Downloaded 10 times
![8/ 17
®
Bag-of-words
[ 1 ] - “Luan likes to make hacking. Josimar likes to make
hacking too.”
[ 2 ] - “Luan also likes to web hacking.”
● Create array of words ( tokenize... )
{ “Luan”,”likes”,”to”,”make”,”hacking”,”Josimar”,”too”,
”also”,”web”} Total of 9 elements
● Count number of appers !
[0] – { 1, 2, 2, 2, 2, 1, 1, 0, 0 }
[1] – { 1, 1, 1, 0, 1, 0, 0, 1, 1 }](https://image.slidesharecdn.com/detectorresearchtony-160606213537/85/Improving-spam-detection-with-automaton-8-320.jpg)
![11/ 17
®
My way
Automatos like a Match Rules
● Gain Accuracy !
● Gain Performance !
● Because can match to SPAM before to use classifier !
● www.site.com/www.bank.com/
● URL/malware.exe rule like URL/[a-zA-Z]*.exe ...
● Rule like to detect IP at URL
● Deterministic finite automaton to detect
● Use ranking !
NB 94% +4% Fast](https://image.slidesharecdn.com/detectorresearchtony-160606213537/85/Improving-spam-detection-with-automaton-11-320.jpg)
![12/ 17
®
My way
Automatos like a Match Rules
● Gain Accuracy !
● Gain Performance !
● Because can match to SPAM before to use classifier !
● Deterministic finite automaton at Rules to detect
● www.site.com/www.bank.com/
● URL/malware.exe rule like URL/[a-zA-Z]*.exe ...
● Rule like to detect IP at URL
● Rule to detect Phishing
● Use Ranking !
NB 94% +4% Fast](https://image.slidesharecdn.com/detectorresearchtony-160606213537/85/Improving-spam-detection-with-automaton-12-320.jpg)
![15/ 17
®
My way
Automatos like a Match Rules
● Gain Accuracy !
● Gain Performance !
● Because can match to SPAM before to use classifier !
● www.site.com/www.bank.com/
● URL/malware.exe rule like URL/[a-zA-Z]*.exe ...
● Rule like to detect IP at URL
● Deterministic finite automaton to detect
● Use ranking !
NB 94% +4% Fast](https://image.slidesharecdn.com/detectorresearchtony-160606213537/85/Improving-spam-detection-with-automaton-15-320.jpg)
![8/ 17
®
Bag-of-words
[ 1 ] - “Luan likes to make hacking. Josimar likes to make
hacking too.”
[ 2 ] - “Luan also likes to web hacking.”
● Create array of words ( tokenize... )
{ “Luan”,”likes”,”to”,”make”,”hacking”,”Josimar”,”too”,
”also”,”web”} Total of 9 elements
● Count number of appers !
[0] – { 1, 2, 2, 2, 2, 1, 1, 0, 0 }
[1] – { 1, 1, 1, 0, 1, 0, 0, 1, 1 }](https://image.slidesharecdn.com/detectorresearchtony-160606213537/75/Improving-spam-detection-with-automaton-8-2048.jpg)
![11/ 17
®
My way
Automatos like a Match Rules
● Gain Accuracy !
● Gain Performance !
● Because can match to SPAM before to use classifier !
● www.site.com/www.bank.com/
● URL/malware.exe rule like URL/[a-zA-Z]*.exe ...
● Rule like to detect IP at URL
● Deterministic finite automaton to detect
● Use ranking !
NB 94% +4% Fast](https://image.slidesharecdn.com/detectorresearchtony-160606213537/75/Improving-spam-detection-with-automaton-11-2048.jpg)
![12/ 17
®
My way
Automatos like a Match Rules
● Gain Accuracy !
● Gain Performance !
● Because can match to SPAM before to use classifier !
● Deterministic finite automaton at Rules to detect
● www.site.com/www.bank.com/
● URL/malware.exe rule like URL/[a-zA-Z]*.exe ...
● Rule like to detect IP at URL
● Rule to detect Phishing
● Use Ranking !
NB 94% +4% Fast](https://image.slidesharecdn.com/detectorresearchtony-160606213537/75/Improving-spam-detection-with-automaton-12-2048.jpg)
![15/ 17
®
My way
Automatos like a Match Rules
● Gain Accuracy !
● Gain Performance !
● Because can match to SPAM before to use classifier !
● www.site.com/www.bank.com/
● URL/malware.exe rule like URL/[a-zA-Z]*.exe ...
● Rule like to detect IP at URL
● Deterministic finite automaton to detect
● Use ranking !
