We conducted an empirical study of the clustering behavior of spammers and explored the group-based anti-spam strategies. We propose to block spammers as groups instead of dealing with each spam individually. We empirically observe that, with a certain grouping criteria such as having the same URL in the spam mail, the relationship among the spammers has demonstrated highly clustering structures. By examining the spam mails gathered in a seven-day period, we found that if a spammer is associated with multiple groups, it has a higher probability of sending more spam mails in the near future. We also observed that the spam mails from the same group of spammers often arrive in burst and a very small fraction of the active spammers actually accounted for a large portion of the total spam mails.
[1]
Ben Laurie,et al.
\Proof-of-Work" Proves Not to Work
,
2004
.
[2]
Virgílio A. F. Almeida,et al.
Characterizing a spam traffic
,
2004,
IMC '04.
[3]
Emil Sit,et al.
An empirical study of spam traffic and the use of DNS black lists
,
2004,
IMC '04.
[4]
Srikanth Kandula,et al.
Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds
,
2005,
NSDI.
[5]
Robert Tappan Morris,et al.
ExOR: opportunistic multi-hop routing for wireless networks
,
2005,
SIGCOMM '05.
[6]
Balachander Krishnamurthy,et al.
Collaborating against common enemies
,
2005,
IMC '05.