KEMBAR78
Using lexigraphical distancing to block spam | PDF
Uploaded byJonathanOliver26
151 views

Using lexigraphical distancing to block spam

Using lexigraphical distancing, an algorithm that estimates the probability that one term is an edited version of another, can help identify variants of spam terms like "Viagra" and improve spam detection rates. The algorithm identified 51 out of 60 variants of Viagra, while spell checking only caught 24. When included as a pre-processing step in a naive Bayes classifier, it incorrectly flagged few additional good emails as spam but caught 27% more spam messages, improving spam detection rates. Lexigraphical distancing provides a robust way to identify term variants for applications like spam filtering and content analysis.

Download to read offline
Using Lexigraphical Distancing to Block Spam Jonathan Oliver Spam Conference January 21, 2005
2 Bayesian Filters for Spam ƒ Personal Bayesian Filters – Can be re-trained on a regular basis – Trained for the individual – Can focus on terms which reflect good mail ƒ Server-side Bayesian Filters – Trained for a group of people (probably for a organization) – Less focused on terms which reflect good mail – Often used as part of a layered approach – configured for a very low false positive rate ƒ Differences – Personal and server-side filters are solving different problems – Effectiveness rates – typically server-side filters catch less spam than personal Bayesian filters
3 Evolution of Spam 2004 ƒ Spammers started sending spam like: Genierc Viagr and Sepur Viarga (Caiils) available onlnie! Most trsuted onilne source! Vagira & Cilais takes afefct right away & lasts 24-36 huors! FOR SUEPR VAIRGA TOCUH HERE
4 People can read jumbled text I cdnuolt blveiee taht I cluod aulaclty uesdnatnrd waht I was rdgnieg. The phaonmneal pweor of the hmuan mnid. Aoccdrnig to a rscheearch at Cmabrigde Uinervtisy, it deosn't mttaer in waht oredr the ltteers in a wrod are, the olny iprmoatnt tihng is taht the frist and lsat ltteer be in the rghit pclae. http://www.mrc-cbu.cam.ac.uk/personal/matt.davis/Cmabrigde/
5 Evolution of Spam 2004 (cont.) http://cockeyed.com/lessons/viagra/viagra.html
6 Variants of “Viagra” V&iagra V iagr a vi-@gr@ vi@gr*@ vi**agra Viag&ra vi@|g|r@ Viag)ra V|i|a|g|r|a Viarga Viag%ra Vi/agra Viaoygra Vi.ag.ra via---gra Viag$ra ViaJ1gra Vi$agra ViaaPrga V1@grA V-i.a-g*r-a vi@g*r@ Viag&ra Viag@ra Viagara Vi Ἧtd> Viagr^a Viagr(a ViaVErga ViaTagra vi@gr|@| Viaggra VIxAGRA V/i/a/g/r/a VIA7GRA V l A G R A v-ii-a=g-ra via.gra Vkiagra vigra Vi-ag.ra V-I-A-G-R-A Viagvra vi(@)gr@ ViagWra Vii-agra ViagrYa Viargvra ViaZUgra via_gra viagdra Viagzra 'V 1 @ G' Ra via-gra viagrga via---gra VyAGRA V l a g r a ViagDrHa Viagorea
7 Applying Text Classification to Spam ƒ Classification is difficult if you cannot identify key terms ƒ It would be very useful to identify variants of “Viagra” as “Viagra” ƒ Possible approaches – Regular expressions – Spell checking – Edit distance (Lexigraphical Distancing)
8 Regular Expressions ƒ Difficult to write a regular expression which covers 600,426,974,379,824,381,952 variants of “Viagra” ƒ Potentially time consuming ƒ Can be error prone ƒ Possibly computationally intensive
9 Spell Checking ƒ Spell checking does not cope well with letters constructed from other elements: / 1 /- G R @ ƒ Spell checking does not cope well with split words: Mort gage ra tes ƒ Spell checking does not cope well with words run together: BuyViagaraNow ƒ Microsoft Word spell check caught 24 of the variants listed
10 Lexigraphical Distance ƒ Algorithm estimates the probability that the content being inspected is an “edited” version of the term in question ƒ Edits allowed: – Insertion – Deletion – Substitution ƒ Probability of insertions / deletions / substitutions estimated from data ƒ If the probability is greater than some threshold then the term is determined to be a variant ƒ Identified 51 out of 60 as variants of Viagra
11 Experiment ƒ Trained up a “Plan for Spam” Naïve Bayes Classifier ƒ Training set: 20,000 spam and 20,000 good mail from a diverse set of people ƒ Test set: 3,459 spam sent on Jan. 11th 25,555 good mail from different set of people ƒ Edit distance caught spammers transforming spam- terms in 27% of the spam ƒ Edit distance incorrectly identified spam phrase variants in 48 of the good mail (0.19%). Close to no impact on false positive rate.
12 Results (considered 3 thresholds for separating spam from good mail) 0.04% 0.11% 0.32% 11 27 83 Naïve Bayes 0.04% 0.11% 0.36% 11 29 91 false positives Naïve Bayes with lexigraphical distance GOOD MAIL (25,555) 13.50% 14.20% 11.80% Improvement 46.10% 53.10% 63.90% 1,596 1,836 2,209 Naïve Bayes 59.60% 67.30% 75.70% 2,063 2,328 2,618 spam caught Naïve Bayes with lexigraphical distance SPAM (3,459 spam from Jan 11 2005)
13 Lexigraphical Distance in Use ƒ Edit distance is a very useful step in server-side Bayesian filters, especially when a part of the layered approach to spam filtering ƒ MailFrontier uses edit distance as a pre-processing step before statistical text analysis ƒ Computationally feasible – the software using edit distance was rated in the fastest 20% of spam filters by Network World http://www.nwfusion.com/reviews/2004/122004spampkg.html
14 Conclusions ƒ Comparison of Lexigraphical distance with regular expressions – More suited to certain tasks – More robust – More intuitive – easier for the end-user ƒ Other applications – Content filtering/compliance – Intellectual property protection – Adversarial search

