Security

On Network-Level Clusters for Spam Detection

Download Now Free registration required

Executive Summary

IP-based blacklist is an effective way to filter spam emails. However, building and maintaining individual IP addresses in the blacklist is difficult, as new malicious hosts continuously appear and their IP addresses may also change over time. To mitigate this problem, researchers have proposed to replace individual IP ad-dresses in the blacklist with IP clusters, e.g., BGP clusters. In this paper, the authors closely examine the accuracy of IP-cluster-based approaches to understand their effectiveness and fundamental limitations. Based on such understanding, the authors propose and implement a new clustering approach that considers both network origin and DNS information, and incorporate it with SpamAssassin, a popular spam filtering system widely used today.

  • Format: PDF
  • Size: 716 KB