Academia.eduAcademia.edu

Outline

Title
Abstract
Introduction
Related Work
Spam Email Clustering Using Text Mining Methods
Central Database
Results
The Dataset
Conclusion
References
All Topics
Computer Science
Cybersecurity

Spam campaign detection, analysis, and investigation

Profile image of sơn đinhsơn đinh

2015, Digital Investigation

https://doi.org/10.1016/J.DIIN.2015.01.006
visibility

description

10 pages

link

1 file

Abstract

Spam has been a major tool for criminals to conduct illegal activities on the Internet, such as stealing sensitive information, selling counterfeit goods, distributing malware, etc. The astronomical amount of spam data has rendered its manual analysis impractical. Moreover, most of the current techniques are either too complex to be applied on a large amount of data or miss the extraction of vital security insights for forensic purposes. In this paper, we elaborate a software framework for spam campaign detection, analysis and investigation. The proposed framework identifies spam campaigns on-the-fly. Additionally, it labels and scores the campaigns as well as gathers various information about them. The elaborated framework provides law enforcement officials with a powerful platform to conduct investigations on cyber-based criminal activities.

Related papers

System Analysis of SPAM
M Tariq Banday

2008

Increasing reliance on the electronic mail (e-mail) has attracted spammers to send more and more spam e-mails in order to maximizing their financial gains. These unwanted e-mails are not only clogging the Internet traffic but are also causing storage problems at the receiving servers. Besides these, spam e-mails also serve as a vehicle to a variety of online crimes and abuses. Although several anti-spam procedures are currently employed to distinguish spam e-mails from the legitimate e-mails yet spammers and phishes obfuscate their e-mail content to circumvent anti-spam procedures. Efficiency of anti-spam procedures to combat spam entry into the system greatly depend on their level of operation and a clear insight of various possible modes of spamming. In this paper we investigate directed graph model of Internet e-mail infrastructure and spamming modes used by spammers to inject spam into the system. The paper outlines the routes, system components, devices and protocols exploited by each spamming mode.

View PDFchevron_right
Spamming Botnets: Signatures and Characteristics
Анастасия Петерс

In this paper, we focus on characterizing spamming botnets by leveraging both spam payload and spam server traffic properties. Towards this goal, we developed a spam signature generation framework called AutoRE to detect botnet-based spam emails and botnet membership. AutoRE does not require pre-classified training data or white lists. Moreover, it outputs high quality regular expression signatures that can detect botnet spam with a low false positive rate. Using a three-month sample of emails from Hotmail, AutoRE successfully identified 7,721 botnet-based spam campaigns together with 340,050 unique botnet host IP addresses.

View PDFchevron_right
Analyzing network traffic to detect e-mail spamming machines
Jaideep Srivastava

2004

Security; and has evoked great interest to the research community. Various classification based and signature based systems have been proposed for filtering spam and detecting viruses that cause spam. However, most of these techniques require content of an email or user profiles, thus involving in high privacy intrusiveness. In this paper, we address the problem of detecting machines that behave as sending spam. Our approach involves very low privacy intrusion as we look at only the border network flow data. We propose two kinds of techniques for detecting anomalous behavior. The first technique is applicable for single instance network flow graph. The second technique involves analyzing the evolving graph structures over a period of time. We have run our experiments on University of Minnesota border network flow. Our results on this real data set show that the techniques applied have been effective and also point to new directions of research in this area.

View PDFchevron_right
Neighborhoods and bands: an analysis of the origins of spam
Dorgival Guedes

Journal of Internet Services and Applications, 2015

Despite the continuous efforts to mitigate spam, the volume of such messages continues to grow and identifying spammers is still a challenge. Spam traffic analysis is an important tool in this context, allowing network administrators to understand the behavior of spammers, both as they obfuscate messages and try to hide inside the network. This work adds to that body of information by analyzing the sources of spam to understand to what extent they explain the traffic observed. Our results show that, in many cases, an Autonomous System (AS) represents an interesting neighborhood to observe, with most ASes falling into four basic types: heavy and light senders, which tend to have many or very few spammer machines respectively, frequent small offenders, where spammer machines appear every now and then but disappear in a short time, and conniving ASes, where most machines do not send spam, but a few are heavy, continuous senders. Not only that, but also by grouping machines based on the campaigns that they send together, we define the notion of SpamBands. Those bands identify groups of machines that are probably controlled by the same spammer, and our findings show that they often span multiple ASes. The identification of AS neighborhood types and SpamBands may simplify the combat against spam, focusing efforts at the sources as a whole, possibly improving blacklists by grouping machines found in a same AS or SpamBands.

