A review of spam email detection: analysis of spammer strategies and the dataset shift problem

Jáñez-Martino, Francisco; Aláiz-Rodríguez, Rocío; González-Castro, V́ıctor; Fidalgo, Eduardo; Alegre, Enrique

doi:10.1007/s10462-022-10195-4

Cited by 56 publications

(30 citation statements)

References 107 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This is in contrast to what might be seen in models trained for spam detection, for example, where the model has to cope with the shifting strategies of an intelligent adversary. 30 These shifts are better represented in the model performance plots than the marginal distributions of each individual feature ( Supplementary Table 2) . Performance gaps at a single operating point (Lift) are not as widely separated as in the previous simulation.…”

Section: Resultsmentioning

confidence: 99%

Assessing the effects of data drift on the performance of machine learning models used in clinical sepsis prediction

Rahmani

Thapa

Tsou

et al. 2022

Preprint

View full text Add to dashboard Cite

Background Data drift can negatively impact the performance of machine learning algorithms (MLAs) that were trained on historical data. As such, MLAs should be continuously monitored and tuned to overcome the systematic changes that occur in the distribution of data. In this paper, we study the extent of data drift and provide insights about its characteristics for sepsis onset prediction. This study will help elucidate the nature of data drift for prediction of sepsis and similar diseases. This may aid with the development of more effective patient monitoring systems that can stratify risk for dynamic disease states in hospitals. Methods We devise a series of simulations that measure the effects of data drift in patients with sepsis. We simulate multiple scenarios in which data drift may occur, namely the change in the distribution of the predictor variables (covariate shift), the change in the statistical relationship between the predictors and the target (concept shift), and the occurrence of a major healthcare event (major event) such as the COVID-19 pandemic. We measure the impact of data drift on model performances, identify the circumstances that necessitate model retraining, and compare the effects of different retraining methodologies and model architecture on the outcomes. We present the results for two different MLAs, eXtreme Gradient Boosting (XGB) and Recurrent Neural Network (RNN). Results Our results show that the properly retrained XGB models outperform the baseline models in all simulation scenarios, hence signifying the existence of data drift. In the major event scenario, the area under the receiver operating characteristic curve (AUROC) at the end of the simulation period is 0.811 for the baseline XGB model and 0.868 for the retrained XGB model. In the covariate shift scenario, the AUROC at the end of the simulation period for the baseline and retrained XGB models is 0.853 and 0.874 respectively. In the concept shift scenario and under the mixed labeling method, the retrained XGB models perform worse than the baseline model for most simulation steps. However, under the full relabeling method, the AUROC at the end of the simulation period for the baseline and retrained XGB models is 0.852 and 0.877 respectively. The results for the RNN models were mixed, suggesting that retraining based on a fixed network architecture may be inadequate for an RNN. We also present the results in the form of other performance metrics such as the ratio of observed to expected probabilities (calibration) and the normalized rate of positive predictive values (PPV) by prevalence, referred to as lift, at a sensitivity of 0.8. Conclusion Our simulations reveal that retraining periods of a couple of months or using several thousand patients are likely to be adequate to monitor machine learning models that predict sepsis. This indicates that a machine learning system for sepsis prediction will probably need less infrastructure for performance monitoring and retraining compared to other applications in which data drift is more frequent and continuous. Our results also show that in the event of a concept shift, a full overhaul of the sepsis prediction model may be necessary because it indicates a discrete change in the definition of sepsis labels, and mixing the labels for the sake of incremental training may not produce the desired results.

show abstract

Section: Resultsmentioning

confidence: 99%

Assessing the effects of data drift on the performance of machine learning models used in clinical sepsis prediction

Rahmani

Thapa

Tsou

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Often the emails ask to enter credentials into a field in the email (e.g. fake login to see document) Recurring No To disguise Sec 4.5 Unicode ( Liu and Stamm, 2007 ) encoding ( Jáñez-Martino et al., 2022 ) Bit.ly links Emails start with malicious bit.ly link, accompanied by news headlines. Recurring No To disguise Verification URL features Adebowale et al.…”

