Social network analysis for cluster-based IP spam reputation

Research output: Contribution to journalArticlepeer-review

1 Scopus citations


Purpose - IP reputation systems, which filter e-mail based on the sender's IP address, are located at the perimeter - before the messages reach the mail server's anti-spam filters. To increase IP reputation system efficacy and overcome the shortcomings of individual IP-based filtering, recent studies have suggested exploiting the properties of IP clusters, such as those of Autonomous Systems (AS). Cluster-based techniques can enhance accuracy and reduce false negative rates. However, clusters generally contain enormous amounts of IP addresses, which hinder cluster-based systems from reaching their full spam filtering potential. The purpose of this paper is exploitation of social network metrics to obtain a more granular, i.e. sub-divided, view of cluster-based reputation, and thus enhance spam filtering accuracy. Design/methodology/ approach - The authors examined the performance of various social network metrics, including nodal degree, betweenness centrality, closeness centrality and valued graphs, to find an optimal element that enhances IP reputation prediction in AS clusters. Findings - It was found that all measures contributed to prediction, yet the best predictor of spam reputation was the out-degree metric, which showed a strong positive correlation with spam reputation prediction. This implies that more granular information can increase the accuracy of IP reputation prediction in AS clusters. Practical implications - Used in conjunction with other technologies, the granular cluster-based reputation system can be a valuable addition to commercial and open-source spam filtering systems, or to standalone DNS-based blacklists. Originality/value - The authors' approach can promote mitigation of larger spam volumes at the perimeter, save bandwidth, and conserve valuable system resources.

Original languageEnglish
Pages (from-to)281-295
Number of pages15
JournalInformation Management and Computer Security
Issue number4
StatePublished - 2012


  • Autonomous systems
  • Data security
  • Electronic mail
  • IP reputation
  • Social network analysis
  • Social networking sites
  • Spam
  • Transmission control protocol/internet protocol


Dive into the research topics of 'Social network analysis for cluster-based IP spam reputation'. Together they form a unique fingerprint.

Cite this