System and Method for Detecting Email Spammers

US 20100161537A1
Filed: 04/06/2009
Published: 06/24/2010
Est. Priority Date: 12/23/2008
Status: Abandoned Application

First Claim

Patent Images

1. A system for detecting Email spammers comprising:

a database containing a byte size and variability traffic flow model, the byte size and variability traffic flow model representing byte size and variability of traffic flows associated with a plurality of known SMTP Clients; and

a classification system classifying incoming traffic flows initiated by an unknown SMTP Client based on a comparison between byte size and variability of the incoming traffic flows and the byte size and variability traffic flow model.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for detecting Email spammers from unknown SMTP Clients using the unknown SMTP Client'"'"'s SMTP traffic information e.g. byte size and variability data. The system and method includes a byte size and variability traffic flow model and a classification system. The traffic flow model may be based upon a standard deviation of byte size and variability of traffic flows for a plurality of legitimate SMTP Clients and for a plurality of Spammer SMTP Clients. The classification system then classifies an Unknown SMTP Client as an Email Spammer based on a comparison between the byte size and the variability of the Unknown SMTP Client'"'"'s traffic flows with the byte size and variability traffic flow model.

Citations

25 Claims

1. A system for detecting Email spammers comprising:
- a database containing a byte size and variability traffic flow model, the byte size and variability traffic flow model representing byte size and variability of traffic flows associated with a plurality of known SMTP Clients; and
  
  a classification system classifying incoming traffic flows initiated by an unknown SMTP Client based on a comparison between byte size and variability of the incoming traffic flows and the byte size and variability traffic flow model.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system for detecting Email spammers as claimed in claim 1 wherein the plurality of known SMTP Clients are legitimate SMTP Clients and spammer SMTP Clients.
  - 3. The system for detecting Email spammers as claimed in claim 2 wherein the unknown SMTP Client initiating SMTP traffic flows is classified as an Email spammer, a legitimate SMTP client or unclassifiable.
  - 4. The system for detecting Email spammers as claimed in claim 2 wherein the byte size and variability traffic flow model identifies a mean byte size for traffic flows associated with the plurality of legitimate SMTP Clients and identifies a mean byte size for traffic flows associated with the plurality of Spammer SMTP Clients.
  - 5. The system for detecting Email spammers as claimed in claim 2 wherein the byte size and traffic variability traffic flow model identifies a standard deviation in byte size for traffic flows associated with the plurality of legitimate SMTP Clients and identifies standard deviation in byte size for traffic flows associated with the plurality of Spammer SMTP Clients.
  - 6. The system for detecting E-mail Spammers as claimed in claim 2 wherein the byte size and traffic variability traffic flow model identifies a multivariate traffic vector based on a mean byte size and a standard deviation in byte size for traffic flows associated with the plurality of legitimate SMTP Clients and identifies a multivariate traffic vector based on a mean byte size and a standard deviation in byte size for traffic flows associated with the plurality of Spammer SMTP Clients.
  - 7. The system for detecting Email Spammers as claimed in claim 1 further comprising:
    - an extractor for extracting the byte size and variability from traffic flow data associated with the incoming traffic flows initiated by the unknown SMTP Client.
  - 8. The system for detecting Email Spammers as claimed in claim 7 further comprising:
    - a comparator for comparing the byte size and variability of the incoming traffic flows initiated by the unknown SMTP Client with the byte size and variability traffic flow model.
  - 9. The system for detecting Email Spammers as claimed in claim 8 further comprising:
    - a storage device containing a classification algorithm for classifying an unknown SMTP Client initiating SMTP traffic flows based on the results of the comparator.
  - 10. The system for detecting Email Spammers as claimed in claim 2 further comprising:
    - a filter for filtering traffic flows associated with an SMTP client classified as an Email spammer from a message system.
  - 11. The system for detecting Email Spammers as claimed in claim 2 further comprising:
    - an identifier for identifying and blacklisting an SMTP client classified as an Email spammer within a message system.
  - 12. The system for detecting Email Spammers as claimed in claim 1 further comprising:
    - a traffic model adjustor for adjusting the byte size and variability traffic flow model based on a periodicity effect.
  - 13. The system for detecting Email Spammers as claimed in claim 12 wherein the traffic model adjustor uses a smoothing technique to smooth the byte size and variability traffic flow model.

14. A method for detecting Email Spammers comprising:
- comparing byte size and traffic variability of incoming traffic flows initiated by an SMTP Client to a byte size and variability traffic flow model; and
  
  classifying an SMTP Client using the incoming traffic flows initiated by the SMTP Client based on the comparing step.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 15. The method as claimed in claim 14 wherein the SMTP Client is classified as an Email spammer, a legitimate Email client or unclassifiable based on the SMTP Client'"'"'s incoming flows.
  - 16. The method as claimed in claim 14 wherein the byte size and traffic variability traffic flow model identifies a mean byte size for traffic flows associated with the plurality of legitimate SMTP Clients and with the plurality of spammer SMTP Clients.
  - 17. The method as claimed in claim 14 wherein the byte size and traffic variability traffic flow model identifies a standard deviation in byte size for traffic flows associated with the plurality of legitimate SMTP Clients and with the plurality of spammer SMTP Clients.
  - 18. The method as claimed in claim 14 wherein the byte size and traffic variability traffic flow model identifies a multivariate traffic vector based on a mean byte size and a standard deviation in byte size for traffic flows associated with the plurality of legitimate SMTP Clients and with the plurality of spammer SMTP Clients.
  - 19. The method as claimed in claim 14 further comprising the step of:
    - extracting the byte size and variability from traffic header information associated with the incoming traffic flows of an SMTP Client.
  - 20. The method as claimed in claim 19 further comprising the step of:
    - comparing the byte size and variability of the incoming traffic flows associated with an SMTP Client with the byte size and variability traffic flow model.
  - 21. The method as claimed in claim 20 further comprising the step of:
    - classifying a SMTP Client using the incoming traffic flows initiated by the SMTP Client based on the results of the comparing step.
  - 22. The method as claimed in claim 15 further comprising the step of:
    - filtering SMTP traffic flows associated with an SMTP Client classified as an Email Spammer from a message system.
  - 23. The method as claimed in claim 15 further comprising the step of:
    - identifying and blacklisting a SMTP Client classified as Email Spammer within a message system.
  - 24. The method as claimed in claim 14 further comprising the step of:
    - adjusting the byte size and variability traffic flow model based on a periodicity effect.
  - 25. The method as claimed in claim 24 wherein the adjusting step uses a smoothing technique to smooth the byte size and variability traffic flow model.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Ehrlich, Willa, Liu, Danielle, Hoeflin, David, Karasaridis, Anestis

Application Number

US12/418,980
Publication Number

US 20100161537A1
Time in Patent Office

Days
Field of Search
US Class Current

706/46
CPC Class Codes

H04L 41/142   using statistical or mathem...

H04L 43/028   by filtering

H04L 51/212   using filtering or selectiv...

System and Method for Detecting Email Spammers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

System and Method for Detecting Email Spammers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links