To read the full version of this content please select one of the options below:

Social network analysis for cluster‐based IP spam reputation

Zac Sadan (Graduate School of Business Administration, Bar‐Ilan University, Ramat Gan, Israel)
David G. Schwartz (Graduate School of Business Administration, Bar‐Ilan University, Ramat Gan, Israel)

Information Management & Computer Security

ISSN: 0968-5227

Article publication date: 5 October 2012

Abstract

Purpose

IP reputation systems, which filter e‐mail based on the sender's IP address, are located at the perimeter – before the messages reach the mail server's anti‐spam filters. To increase IP reputation system efficacy and overcome the shortcomings of individual IP‐based filtering, recent studies have suggested exploiting the properties of IP clusters, such as those of Autonomous Systems (AS). Cluster‐based techniques can enhance accuracy and reduce false negative rates. However, clusters generally contain enormous amounts of IP addresses, which hinder cluster‐based systems from reaching their full spam filtering potential. The purpose of this paper is exploitation of social network metrics to obtain a more granular, i.e. sub‐divided, view of cluster‐based reputation, and thus enhance spam filtering accuracy.

Design/methodology/approach

The authors examined the performance of various social network metrics, including nodal degree, betweenness centrality, closeness centrality and valued graphs, to find an optimal element that enhances IP reputation prediction in AS clusters.

Findings

It was found that all measures contributed to prediction, yet the best predictor of spam reputation was the out‐degree metric, which showed a strong positive correlation with spam reputation prediction. This implies that more granular information can increase the accuracy of IP reputation prediction in AS clusters.

Practical implications

Used in conjunction with other technologies, the granular cluster‐based reputation system can be a valuable addition to commercial and open‐source spam filtering systems, or to standalone DNS‐based blacklists.

Originality/value

The authors' approach can promote mitigation of larger spam volumes at the perimeter, save bandwidth, and conserve valuable system resources.

Keywords

Citation

Sadan, Z. and Schwartz, D.G. (2012), "Social network analysis for cluster‐based IP spam reputation", Information Management & Computer Security, Vol. 20 No. 4, pp. 281-295. https://doi.org/10.1108/09685221211267657

Publisher

:

Emerald Group Publishing Limited

Copyright © 2012, Emerald Group Publishing Limited