Social network analysis of web links to eliminate false positives in collaborative anti-spam systems

Research output: Contribution to journalArticlepeer-review

18 Scopus citations

Abstract

The performance of todays email anti-spam systems is primarily measured by the percentage of false positives (non-spam messages detected as spam) rather than by the percentage of false negatives (real spam messages left unblocked). One reliable anti-spam technique is the Universal Resource Locator (URL)-based filter, which is utilized by most collaborative signature-based filters. URL-based filters examine URL frequency in incoming email and block bulk email when a predetermined threshold is passed. However, this can cause erroneous blocking of mass distribution of legitimate emails. Therefore, URL-based methods are limited in sufficient prevention of false positives, and finding solutions to eliminate this problem is critical for anti-spam systems. We present a complementary technique for URL-based filters, which uses the betweenness of web-page hostnames to prevent the erroneous blocking of legitimate hosts. The technique described was tested on a corpus of 10,000 random domains selected from the URIBL white and black list databases. We generated the appropriate linked network for each domain and calculated its centrality betweenness. We found that betweenness centrality of whitelist domains is significantly higher than that of blacklist domains. Results clearly show that the betweenness centrality metric can be a powerful and effective complementary tool for URL-based anti-spam systems. It can achieve a high level of accuracy in determining legitimate hostnames and thus significantly reduce false positives in these systems.

Original languageEnglish
Pages (from-to)1717-1723
Number of pages7
JournalJournal of Network and Computer Applications
Volume34
Issue number5
DOIs
StatePublished - Sep 2011

Keywords

  • Anti-spam
  • Betweenness
  • Collaborative anti-spam
  • Reputation
  • URL-based filters
  • Whitelister

Fingerprint

Dive into the research topics of 'Social network analysis of web links to eliminate false positives in collaborative anti-spam systems'. Together they form a unique fingerprint.

Cite this