More Related Content

PPTX
VirusTotal Threat Intelligence and DNIF Use Cases
byDNIF
 
PDF
Unveiling the gray emails: A Closer Look at Emails in the Gray Area
byJelena Isachenkova
 
PPT
mailfilter.ppt
bybutest
 
PPT
Fang feb-17
bybhagirath bhatt
 
PDF
DEVELOPMENT OF AN EFFECTIVE BAYESIAN APPROACH FOR SPAM FILTERING
byInternational Journal of Technical Research & Application
 
PDF
IRJET- Email Spam Detection & Automation
byIRJET Journal
 
PDF
Spam Detection in Social Networks Using Correlation Based Feature Subset Sele...
byEditor IJCATR
 
PDF
Spam Detection in Social Networks Using Correlation Based Feature Subset Sele...
byEditor IJCATR
 
VirusTotal Threat Intelligence and DNIF Use Cases
byDNIF
 
Unveiling the gray emails: A Closer Look at Emails in the Gray Area
byJelena Isachenkova
 
mailfilter.ppt
bybutest
 
Fang feb-17
bybhagirath bhatt
 
DEVELOPMENT OF AN EFFECTIVE BAYESIAN APPROACH FOR SPAM FILTERING
byInternational Journal of Technical Research & Application
 
IRJET- Email Spam Detection & Automation
byIRJET Journal
 
Spam Detection in Social Networks Using Correlation Based Feature Subset Sele...
byEditor IJCATR
 
Spam Detection in Social Networks Using Correlation Based Feature Subset Sele...
byEditor IJCATR
 

Similar to Using lexigraphical distancing to block spam

PDF
Spam Detection in Social Networks Using Correlation Based Feature Subset Sele...
byEditor IJCATR
 
PDF
Spam Detection in Social Networks Using Correlation Based Feature Subset Sele...
byEditor IJCATR
 
PPT
E mail image spam filtering techniques
byranjit banshpal
 
PDF
Spam Filtering
byUmar Alharaky
 
PPTX
final-spam-e-mail-detection-180125111231.pptx
byinfotowards
 
PDF
Haicku submission
bySaurabh Singh
 
PPTX
Presentation2.pptx
byWanderer20
 
PPTX
Final spam-e-mail-detection
byPartnered Health
 
PDF
Spam Detection Using Machine Learning (ML)
byJimmyBkk
 
PPTX
project review using naive bayes theorem .pptx
byBobby Pra A
 
PPTX
Practical Machine Learning and Rails Part1
byryanstout
 
PDF
Detecting spam mail using machine learning algorithm
byIRJET Journal
 
PDF
WORKLOAD CHARACTERIZATION OF SPAM EMAIL FILTERING SYSTEMS
byIJNSA Journal
 
PDF
Network paperthesis1
byDhara Shah
 
PDF
A Deep Analysis on Prevailing Spam Mail Filteration Machine Learning Approaches
byijtsrd
 
