JUCS - Journal of Universal Computer Science 27(4): 364-386, doi: 10.3897/jucs.66284
Spam Detection Based on Feature Evolution to Deal with Concept Drift
expand article infoMarcia Henke, Eulanda Santos§, Eduardo Souto§, Altair O Santin|
‡ Federal University of Santa Maria, Santa Maria, Brazil§ Federal University of Amazonas, Manaus, Brazil| Pontifical Catholic University of Paraná, Curitiba, Brazil
Open Access

Electronic messages are still considered the most significant tools in business and personal applications due to their low cost and easy access. However, e-mails have become a major problem owing to the high amount of junk mail, named spam, which fill the e-mail boxes of users. Several approaches have been proposed to detect spam, such as filters implemented in e-mail servers and user-based spam message classification mechanisms. A major problem with these approaches is spam detection in the presence of concept drift, especially as a result of changes in features over time. To overcome this problem, this work proposes a new spam detection system based on analyzing the evolution of features. The proposed method is divided into three steps: 1) spam classification model training; 2) concept drift detection; and 3) knowledge transfer learning. The first step generates classification models, as commonly conducted in machine learning. The second step introduces a new strategy to avoid concept drift: SFS (Similarity-based Features Se- lection) that analyzes the evolution of the features taking into account similarity obtained between the feature vectors extracted from training data and test data. Finally, the third step focuses on the following questions: what, how, and when to transfer acquired knowledge? The proposed method is evaluated using two public datasets. The results of the experiments show that it is possible to infer a threshold to detect changes (drift) in order to ensure that the spam classification model is updated through knowledge transfer. Moreover, our anomaly detection system is able to perform spam classification and concept drift detection as two parallel and independent tasks.

Computer Security Network, Machine Learning, Concept Drift