1 Fighting Against Spam. 2 How might we analyze email? Identify different parts – Reply blocks, signature blocks Integrate email with workflow tasks Build.

Slides:

Advertisements

Similar presentations

Arnd Christian König Venkatesh Ganti Rares Vernica Microsoft Research Entity Categorization Over Large Document Collections.

Advertisements

Document Filtering Dr. Frank McCown Intro to Web Science Harding University This work is licensed under a Creative Commons Attribution-NonCommercial- ShareAlike.

Basic Communication on the Internet:

What is Identity Theft, and how can you protect yourself from it?

Report : 鄭志欣 Advisor: Hsing-Kuo Pao 1 Learning to Detect Phishing s I. Fette, N. Sadeh, and A. Tomasic. Learning to detect phishing s. In Proceedings.

CRM114 TeamKNN and Hyperspace Spam Sorting1 Sorting Spam with K-Nearest Neighbor and Hyperspace Classifiers William Yerazunis 1 Fidelis Assis 2 Christian.

Internet Level Spam Detection and SpamAssassin 2.50 Matt Sergeant Senior Anti-Spam Technologist MessageLabs.

Design and Evaluation of a Real-Time URL Spam Filtering Service

CSC 380 Algorithm Project Presentation Spam Detection Algorithms Kyle McCombs Bridget Kelly.

Presented by: Alex Misstear Spam Filtering An Artificial Intelligence Showcase.

6/1/2015 Spam Filtering - Muthiyalu Jothir 1 Spam Filtering Computer Security Seminar N.Muthiyalu Jothir – Media Informatics.

Sparse Binary Polynomial Hashing and the CRM114 Discriminator William S. Yerazunis Mitsubishi Electric Research Laboratories Cambridge, MA

Ensembles in Adversarial Classification for Spam Deepak Chinavle, Pranam Kolari, Tim Oates and Tim Finin University of Maryland, Baltimore County Full.

© 2003 Franz J. Kurfess Spam Filtering 1 CPE/CSC 481: Knowledge-Based Systems Dr. Franz J. Kurfess Computer Science Department Cal Poly.

1 Spam Filtering Using Bayesian Approach Presented by: Nitin Kumar.

Spam Filters. What is Spam? Unsolicited (legally, “no existing relationship” Automated Bulk Not necessarily commercial – “flaming”, political.

1 SIMS 290-2: Applied Natural Language Processing Marti Hearst October 18, 2004.

Fighting Spam Randy Appleton Northern Michigan University

How does computer know what is spam and what is ham?

Goal: Goal: Learn to automatically  File s into folders  Filter spam Motivation  Information overload - we are spending more and more time.

CS Bayesian Learning1 Bayesian Learning. CS Bayesian Learning2 States, causes, hypotheses. Observations, effect, data. We need to reconcile.

Copyright 2004, David D. Lewis (Naive) Bayesian Text Classification for Spam Filtering David D. Lewis, Ph.D. Ornarose, Inc. & David D. Lewis Consulting.

23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.

Spam? Not any more !! Detecting spam s using neural networks ECE/CS/ME 539 Project presentation Submitted by Sivanadyan, Thiagarajan.

An Effective Defense Against Spam Laundering Paper by: Mengjun Xie, Heng Yin, Haining Wang Presented at:CCS'06 Presentation by: Devendra Salvi.

Filtron: A Learning-Based Anti-Spam Filter Eirinaios Michelakis Ion Androutsopoulos

Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine Shuang Hao, Nadeem Ahmed Syed, Nick Feamster, Alexander G. Gray,

Spam Filtering Techniques Arnold Perez Joseph Tilley.

Network and Systems Security By, Vigya Sharma (2011MCS2564) FaisalAlam(2011MCS2608) DETECTING SPAMMERS ON SOCIAL NETWORKS.

Client X CronLab Spam Filter Technical Training Presentation 19/09/2015.

Python & Web Mining Old Dominion University Department of Computer Science Hany SalahEldeen CS495 – Python & Web Mining Fall 2012 Lecture 5 CS 495 Fall.

A Neural Network Classifier for Junk Ian Stuart, Sung-Hyuk Cha, and Charles Tappert CSIS Student/Faculty Research Day May 7, 2004.

Group 2 R 李庭閣 R 孔垂玖 R 許守傑 R 鄭力維.

1 Bins and Text Categorization Carl Sable (Columbia University) Kenneth W. Church (AT&T)

The Internet 8th Edition Tutorial 2 Basic Communication on the Internet: .

Representation of Electronic Mail Filtering Profiles: A User Study Michael J. Pazzani Information and Computer Science University of California, Irvine.

Detecting Semantic Cloaking on the Web Baoning Wu and Brian D. Davison Lehigh University, USA WWW 2006.

