Hot Zone Identification: Analyzing Effects of Data Sampling on Spam Clustering

• Main Authors: Rasib Khan, Mainul Mizan, Ragib Hasan, Alan Sprague
• Format: Article
• Language: English
• Published: Association of Digital Forensics, Security and Law 2014-03-01
• Series: Journal of Digital Forensics, Security and Law
• Online Access: http://ojs.jdfsl.org/index.php/jdfsl/article/view/251

<span style="font-family: 'Times New Roman','serif'; font-size: 11pt; mso-fareast-font-family: Calibri; mso-ansi-language: EN-GB; mso-fareast-language: EN-US; mso-bidi-language: AR-SA;" lang="EN-GB">Email is the most common and comparatively the most efficient means of exchanging information in today's world. However, given the widespread use of emails in all sectors, they have been the target of spammers since the beginning. Filtering spam emails has now led to critical actions such as forensic activities based on mining spam email. The data mine for spam emails at the University of Alabama at Birmingham is considered to be one of the most prominent resources for mining and identifying spam sources. It is a widely researched repository used by researchers from different global organizations. The usual process of mining the spam data involves going through every email in the data mine and clustering them based on their different attributes. However, given the size of the data mine, it takes an exceptionally long time to execute the clustering mechanism each time. In this paper, we have illustrated sampling as an efficient tool for data reduction, while preserving the information within the clusters, which would thus allow the spam forensic experts to quickly and effectively identify the ‘hot zone’ from the spam campaigns. We have provided detailed comparative analysis of the quality of the clusters after sampling, the overall distribution of clusters on the spam data, and timing measurements for our sampling approach. Additionally, we present different strategies which allowed us to optimize the sampling process using data-preprocessing and using the database engine's computational resources, and thus improving the performance of the clustering process</span>.