Análise e modelagem do comportamento de SPAMMERS e dos usuários legítimos em redes de email

Email is an increasingly important and ubiquitous mean of communication, both facilitating contact between individuals and enabling rises in the productivity of organizations. However, the relentless rising of automatic unauthorized emails, also known as spam, is eroding away much of the attractiveness of email communication. Most of the attention dedicated to spam detection has focused on the content of the emails or on the addresses or domains associated with spam senders. This thesis takes an innovative approach towards addressing the problems caused by spam. Our goal is to develop a deep understanding of the fundamental characteristics of spam traffic, spammers’ behavior and the way spammers and non-spam (i.e., legitimate) users develop their relations in email networks, in hoping that such knowledge can be used, in the future, to drive the design of more effective techniques for detecting and combating spams. First we present an extensive characterization of a spam-infected email workload, which aims at identifying and quantifying the characteristics that significantly distinguish spam from legitimate traffic, assessing the impact of spam on the aggregate traffic and providing data for creating synthetic workload models. Next, we present a comprehensive graph theoretical analysis of email traffic that captures the fundamental characteristics of relations among spammers and their peers, which is very different from the normal mutual relations between senders and recipients of legitimate email. Third, we use the above properties of spammers and legitimate users behavior, in order to propose two new spam detection algorithms that use structural relationships between senders and recipients of email as the basis for spam detection. Our algorithms are used to correct misclassification from an auxiliary algorithm and its classification precision is evaluated using an actual and a synthetic workloads. Finally, as the majority of email traffic, represented by spam traffic, exhibits opportunistic, rather than symbiotic social relations, we use this traffic to quantify the differences between social and antisocial (here represented by spammers behavior) behaviors in networks of communication. Although no single behavioral or traffic metric studied can unequivocally differentiate legitimate emails from spam, the combination of several of them paint a clear picture of the processes, whereby legitimate and spam email vii are created. For this reason, we suppose, they can be used to augment the effectiveness, as our proposed algorithms do, of mechanisms to detect illegitimate emails as well as to better understand malicious behavior in network of communications.