多态垃圾邮件的个性化过滤

2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI:10.1109/SECURWARE.2009.45

Masaru Takesue

{"title":"多态垃圾邮件的个性化过滤","authors":"Masaru Takesue","doi":"10.1109/SECURWARE.2009.45","DOIUrl":null,"url":null,"abstract":"Which of emails are spams depends on the recipient's interest, so it is desirable to filter spams based on his/her interest. We store the fingerprints (FPs) of k portions of each spam's content in our filter and examine the metrics for detecting the polymorphic spams devised with intent to thwart the detection. For a smaller size of the filter, we exploit two Bloom filters (in fact, merged into a single one to reduce cache miss) to replace the least recently matched spams by recently matched ones. We use as the metrics the number $N_t (≤ k)$ of FPs in the filter matching with those of an incoming email, but also of the $N_T$ FPs, the greatest number $N_d$ of FPs stored for a single spam. We plot spams and legitimate emails in the $N_d-N_t$ space and detect spams by a piecewise linear function. The experiments with about 4,000 real world emails show that our filter achieves the false negative rate of about 0.36 with no false positive.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"36 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Personalized Filtering of Polymorphic E-mail Spam\",\"authors\":\"Masaru Takesue\",\"doi\":\"10.1109/SECURWARE.2009.45\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Which of emails are spams depends on the recipient's interest, so it is desirable to filter spams based on his/her interest. We store the fingerprints (FPs) of k portions of each spam's content in our filter and examine the metrics for detecting the polymorphic spams devised with intent to thwart the detection. For a smaller size of the filter, we exploit two Bloom filters (in fact, merged into a single one to reduce cache miss) to replace the least recently matched spams by recently matched ones. We use as the metrics the number $N_t (≤ k)$ of FPs in the filter matching with those of an incoming email, but also of the $N_T$ FPs, the greatest number $N_d$ of FPs stored for a single spam. We plot spams and legitimate emails in the $N_d-N_t$ space and detect spams by a piecewise linear function. The experiments with about 4,000 real world emails show that our filter achieves the false negative rate of about 0.36 with no false positive.\",\"PeriodicalId\":382947,\"journal\":{\"name\":\"2009 Third International Conference on Emerging Security Information, Systems and Technologies\",\"volume\":\"36 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-06-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 Third International Conference on Emerging Security Information, Systems and Technologies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SECURWARE.2009.45\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SECURWARE.2009.45","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

哪些电子邮件是垃圾邮件取决于收件人的兴趣，因此最好根据他/她的兴趣来过滤垃圾邮件。我们将每个垃圾邮件内容的k个部分的指纹(FPs)存储在我们的过滤器中，并检查用于检测旨在阻止检测的多态垃圾邮件的指标。对于较小尺寸的过滤器，我们利用两个Bloom过滤器(实际上，合并为一个过滤器以减少缓存丢失)，用最近匹配的垃圾邮件替换最近匹配最少的垃圾邮件。我们使用过滤器中与传入电子邮件匹配的FPs数$N_t(≤k)$作为度量，还使用$N_t $ FPs作为度量，即单个垃圾邮件中存储的最大FPs数$N_d$。我们在$N_d-N_t$空间中绘制垃圾邮件和合法电子邮件，并通过分段线性函数检测垃圾邮件。对约4000封真实邮件的实验表明，我们的过滤器达到了约0.36的假阴性率，没有假阳性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Personalized Filtering of Polymorphic E-mail Spam

Which of emails are spams depends on the recipient's interest, so it is desirable to filter spams based on his/her interest. We store the fingerprints (FPs) of k portions of each spam's content in our filter and examine the metrics for detecting the polymorphic spams devised with intent to thwart the detection. For a smaller size of the filter, we exploit two Bloom filters (in fact, merged into a single one to reduce cache miss) to replace the least recently matched spams by recently matched ones. We use as the metrics the number $N_t (≤ k)$ of FPs in the filter matching with those of an incoming email, but also of the $N_T$ FPs, the greatest number $N_d$ of FPs stored for a single spam. We plot spams and legitimate emails in the $N_d-N_t$ space and detect spams by a piecewise linear function. The experiments with about 4,000 real world emails show that our filter achieves the false negative rate of about 0.36 with no false positive.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2009 Third International Conference on Emerging Security Information, Systems and Technologies

自引率

0.00%

发文量