View PDFchevron_right
Detecting Spammers via Aggregated Historical Data Set
Rami Puzis

arXiv preprint arXiv:1205.1357, 2012

The battle between email service providers and senders of mass unsolicited emails (Spam) continues to gain traction. Vast numbers of Spam emails are sent mainly from automatic botnets distributed over the world. One method for mitigating Spam in a computationally efficient manner is fast and accurate blacklisting of the senders. In this work we propose a new sender reputation mechanism that is based on an aggregated historical data-set which encodes the behavior of mail transfer agents over time. A historical data-set is created from labeled logs of received emails. We use machine learning algorithms to build a model that predicts the spammingness of mail transfer agents in the near future. The proposed mechanism is targeted mainly at large enterprises and email service providers and can be used for updating both the black and the white lists. We evaluate the proposed mechanism using 9.5M anonymized log entries obtained from the biggest Internet service provider in Europe. Experiments show that proposed method detects more than 94% of the Spam emails that escaped the blacklist (i.e., TPR), while having less than 0.5% false-alarms. Therefore, the effectiveness of the proposed method is much higher than of previously reported reputation mechanisms, which rely on emails logs. In addition, the proposed method, when used for updating both the black and white lists, eliminated the need in automatic content inspection of 4 out of 5 incoming emails, which resulted in dramatic reduction in the filtering computational load.

View PDFchevron_right
Clustering Spam Emails into Campaigns
Nadia Tawbi

2015

Spam emails constitute a fast growing and costly problems associated with the Internet today. To fight effectively against spammers, it is not enough to block spam messages. Instead, it is necessary to analyze the behavior of spammer. This analysis is extremely difficult if the huge amount of spam messages is considered as a whole. Clustering spam emails into smaller groups according to their inherent similarity, facilitates discovering spam campaigns sent by a spammer, in order to analyze the spammer behavior. This paper proposes a methodology to group large sets of spam emails into spam campaigns, on the base of categorical attributes of spam messages. A new informative clustering algorithm, named Categorical Clustering Tree (CCTree), is introduced to cluster and characterize spam campaigns. The complexity of the algorithm is also analyzed and its efficiency has been proven.

View PDFchevron_right
Detection Methods of Dynamic Spammers' Behavior
Radosław Brendel

2nd International Conference on Dependability of Computer Systems (DepCoS-RELCOMEX '07), 2007

E-mailing as one of the most popular Internet communication service is very prone to spamming, i.e. the process of flooding our mailboxes with unsolicited messages. Every day, separating good messages from those coming from spammers we waste time and resources. It is urgent to find out an effective method of fighting with spam that should take into account not only the currently used spammers' methods but also dynamic aspects of constantly changing spammers' behavior.

View PDFchevron_right
Characterizing a spam traffic
Wagner Meira, Jr.

2004

The rapid increase in the volume of unsolicited commercial e-mails, also known as spam, is beginning to take its toll in system administrators, business corporations and end-users. Widely varying estimates of the cost associated with spam are available in the literature. However, a quantitative analysis of the determinant characteristics of spam traffic is still an open problem. This work fills this gap and presents what we believe to be the first extensive characterization of a spam traffic.

View PDFchevron_right
Peeking into Spammer Behavior from a Unique Vantage Point
abhinav Pathak

2008

Understanding the spammer behavior is a critical step in the long-lasting battle against email spams. Previous studies have focused on setting up honeypots or email sinkholes containing destination mailboxes for spam collection. A spam trace collected this way offers the limited viewpoint from a single organizational domain and hence is short of reflecting the global behavior of spammers. In this paper, we present a spam analysis study using sinkholes based on open relays. A relay sinkhole offers a unique vantage point in spam collection: it has the broader view of spam originated from multiple spam origins destined to mailboxes belonging to multiple organizational domains.

View PDFchevron_right
Reference Data Sets for Spam Detection
Marcin Luckner

Hybrid Artificial Intelligent Systems Lecture Notes in Computer Science Volume 8073, 2013

A reference set is a set of data of network traffic whose form and content allows detecting an event or a group of events. Realistic and representative datasets based on real traffic can improve research in the fields of intruders and anomaly detection. Creating reference sets tackles a number of issues such as the collection and storage of large volumes of data, the privacy of information and the relevance of collected events. Moreover, rare events are hard to analyse among background traffic and need specialist detection tools. One of the common problems that can be detected in network traffic is spam. This paper presents the methodology for creating a network traffic reference set for spam detection. The methodology concerns the selection of significant features, the collection and storage of data, the analysis of the collected data, the enrichment of the data with additional events and the propagation of the set. Moreover, a hybrid classifier that detects spam on relatively high level is presented.

