An Online Malicious Spam Email Detection System Using Resource Allocating Network with Locality Sensitive Hashing

In this paper, we propose a new online system that can quickly detect malicious spam emails and adapt to the changes in the email contents and the Uniform Resource Locator (URL) links leading to malicious websites by updating the system daily. We introduce an autonomous function for a server to generate training examples, in which double-bounce emails are automatically collected and their class labels are given by a crawler-type software to analyze the website maliciousness called SPIKE. In general, since spammers use botnets to spread numerous malicious emails within a short time, such distributed spam emails often have the same or similar contents. Therefore, it is not necessary for all spam emails to be learned. To adapt to new malicious campaigns quickly, only new types of spam emails should be selected for learning and this can be realized by introducing an active learning scheme into a classifier model. For this purpose, we adopt Resource Allocating Network with Locality Sensitive Hashing (RAN-LSH) as a classifier model with a data selection function. In RAN-LSH, the same or similar spam emails that have already been learned are quickly searched for a hash table in Locally Sensitive Hashing (LSH), in which the matched similar emails located in “well-learned” are discarded without being used as training data. To analyze email contents, we adopt the Bag of Words (BoW) approach and generate feature vectors whose attributes are transformed based on the normalized term frequency-inverse document frequency (TF-IDF). We use a data set of double-bounce spam emails collected at National Institute of Information and Communications Technology (NICT) in Japan from March 1st, 2013 until May 10th, 2013 to evaluate the performance of the proposed system. The results confirm that the proposed spam email detection system has capability of detecting with high detection rate.

[1]  Tao Ban,et al.  Detecting Malicious Spam Mails: An Online Machine Learning Approach , 2014, ICONIP.

[2]  Seiichi Ozawa,et al.  A Neural Network Model for Large-Scale Stream Data Learning Using Locally Sensitive Hashing , 2013, ICONIP.

[3]  Christopher Hadnagy,et al.  Social Engineering: The Art of Human Hacking , 2010 .

[4]  Seiichi Ozawa,et al.  An Autonomous Incremental Learning Algorithm for Radial Basis Function Networks , 2010, J. Intell. Learn. Syst. Appl..

[5]  Yen-Jen Oyang,et al.  Data classification with radial basis function networks based on a novel kernel density estimation algorithm , 2005, IEEE Transactions on Neural Networks.

[6]  Alexandr Andoni,et al.  Near-Optimal Hashing Algorithms for Approximate Nearest Neighbor in High Dimensions , 2006, 2006 47th Annual IEEE Symposium on Foundations of Computer Science (FOCS'06).

[7]  Nicole Immorlica,et al.  Locality-sensitive hashing scheme based on p-stable distributions , 2004, SCG '04.

[8]  Ting Li,et al.  Locality sensitive hashing based searching scheme for a massive database , 2008, IEEE SoutheastCon 2008.

[9]  Shaoning Pang,et al.  Incremental Learning of Chunk Data for Online Pattern Classification Systems , 2008, IEEE Transactions on Neural Networks.

[10]  John C. Platt A Resource-Allocating Network for Function Interpolation , 1991, Neural Computation.

[11]  Stephen E. Robertson,et al.  Okapi at TREC-3 , 1994, TREC.

[12]  Stephen E. Robertson,et al.  GatfordCentre for Interactive Systems ResearchDepartment of Information , 1996 .

[13]  Diane Gan,et al.  A targeted malicious email (TME) attack tool , 2012 .

[14]  Julie J.C.H. Ryan,et al.  Detecting targeted malicious email through supervised classification of persistent threat and recipient oriented features , 2010 .

[15]  S. Hyakin,et al.  Neural Networks: A Comprehensive Foundation , 1994 .

[16]  P. Langley Selection of Relevant Features in Machine Learning , 1994 .

[17]  Marko Grobelnik,et al.  Feature Selection Using Linear Support Vector Machines , 2002 .

[18]  Saadat Nazirova Survey on Spam Filtering Techniques , 2011, Commun. Netw..

[19]  Corinna Cortes,et al.  Support-Vector Networks , 1995, Machine Learning.

[20]  V. Sujatha,et al.  An Innovative Approach for Detecting Targeted Malicious E-mail , 2013 .

[21]  Kyung Mi Lee,et al.  Similar pair identification using locality-sensitive hashing technique , 2012, The 6th International Conference on Soft Computing and Intelligent Systems, and The 13th International Symposium on Advanced Intelligence Systems.

[22]  Jungsuk Song,et al.  Network Security Incident Response Technology: Clustering and Feature Selection Methods for Analyzing Spam Based Attacks , 2012 .

[23]  J. Nazuno Haykin, Simon. Neural networks: A comprehensive foundation, Prentice Hall, Inc. Segunda Edición, 1999 , 2000 .

[24]  Yongdong Zhang,et al.  An improved method of locality sensitive hashing for indexing large-scale and high-dimensional features , 2013, Signal Process..