Copyright (c) 2003 David D. Lewis (Spam vs.) Forty Years of Machine Learning for Text Classification David D. Lewis, Ph.D. Independent Consultant Chicago,

A Technical Approach to Minimizing Spam Mallory J. Paine.

CSC 556– DBMS II, Spring 2013, Week 7 Bayesian Inference Paul Graham’s Plan for Spam, + A Patent Application for Learning Mobile Preferences, + some text.

SCAVENGER: A JUNK MAIL CLASSIFICATION PROGRAM Rohan Malkhare Committee : Dr. Eugene Fink Dr. Dewey Rundus Dr. Alan Hevner.

Text Feature Extraction. Text Classification Text classification has many applications –Spam detection –Automated tagging of streams of news articles,

BTT12OI.  Do you know someone who has been scammed online? What happened?  Been tricked into sending someone else money (not who they thought they were)

Search Engines. Search Strategies Define the search topic(s) and break it down into its component parts What terms, words or phrases do you use to describe.

What’s New in WatchGuard XCS v9.1 Update 1. WatchGuard XCS v9.1 Update 1  Enhancements that improve ease of use New Dashboard items  Mail Summary >

Bayesian Spam Filter By Joshua Spaulding. Statement of Problem “Spam now accounts for more than half of all messages sent and imposes huge productivity.

Empirical Research Methods in Computer Science Lecture 7 November 30, 2005 Noah Smith.

Adapting Statistical Filtering David Kohlbrenner IT.com TJHSST.

1 A Study of Supervised Spam Detection Applied to Eight Months of Personal E- Mail Gordon Cormack and Thomas Lynam Presented by Hui Fang.

Project Presentation B 王立 B 陳俊甫 B 張又仁 B 李佳穎.

Marketing Amanda Freeman. Design Guidelines Set your width to pixels Avoid too many tables Flash, JavaScript, ActiveX and movies will not.

Spam Detection Ethan Grefe December 13, 2013.

Spamming Botnets: Signatures and Characteristics Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten, and Ivan Osipkov. SIGCOMM, Presented.

CISC Machine Learning for Solving Systems Problems Presented by: Ashwani Rao Dept of Computer & Information Sciences University of Delaware Learning.

IR Homework #3 By J. H. Wang May 4, Programming Exercise #3: Text Classification Goal: to classify each document into predefined categories Input:

Detecting Phishing in s Srikanth Palla Ram Dantu University of North Texas, Denton.

CHAPTER 6 Naive Bayes Models for Classification. QUESTION????

By Ankur Khator Gaurav Sharma Arpit Mathur 01D05014 SPAM FILTERING.

A False Positive Safe Neural Network for Spam Detection Alexandru Catalin Cosoi

Classification using Co-Training

Don’t Follow me : Spam Detection in Twitter January 12, 2011 In-seok An SNU Internet Database Lab. Alex Hai Wang The Pensylvania State University International.

1 Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine Speaker: Jun-Yi Zheng 2010/01/18.

Introduction to Information Retrieval Introduction to Information Retrieval Lecture 15: Text Classification & Naive Bayes 1.

A Simple Approach for Author Profiling in MapReduce

Learning to Detect and Classify Malicious Executables in the Wild by J

Document Filtering Social Web 3/17/2010 Jae-wook Ahn.

Spam Fighting at CERN 12 January 2019 Emmanuel Ormancey.

Project Presentation B 王立 B 陳俊甫 B 張又仁

Text Mining Application Programming Chapter 9 Text Categorization

Speech recognition, machine learning

Presentation transcript:

1 Fighting Against Spam

2 How might we analyze ? Identify different parts – Reply blocks, signature blocks Integrate with workflow tasks Build a social network – Who do you know, and what is their contact info? – Reputation analysis Useful for anti-spam too

3 analysis Spam filtering

4 Recognizing Structure Three tasks: – Does this message contain a signature block? – If so, which lines are in it? – Which lines are reply lines? – Three-way classification for each line Representation – A sequence of lines – Each line has features associated with it – Windows of lines important for line classification

5

6 Features used for line classification: Contain patterns Contain url patterns Contain phone number Typical signature words: department, lab, university, college, etc Person’s name Quote symbols Large number of punctuation symbols

7 The Cost of Spam Most of the cost of spam is paid for by the recipients: –Typical spam batch is 1,000,000 spams –Spammer averages ~$250 commission per batch –Cost to recipients to delete the load of 2 seconds/spam, $7.25/hour: $4,028

8 The Cost of Spam Theft efficiency ratio of spammer: profit to thief = ~6 % cost to victims 10% theft efficiency ratio is typical in many other lines of criminal activity such as fencing stolen goods (jewellery, hubcaps, car stereos).

