CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

Mining Network-Level Communication Patterns of Email Traffic for Spotting Unsolicited Email

Farnaz Moradi (Institutionen för data- och informationsteknik, Nätverk och system (Chalmers) ) ; Tomas Olovsson (Institutionen för data- och informationsteknik, Nätverk och system (Chalmers) ) ; Philippas Tsigas (Institutionen för data- och informationsteknik, Nätverk och system (Chalmers) )
Göteborg : Chalmers University of Technology, 2012.
[Rapport]

In this paper we present an anomaly detection method that detects abnormal patterns in network-level communication patterns of email traffic. We show that these anomalies are caused by the excessive amount of unsolicited email (spam) traffic. The deviation in network-level behavior of spam from the normal communication patterns of legitimate email (ham) can be revealed by structural analysis of email networks generated from real email traffic. We derive a time series of distributions based on the structural properties of email networks and spot the anomalies by comparing the feature distributions of current email traffic against baseline distributions generated from legitimate email traffic. Our experimental results on SMTP traffic captured on an Internet backbone link show that the anomalous nodes identified by this approach correspond to the spam sending nodes in the network.



Denna post skapades 2013-10-16. Senast ändrad 2015-12-17.
CPL Pubid: 185313