View PDFchevron_right

References (41)

  1. Anderson DS, Fleizach C, Savage S, Voelker GM. Spamscatter: character- izing internet scam hosting infrastructure. In: Proceedings of 16th USENIX security symposium, SS'07; 2007. pp. 10:1e10:14.
  2. Bergholz A, Chang JH, Paaß G, Reichartz F, Strobel S. Improved phishing detection using model-based features. In: CEAS; 2008.
  3. Bergholz A, De Beer J, Glahn S, Moens M-F, Paaß G, Strobel S. New filtering approaches for phishing email. J Comput Secur 2010;18(1):7e35.
  4. Broder AZ, Glassman SC, Manasse MS, Zweig G. Syntactic clustering of the web. Comput Netw ISDN Syst 1997;29(8):1157e66.
  5. Calais P, Pires DE, Neto DOG, Meira Jr W, Hoepers C, Steding-Jessen K. A campaign-based characterization of spamming strategies. In: CEAS; 2008.
  6. Cheung W, Zaiane OR. Incremental mining of frequent patterns without candidate generation or support constraint. In: Database engineering and applications symposium, 2003. Proceedings. Seventh interna- tional, IEEE; 2003. p. 111e6.
  7. CodeFlower Source code visualization. http://redotheweb.com/CodeFlower/.
  8. Daigle L. WHOIS protocol specification. Internet RFC 2004;
  9. ISSN: 2070-1721.
  10. Damiani E, di Vimercati SDC, Paraboschi S, Samarati P. An open digest- based technique for spam detection. In: ISCA PDCS; 2004. p. 559e64. Data-Driven Documents, http://d3js.org/.
  11. Fette I, Sadeh N, Tomasic A. Learning to detect phishing emails. In: Pro- ceedings of the 16th international conference on world wide Web. ACM; 2007. p. 649e56.
  12. Gao H, Hu J, Wilson C, Li Z, Chen Y, Zhao BY. Detecting and characterizing social spam campaigns. In: Proceedings of the 10th ACM SIGCOMM conference on internet measurement. ACM; 2010. p. 35e47.
  13. Guerra P, Pires D, Guedes D, Meira Jr W, Hoepers C, Steding-Jessen K. Spam miner: a platform for detecting and characterizing spam cam- paigns. In: Proc. 6th Conf. Email Anti-Spam; 2008.
  14. Haider P, Scheffer T. Bayesian clustering for email campaign detection. In: Proceedings of the 26th annual international conference on machine learning. ACM; 2009. p. 385e92.
  15. Han J, Pei J, Yin Y. Mining frequent patterns without candidate generation. ACM SIGMOD Rec 2000;29(2):1e12.
  16. Han J, Pei J, Yin Y, Mao R. Mining frequent patterns without candidate generation: a frequent-pattern tree approach. Data Min Knowl Discov 2004;8(1):53e87.
  17. Harrenstien K, Stahl M, Feinler E. WHOIS protocol specification. Internet RFC 1985;954. ISSN: 2070-1721.
  18. Heller KA, Ghahramani Z. Bayesian hierarchical clustering. In: Pro- ceedings of the 22nd international conference on machine learning. ACM; 2005. p. 297e304.
  19. John JP, Moshchuk A, Gribble SD, Krishnamurthy A. Studying spamming botnets using botlab. In: NSDI, vol. 9; 2009. p. 291e306.
  20. Kai-Sang Leung C. Interactive constrained frequent-pattern mining sys- tem. In: Database engineering and applications symposium, 2004. IDEAS'04. Proceedings. International, IEEE; 2004. p. 49e58.
  21. Kanich C, Kreibich C, Levchenko K, Enright B, Voelker GM, Paxson V, et al. Spamalytics: an empirical analysis of spam marketing conversion. Commun ACM 2009;52(9):99e107.
  22. Konte M, Feamster N, Jung J. Dynamics of online scam hosting infra- structure. In: Passive and active network measurement. Springer; 2009. p. 219e28.
