conclusions Learning curves Performance of quantitative profiles fnr (%) at fixed fpr = 0 . 1 % filter TREC 2007 CEAS 2008 LP 0.65 3.46 WP 0.52 8.89 BRP 6.22 4.88 CP 14.61 4.98 3CPG11 3.26 4.42 MWPCPG11 17.26 5.45 SP 4.33 0.51 SPCPG11 0.60 0.22 SpamAssassin-RF 66.06 92.23 Bogofilter 7.98 0.71 Grendár, Škutová, Špitalský SPAMIA

Recommend

Machine Learning in Spam Filtering A Crash Course in ML Konstantin Tretyakov kt@ut.ee

Machine Learning in Spam Filtering A Crash Course in ML Konstantin Tretyakov kt@ut.ee

Machine Learning in Spam Filtering A Crash Course in ML Konstantin Tretyakov kt@ut.ee Institute of Computer Science, University of Tartu Overview Spam is Evil ML for Spam Filtering: General Idea, Problems. Some Algorithms Nave Bayesian

391 views • 35 slides
Spam, Spam, Spam Why is spam interesting? Everyone can observe spam. Spam / Anti-spam is a

Spam, Spam, Spam Why is spam interesting? Everyone can observe spam. Spam / Anti-spam is a

Spam, Spam, Spam Why is spam interesting? Everyone can observe spam. Spam / Anti-spam is a highly evolved form of information warfare. Fascinating socioeconomic study with many players - users, ISPs, spammers, technologists, legal

322 views • 17 slides
Spam Filtering with Naive Bayes Classifier Yuriy Arabskyy June 6, 2017 Table of contents What

Spam Filtering with Naive Bayes Classifier Yuriy Arabskyy June 6, 2017 Table of contents What

Spam Filtering with Naive Bayes Classifier Yuriy Arabskyy June 6, 2017 Table of contents What is spam? Different spam types Anti-Spam Techniques Probability theory basics Conditional probability Bayes Theorem Naive Bayes Theorem Spam

1.04k views • 27 slides
Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002 23 October 2002 Emmanuel Ormancey 1

Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002 23 October 2002 Emmanuel Ormancey 1

Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002 23 October 2002 Emmanuel Ormancey 1 Topics Topics Statistics Current Spam filtering at CERN Products overview Selected solution How it works Exchange 2000

348 views • 19 slides
Linked Latent Dirichlet Allocation in Web Spam Filtering o 1 o 1 Istv an B r D avid

Linked Latent Dirichlet Allocation in Web Spam Filtering o 1 o 1 Istv an B r D avid

Linked Latent Dirichlet Allocation in Web Spam Filtering o 1 o 1 Istv an B r D avid Sikl osi J acint Szab ur 1 Andr as A. Bencz 1 Data Mining and Web Search Group Computer and Automation Institute Hungarian Academy

627 views • 14 slides
Tightening the net: a review of current and next generation spam filtering tools James Carpinter

Tightening the net: a review of current and next generation spam filtering tools James Carpinter

Tightening the net: a review of current and next generation spam filtering tools James Carpinter &amp; Ray Hunt Department of Computer Science and Software Engineering University of Canterbury Abstract IT infrastructure worldwide. While it

412 views • 19 slides
A Human Factors Approach to Spam Factors Approach Filtering SpamGUI Parting Thoughts Summary

A Human Factors Approach to Spam Factors Approach Filtering SpamGUI Parting Thoughts Summary

Spam &amp; HCI R. Beverly The Problem A Human A Human Factors Approach to Spam Factors Approach Filtering SpamGUI Parting Thoughts Summary Robert Beverly MIT CSAIL rbeverly@csail.mit.edu July 27, 2009 Conference on Email and

506 views • 16 slides
Spam Fighting at CERN 28 April 2004 Emmanuel Ormancey 1 What is Spam ? What is Spam ? Spam

Spam Fighting at CERN 28 April 2004 Emmanuel Ormancey 1 What is Spam ? What is Spam ? Spam