PPTX
Spam filtering with Naive Bayes Algorithm
byAkshay Pal
 
PDF
Overview of Anti-spam filtering Techniques
byIRJET Journal
 
DOCX
Practical Knowledge Representation
bybutest
 
PPTX
Text mining and analytics v6 - p2
byDave King
 
PPT
83517754.ppt
byssuser2e304b
 
Spam Detection in Social Networks Using Correlation Based Feature Subset Sele...
byEditor IJCATR
 
Spam Detection in Social Networks Using Correlation Based Feature Subset Sele...
byEditor IJCATR
 
E mail image spam filtering techniques
byranjit banshpal
 
Spam Filtering
byUmar Alharaky
 
final-spam-e-mail-detection-180125111231.pptx
byinfotowards
 
Haicku submission
bySaurabh Singh
 
Presentation2.pptx
byWanderer20
 
Final spam-e-mail-detection
byPartnered Health
 
Spam Detection Using Machine Learning (ML)
byJimmyBkk
 
project review using naive bayes theorem .pptx
byBobby Pra A
 
Practical Machine Learning and Rails Part1
byryanstout
 
Detecting spam mail using machine learning algorithm
byIRJET Journal
 
WORKLOAD CHARACTERIZATION OF SPAM EMAIL FILTERING SYSTEMS
byIJNSA Journal
 
Network paperthesis1
byDhara Shah
 
A Deep Analysis on Prevailing Spam Mail Filteration Machine Learning Approaches
byijtsrd
 
Spam filtering with Naive Bayes Algorithm
byAkshay Pal
 
Overview of Anti-spam filtering Techniques
byIRJET Journal
 
Practical Knowledge Representation
bybutest
 
Text mining and analytics v6 - p2
byDave King
 
83517754.ppt
byssuser2e304b
 

More from JonathanOliver26

PDF
UQ_Cybercrime_Professionalism_Lecture_2024_07.pdf
byJonathanOliver26
 
PDF
blackhole.pdf
byJonathanOliver26
 
PDF
HACT_Fast_Search_COINS_pub.pdf
byJonathanOliver26
 
PDF
2021_TLSH_SOC_pub.pdf
byJonathanOliver26
 
PDF
2019 TrustCom: The role of ML and AI in Security
byJonathanOliver26
 
PDF
Introduction to MML and Supervised Learning
byJonathanOliver26
 
PDF
Privacy solutions decode2021_jon_oliver
byJonathanOliver26
 
PDF
Privacy log files
byJonathanOliver26
 
UQ_Cybercrime_Professionalism_Lecture_2024_07.pdf
byJonathanOliver26
 
blackhole.pdf
byJonathanOliver26
 
HACT_Fast_Search_COINS_pub.pdf
byJonathanOliver26
 
2021_TLSH_SOC_pub.pdf
byJonathanOliver26
 
2019 TrustCom: The role of ML and AI in Security
byJonathanOliver26
 
Introduction to MML and Supervised Learning
byJonathanOliver26
 
Privacy solutions decode2021_jon_oliver
byJonathanOliver26
 
Privacy log files
byJonathanOliver26
 

Recently uploaded

PDF
Buying, Aged Twitter Accounts_ The Secret to Instant Growth.pdf
byBEST IT SMM
 
PPTX
The First Internet Message was sent on 29 Oct 1969. However . . .
byBob Mayer
 
PDF
Unlocking-the-Future-AI-Software-Development-Services.pdf
byPrologicTechnologies
 
PPTX
Generating-Patterns: Arithmetic Sequences, Arithmetic Mean,
byChanelleObate
 
PPTX
Protection from Cyber attacks and Security Firewall
byAjayTiwari684365
 
PDF
The 13 satanic codes for Self Power and Sovereignty
byhikariaoki1
 
PPTX
Hathway_Fiber_Bajaj_wi-Fi_Best internet_
byHATHWAY FIBER INTERNET SERVICE PROVIDER in Bajaj enclave
 
PPTX
Presentation contoso chart 1 2 3 4 5 6 7 8
byJohannReyes3
 
PPTX
Viva_Digitally_Online_Meeting_Presentation.pptx
byHubraSEO
 
PDF
Dark Humanism 200 Principles for living a life in shadow
byhikariaoki1
 
PPTX
一比一原版(StuttgartH毕业证书)斯图加特工程应用技术大学毕业证办理成绩单学历认证
by办硕士文凭昆士兰科技大学学历认证【Q微号:1954 292 140】QUT毕业证成绩单
 