  23. Kornblum J. Identifying almost identical files using context triggered piecewise hashing. Digit Investig 2006;3:91e7.
  24. Landauer TK, Foltz PW, Laham D. An introduction to latent semantic analysis. Discourse Process 1998;25(2e3):259e84.
  25. Lau JH, Grieser K, Newman D, Baldwin T. Automatic labelling of topic models. ACL 2011;2011:1536e45.
  26. Leung CK-S, Khan QI, Li Z, Hoque T. Cantree: a canonical-order tree for incremental frequent-pattern mining. Knowl Inform. Syst 2007;11(3): 287e311.
  27. Li F, Hsieh M-H. An empirical study of clustering behavior of spammers and group-based anti-spam strategies. In: CEAS; 2006.
  28. Milne D, Witten IH. An open-source toolkit for mining wikipedia. Artifi- cial Intelligence; 2013.
  29. Moore T, Clayton R, Stern H. Temporal correlations between spam and phishing websites. In: Proc. of 2nd USENIX LEET; 2009.
  30. Ong K-L, Ng W-K, Lim E-P. Fssm: fast construction of the optimized segment support map. In: Data warehousing and knowledge dis- covery. Springer; 2003. p. 257e66.
  31. OrientDB, http://www.orientdb.org/, last accessed in August 2013.
  32. Pathak A, Qian F, Hu YC, Mao ZM, Ranjan S. Botnet spam campaigns can be long lasting: evidence, implications, and analysis. In: Proceedings of the eleventh international joint conference on measurement and modeling of computer systems. ACM; 2009. p. 13e24.
  33. Pitsillidis A, Levchenko K, Kreibich C, Kanich C, Voelker GM, Paxson V, et al. Botnet judo: fighting spam with itself. In: NDSS; 2010.
  34. Pitsillidis A, Kanich C, Voelker GM, Levchenko K, Savage S. Taster's choice: a comparative analysis of spam feeds. In: Proceedings of the 2012 ACM conference on internet measurement conference, IMC'12; 2012. p. 427e40.
  35. Qian F, Pathak A, Hu YC, Mao ZM, Xie Y. A case for unsupervised-learning- based spam filtering. ACM SIGMETRICS Perform Eval Rev 2010;38(1): 367e8. spamsum, http://www.samba.org/ftp/unpacked/junkcode/spamsum/ README, (last accessed in August 2013).
  36. Stringhini G, Holz T, Stone-Gross B, Kruegel C, Vigna G. Botmagnifier: locating spambots on the internet. In: USENIX security symposium; 2011. Symantec Intelligence Report. Report. May 2013. http://www.symantec. com/content/en/us/enterprise/other_resources/b-intelligence_ report_05-2013.en-us.pdf.
  37. Thonnard O, Dacier M. A strategic analysis of spam botnets opera- tions, in: proceedings of the 8th annual Collaboration. In: Elec- tronic messaging, anti-abuse and spam conference. ACM; 2011. p. 162e71.
  38. Wei C, Sprague A, Warner G, Skjellum A. Mining spam email to identify common origins for forensic application. In: Proceedings of the 2008 ACM symposium on applied computing. ACM; 2008. p. 1433e7.
  39. Wei C, Sprague A, Warner G, Skjellum A. Characterization of spam advertised website hosting strategy. In: Sixth conference on email and anti-spam, Mountain View, CA; 2009.
  40. Xie Y, Yu F, Achan K, Panigrahy R, Hulten G, Osipkov I. Spamming botnets: signatures and characteristics. ACM SIGCOMM Comput Commun Rev 2008;38(4):171e82.
  41. Zhuang L, Dunagan J, Simon DR, Wang HJ, Osipkov I, Tygar JD. Charac- terizing botnets from email spam records. LEET 2008;8:1e9.

