-
CS Colloquia: Filtering Spam with Behavioral Blacklisting
Tue, Oct 23, 2007 @ 04:00 PM - 05:30 PM
Thomas Lord Department of Computer Science
Conferences, Lectures, & Seminars
Title: Filtering Spam with Behavioral BlacklistingSpeaker: Prof. Nick Feamster(GATECH)ABSTRACT:
Spam filters often use the reputation of an IP address (or IP address
range) to classify email senders. This approach worked well when most
spam originated from senders with fixed IP addresses, but
spam today is also sent from IP addresses for which blacklist
maintainers have outdated or inaccurate information (or no information
at all). Spam campaigns also involve many senders, reducing the amount
of spam any particular IP address sends to a single domain; this method
allows spammers to stay ''under the radar''. The dynamism of any
particular IP address begs for blacklisting techniques that
automatically adapt as the senders of spam change.We present SpamTracker, a spam filtering system that uses a new technique
called behavioral blacklisting to classify email senders based on their
sending behavior rather than their identity. Spammers cannot evade
SpamTracker merely by using ''fresh'' IP addresses because blacklisting
decisions are based on sending patterns, which tend to remain more invariant.
SpamTracker uses fast clustering algorithms that react quickly to changes in
sending patterns. We evaluate SpamTracker's ability to classify spammers using
email logs for over 115 email domains; we find that SpamTracker can correctly
classify many spammers missed by current filtering techniques.BIO:
Nick Feamster is an assistant professor in the College of Computing at Georgia
Tech. He received his Ph.D. in Computer science from MIT in 2005, and his S.B.
and M.Eng. degrees in Electrical Engineering and Computer Science from MIT in
2000 and 2001, respectively. His research focuses on many aspects of computer
networking and networked systems, including the design, measurement, and
analysis of network routing protocols, network security, anonymous
communication systems, and adaptive streaming media protocols. His honors
include award papers at SIGCOMM 2006 (network-level behavior of spammers), the
NSDI 2005 conference (fault detection in router configuration), Usenix
Security 2002 (circumventing web censorship using Infranet), and Usenix
Security 2001 (web cookie analysis). He is also the recipient of an IBM
Faculty Award.Location: Seaver Science Library (SSL) - 150
Audiences: Everyone Is Invited
Contact: CS Colloquia