PDF
Reality Drift: Cultural and Academic Footprints Across Media, Classrooms, and...
byDr. Samuel Wellington
 
PDF
kjhhhhhhhhhhhhhhhhhhhhhhhhhhhhhkjhkkkkkkkkkkkkkkkkjh
bybishnoijordan29
 
PPTX
TREC_2024_Lateral_Reading_Purpose_and_Need.pptx
byGichxIocHiIvdug
 
PPTX
Pembagian kelompok menentuan tema yntuk paud.pptx
bywiwiktriwahyuni13
 
PPTX
UNIT –I community health CHN P.B.Sc ppt.pptx
byDr.Anjalatchi Muthukumaran
 
PDF
Nome completo de Laurence Gregory Watkins
bydiariodocentrodomundo
 
PDF
WHMCS Croster 2.1.2 Nulled Pre Activated
byCroster 2.1.2 Nulled
 
Buying, Aged Twitter Accounts_ The Secret to Instant Growth.pdf
byBEST IT SMM
 
The First Internet Message was sent on 29 Oct 1969. However . . .
byBob Mayer
 
Unlocking-the-Future-AI-Software-Development-Services.pdf
byPrologicTechnologies
 
Generating-Patterns: Arithmetic Sequences, Arithmetic Mean,
byChanelleObate
 
Protection from Cyber attacks and Security Firewall
byAjayTiwari684365
 
The 13 satanic codes for Self Power and Sovereignty
byhikariaoki1
 
Hathway_Fiber_Bajaj_wi-Fi_Best internet_
byHATHWAY FIBER INTERNET SERVICE PROVIDER in Bajaj enclave
 
Presentation contoso chart 1 2 3 4 5 6 7 8
byJohannReyes3
 
Viva_Digitally_Online_Meeting_Presentation.pptx
byHubraSEO
 
Dark Humanism 200 Principles for living a life in shadow
byhikariaoki1
 
一比一原版(StuttgartH毕业证书)斯图加特工程应用技术大学毕业证办理成绩单学历认证
by办硕士文凭昆士兰科技大学学历认证【Q微号:1954 292 140】QUT毕业证成绩单
 
Reality Drift: Cultural and Academic Footprints Across Media, Classrooms, and...
byDr. Samuel Wellington
 