Spam Fighting at CERN 28 April 2004 Emmanuel Ormancey 1 What is Spam ? What is Spam ? Spam is the friendly name given to unsolicited mail everyone receives in the mailbox. Comes from a Monty Python sketch, where in a caf everything

505 views • 13 slides
Opinion Spam and Analysis NITIN JINDAL &amp; BING LIU, WSDM 08 UIUC Opinion/Review Spam All

Opinion Spam and Analysis NITIN JINDAL &amp; BING LIU, WSDM 08 UIUC Opinion/Review Spam All

Opinion Spam and Analysis NITIN JINDAL &amp; BING LIU, WSDM 08 UIUC Opinion/Review Spam All spam is spam but some spam is more spam than others Opinion spam similar to web spam or email spam in intent, but different in form / content Web

912 views • 38 slides
last chance for mail service ? DKIM TFMC2 01/2006 Mail service status More and more spam,

last chance for mail service ? DKIM TFMC2 01/2006 Mail service status More and more spam,

last chance for mail service ? DKIM TFMC2 01/2006 Mail service status More and more spam, fishing, spoofing, virus More and more energy in spam fighting More and more messages lost because : Imperfect automatic filtering

334 views • 18 slides
Monitoring and data filtering I. Classical Methods Advanced Quantitative Methods in Herd

Monitoring and data filtering I. Classical Methods Advanced Quantitative Methods in Herd

Monitoring and data filtering I. Classical Methods Advanced Quantitative Methods in Herd Management Dan Brge Jensen, IPH Dias 1 Outline Framework and Introduction Shewart Control chart Basic principles Examples: milk yield and

515 views • 33 slides
The CAN-SPAM Act of 2003 D E C E M B E R 2 0 0 3 THE CAN-SPAM ACT OF 2003 Status of Legislation

The CAN-SPAM Act of 2003 D E C E M B E R 2 0 0 3 THE CAN-SPAM ACT OF 2003 Status of Legislation

The CAN-SPAM Act of 2003 D E C E M B E R 2 0 0 3 THE CAN-SPAM ACT OF 2003 Status of Legislation When Congress returns from recess on December 8, 2003, it will finish its work on the CAN-SPAM Act of 2003 (Controlling the Assault of

323 views • 4 slides
Link Spam Alliances Zoltn Gyngyi Hector Garcia-Molina Class List Spam 101 Intro to

Link Spam Alliances Zoltn Gyngyi Hector Garcia-Molina Class List Spam 101 Intro to

Link Spam Alliances Zoltn Gyngyi Hector Garcia-Molina Class List Spam 101 Intro to web spam Spam 221 Spamming PageRank Spam farm model Optimal farm structure Alliances of two farms Larger alliances Spam

876 views • 30 slides
Web Spam Dr. Marc Spaniol Dr. Marc Spaniol Saarbrcken, June 24, 2010 Databases and

Web Spam Dr. Marc Spaniol Dr. Marc Spaniol Saarbrcken, June 24, 2010 Databases and

Web Dynamics Web Spam Web Spam Dr. Marc Spaniol Dr. Marc Spaniol Saarbrcken, June 24, 2010 Databases and Information Systems Prof. Dr. G. Weikum MPII-Sp-0710-1/49 Agenda Web spam - Why and what? Web Spam - Spam taxonomy

669 views • 49 slides
1 An Filtering System that Monitors Document Search Engines Can Help, But Not Enough!

