Packet-level open-digest fingerprinting for spam detection of middleboxes
This paper proposes a stateless open‐digest spam fingerprinting at the packet level (layer 3) based on an open‐digest fingerprinting algorithm Nilsimsa. Spam emails show several characteristics when viewed at gateway level, which are suitable for spam fingerprinting: (a) content invariance and (b) r...
Saved in:
| Main Author: | |
|---|---|
| Format: | Article |
| Published: |
John Wiley & Sons, Ltd.
2012
|
| Subjects: | |
| Online Access: | http://eprints.utm.my/id/eprint/47343/ http://dx.doi.org/10.1002/nem.780 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my.utm.47343 |
|---|---|
| record_format |
eprints |
| spelling |
my.utm.473432019-04-25T01:18:32Z http://eprints.utm.my/id/eprint/47343/ Packet-level open-digest fingerprinting for spam detection of middleboxes Marsono, Muhammad Nadzir QA76 Computer software This paper proposes a stateless open‐digest spam fingerprinting at the packet level (layer 3) based on an open‐digest fingerprinting algorithm Nilsimsa. Spam emails show several characteristics when viewed at gateway level, which are suitable for spam fingerprinting: (a) content invariance and (b) recipient address dispersion. In this paper, Nilsimsa is adapted to support both fingerprinting and fast email class estimation, on a per‐packet basis. Email packets are incrementally fingerprinted on a per‐packet basis, without the need for reassembly. Spam detection status is tagged to the last packet of each email. This in turn allows fast email class estimation (spam detection) at receiving email servers to support more effective spam handling on both inbound and outbound (relayed) emails. The work presented in this paper focuses on evaluating the accuracy of spam fingerprinting at the packet level with consideration on the constraints of processing byte streams over the network, including packet reordering, fragmentation, overlapped bytes, different packet sizes, and possibilities of random addition attacks. Results show that the proposed packet‐level fingerprinting can detect spam with 100% random addition when the similarity threshold is set to between 36 and 59. This method gives 0% false positive and 100% true negative, which equals the performance attained for spam fingerprinting at full email abstraction (layer 7). This shows that classifying emails at the packet level can differentiate non‐spam from spam with high confidence for a viable spam control implementation on middleboxes. John Wiley & Sons, Ltd. 2012 Article PeerReviewed Marsono, Muhammad Nadzir (2012) Packet-level open-digest fingerprinting for spam detection of middleboxes. International Journal of Network Management, 22 . pp. 1-26. ISSN 1055-7148 http://dx.doi.org/10.1002/nem.780 DOI:10.1002/nem.780 |
| institution |
Universiti Teknologi Malaysia |
| building |
UTM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Teknologi Malaysia |
| content_source |
UTM Institutional Repository |
| url_provider |
http://eprints.utm.my/ |
| topic |
QA76 Computer software |
| spellingShingle |
QA76 Computer software Marsono, Muhammad Nadzir Packet-level open-digest fingerprinting for spam detection of middleboxes |
| description |
This paper proposes a stateless open‐digest spam fingerprinting at the packet level (layer 3) based on an open‐digest fingerprinting algorithm Nilsimsa. Spam emails show several characteristics when viewed at gateway level, which are suitable for spam fingerprinting: (a) content invariance and (b) recipient address dispersion. In this paper, Nilsimsa is adapted to support both fingerprinting and fast email class estimation, on a per‐packet basis. Email packets are incrementally fingerprinted on a per‐packet basis, without the need for reassembly. Spam detection status is tagged to the last packet of each email. This in turn allows fast email class estimation (spam detection) at receiving email servers to support more effective spam handling on both inbound and outbound (relayed) emails. The work presented in this paper focuses on evaluating the accuracy of spam fingerprinting at the packet level with consideration on the constraints of processing byte streams over the network, including packet reordering, fragmentation, overlapped bytes, different packet sizes, and possibilities of random addition attacks. Results show that the proposed packet‐level fingerprinting can detect spam with 100% random addition when the similarity threshold is set to between 36 and 59. This method gives 0% false positive and 100% true negative, which equals the performance attained for spam fingerprinting at full email abstraction (layer 7). This shows that classifying emails at the packet level can differentiate non‐spam from spam with high confidence for a viable spam control implementation on middleboxes. |
| format |
Article |
| author |
Marsono, Muhammad Nadzir |
| author_facet |
Marsono, Muhammad Nadzir |
| author_sort |
Marsono, Muhammad Nadzir |
| title |
Packet-level open-digest fingerprinting for spam detection of middleboxes |
| title_short |
Packet-level open-digest fingerprinting for spam detection of middleboxes |
| title_full |
Packet-level open-digest fingerprinting for spam detection of middleboxes |
| title_fullStr |
Packet-level open-digest fingerprinting for spam detection of middleboxes |
| title_full_unstemmed |
Packet-level open-digest fingerprinting for spam detection of middleboxes |
| title_sort |
packet-level open-digest fingerprinting for spam detection of middleboxes |
| publisher |
John Wiley & Sons, Ltd. |
| publishDate |
2012 |
| url |
http://eprints.utm.my/id/eprint/47343/ http://dx.doi.org/10.1002/nem.780 |
| _version_ |
1643652293837455360 |
| score |
13.211869 |