Skip to main content

Social network analysis for cluster-based IP spam reputation

Buy Article:

$54.08 plus tax (Refund Policy)


Purpose ‐ IP reputation systems, which filter e-mail based on the sender's IP address, are located at the perimeter ‐ before the messages reach the mail server's anti-spam filters. To increase IP reputation system efficacy and overcome the shortcomings of individual IP-based filtering, recent studies have suggested exploiting the properties of IP clusters, such as those of Autonomous Systems (AS). Cluster-based techniques can enhance accuracy and reduce false negative rates. However, clusters generally contain enormous amounts of IP addresses, which hinder cluster-based systems from reaching their full spam filtering potential. The purpose of this paper is exploitation of social network metrics to obtain a more granular, i.e. sub-divided, view of cluster-based reputation, and thus enhance spam filtering accuracy. Design/methodology/approach ‐ The authors examined the performance of various social network metrics, including nodal degree, betweenness centrality, closeness centrality and valued graphs, to find an optimal element that enhances IP reputation prediction in AS clusters. Findings ‐ It was found that all measures contributed to prediction, yet the best predictor of spam reputation was the out-degree metric, which showed a strong positive correlation with spam reputation prediction. This implies that more granular information can increase the accuracy of IP reputation prediction in AS clusters. Practical implications ‐ Used in conjunction with other technologies, the granular cluster-based reputation system can be a valuable addition to commercial and open-source spam filtering systems, or to standalone DNS-based blacklists. Originality/value ‐ The authors' approach can promote mitigation of larger spam volumes at the perimeter, save bandwidth, and conserve valuable system resources.

Keywords: Autonomous systems; Data security; Electronic mail; IP reputation; Social network analysis; Social networking sites; Spam; Transmission control protocol/internet protocol

Document Type: Research Article


Publication date: 2012-10-05

  • Access Key
  • Free ContentFree content
  • Partial Free ContentPartial Free content
  • New ContentNew content
  • Open Access ContentOpen access content
  • Partial Open Access ContentPartial Open access content
  • Subscribed ContentSubscribed content
  • Partial Subscribed ContentPartial Subscribed content
  • Free Trial ContentFree trial content
Cookie Policy
Cookie Policy
Ingenta Connect website makes use of cookies so as to keep track of data that you have filled in. I am Happy with this Find out more