Download as PDF, PPTX
![Introduction
ļ Spam as a problem
ļ· Consumes computing resources and time
ļ· Reduces the effectiveness of legitimate advertising
ļ· Cost Shifting
ļ· Fraud
ļ· Identity Theft
ļ· Consumer Perception
ļ· Global Implications
ļ John Borgan [ReplyNet] ā āJunk email is not just annoying anymore.
Itās eating into productivity. Itās eating into timeā](https://image.slidesharecdn.com/spamfiltering-130318090248-phpapp01/85/Spam-Filtering-4-320.jpg)
Uploaded byUmar Alharaky
Spam Filtering
The document discusses spam filtering techniques. It begins by defining spam and its purposes. It then discusses the problems caused by spam and some statistics about its prevalence and costs. The document outlines federal regulations regarding spam and how spammers harvest email addresses. It describes different types of spam filters and how Bayesian filtering uses probabilities to classify emails as spam or not spam. The document discusses how data mining can be used for spam filtering and concludes that while no technique is perfect, data mining approaches show promise.
Technologyā¦
More Related Content
![Getting Started with Apache Spark: Big Data Made Simple [Free Meetup]](https://cdn.slidesharecdn.com/ss_thumbnails/apachesparkgettingstarted-260203175547-8361bcc3-thumbnail.jpg?width=640&height=640&fit=bounds)
Spam Filtering
- 1. Spam Filtering Techniques UMAR M. A. ALHARAKY, B.SC. RAKAN RAZOUK, PH.D.
- 2. Introduction ļ What isspam? ļ” Spam also called as Unsolicited Commercial Email (UCE) ļ” Involves sending messages by email to numerous recipients at the same time (Mass Emailing). ļ” Grew exponentially since 1990 but has leveled off recently and is no longer growing exponentially ļ” 80% of all spam is sent by less than 200 spammers
- 3. Introduction ļ Purpose ofSpam ļ” Advertisements ļ” Pyramid schemes (Multi-Level Marketing) ļ” Giveaways ļ” Chain letters ļ” Political email ļ” Stock market advice
- 4. Introduction ļ Spam asa problem ļ· Consumes computing resources and time ļ· Reduces the effectiveness of legitimate advertising ļ· Cost Shifting ļ· Fraud ļ· Identity Theft ļ· Consumer Perception ļ· Global Implications ļ John Borgan [ReplyNet] ā āJunk email is not just annoying anymore. Itās eating into productivity. Itās eating into timeā
- 5. Some Statistics ļ Cost of Spam 2009: ļ” $130 billion worldwide ļ” $42 billion in US alone ļ” 30% increase from 2007 estimates ļ” 100% increase in 2007 from 2005 ļ Main components of cost: ļ” Productivity loss from inspecting and deleting spam missed by spam control products (False Negatives) ļ” Productivity loss from searching for legitimate mails deleted in error by spam control products (False Positives) ļ” Operations and helpdesk costs (Filters and Firewalls ā installment and maintenance)
- 6.
- 7. Some Statistics ļ Spam Averages about 88% of all emails sent ļ· Barracuda Networks:
- 8. Introduction ļ Federal Regulations(CAN-SPAM act of 2003) ļ” Controlling the Assault of Non-Solicited Pornography And Marketing (CAN-SPAM) Act of 2003 ā signed on 12/16/2003 ļ” Commercial email must adhere to three types of compliance ļ· Unsubscribe Compliance ļ· Content Compliance ļ· Sender Behavior Compliance
- 9. Introduction ļ Email AddressHarvesting - Process of obtaining email addresses through various methods ļ” Purchasing /Trading lists with other spammers ļ” Bots ļ” Directory harvest attack ļ” Free Product or Services requiring valid email address ļ” News bulletins /Forums
- 10.
