Skip to main content
Article
Mitigating Spam Using Spatio-Temporal Reputation
Technical Reports (CIS)
  • Andrew G. West, University of Pennsylvania
  • Adam J. Aviv, University of Pennsylvania
  • Jian Chang, University of Pennsylvania
  • Insup Lee, University of Pennsylvania
Document Type
Technical Report
Date of this Version
1-1-2010
Comments
University of Pennsylvania Department of Computer and Information Science Technical Report No. MS-CIS-10-04.
Abstract
In this paper we present Preventive Spatio-Temporal Aggregation (PRESTA), a reputation model that combines spatial and temporal features to produce values that are behavior predictive and useful in partial-knowledge situations. To evaluate its effectiveness, we applied PRESTA in the domain of spam detection. Studying the temporal properties of IP blacklists, we found that 25% of IP addresses once listed on a blacklist were re-listed within 10 days. Further, during our evaluation period over 45% of IPs de-listed were re-listed. By using the IP address assignment hierarchy to define spatial groupings and leveraging these temporal statistics, PRESTA produces reputation values that correctly classify up to 50% of spam email not identified by blacklists alone, while maintaining low false-positive rates. When used in conjunction with blacklists, an average of 93% of spam emails are identified, and we find the system is consistent in maintaining this blockage rate even during periods of decreased blacklist performance. PRESTA spam filtering can be employed as an intermediate filter (perhaps in-network) prior to context-based analysis. Further, our spam detection system is scalable; computation can occur in near real-time and over 500,000 emails can be scored an hour.
Citation Information
Andrew G. West, Adam J. Aviv, Jian Chang and Insup Lee. "Mitigating Spam Using Spatio-Temporal Reputation" (2010)
Available at: http://works.bepress.com/andrew_g_west/19/