| dc.contributor.advisor |
Karen Sollins |
en_US |
| dc.contributor.author |
Beverly, Robert |
en_US |
| dc.contributor.author |
Sollins, Karen |
en_US |
| dc.contributor.other |
Advanced Network Architecture |
en_US |
| dc.date.accessioned |
2008-02-19T13:45:28Z |
|
| dc.date.available |
2008-02-19T13:45:28Z |
|
| dc.date.issued |
2008-02-15 |
en_US |
| dc.identifier.other |
MIT-CSAIL-TR-2008-008 |
en_US |
| dc.identifier.uri |
http://hdl.handle.net/1721.1/40287 |
|
| dc.description.abstract |
In the arms race to secure electronic mail users and servers fromunsolicited messages (spam), the most successful solutions employtechniques that are difficult for spammers to circumvent. Thisresearch investigates the transport-layer characteristics ofemail in order to provide a new, novel and robust defense againstspam. We find that spam SMTP flows exhibit TCP behavior consistentwith traffic competing for link access, large round trip times andresource constrained hosts. Thus, SMTP flow characteristics providesufficient statistical power to differentiate between spam andlegitimate mail (ham). We build "SpamFlow" to learn and exploitthese differences. Using machine learning feature selection weidentify the most discriminatory flow properties and effect greaterthan 90% spam classification accuracy without content or reputationanalysis. SpamFlow correctly identifies 78% of the false negativesgenerated by a popular content filtering application -- demonstratingthe power in combining SpamFlow with existing techniques. Finally, weargue that SpamFlow is not easily subvertible due to economicand practical constraints inherent in sourcing spam. |
en_US |
| dc.description.provenance |
Submitted by CSAIL Importer (publications-dspace@csail.mit.edu) on 2008-02-19T13:45:27Z
No. of bitstreams: 2
MIT-CSAIL-TR-2008-008.pdf: 723547 bytes, checksum: 2caea76a76e346070503efaea11634ad (MD5)
MIT-CSAIL-TR-2008-008.ps: 15385189 bytes, checksum: baa0be4f30bbedece3c87dab0aa8c3dd (MD5) |
en |
| dc.description.provenance |
Made available in DSpace on 2008-02-19T13:45:28Z (GMT). No. of bitstreams: 2
MIT-CSAIL-TR-2008-008.pdf: 723547 bytes, checksum: 2caea76a76e346070503efaea11634ad (MD5)
MIT-CSAIL-TR-2008-008.ps: 15385189 bytes, checksum: baa0be4f30bbedece3c87dab0aa8c3dd (MD5)
Previous issue date: 2008-02-15 |
en |
| dc.format.extent |
12 p. |
en_US |
| dc.relation |
Massachusetts Institute of Technology Computer Science and Artificial Intelligence Laboratory |
en_US |
| dc.relation |
|
en_US |
| dc.title |
Exploiting Transport-Level Characteristics of Spam |
en_US |
