

Research on Theory of Spam Filtering and Its Key Techniques

【作者】 刘震

【导师】 周明天;

【作者基本信息】 电子科技大学 , 计算机应用技术, 2008, 博士

【摘要】 作为Internet的重大“灾难”之一,日益泛滥的垃圾邮件问题引起了人们的普遍关注。自上世纪80年代中期出现首封垃圾邮件以来,各种反垃圾邮件策略与技术也应运而生并得到了迅速发展,至今方兴未艾。然而,研究反垃圾邮件问题已经逐渐把研究者引入到了一个“不确定性花园”。由于对垃圾邮件的判别存在着主观和客观上的不确定性,造成了目前针对垃圾邮件的机器自动分类和过滤技术存在较大的性能瓶颈。经过多年的研究,有很多学者已经注意到利用不确定智能计算技术可以在一定程度上较好地处理实际工程应用中的某些不确定性推理问题,虽然相关研究尚不成熟,但正如很多研究者相信上帝并不是简单地通过掷骰子来创造人类一样,不确定性背后的某些奇妙的确定性规律正吸引着人们不懈地深入探索,并取得了阶段性的研究成果。本文认为不确定智能计算技术在某些层面上,同样可以有效处理垃圾邮件识别过程中存在的诸多主观和客观不确定性问题,因此研究不确定计算理论并应用相关理论改进现有邮件过滤算法和设计新的邮件过滤算法成为了本文的工作重点。不确定智能计算技术的引入,使研究反垃圾邮件问题成为了一件充满乐趣又富有挑战的工作。本文在全面吸取和借鉴目前在不确定智能计算领域和反垃圾邮件领域取得的最新技术成果的基础上,从理论和应用两个层面,深入细致地研究了不确定智能计算理论和反垃圾邮件技术。取得了如下的主要研究成果,包括:1、系统地分析了垃圾邮件问题的背景,指出研究反垃圾邮件技术的理论价值和现实意义。通过跟踪国内外反垃圾邮件技术的最新进展,较全面地归纳概括了现有反垃圾分类技术的发展状况,比较分析了各种方法的优点和不足。指出基于统计理论的不确定智能学习和分类方法是值得深入研究,并能够提高反垃圾邮件技术水平的重要理论手段。2、深入地研究了Bayesian网络理论,提出了一些改进和创新的方法。(1)对于一般复杂网络,提出了一种基于全局消息传播的PPJT算法。新算法可以将推理计算的时间复杂度有效降低,同时能够在较小规模观察样本条件下,保证一般复杂贝叶斯网络推理的精度需求。(2)对于Polytree条件下的复杂Bayesian网络,考虑将推理算法扩展到多机模式,通过分析Polytree条件下的中大型贝叶斯网络的结构,定义新的适用于多处理机环境下的并行证据处理格式,并提出基于多处理机的并行推理算法,为提高Polytree条件下中大型贝叶斯网络的全局证据传播效率提供了一种并行解决方案。(3)研究了不完备证据条件下的参数学习问题,基于标准似然函数构建证据丢失的计算模型,利用χ2距离近似估计证据丢失导致的误差距离,推导出了包含学习率的EM算法。实验结果表明,新算法与传统处理算法相比,在不降低估计精度的前提下具有更快的收敛速度,能够较好地保证不完备证据条件下可信高效的Bayesian网络参数估计。3、提出了一种包含核函数的Bayesian参数估计方法,提高了Bayesian参数估计的实用性。结合邮件内容和报文格式两个方面分析和提取邮件的重要特征,建立了对应的Bayesian邮件分类网络。将包含核函数的Bayesian参数估计方法应用到邮件分类网络,在对不同邮件测试集的在线学习试验结果证明,这种新的分类模型能够比较有效地实现垃圾邮件的分类过滤。4、尝试采用拟合Logistic Regression模型对邮件分类问题建模,并在建模的过程中通过引入偏依赖系数函数模拟了邮件过滤中的偏依赖特性。在不同邮件样本集中的实验结果显示,新的邮件分类模型对垃圾邮件的误报误差和漏报误差具有良好的不对称区分性,因而从算法的层次上实现了具有偏依赖特征的邮件分类器。5、为了规避目前反垃圾邮件技术在文本关联和内容理解方面所存在的诸多困难,提出从另一个角度研究垃圾邮件分类过滤问题,即从垃圾邮件发送者的行为模式角度出发研究邮件类别。通过从邮件发送者的行为紧密相关的邮件特征提取对应特征向量,并应用支持向量机的方法构建分类函数,提出一种基于行为特征的垃圾邮件模式分类模型。经过仿真实验我们发现采用这种全新的行为特征分类模型判定邮件的类别具有较精确的判定效果和较强的鲁棒性。6、构建了一个位于邮件服务器前端的、多层次的垃圾邮件过滤系统—SpamWeeder。SpamWeeder系统集成了本文提出的基于多级属性集的Naive Bayes邮件分类,基于Bayesian网络的邮件分类,基于Logistic回归模型的邮件分类和基于行为特征的邮件分类等多种方法,各种方法之间相互协作、互相补充,形成一个比较准确、快速、高效、易管理和满足不同个性化要求的反垃圾邮件过滤系统。

