Corresponding author: Marcia Henke ( henke@redes.ufsm.br ) Corresponding author: Eulanda Santos ( emsantos@icomp.ufam.edu.br ) Corresponding author: Eduardo Souto ( esouto@icomp.ufam.edu.br ) Corresponding author: Altair O Santin ( santin@ppgia.pucpr.br ) © Marcia Henke, Eulanda Santos, Eduardo Souto, Altair O Santin. This is an open access article distributed under the terms of the Creative Commons Attribution License (CC BY-ND 4.0). This license allows reusers to copy and distribute the material in any medium or format in unadapted form only, and only so long as attribution is given to the creator. The license allows for commercial use. Citation:
Henke M, Santos E, Souto E, Santin AO (2021) Spam Detection Based on Feature Evolution to Deal with Concept Drift. JUCS - Journal of Universal Computer Science 27(4): 364-386. https://doi.org/10.3897/jucs.66284 |
Electronic messages are still considered the most significant tools in business and personal applications due to their low cost and easy access. However, e-mails have become a major problem owing to the high amount of junk mail, named spam, which fill the e-mail boxes of users. Several approaches have been proposed to detect spam, such as filters implemented in e-mail servers and user-based spam message classification mechanisms. A major problem with these approaches is spam detection in the presence of concept drift, especially as a result of changes in features over time. To overcome this problem, this work proposes a new spam detection system based on analyzing the evolution of features. The proposed method is divided into three steps: 1) spam classification model training; 2) concept drift detection; and 3) knowledge transfer learning. The first step generates classification models, as commonly conducted in machine learning. The second step introduces a new strategy to avoid concept drift: SFS (Similarity-based Features Se- lection) that analyzes the evolution of the features taking into account similarity obtained between the feature vectors extracted from training data and test data. Finally, the third step focuses on the following questions: what, how, and when to transfer acquired knowledge? The proposed method is evaluated using two public datasets. The results of the experiments show that it is possible to infer a threshold to detect changes (drift) in order to ensure that the spam classification model is updated through knowledge transfer. Moreover, our anomaly detection system is able to perform spam classification and concept drift detection as two parallel and independent tasks.