Related papers

Spam miner: A platform for detecting and characterizing spam campaigns
Marco Tulio

2009

This demo presents Spam Miner, an online system designed for real-time monitoring and characterization of spam traffic over the Internet. Our system is based on high-level abstractions such as spam message attributes, spam campaigns and spamming strategies. A campaign is a cluster of messages that are generated from a single message template; campaign identification is a challenging problem because it has to handle spammer evolution, while seeking for a spam similarity function that combines different message ...

View PDFchevron_right
Anti-Spam Software for Detecting Information Attacks
Saadat Bunyadova

International Journal of Intelligent Systems and Applications, 2012

In this paper the develop ment of anti-spam software detecting information attacks is offered. For this purpose it is considered spam filtrat ion system with the multilayered, mu ltivalent architecture, coordinating all ISP's in the country. All users and ISPs of this system involved in spam filtration p rocess. After spam filtering process, saved spam templates are analyzed and classified. This parameterizing of spam temp lates give possibility to define the thematic dependence from geographical. For example, what subjects prevail in spam messages sent from the certain countries? Analyzing origins of spam temp lates fro m spam-base, it is possible to define and solve the organized social networks of spammers. Thus, the offered system will be capable to reveal purposeful in formation attacks if those occur.

View PDFchevron_right
A campaign-based characterization of spamming strategies
Pedro H. Guerra

This paper presents a methodology for the characterization of spamming strategies based on the identi cation of spam campaigns. To deeply understand how spammers abuse network resources and obfuscate their messages, an aggregated analysis of spam messages is not enough. Grouping spam messages into campaigns is important to unveil behaviors that cannot be noticed when looking at the whole set of spams collected. We propose a spam identi cation technique based on a frequent pattern tree, which naturally captures the invariants on message content and detect campaigns that di er only due to obfuscated fragments. After that, we characterize these campaigns both in terms of content obfuscation and exploitation of network resources. Our methodology includes the use of attribute association analysis: by applying an association rule mining algorithm, we were able to determine cooccurrence of campaign attributes that unveil di erent spamming strategies. In particular, we found strong relations between the origin of the spam and how it abused the network, and also between operating systems and types of abuse.

View PDFchevron_right
Clustering Spam Domains and Hosts: Anti-Spam Forensics With Data Mining
Kent Kerley

Spam related cyber crimes, including phishing, malware and online fraud, are a serious threat to society. Spam filtering has been the major weapon against spam for many years but failed to reduce the number of spam emails. To hinder spammers' capability of sending spam, their supporting infrastructure needs to be disrupted.

View PDFchevron_right
Digital Waste Disposal: an automated framework for analysis of spam emails
mohammed mejri

International Journal of Information Security, 2019

Spam email automated analysis and classification are a challenging task, which is vital in the identification of botnet structures and cybercrime fighting. In this work, we propose an automated methodology and the resulting framework based on innovative categorical divisive clustering, used both for grouping and for classification of spam messages. In particular, the grouping is exploited to identify campaigns of similar spam emails, while the classification is used to label specific emails according to the goal of spammer (e.g., phishing, malware distribution, advertisement, etc.). This work introduces the CCTree algorithm, both as clustering algorithm and as classification algorithm, in two operative modes: batch and dynamic, to handle both large data sets and data streams. Afterward, the CCTree is applied to large sets of spam emails for campaign identification and labeling. The performance of the algorithm is reported for both clustering and classification, and a comparison between the batch and dynamic approaches is presented and discussed.

View PDFchevron_right

Related topics

  • Business
  • Computer Science
  • Digital Investigation
  • Computer Security

    • Cited by

    Digital Waste Disposal: an automated framework for analysis of spam emails
    mohammed mejri

    International Journal of Information Security, 2019

    Spam email automated analysis and classification are a challenging task, which is vital in the identification of botnet structures and cybercrime fighting. In this work, we propose an automated methodology and the resulting framework based on innovative categorical divisive clustering, used both for grouping and for classification of spam messages. In particular, the grouping is exploited to identify campaigns of similar spam emails, while the classification is used to label specific emails according to the goal of spammer (e.g., phishing, malware distribution, advertisement, etc.). This work introduces the CCTree algorithm, both as clustering algorithm and as classification algorithm, in two operative modes: batch and dynamic, to handle both large data sets and data streams. Afterward, the CCTree is applied to large sets of spam emails for campaign identification and labeling. The performance of the algorithm is reported for both clustering and classification, and a comparison between the batch and dynamic approaches is presented and discussed.

    View PDFchevron_right
    Phishing email strategies: Understanding cybercriminals' strategies of crafting phishing emails
    Dinusha Vatsalan

    Security and Privacy, 2021

    It is a known fact that cybercriminals often manipulate people to steal sensitive information. However, there has been a lack of research in investigating cybercriminals' strategies and the evolution of strategies when crafting phishing emails to entice people to perform a variety of malicious tasks such as clicking on fraudulent links. This study uses a combination of Natural Language Processing (NLP), topic modeling, and clustering techniques to analyze and evaluate the persuasive techniques/strategies, which cybercriminals use when crafting fraudulent emails. Our experimental results revealed the efficacy of using these techniques in understanding cybercriminals' mindset as well as how certain aspects of these techniques maintained consistency despite the evolution of the strategy from early Nigerian scams to more modern phishing emails. The findings of our study indicate that the most common technique/strategy used by cybercriminals is a combination of creating a sense of urgency while promising a reward. Moreover, despite the evolution of technology, cybercriminals are still effectively using the same persuasive techniques. Based on our findings, we provided several recommendations to improve anti-phishing software and awareness and training programs.

