Design and Evaluation of a Real-Time URL Spam Filtering Service

On the heels of the widespread adoption of web services such as social networks and URL shorteners, scams, phishing, and malware have become regular threats. Despite extensive research, email-based spam filtering techniques generally fall short for protecting other web services. To better address th...

Full description

Saved in:
Bibliographic Details
Main Authors: Thomas, K., Grier, C., Ma, J., Paxson, V., Song, D.
Format: Conference Proceeding
Language:English
Subjects:
Browsers
Electronic mail
Feature extraction
HTML
IP networks
Real time systems
Web services
Citations: Items that cite this one
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by cdi_FETCH-LOGICAL-c318t-a9f6ff28ab2ccde256325a8ef9677ce0bb669d0e5df3e9d106116d426792af263
cites
container_end_page 462
container_issue
container_start_page 447
container_title
container_volume
creator Thomas, K.
Grier, C.
Ma, J.
Paxson, V.
Song, D.
description On the heels of the widespread adoption of web services such as social networks and URL shorteners, scams, phishing, and malware have become regular threats. Despite extensive research, email-based spam filtering techniques generally fall short for protecting other web services. To better address this need, we present Monarch, a real-time system that crawls URLs as they are submitted to web services and determines whether the URLs direct to spam. We evaluate the viability of Monarch and the fundamental challenges that arise due to the diversity of web service spam. We show that Monarch can provide accurate, real-time protection, but that the underlying characteristics of spam do not generalize across web services. In particular, we find that spam targeting email qualitatively differs in significant ways from spam campaigns targeting Twitter. We explore the distinctions between email and Twitter spam, including the abuse of public web hosting and redirector services. Finally, we demonstrate Monarch's scalability, showing our system could protect a service such as Twitter -- which needs to process 15 million URLs/day -- for a bit under 800/day.
doi_str_mv 10.1109/SP.2011.25
format conference_proceeding
fullrecord <record><control><sourceid>ieee_CHZPO</sourceid><recordid>TN_cdi_ieee_primary_5958045</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>5958045</ieee_id><sourcerecordid>5958045</sourcerecordid><originalsourceid>FETCH-LOGICAL-c318t-a9f6ff28ab2ccde256325a8ef9677ce0bb669d0e5df3e9d106116d426792af263</originalsourceid><addsrcrecordid>eNotjktLw0AURscXGGs2bt3MH0i892YemZVIHyoUlD7WZZrcKSNpWpJa8N8b0G9zVufwCfGAkCOCe1p-5gSIOekLkTpbgjVOKwWElyKhwuoMCeyVuEOlrQVUlq5FglBiZgbvVqR9_wXDjHFWmUQ8T7iPu1b6tpbTs2--_SkeWnkI0ssF-yZbxT3L9WIul0e_l7PYnLiL7U4uuTvHiu_FTfBNz-k_R2I9m67Gb9n84_V9_DLPqgLLU-ZdMCFQ6bdUVTWTNgVpX3JwxtqKYbsdDtXAug4FuxrBIJpakbGOfCBTjMTjXzcy8-bYxb3vfjba6RKULn4BANJK-g</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Design and Evaluation of a Real-Time URL Spam Filtering Service</title><source>IEEE Xplore All Conference Series</source><creator>Thomas, K. ; Grier, C. ; Ma, J. ; Paxson, V. ; Song, D.</creator><creatorcontrib>Thomas, K. ; Grier, C. ; Ma, J. ; Paxson, V. ; Song, D.</creatorcontrib><description>On the heels of the widespread adoption of web services such as social networks and URL shorteners, scams, phishing, and malware have become regular threats. Despite extensive research, email-based spam filtering techniques generally fall short for protecting other web services. To better address this need, we present Monarch, a real-time system that crawls URLs as they are submitted to web services and determines whether the URLs direct to spam. We evaluate the viability of Monarch and the fundamental challenges that arise due to the diversity of web service spam. We show that Monarch can provide accurate, real-time protection, but that the underlying characteristics of spam do not generalize across web services. In particular, we find that spam targeting email qualitatively differs in significant ways from spam campaigns targeting Twitter. We explore the distinctions between email and Twitter spam, including the abuse of public web hosting and redirector services. Finally, we demonstrate Monarch's scalability, showing our system could protect a service such as Twitter -- which needs to process 15 million URLs/day -- for a bit under 800/day.