Design and Evaluation of a Real-Time URL Spam Filtering Service

@article{Thomas2011DesignAE,
  title={Design and Evaluation of a Real-Time URL Spam Filtering Service},
  author={Kurt Thomas and Chris Grier and Justin Ma and Vern Paxson and Dawn Xiaodong Song},
  journal={2011 IEEE Symposium on Security and Privacy},
  year={2011},
  pages={447-462}
}
On the heels of the widespread adoption of web services such as social networks and URL shorteners, scams, phishing, and malware have become regular threats. Despite extensive research, email-based spam filtering techniques generally fall short for protecting other web services. To better address this need, we present Monarch, a real-time system that crawls URLs as they are submitted to web services and determines whether the URLs direct to spam. We evaluate the viability of Monarch and the… 

Angel or Demon? Characterizing Variations Across Twitter Timeline of Technical Support Campaigners

This paper performs the first large-scale study to understand the behavior of technical support spammers, and compares them with the legitimate technical support offered to OSN users by several brands such as Microsoft, Facebook, Amazon.

Phishing URL Detection Using URL Ranking

This paper describes an approach that classifies URLs automatically based on their lexical and host-based features, and achieves 93-98% accuracy by detecting a large number of phishing hosts, while maintaining a modest false positive rate.

Detecting Spam URLs in Social Media via Behavioral Analysis

This paper addresses the challenge of detecting spam URLs in social media, which is an important task for shielding users from links associated with phishing, malware, and other low-quality, suspicious content, and proposes and evaluates fifteen click and posting-based features.

The Spammer , the Botmaster , and the Researcher : on the Arms Race in Spamming Botnet Mitigation-Major Area Exam

Nowadays, most of worldwide spam is sent by botnets, which are networks of compromised computers that act under the control of a single entity, the so called botmaster.

Spam ain't as diverse as it seems: throttling OSN spam with templates underneath

Experimental results show that Tangram is highly accurate and can rapidly generate templates to throttle newly emerged campaigns, and detects the most prevalent template-based spam with 95.7% true positive rate, whereas the existing template generation approach detects only 32.3%.

BEAN: A BEhavior ANalysis Approach of URL Spam Filtering in Twitter

  • De WangC. Pu
  • Computer Science
    2015 IEEE International Conference on Information Reuse and Integration
  • 2015
This paper introduces BEAN, a behavior analysis technique, which detects URL spam by capturing the anomalous message sending behaviors of spammers, and applies its approach to the Twitter dataset, indicating that the approach is a good complement to existing URL spam detection techniques.

Click traffic analysis of short URL spam on Twitter

This paper measures the misuse of the short URLs and analyzes the characteristics of the spam and non-spam short URLs to enable the detection of spam short URLs, and determines that the Random Tree algorithm achieves the best performance.

Towards Online Spam Filtering in Social Networks

This paper presents an online spam filtering system that can be deployed as a component of the OSN platform to inspect messages generated by users in real-time and drops messages classified as “spam” before they reach the intended recipients, thus protecting them from various kinds of fraud.

Suspended accounts in retrospect: an analysis of twitter spam

This study examines the abuse of online social networks at the hands of spammers through the lens of the tools, techniques, and support infrastructure they rely upon and identifies an emerging marketplace of illegitimate programs operated by spammers.

Analysis and Detection of Modern Spam Techniques on Social Networking Sites

This paper has analyzed click-jacking and malicious browser extensions in detail, evaluating existing solutions to detect/prevent them and proposed enhancements that help detecting clickjacking attacks in those failed scenarios and proposed a declarative security policy to prevent malicious browser extension attacks.
...

References

SHOWING 1-10 OF 67 REFERENCES

@spam: the underground on 140 characters or less

A characterization of spam on Twitter finds that 8% of 25 million URLs posted to the site point to phishing, malware, and scams listed on popular blacklists, and examines whether the use of URL blacklists would help to significantly stem the spread of Twitter spam.

Improving Spam Blacklisting Through Dynamic Thresholding and Speculative Aggregation

This paper explores the root causes of blacklist inaccuracy and proposes two specific techniques based on this premise, dynamic thresholding and speculative aggregation, whose goal is to improve the accuracy of blacklist generation.

Detecting Spammers on Twitter

This paper uses tweets related to three famous trending topics from 2009 to construct a large labeled collection of users, manually classified into spammers and non-spammers, and identifies a number of characteristics related to tweet content and user social behavior which could potentially be used to detect spammers.

Spamscatter: Characterizing Internet Scam Hosting Infrastructure

An opportunistic measurement technique called spamscatter is described that mines emails in real-time, follows the embedded link structure, and automatically clusters the destination Web sites using image shingling to capture graphical similarity between rendered sites.

Uncovering social spammers: social honeypots + machine learning

It is found that the deployed social honeypots identify social spammers with low false positive rates and that the harvested spam data contains signals that are strongly correlated with observable profile features (e.g., content, friend information, posting patterns, etc.).

Exploiting Network Structure for Proactive Spam Mitigation

It is demonstrated that the history and the structure of the IP addresses can reduce the adverse impact of mail server overload, by increasing the number of legitimate e-mails accepted by a factor of 3.

Detecting spammers on social networks

The results show that it is possible to automatically identify the accounts used by spammers, and the analysis was used for take-down efforts in a real-world social network.

The Koobface botnet and the rise of social malware

  • Kurt ThomasD. Nicol
  • Computer Science
    2010 5th International Conference on Malicious and Unwanted Software
  • 2010
Koobface's zombie infrastructure is explored and the identities of fraudulent and compromised social network accounts used to distribute malicious links to over 213,000 social network users, generating over 157,000 clicks are discovered.

Shades of grey: On the effectiveness of reputation-based “blacklists”

This paper performs a preliminary study of a type of reputation-based blacklist, namely those used to block unsolicited email, or spam, and shows that, for the network studied, these blacklists exhibit non-trivial false positives and false negatives.

A taxonomy of JavaScript redirection spam

It is indicated that obfuscation techniques are very prevalent among JavaScript redirection spam pages and a robust counter measure is recommended using a light weight JavaScript parser and engine.
...