1 An Filtering System that Monitors Document Search Engines Can Help, But Not Enough!

Filtering May be Your Work Adaptive Information Filtering Using Bayesian Graphical Models Yi Zhang Baskin School of Engineering University of California Santa Cruz yiz@soe.ucsc.edu 1 2 Filtering May be Your Work Filtering May be Your Work

415 views • 8 slides
Expectation Propagation Tom Minka Microsoft Research, Cambridge, UK 2006 Advanced Tutorial

Expectation Propagation Tom Minka Microsoft Research, Cambridge, UK 2006 Advanced Tutorial

Expectation Propagation Tom Minka Microsoft Research, Cambridge, UK 2006 Advanced Tutorial Lecture Series, CUED 1 A typical machine learning problem A typical machine learning problem 2 Spam filtering by linear separation Not spam Spam

1.07k views • 82 slides
Web Spam Marc Spaniol Marc Spaniol Saarbrcken, July 23, 2009 Databases and Information

Web Spam Marc Spaniol Marc Spaniol Saarbrcken, July 23, 2009 Databases and Information

Web Dynamics Web Spam Web Spam Marc Spaniol Marc Spaniol Saarbrcken, July 23, 2009 Databases and Information Systems Prof. Dr. G. Weikum MPII-Sp-0709-1/49 Agenda Web spam - Why and what? Web Spam - Spam taxonomy Overview

806 views • 49 slides
Detecting Product Review Spammers using Rating Behaviors Itay Dressler What is Spam? Why

Detecting Product Review Spammers using Rating Behaviors Itay Dressler What is Spam? Why

Detecting Product Review Spammers using Rating Behaviors Itay Dressler What is Spam? Why should you care? How to detect Spam? 2 What is Spam? What is Spam? All forms of malicious manipulation of user generated data so as to

943 views • 56 slides
Proofs of communication and its application e-mails Proof-of-work for fighting spam Proof-of-

Proofs of communication and its application e-mails Proof-of-work for fighting spam Proof-of-

SOFSEM 2008 Filtering unwanted Proofs of communication and its application e-mails Proof-of-work for fighting spam Proof-of- communication Location generation Preparing proofs Verifying proof Marek Klonowski Tomasz Strumi nski Open

348 views • 23 slides
Web Spam Know Your Neighbors: Web Spam Detection using the Web Topology Presenter: Sadia Masood

Web Spam Know Your Neighbors: Web Spam Detection using the Web Topology Presenter: Sadia Masood

Seminar: Future Of Web Search University of Saarland Web Spam Know Your Neighbors: Web Spam Detection using the Web Topology Presenter: Sadia Masood Tutor : Klaus Berberich Date : 17-Jan-2008 The Agenda Focus of the First Paper

1.22k views • 53 slides
spam, ham and other food or how to distribute spam to 100k email addresses Who am I? Debian

spam, ham and other food or how to distribute spam to 100k email addresses Who am I? Debian

spam, ham and other food or how to distribute spam to 100k email addresses Who am I? Debian Developer since 2003 Listmaster Alioth Admin Maintainer of packages like iproute, icinga, nagios and a lot of other useless stu ff

219 views • 20 slides
Monitoring and data filtering III. The Kalman Filter and its relation with the other methods

Monitoring and data filtering III. The Kalman Filter and its relation with the other methods

Monitoring and data filtering III. The Kalman Filter and its relation with the other methods Advanced Quantitative Herd Management Dan Jensen, IPH Dias 1 Before this part of the course Compare key figures (k) with expected results = + e

413 views • 12 slides
x 2 &gt; b w T x &gt; 0 SPAM!! x ( x , 1) w 3 x 3 w T x + b ( w , b ) T ( x , 1)

x 2 &gt; b w T x &gt; 0 SPAM!! x ( x , 1) w 3 x 3 w T x + b ( w , b ) T ( x , 1)

A neuron (or how our brains work) Linear models Subhransu Maji CMPSCI 670: Computer Vision November 3, 2016 Neuroscience 101 CMPSCI 670 Subhransu Maji (UMASS) 2 Perceptron Example: Spam Input are feature values Imagine 3 features (spam

682 views • 8 slides
Traffic Control Mechanisms Filtering Source address filtering Other forms of filtering

Traffic Control Mechanisms Filtering Source address filtering Other forms of filtering

Traffic Control Mechanisms Filtering Source address filtering Other forms of filtering Rate limits Protection against traffic analysis Padding Routing control Lecture 9 Page 1 CS 236 Online Source Address Filtering

366 views • 11 slides

More recommend