</description><identifier>ISSN: 1081-6011</identifier><identifier>ISBN: 1457701472</identifier><identifier>ISBN: 9781457701474</identifier><identifier>EISSN: 2375-1207</identifier><identifier>EISBN: 9780769544021</identifier><identifier>EISBN: 0769544029</identifier><identifier>DOI: 10.1109/SP.2011.25</identifier><language>eng</language><publisher>IEEE</publisher><subject>Browsers ; Electronic mail ; Feature extraction ; HTML ; IP networks ; Real time systems ; Web services</subject><ispartof>2011 IEEE Symposium on Security and Privacy, 2011, p.447-462</ispartof><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c318t-a9f6ff28ab2ccde256325a8ef9677ce0bb669d0e5df3e9d106116d426792af263</citedby></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/5958045$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,2056,27923,54553,54918,54930</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/5958045$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Thomas, K.</creatorcontrib><creatorcontrib>Grier, C.</creatorcontrib><creatorcontrib>Ma, J.</creatorcontrib><creatorcontrib>Paxson, V.</creatorcontrib><creatorcontrib>Song, D.</creatorcontrib><title>Design and Evaluation of a Real-Time URL Spam Filtering Service</title><title>2011 IEEE Symposium on Security and Privacy</title><addtitle>sp</addtitle><description>On the heels of the widespread adoption of web services such as social networks and URL shorteners, scams, phishing, and malware have become regular threats. Despite extensive research, email-based spam filtering techniques generally fall short for protecting other web services. To better address this need, we present Monarch, a real-time system that crawls URLs as they are submitted to web services and determines whether the URLs direct to spam. We evaluate the viability of Monarch and the fundamental challenges that arise due to the diversity of web service spam. We show that Monarch can provide accurate, real-time protection, but that the underlying characteristics of spam do not generalize across web services. In particular, we find that spam targeting email qualitatively differs in significant ways from spam campaigns targeting Twitter. We explore the distinctions between email and Twitter spam, including the abuse of public web hosting and redirector services. Finally, we demonstrate Monarch's scalability, showing our system could protect a service such as Twitter -- which needs to process 15 million URLs/day -- for a bit under 800/day.</description><subject>Browsers</subject><subject>Electronic mail</subject><subject>Feature extraction</subject><subject>HTML</subject><subject>IP networks</subject><subject>Real time systems</subject><subject>Web services</subject><issn>1081-6011</issn><issn>2375-1207</issn><isbn>1457701472</isbn><isbn>9781457701474</isbn><isbn>9780769544021</isbn><isbn>0769544029</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2011</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><recordid>eNotjktLw0AURscXGGs2bt3MH0i892YemZVIHyoUlD7WZZrcKSNpWpJa8N8b0G9zVufwCfGAkCOCe1p-5gSIOekLkTpbgjVOKwWElyKhwuoMCeyVuEOlrQVUlq5FglBiZgbvVqR9_wXDjHFWmUQ8T7iPu1b6tpbTs2--_SkeWnkI0ssF-yZbxT3L9WIul0e_l7PYnLiL7U4uuTvHiu_FTfBNz-k_R2I9m67Gb9n84_V9_DLPqgLLU-ZdMCFQ6bdUVTWTNgVpX3JwxtqKYbsdDtXAug4FuxrBIJpakbGOfCBTjMTjXzcy8-bYxb3vfjba6RKULn4BANJK-g</recordid><startdate>201105</startdate><enddate>201105</enddate><creator>Thomas, K.</creator><creator>Grier, C.</creator><creator>Ma, J.</creator><creator>Paxson, V.</creator><creator>Song, D.</creator><general>IEEE</general><scope>6IE</scope><scope>6IH</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIO</scope></search><sort><creationdate>201105</creationdate><title>Design and Evaluation of a Real-Time URL Spam Filtering Service</title><author>Thomas, K. ; Grier, C. ; Ma, J. ; Paxson, V. ; Song, D.