9 How to Recognize Spam?

10 Anti-spam Approaches Technology – White listing of addresses – Black Listing of addresses/domains – Challenge Response mechanisms – Content Filtering Learning Techniques “Bayesian filtering” for spam has got a lot of press, e.g. The “Bayesian filtering” is actually Naïve Bayes Classification

11 Research in Spam Classification Spam filtering is really a classification problem – Each needs to be classified as either spam or not spam (“ham”) W. Cohen (1996): – RIPPER, Rule Learning System – Rules in a human-comprehensible format Pantel & Lin (1998): – Naïve-Bayes with words as features Sahami, Dumais, Heckerman, Horvitz (1998): – Naïve-Bayes with a mutual information measure to select features with strongest resolving power – Words and domain-specific attributes of spam used as features

12 Research in Spam Classification Paul Graham (2002): A Plan for spam – Very popular algorithm credited with starting the craze for Bayesian Filters – Uses naïve bayes with words as features Bill Yerazunis (2002): CRM114 sparse binary polynomial hashing algorithm – Very accurate (over 99.7% accuracy) – Distinctive because of it’s powerful feature extraction technique – Uses Bayesian chain rule for combining weights – Available via sourceforge Others have used SVMs, etc.

13 Yerazunis’ CRM114 Algorithm Other naïve-bayes approaches focused on single-word features CRM114 creates a huge number of n-grams and represents them efficiently The goal is to create a large number of features, many of which will be invariant over a large body of spam (or nonspam).

14 CRM Slide a window of N words over the incoming text 2. For each window position, generate a set of order-preserving sub-phrases containing combinations of the windowed words 3. Calculate 32-bit hashes of these order- preserved sub-phrases (for efficiency reasons)

15 Step 1: slide a window N words long over the incoming text. ex: –You can Click here to buy viagra online NOW!!! Yields: –You can Click here to buy viagra online NOW!!!... and so on... (on to step 2) CRM114 Feature Extraction Example

16 SBPH Example Click Click here Click to Click here to Click buy Click here buy Click to buy Click here to buy Click viagra Click here viagra Click to viagra Click here to viagra Click buy viagra Click here buy viagra Click to buy viagra Click here to buy viagra...yields all these feature sub-phrases Note the binary counting pattern; this is the ‘binary’ in ‘sparse binary polynomial hashing’ Sliding Window Text : ‘Click here to buy viagra’ Step 2: generate order-preserving sub-phrases from the words in each of the sliding windows

17 SBPH Example Click Click here Click to Click here to Click buy Click here buy Click to buy Click here to buy Click viagra Click here viagra Click to viagra Click here to viagra Click buy viagra Click here buy viagra Click to buy viagra Click here to buy viagra Step 3: make 32-bit hash value “features” from the sub-phrases 32-bit hash E06BF8AA 12FAD10F 7B37C4F CF 1821F0E8 46B99AAD B7EE69BF 19A78B4D AE1B0B DE DBB..... and so on

18 How to use the terms For each phrase you can build – Keep track of how many times you see that phrase in both the spam and nonspam categories. When you need to classify some text, – Build up the phrases – Count up how many times all of the phrases appear in each of the two different categories. – The category with the most phrase matches wins. But really it uses the Bayesian chain rule

19 Learning and Classifying Learning: each feature is bucketed into one of two bucket files ( spam or nonspam) Classifying: the comparable bucket counts of the two files generate rough estimates of each feature's ‘spamminess’

20 Evaluation The feature set created by the hash gives better performance than single-word Bayesian systems. Phrases in colloquial English are much more standardized than words alone - this makes filter evasion much harder A bigger corpus of example text is better With 400Kbytes selected spams, 300Kbytes selected nonspams trained in, no blacklists, whitelists, or other shenanigans

21 Results > % The actual performance of CRM114 Mailfilter from Nov 1 to Dec 1, messages, (1935 spam, 3914 nonspam) 4 false accepts, ZERO false rejects, (and 2 messages I couldn't make head nor tail of). All messages were incoming mail 'fresh from the wild'. No canned spam. For comparison, a human* is only about 99.84% accurate in classifying spam v. nonspam in a “rapid classification” environment.

22 Results Stats Filtering speed: classification: about 20Kbytes per second, learning time: about 10Kbytes per second Memory required: about 5 megabytes 404K spam features, 322K nonspam features

23 Downsides? The bad news: SPAM MUTATES Even a perfectly trained Bayesian filter will slowly deteriorate. New spams appear, with new topics, as well as old topics with creative twists to evade antispam filters.

24 Revenge of the Spammers How do the spammers game these algorithms? – Break the tokenizer Split up words, use html tags, etc – Throw in randomly ordered words Throw off the n-gram based statistics – Use few words Harder for the classifier to work