kjhhhhhhhhhhhhhhhhhhhhhhhhhhhhhkjhkkkkkkkkkkkkkkkkjh
bybishnoijordan29
 
TREC_2024_Lateral_Reading_Purpose_and_Need.pptx
byGichxIocHiIvdug
 
Pembagian kelompok menentuan tema yntuk paud.pptx
bywiwiktriwahyuni13
 
UNIT –I community health CHN P.B.Sc ppt.pptx
byDr.Anjalatchi Muthukumaran
 
Nome completo de Laurence Gregory Watkins
bydiariodocentrodomundo
 
WHMCS Croster 2.1.2 Nulled Pre Activated
byCroster 2.1.2 Nulled
 

Using lexigraphical distancing to block spam

  • 1.
    Using Lexigraphical Distancingto Block Spam Jonathan Oliver Spam Conference January 21, 2005
  • 2.
    2 Bayesian Filters forSpam ƒ Personal Bayesian Filters – Can be re-trained on a regular basis – Trained for the individual – Can focus on terms which reflect good mail ƒ Server-side Bayesian Filters – Trained for a group of people (probably for a organization) – Less focused on terms which reflect good mail – Often used as part of a layered approach – configured for a very low false positive rate ƒ Differences – Personal and server-side filters are solving different problems – Effectiveness rates – typically server-side filters catch less spam than personal Bayesian filters
  • 3.
    3 Evolution of Spam2004 ƒ Spammers started sending spam like: Genierc Viagr and Sepur Viarga (Caiils) available onlnie! Most trsuted onilne source! Vagira & Cilais takes afefct right away & lasts 24-36 huors! FOR SUEPR VAIRGA TOCUH HERE
  • 4.
    4 People can readjumbled text I cdnuolt blveiee taht I cluod aulaclty uesdnatnrd waht I was rdgnieg. The phaonmneal pweor of the hmuan mnid. Aoccdrnig to a rscheearch at Cmabrigde Uinervtisy, it deosn't mttaer in waht oredr the ltteers in a wrod are, the olny iprmoatnt tihng is taht the frist and lsat ltteer be in the rghit pclae. http://www.mrc-cbu.cam.ac.uk/personal/matt.davis/Cmabrigde/
  • 5.
    5 Evolution of Spam2004 (cont.) http://cockeyed.com/lessons/viagra/viagra.html
  • 6.
    6 Variants of “Viagra” V&iagra Viagr a vi-@gr@ vi@gr*@ vi**agra Viag&ra vi@|g|r@ Viag)ra V|i|a|g|r|a Viarga Viag%ra Vi/agra Viaoygra Vi.ag.ra via---gra Viag$ra ViaJ1gra Vi$agra ViaaPrga V1@grA V-i.a-g*r-a vi@g*r@ Viag&ra Viag@ra Viagara Vi Ἧtd> Viagr^a Viagr(a ViaVErga ViaTagra vi@gr|@| Viaggra VIxAGRA V/i/a/g/r/a VIA7GRA V l A G R A v-ii-a=g-ra via.gra Vkiagra vigra Vi-ag.ra V-I-A-G-R-A Viagvra vi(@)gr@ ViagWra Vii-agra ViagrYa Viargvra ViaZUgra via_gra viagdra Viagzra 'V 1 @ G' Ra via-gra viagrga via---gra VyAGRA V l a g r a ViagDrHa Viagorea
  • 7.
    7 Applying Text Classificationto Spam ƒ Classification is difficult if you cannot identify key terms ƒ It would be very useful to identify variants of “Viagra” as “Viagra” ƒ Possible approaches – Regular expressions – Spell checking – Edit distance (Lexigraphical Distancing)
  • 8.
    8 Regular Expressions ƒ Difficultto write a regular expression which covers 600,426,974,379,824,381,952 variants of “Viagra” ƒ Potentially time consuming ƒ Can be error prone ƒ Possibly computationally intensive
  • 9.
    9 Spell Checking ƒ Spellchecking does not cope well with letters constructed from other elements: / 1 /- G R @ ƒ Spell checking does not cope well with split words: Mort gage ra tes ƒ Spell checking does not cope well with words run together: BuyViagaraNow ƒ Microsoft Word spell check caught 24 of the variants listed
  • 10.
    10 Lexigraphical Distance ƒ Algorithmestimates the probability that the content being inspected is an “edited” version of the term in question ƒ Edits allowed: – Insertion – Deletion – Substitution ƒ Probability of insertions / deletions / substitutions estimated from data ƒ If the probability is greater than some threshold then the term is determined to be a variant ƒ Identified 51 out of 60 as variants of Viagra
  • 11.
    11 Experiment ƒ Trained upa “Plan for Spam” Naïve Bayes Classifier ƒ Training set: 20,000 spam and 20,000 good mail from a diverse set of people ƒ Test set: 3,459 spam sent on Jan. 11th 25,555 good mail from different set of people ƒ Edit distance caught spammers transforming spam- terms in 27% of the spam ƒ Edit distance incorrectly identified spam phrase variants in 48 of the good mail (0.19%). Close to no impact on false positive rate.
  • 12.
    12 Results (considered 3 thresholdsfor separating spam from good mail) 0.04% 0.11% 0.32% 11 27 83 Naïve Bayes 0.04% 0.11% 0.36% 11 29 91 false positives Naïve Bayes with lexigraphical distance GOOD MAIL (25,555) 13.50% 14.20% 11.80% Improvement 46.10% 53.10% 63.90% 1,596 1,836 2,209 Naïve Bayes 59.60% 67.30% 75.70% 2,063 2,328 2,618 spam caught Naïve Bayes with lexigraphical distance SPAM (3,459 spam from Jan 11 2005)
  • 13.
    13 Lexigraphical Distance inUse ƒ Edit distance is a very useful step in server-side Bayesian filters, especially when a part of the layered approach to spam filtering ƒ MailFrontier uses edit distance as a pre-processing step before statistical text analysis ƒ Computationally feasible – the software using edit distance was rated in the fastest 20% of spam filters by Network World http://www.nwfusion.com/reviews/2004/122004spampkg.html
  • 14.
    14 Conclusions ƒ Comparison ofLexigraphical distance with regular expressions – More suited to certain tasks – More robust – More intuitive – easier for the end-user ƒ Other applications – Content filtering/compliance – Intellectual property protection – Adversarial search