【Abstract】 Nowadays, spam flood has become one of the Internet disasters and aroused people’s wide attentions. Since the first spam sprung out in the middle of 1980s, various anti-spam strategies and techniques came alone with it and developed rapidly till today. However, Investigations on anti-spam problems have trapped researchers into an“uncertainty garden”. Subjective and objective uncertainties universally existed in discriminating spams have caused big performance bottlenecks on available automated machine classification and filtering methods. On the other hand, after decade years research, people have found in some extent that uncertain intelligent computing techniques are able to handle some uncertain problems in practical engineering applications. Althrough the theory is not perfect, researchers still keep exploring the rules behind the uncertainties and have achieved phased successful results since they believe God would not simply toss dice to create human beings. We also consent that uncertain intelligent computing techniques could well handle those subjective and objective uncertainties for discriminating spams from some aspects. Therefore, researching on uncertain intelligent computing theories and applying them into the area of anti-spam become the vital job of this dissertation. The involvement of the uncertain intelligent computing theories makes the research on spam filtering become a job which is full of challenges and delights.This dissertation utilizes and assimilates lastest achievements comprenhendly in uncertain intelligent computing and spam filtering. From two aspacts including theory and applicaton, investigations on uncertain intelligent computing and spam filtering are made deeply and carefully. The main research results and innovations can be conluded as follows:(1)The background of the spam issue is systematically analyzed, and the academic importance and practical value to investigate the spam issue is emphasized as well. By tracing the latest progress in spam filtering area, comparisons among various popular anti-spam approaches are made. According to the comparisons and our analysis, we conclude that uncertain intelligent computing theories based on statistics are feasible tools to improve spam filtering system’s performance and worth investigating carefully.(2)Advanced approachs and innovative methods on Bayesian network are proposed. Firstly, for less complicated network, a PPJT algorithm based on global message propagation is proposed. New algorithm is able to decrease the time complexity and ensure the precision requirement in a less complicated network under small scale of samples input. Secondly, for Polytree-featured complicated network, extending inference algorithm to multi-machine mode is considered. By analyzing the structure of Polytree-featured complicated Bayesian network and defining new parallel evidence format which is suitable for multi-machine environment, a parallel inference algorithm is proposed which can well improve evidence propagation performance in a large Bayesian network with Polytree structure. Finally, parameter learning under incomplete evidence input is investigated. By applying a standard likelihood function to construct evidence-loss computing model and usingχ2 distance to estimate error disatance caused by evidence loss, an EM algorithm contained learning ratio is derived. Compared with traditional processing method, new algorithm can converge much faster without precision degradation and ensure a trusted Bayesian network parameter estimation under incomplete evidence input.(3) A kernel function-based Bayesian parameter estimation approach is proposed which is able to make the parameter estimation more applicable. Combined with the both sides of email content and format, a Bayesian network for spam classification is well constructed. The testing results by on-line learning for different email testing sets prove that the new model can ensure the classification and filtering efficiently by applying the kernel function-based Bayesian parameter estimation approach into the classification network.(4) An advanced fitted logistic regression model is considered to implement email classifier training. By introducing a coefficient function, characteristic of partial dependency(CPD) is well imitated while modeling. The testing results by various email testing sets indicate that the new model has much stronger response sensitivity on false positvie than on false negative and therefore realize a new email classifier with CPD at the algorithm level.(5) As to avoid various difficulties that content-based spam filters have encountered before, spam categorization method is researched from another point of view, namely spammers’behaviors mode. The new categrazation model is well constructed by extracting and selecting an email feature vector which is closely related to spammer’s behavior features and applying SVM method to generate a classification function. After carefully model design and simulation tests, we found that the new categorization model is accurate and robust for spam discrimination.(6) A spam filtering system, SpamWeeder, which is located at the front end of the email server with multi-layer structures is well designed. SpamWeeder system has integrated Naive Bayes email classification based on multi-level attribute set, email classification based on Bayeisan network, email classification based on feature of spammer’s behaviors, and email classification based on logistic regression model which have been brought forward in this dissertation. With coordination and collaboration of these approaches mentioned above, SpamWeeder is easy to manage and meet individual requirements and can archieve precise, fast and efficient performance as well.