    View PDFchevron_right
    Context-Based Clustering to Mitigate Phishing Attacks
    Kami Vaniea

    Proceedings of the 15th ACM Workshop on Artificial Intelligence and Security

    Phishing is by far the most common and disruptive type of cyberattack faced by most organizations. Phishing messages may share common attributes such as the same or similar subject lines, the same sending infrastructure, similar URLs with certain parts slightly varied, and so on. Attackers use such strategies to evade sophisticated email filters, increasing the difficulty for computing support teams to identify and block all incoming emails during a phishing attack. Limited work has been done on grouping human-reported phishing emails, based on the underlying scam, to help the computing support teams better defend organizations from phishing attacks. In this paper, we explore the feasibility of using unsupervised clustering techniques to group emails into scams that could ideally be addressed together. We use a combination of contextual and semantic features extracted from emails and perform a comparative study on three clustering algorithms with varying feature sets. We use a range of internal and external validation methods to evaluate the clustering results on real-world email datasets. Our results show that unsupervised clustering is a promising approach for scam identification and grouping, and analyzing reported phishing emails is an effective way of mitigating phishing attacks and utilizing the human perspective. CCS CONCEPTS • Security and privacy → Phishing; • Computing methodologies → Cluster analysis; Information extraction.

    View PDFchevron_right
    Mitigating BOT-based Methods for Email Address Harvesting and Spamming
    M Tariq Banday

    Research Square (Research Square), 2022

    Email databases are continually being updated with the inclusion of active email addresses collected from different sources by hackers and spammers for their illicit purpose, including spamming and sharing. The presence of multiple valid email addresses in the headers of chain and multi-recipient email messages increases the chances of successful harvesting. This paper investigates and exposes a botbased technique for email address harvesting from email messages, including chain email messages and emails sent to multiple recipients. Experimentation results demonstrate the designed Bot's effectiveness in misusing technologies to collect email addresses from the header and body of email messages. Also, the experimented method and user studies demonstrated the XOAuth authentication mechanism's ine ciency in blocking mailbox access and email address harvesting. The comprehensive illustration of the design shall be bene cial to design techniques for detecting and mitigating such bots. The paper also suggests a few mechanisms that can be put in place to prevent this type of email address harvesting signi cantly and also designs a mitigation method to detect and mitigate the designed Bots of this nature. I. INTRODUCTION Without a database of active email addresses, it is not possible for spammers to send spam effectively. Without a database of active email addresses, it is not possible for spammers to effectively send spam messages and pro t from the process. Spammers are always on a hunt for new and active email addresses for spamming [1], phishing [2], [3], whaling [4], spoo ng [5], cyberbullying [4], hoaxes [6], etc. Spamming and phishing attacks are also on the rise in online social networks. The use of new techniques for spamming requires the development of novel procedures to check their spread [7]. A consequence of spamming, i.e., phishing which poses a serious risk for consumers and businesses, has been or rise and requires contemporary measures for its control, such as ltering [8]. They harvest email addresses using different methods, which include mailing lists on sale, social networking sites, group discussion forums, web crawlers, directory harvest attacks, hacking into sites, intercepted user requests to unsubscribe, guessing and cleaning, and free offerings. (http://www.private.org.il/harvest.html). Hiding email addresses is no longer a viable solution to the problem as sharing email addresses with friends, family, customers, business partners, and online service providers are inevitable as it has evolved as a standard mode of communication on the Internet. Moreover, providing an active email to highly in-use social and ecommerce websites has become compulsory. These email addresses and user information are stored in diverse formats, mostly underlying databases of service providers. If hacked by spammers besides others, this database puts users at the risk of spamming. Also, businesses and individuals publish their email addresses on their websites and blogs for their customers to communicate with them. Bots [11], [12] originated for useful purposes, such as web crawlers to perform some prede ned functions automatically [13], but their use for numerous malicious purposes has been forged for a long. The illicit use includes spreading spam email messages which are considered one of the major threats to the security and privacy of the Internet [14], [15], [16]. A bot is propagated into the vulnerable systems to gain

    View PDFchevron_right
    580 California St., Suite 400
    San Francisco, CA, 94104
    © 2025 Academia. All rights reserved