- 11. Types of SpamFilters ļ” Header Filters ļ· Look at email headers to judge if forged or not ļ· Contain more information in addition to recipient , sender and subject fields ļ” Language Filters ļ· filters based on email body language ļ· Can be used to filter out spam written in foreign languages
- 12. Types of SpamFilters ļ” Content Filters ļ· Scan the text content of emails ļ· Use fuzzy logic ļ” Permission Filters ļ· Based on Challenge /Response system ļ” White list/blacklist Filters ļ· Will only accept emails from list of āgood email addressesā ļ· Will block emails from ābad email addressesā
- 13. Types of SpamFilters ļ” Community Filters ļ· Work on the principal of "communal knowledge" of spam ļ· These types of filters communicate with a central server. ļ” Bayesian Filters ļ· Statistical email filtering ļ· Uses NaĆÆve Bayes classifier
- 14. Spam Filters Properties ļ” Filter must prevent spam from entering inboxes ļ” Able to detect the spam without blocking the ham ļ· Maximize efficiency of the filter ļ” Do not require any modification to existing e-mail protocols ļ” Easily incremental ļ· Spam evolve continuously ļ· Need to adapt to each user
- 15. Data Mining andSpam Filtering What is Data Mining? ļ Predictive analysis of data for the discovery of trends and patterns ļ Reveals critical insights into unstructured data. Why Data Mining? ļ The amount of data is increasing every year. ļ To convert the acquired data into information and knowledge and use it in decision making. How it is done? ļ Utilizes computing power to apply sophisticated algorithms for knowledge discovery of data. The Targetā¦ ļ Spam Filtering using Data Mining
- 16. Data Mining andSpam Filtering ļ Spam Filtering can be seen as a specific text categorization (Classification) ļ History ļ· Jason Rennieās iFile (1996); first know program to use Bayesian Classification for spam filtering
- 17. Bayesian Classification ļ Particularwords have particular probabilities of occurring in spam email and in legitimate email ļ· For instance, most email users will frequently encounter the word "Viagra" in spam email, but will seldom see it in other email ļ The filter doesn't know these probabilities in advance, and must first be trained so it can build them up ļ To train the filter, the user must manually indicate whether a new email is spam or not
- 18. Bayesian Classification ļ Forall words in each training email, the filter will adjust the probabilities that each word will appear in spam or legitimate email in its database ļ· For instance, Bayesian spam filters will typically have learned a very high spam probability for the words "Viagra" and "refinance", but a very low spam probability for words seen only in legitimate email, such as the names of friends and family members ļ After training, the word probabilities are used to compute the probability that an email with a particular set of words in it belongs to either category
- 19. Bayesian Classification ļ Eachword in the email contributes to the email's spam probability, or only the most interesting words ļ This contribution is computed using Bayes' theorem ļ Then, the email's spam probability is computed over all words in the email, and if the total exceeds a certain threshold (say 95%), the filter will mark the email as a spam.
- 20. Bayesian Classification ļ Theinitial training can usually be refined when wrong judgments from the software are identified (false positives or false negatives) ļ· That allows the software to dynamically adapt to the ever evolving nature of spam ļ Some spam filters combine the results of both Bayesian spam filtering and other heuristics (pre- defined rules about the contents, looking at the message's envelope, etc.) ļ· Resulting in even higher filtering accuracy
- 21. Computing the Probability 1.Computing the probability that a message containing a given word is spam: ļ Let's suppose the suspected message contains the word "replicaā ļ· Most people who are used to receiving e-mail know that this message is likely to be spam ļ The formula used by the software for computing
- 22. Computing the Probability where: ļ is the probability that a message is a spam, knowing that the word "replica" is in it; ļ is the overall probability that any given message is spam; ļ is the probability that the word "replica" appears in spam messages; ļ is the overall probability that any given message is not spam (is "ham"); ļ is the probability that the word "replica" appears in ham messages.
- 23. Computing the Probability 2.Spam or ham: ļ Recent statistics show that current probability of any message to be spam is 80%, at the very least: ļ However, most spam detection software are ānot biasedā, meaning that they have no prejudice regarding the incoming email ļ· It is advisable that the datasets of spam and ham are of same size
- 24. Computing the Probability 2.Spam or ham: ļ This quantity is called "spamicity" (or "spaminess") of the word "replicaā ļ· Pr(W|S) is approximated to the frequency of messages containing "replica" in the messages identified as spam during the learning phase ļ· Pr(W|H) is approximated to the frequency of messages containing "replica" in the messages identified as ham during the learning phase
- 25. Computing the Probability 3.Combining individual probabilities: ļ The Bayesian spam filtering software makes the "naĆÆve" assumption that the words present in the message are independent events ļ With that assumption, where: ļ p is the probability that the suspect message is spam ļ pi is the probability p(S|Wi)
- 26. Pros & Cons Advantages ļIt can be trained on a per-user basis ļ· The spam that a user receives is often related to the online user's activities Disadvantages ļ Bayesian spam filtering is susceptible to Bayesian poisoning ļ· Insertion of random innocuous words that are not normally associated with spam ļ· Replace text with pictures ļ· Google, by its Gmail email system, performing an OCR to every mid to large size image, analyzing the text inside
- 27.
- 28. Conclusions ļ Spam emailsnot only consume computing resources, but can also be frustrating ļ Numerous detection techniques exist, but none is a āgood for all scenariosā technique ļ Data Mining approaches for content based spam filtering seem promising
- 29. Thank You /Questions