Characterizing Spam traffic and Spammers

There is a tremendous increase in spam traffic these days. Spam messages muddle up users inbox, consume network resources, and build up DDoS attacks, spread worms and viruses. Our goal is to present a definite figure about the characteristics of spam and spammers. Since spammers change their mode of operation to counter anti spam technology,continues evaluation of the characteristics of spam and spammers technology has become mandatory. These evaluations help us to enhance the existing technology to combat spam effectively. We collected 400 thousand spam mails from a spam trap set up in a corporate mail server for a period of 14 months form January 2006 to February 2007. Spammers use common techniques to spam end users regardless of corporate server and public mail server. So we believe that our spam collection is a sample of world wide spam traffic. Studying the characteristics of this sample helps us to better understand the features of spam and spammers technology. We believe that this analysis could be useful to develop more efficient anti spam techniques.Comment: 6 pages, 4 Figures, ICCIT 2007, IEEE C

Spammer Detection on Online Social Networks

Twitter with its rising popularity as a micro-blogging website has inevitably attracted attention of spammers. Spammers use myriad of techniques to lure victims into clicking malicious URLs. In this thesis, we present several novel features capable of distinguishing spam accounts from legitimate accounts in real-time. The features exploit the behavioral and content entropy, bait-techniques, community-orientation, and profile characteristics of spammers. We then use supervised learning algorithms to generate models using the proposed features and show that our tool, spAmbush, can detect spammers in real-time. Our analysis reveals detection of more than 90% of spammers with less than five tweets and more than half with only a single tweet. Our feature computation has low latency and resource requirement. Our results show a 96% detection rate with only 0.01% false positive rate. We further cluster the unknown spammers to identify and understand the prevalent spam campaigns on Twitter

POISED: Spotting Twitter Spam Off the Beaten Paths

Cybercriminals have found in online social networks a propitious medium to spread spam and malicious content. Existing techniques for detecting spam include predicting the trustworthiness of accounts and analyzing the content of these messages. However, advanced attackers can still successfully evade these defenses. Online social networks bring people who have personal connections or share common interests to form communities. In this paper, we first show that users within a networked community share some topics of interest. Moreover, content shared on these social network tend to propagate according to the interests of people. Dissemination paths may emerge where some communities post similar messages, based on the interests of those communities. Spam and other malicious content, on the other hand, follow different spreading patterns. In this paper, we follow this insight and present POISED, a system that leverages the differences in propagation between benign and malicious messages on social networks to identify spam and other unwanted content. We test our system on a dataset of 1.3M tweets collected from 64K users, and we show that our approach is effective in detecting malicious messages, reaching 91% precision and 93% recall. We also show that POISED's detection is more comprehensive than previous systems, by comparing it to three state-of-the-art spam detection systems that have been proposed by the research community in the past. POISED significantly outperforms each of these systems. Moreover, through simulations, we show how POISED is effective in the early detection of spam messages and how it is resilient against two well-known adversarial machine learning attacks

Identifying Spam Activity on Public Facebook Pages

Since their emergence, online social networks (OSNs) keep gaining popularity. However, many related problems have also arisen, such as the use of fake accounts for malicious activities. In this paper, we focus on identifying spammers among users that are active on public Facebook pages. We are specifically interested in identifying groups of spammers sharing similar URLs. For this purpose, we built an initial dataset based on all the content that has been posted upon feed posts on a set of public Facebook pages with high numbers of subscribers. We assumed that such public pages, with hundreds of thousands of subscribers and revolving around a common attractive topic, make an ideal ground for spamming activity. Our first contribution in this paper is a reliable methodology that helps in identifying potential spammer and non-spammer accounts that are likely to be tagged as, respectively, spammers/non-spammers upon manual verification. For that aim, we used a set of features characterizing spam activity with a coring method. This methodology, combined with manual human validation, successfully allowed us to build a dataset of spammers and non-spammers. Our second contribution is the analysis of the identified spammer accounts. We found that these accounts do not display any community-like behavior as they rarely interact with each other, and are slightly more active than non-spammers during late-night hours, while slightly less active during daytime hours. Finally, our third contribution is the proposal of a clustering approach that successfully detected 16 groups of spammers in the form of clusters of spam accounts sharing similar URLs