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c318t-a9f6ff28ab2ccde256325a8ef9677ce0bb669d0e5df3e9d106116d426792af263</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2011</creationdate><topic>Browsers</topic><topic>Electronic mail</topic><topic>Feature extraction</topic><topic>HTML</topic><topic>IP networks</topic><topic>Real time systems</topic><topic>Web services</topic><toplevel>online_resources</toplevel><creatorcontrib>Thomas, K.</creatorcontrib><creatorcontrib>Grier, C.</creatorcontrib><creatorcontrib>Ma, J.</creatorcontrib><creatorcontrib>Paxson, V.</creatorcontrib><creatorcontrib>Song, D.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan (POP) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEL</collection><collection>IEEE Proceedings Order Plans (POP) 1998-present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Thomas, K.</au><au>Grier, C.</au><au>Ma, J.</au><au>Paxson, V.</au><au>Song, D.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Design and Evaluation of a Real-Time URL Spam Filtering Service</atitle><btitle>2011 IEEE Symposium on Security and Privacy</btitle><stitle>sp</stitle><date>2011-05</date><risdate>2011</risdate><spage>447</spage><epage>462</epage><pages>447-462</pages><issn>1081-6011</issn><eissn>2375-1207</eissn><isbn>1457701472</isbn><isbn>9781457701474</isbn><eisbn>9780769544021</eisbn><eisbn>0769544029</eisbn><abstract>On the heels of the widespread adoption of web services such as social networks and URL shorteners, scams, phishing, and malware have become regular threats. Despite extensive research, email-based spam filtering techniques generally fall short for protecting other web services. To better address this need, we present Monarch, a real-time system that crawls URLs as they are submitted to web services and determines whether the URLs direct to spam. We evaluate the viability of Monarch and the fundamental challenges that arise due to the diversity of web service spam. We show that Monarch can provide accurate, real-time protection, but that the underlying characteristics of spam do not generalize across web services. In particular, we find that spam targeting email qualitatively differs in significant ways from spam campaigns targeting Twitter. We explore the distinctions between email and Twitter spam, including the abuse of public web hosting and redirector services. Finally, we demonstrate Monarch's scalability, showing our system could protect a service such as Twitter -- which needs to process 15 million URLs/day -- for a bit under 800/day.</abstract><pub>IEEE</pub><doi>10.1109/SP.2011.25</doi><tpages>16</tpages><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 1081-6011
ispartof 2011 IEEE Symposium on Security and Privacy, 2011, p.447-462
issn 1081-6011
2375-1207
language eng
recordid cdi_ieee_primary_5958045
source IEEE Xplore All Conference Series
subjects Browsers
Electronic mail
Feature extraction
HTML
IP networks
Real time systems
Web services
title Design and Evaluation of a Real-Time URL Spam Filtering Service
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-14T13%3A45%3A21IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_CHZPO&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Design%20and%20Evaluation%20of%20a%20Real-Time%20URL%20Spam%20Filtering%20Service&rft.btitle=2011%20IEEE%20Symposium%20on%20Security%20and%20Privacy&rft.au=Thomas,%20K.&rft.date=2011-05&rft.spage=447&rft.epage=462&rft.pages=447-462&rft.issn=1081-6011&rft.eissn=2375-1207&rft.isbn=1457701472&rft.isbn_list=9781457701474&rft_id=info:doi/10.1109/SP.2011.25&rft.eisbn=9780769544021&rft.eisbn_list=0769544029&rft_dat=%3Cieee_CHZPO%3E5958045%3C/ieee_CHZPO%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c318t-a9f6ff28ab2ccde256325a8ef9677ce0bb669d0e5df3e9d106116d426792af263%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=5958045&rfr_iscdi=true