NB 94% +4% Fast](https://image.slidesharecdn.com/detectorresearchtony-160606213537/75/Improving-spam-detection-with-automaton-15-2048.jpg)
Uploaded byAntonio Costa aka Cooler_
Improving spam detection with automaton
This document describes an approach to improving spam detection through the use of deterministic finite automata (DFA) rules to match spam patterns before classification. The author's approach aims to gain accuracy and performance over the common methods by using DFA rules to detect spam URLs, file types, and IP addresses. Naive Bayes classification is then used and can achieve 94% accuracy but the author's method improves it by another 4% through the pre-filtering with DFA rules. The full open source C++ project for email auditing is available on GitHub.
More Related Content
Similar to Improving spam detection with automaton
Improving spam detection with automaton
- 1. 1/ 17 ® Improving SPAM detection 1de março 2016 ®
- 2. 2/ 17 ® Whois ● AntonioCosta – Cooler ● Just another System analyst ● Github CoolerVoid ● ● https://github.com/CoolerVoid Contact: acosta@conviso.com.br coolerlair@gmail.com
- 3. 3/ 17 ® How itworks ● Anti-Spam - The common way ● Get E-mails POP3 / IMAP ... ● Validate ● Clean all and tokenization ● BoW (Bag-of-words), SoW(Set-of-Words)... ● tf–idf (term frequency–inverse document frequency)... ● Supervised learning ● Classification (SVM, KNN, NB, Random forest... )
- 4. 4/ 17 ® How itworks ● Anti-Spam - The common way ● Get E-mails POP3 / IMAP ● Validate – Country-based filtering – DNS-based blacklists – Enforcing RFC standards – SMTP callback verification
- 5. 5/ 17 ® ● DNS-basedblacklists
- 6.
- 7. 7/ 17 ® How itworks ● Anti-Spam - The common way ● Get E-mails POP3 / IMAP ... - INPUT STRING ● Validate ● Clean all and tokenization ● BoW (Bag-of-words), SoW(Set-of-Words), tf–idf (term frequency–inverse document frequency)... Create MATRIX ● Supervised learning – USING MATRIX ● Classification (SVM, KNN, NB, Random forest... )
- 8. 8/ 17 ® Bag-of-words [ 1] - “Luan likes to make hacking. Josimar likes to make hacking too.” [ 2 ] - “Luan also likes to web hacking.” ● Create array of words ( tokenize... ) { “Luan”,”likes”,”to”,”make”,”hacking”,”Josimar”,”too”, ”also”,”web”} Total of 9 elements ● Count number of appers ! [0] – { 1, 2, 2, 2, 2, 1, 1, 0, 0 } [1] – { 1, 1, 1, 0, 1, 0, 0, 1, 1 }
- 9. 9/ 17 ® The commonway Look this following
- 10. 10/ 17 ® The commonway Why naive bayes ? ● At my tests ! KNN 96% Slow Super simple, you're just doing a bunch of counts. Naive Bayes is an eager learning classifier and it is much faster than KNN. Nodaways it could be used for prediction in real time. Classifier Accuracy Performance SVM 92% Medium NB 94% Fast
- 11. 11/ 17 ® My way Automatoslike a Match Rules ● Gain Accuracy ! ● Gain Performance ! ● Because can match to SPAM before to use classifier ! ● www.site.com/www.bank.com/ ● URL/malware.exe rule like URL/[a-zA-Z]*.exe ... ● Rule like to detect IP at URL ● Deterministic finite automaton to detect ● Use ranking ! NB 94% +4% Fast
- 12. 12/ 17 ® My way Automatoslike a Match Rules ● Gain Accuracy ! ● Gain Performance ! ● Because can match to SPAM before to use classifier ! ● Deterministic finite automaton at Rules to detect ● www.site.com/www.bank.com/ ● URL/malware.exe rule like URL/[a-zA-Z]*.exe ... ● Rule like to detect IP at URL ● Rule to detect Phishing ● Use Ranking ! NB 94% +4% Fast
- 13. 13/ 17 ® Why Ranking? Automatos like a Match Rules ● Gain Accuracy ! NB 94% +4% Fast
- 14. 14/ 17 ® E-mail audit Theproject ! ● C++ at all source code ! 100% Open Source ! ● IMAP – communication ● Blacklists – DNS, bad domains, e-mail address... ● Deterministic Finite Automaton – Filters ● Tf–idf (term frequency–inverse document frequency) ● Naive bayes – classifier
- 15. 15/ 17 ® My way Automatoslike a Match Rules ● Gain Accuracy ! ● Gain Performance ! ● Because can match to SPAM before to use classifier ! ● www.site.com/www.bank.com/ ● URL/malware.exe rule like URL/[a-zA-Z]*.exe ... ● Rule like to detect IP at URL ● Deterministic finite automaton to detect ● Use ranking ! NB 94% +4% Fast
- 16. 16/ 17 ® E-mail audit Theproject ! ● At the future, using GPU to use KNN and automatons... ● Results with GPU turns all fast... ● Next step 100% of accuracy ? https://github.com/CoolerVoid/email_audit
- 17.