Section: Methodsmentioning

confidence: 99%

“… Recurring No To disguise Verification URL features Adebowale et al. (2019) url shortener / tracker ( Bhardwaj, Sapra, Kumar, Kumar, Arthi, 2020 , Blancaflor, Alfonso, Banganay, et al., 2021 , Niu, Zhang, Yang, Ma, Zhuo, 2017 , Petelka, Zou, Schaub, 2019 ) E-moji in subject An emoji is added to the subject line (various emojis observed) Recurring No To disguise Verification Obfuscated words ( Jáñez-Martino et al., 2022 ) Clickable image Emails frequently include an clickable image (via i.imgur.com) that links towards a phishing website. Recurring No To disguise Sec 4.3 Image features ( Adebowale et al., 2019 ) News headlines The email subject header is disguised by a real news headline to gain your interest and while forwarding you to a fake store to purchase and extort and swindle your data Recurring Predominant use of corona-related news articles To gain interest Sec 4.2 Obfuscated words ( Jáñez-Martino et al., 2022 ) fake news headlines ( Sarno et al., 2022 ) Face-mask Emails are trying to scare you into buying face masks with the purpose to collect personal information Recurring Yes To gain interest Sec 4.2 , 4.2.1 , 4.3 Profiled purchasing ( Hamid and Abawajy, 2013 ) compulsive buying ( Halevi et al., 2015 ) deals too good to be true ( Kirlappos and Sasse, 2011 ) Home warranty Emails that are trying to scare you into take out an home insurance policy with the purpose to collect personal information Recurring No ...…”

Section: Methodsmentioning

confidence: 99%

The development of phishing during the COVID-19 pandemic: An analysis of over 1100 targeted domains

Hoheisel¹,

Capelleveen²,

Sarmah³

et al. 2023

Computers & Security

View full text Add to dashboard Cite

“…Usually, spam emails are regularly ignored by receivers and might be blocked by spam email filtration. Hence, disingenuous emails must disguise themselves in a way where the chance that their payload will be delivered and acted upon, is optimized [34]. The main approach to Disingenuous spam emails is to seem legitimate.…”

Section: Spam Emailsmentioning

confidence: 99%

Training a Logistic Regression Machine Learning Model for Spam Email Detection Using the Teaching-Learning-Based-Optimization Algorithm

Berrou¹,

Kalbani²,

Antonijevic³

et al. 2023

Proceedings of the 1st International Conference on Innovation in Information Technology and Business (ICIITB 2022)

View full text Add to dashboard Cite

Spam and emails have always been intrinsically linked since the creation of the Advanced Research Projects Agency Network, otherwise known as (ARPANET). The latter witnessed, on May 3rd, 1978, the first known spam email to date. Today, spam emails negatively affect the users' productivity and private lives. A significant number of approaches emerged in the past two decades that deal with the spam detection problem, with limited success. Therefore, the current paper presents an intelligent and automated solution to spam email detection using a logistic regression model trained by a teaching-learning-based optimization algorithm. The proposed solution has been tested on two benchmark spam email datasets (CSDMC2010 and TurkishEmail), and evaluated against seven other contending cutting-edge metaheuristics utilized in the same experimental setup. The simulation outcomes without a doubt indicate the superior level of accuracy achieved by the proposed solution.

show abstract

A review of spam email detection: analysis of spammer strategies and the dataset shift problem

Cited by 56 publications

References 107 publications

Assessing the effects of data drift on the performance of machine learning models used in clinical sepsis prediction

Assessing the effects of data drift on the performance of machine learning models used in clinical sepsis prediction

The development of phishing during the COVID-19 pandemic: An analysis of over 1100 targeted domains

Training a Logistic Regression Machine Learning Model for Spam Email Detection Using the Teaching-Learning-Based-Optimization Algorithm

Contact Info

Product

Resources

About