Featured Research

from universities, journals, and other organizations

Spam Filter Design To Benefit From Internet Routing Data

Date:
September 13, 2006
Source:
Georgia Institute of Technology
Summary:
A database of more than 10 million spam email messages collected at just one Internet "spam sinkhole" suggests that Internet service providers could better fight unwanted junk email by addressing it at the network level, rather than using currently available message content filters.

A database of more than 10 million spam email messages collected at just one Internet "spam sinkhole" suggests that Internet service providers could better fight unwanted junk email by addressing it at the network level, rather than using currently available message content filters.

Also, the research – conducted at the Georgia Institute of Technology's College of Computing -- identified two additional techniques for combating spam: improving the security of the Internet's routing infrastructure and developing algorithms to identify computers' membership in "botnets," which are groups of computers that are compromised and controlled remotely to send large volumes of spam. The findings are now directing the researchers' design of new systems to stem spam.

"Content filters are fighting a losing battle because it's easier for spammers to simply change their content than for us to build spam filters.," said Nick Feamster, a Georgia Tech assistant professor of computing. "We need another set of properties, not based on content. So what about network-level properties? It's harder for spammers to change network-level properties."

Feamster and his Ph.D. student Anirudh Ramachandran will present their findings on Sept. 14, 2006 in Pisa, Italy, at the Association for Computing Machinery's annual flagship conference of its Special Interest Group on Data Communication (SIGCOMM).

From 18 months of Internet routing and spam data the researchers collected in one domain, they have learned which network-level properties are most promising for consideration in spam filter design. Specifically, they learned that:

* Internet routes are being hijacked by spammers;

* they can identify many narrow ranges within Internet protocol (IP) address space that are generating only spam, and

* and they can identify the Internet service providers (ISP) from which spam is coming.

"We know route hijacking is occurring," Feamster said. "It's being done by a small, but fairly persistent and sophisticated group of spammers, who cannot be traced using conventional methods."

Route hijacking works like this: By exploiting weaknesses in Internet routing protocols, spammers can steal Internet address space by briefly advertising a route for that space to the rest of the Internet's routers. The spammers can then assign any IP address within that address space to their machines. They send their spam from those machines and then withdraw the route by which they sent the spam. By the time a recipient files a complaint related to this IP address, the route is gone and the IP address space is no longer reachable.

"Even if you're watching the hijack take place, it's difficult to tell where it's coming from," Feamster explained. "We can make some good guesses. But Internet routing protocols are insecure, so it's relatively easy for spammers to steal them and hard for us to identify the perpetrators."

Feamster and researchers elsewhere are actively working to improve the security of Internet routing protocols, he added.

Better spam filtering will also result from a system, which Feamster hopes to design, based on collaborative, network-level filtering among ISP operators.

"Within the single domain that we are studying, it's interesting that you don't see the same IP addresses repeatedly being used to send spam to that domain," Feamster said. "So ISP operators need to be able to securely share information about IP addresses associated with spam."

In addition to studying network-level properties of spam, Ramachandran and Feamster compared their lists of IP addresses used to send spam against eight frequently used "blacklists" compiled by network operators to help filter spam.

"We found that these blacklists listed IP addresses for only about half of the spam being sent using route hijacking," Feamster said.

"The best case scenario is that these blacklists are still missing IP addresses from which at least 20 percent of spam is sent…. This 20 percent rate of false negatives is likely to cause a high percentage of false positives, and so this approach may also cause a lot of legitimate email to be mistakenly tagged as spam."

The researchers also plan to use this finding in the spam filter development efforts, Feamster added. Meanwhile, the researchers are continuing to collect Internet routing and spam data.

"It's always nice to have long-term data to help us see trends," Feamster noted. "These are valuable studies that help us see if people's behavior changes over time."

Indeed, it has in this case. The rate of spam has nearly doubled in the past two years in the one domain where the researchers collected their routing data for this study.


Story Source:

The above story is based on materials provided by Georgia Institute of Technology. Note: Materials may be edited for content and length.


Cite This Page:

Georgia Institute of Technology. "Spam Filter Design To Benefit From Internet Routing Data." ScienceDaily. ScienceDaily, 13 September 2006. <www.sciencedaily.com/releases/2006/09/060912225242.htm>.
Georgia Institute of Technology. (2006, September 13). Spam Filter Design To Benefit From Internet Routing Data. ScienceDaily. Retrieved September 21, 2014 from www.sciencedaily.com/releases/2006/09/060912225242.htm
Georgia Institute of Technology. "Spam Filter Design To Benefit From Internet Routing Data." ScienceDaily. www.sciencedaily.com/releases/2006/09/060912225242.htm (accessed September 21, 2014).

Share This



More Computers & Math News

Sunday, September 21, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

What This MIT Sensor Could Mean For The Future Of Robotics

What This MIT Sensor Could Mean For The Future Of Robotics

Newsy (Sep. 20, 2014) MIT researchers developed a light-based sensor that gives robots 100 times the sensitivity of a human finger, allowing for "unprecedented dexterity." Video provided by Newsy
Powered by NewsLook.com
How To Protect Your Data In The Still-Vulnerable iOS 8

How To Protect Your Data In The Still-Vulnerable iOS 8

Newsy (Sep. 20, 2014) One security researcher says despite Apple's efforts to increase security in iOS 8, it's still vulnerable to law enforcement data-transfer techniques. Video provided by Newsy
Powered by NewsLook.com
How Much Privacy Protection Will Google's Android L Provide?

How Much Privacy Protection Will Google's Android L Provide?

Newsy (Sep. 19, 2014) Google's local encryption will make it harder for law enforcement or malicious actors to access the contents of devices running Android L. Video provided by Newsy
Powered by NewsLook.com
Virtual Reality Headsets Unveiled at Tokyo Game Show

Virtual Reality Headsets Unveiled at Tokyo Game Show

AFP (Sep. 18, 2014) Several companies unveiled virtual reality headsets at the Tokyo Game Show, Asia's largest digital entertainment exhibition. Duration: 00:48 Video provided by AFP
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:

Breaking News:
from the past week

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile: iPhone Android Web
Follow: Facebook Twitter Google+
Subscribe: RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins