TY - GEN
T1 - Improving efficiency of spam detection using economic model
AU - Gillani, Fida
AU - Al-Shaer, Ehab
PY - 2014/11/3
Y1 - 2014/11/3
N2 - Economic lifting has made email spam a scathing threat to the society due to its related exploits. Many spam detection schemes have been proposed employing the tendency of spam to alter the normal statistical behavior of mail traffic. Threshold tuning of these detectors is still a challenging task. Since, shooting down benign emails as spam (false positive), in pursuit of higher detection rates, can be detrimental. In this paper, we introduce a novel economic metric, based on the underlying spam economic system, to assist detectors in keeping their false positives at bay by associating detection accuracy to the spammer's cost. Hence, the sensitivity of a detector does not need to be tuned all the way up to maximize detection, but enough to make spamming cost unbearable to the spammer. Since, spam is all about making money ultimately. Our evaluation shows the effectiveness of this approach in considerably reducing the false positives for the detectors.
AB - Economic lifting has made email spam a scathing threat to the society due to its related exploits. Many spam detection schemes have been proposed employing the tendency of spam to alter the normal statistical behavior of mail traffic. Threshold tuning of these detectors is still a challenging task. Since, shooting down benign emails as spam (false positive), in pursuit of higher detection rates, can be detrimental. In this paper, we introduce a novel economic metric, based on the underlying spam economic system, to assist detectors in keeping their false positives at bay by associating detection accuracy to the spammer's cost. Hence, the sensitivity of a detector does not need to be tuned all the way up to maximize detection, but enough to make spamming cost unbearable to the spammer. Since, spam is all about making money ultimately. Our evaluation shows the effectiveness of this approach in considerably reducing the false positives for the detectors.
UR - https://www.scopus.com/pages/publications/84937557331
U2 - 10.1145/2665936.2665942
DO - 10.1145/2665936.2665942
M3 - Conference contribution
AN - SCOPUS:84937557331
SN - 9781450331470
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 11
EP - 18
BT - SafeConfig 2014 - Proceedings of the 2014 ACM Cyber Security Analytics, Intelligence and Automation Workshop, Co-located with CCS 2014
PB - Association for Computing Machinery
T2 - 2014 ACM Cyber Security Analytics, Intelligence and Automation Workshop, SafeConfig 2014 - Co-located with CCS 2014
Y2 - 3 November 2014
ER -