Image spam

From HandWiki
Short description: Type of email spam
Fig. 1. Example of a clean spam image
Fig. 2. Examples of obfuscated spam images to evade OCR-based and signature-based detection
Fig. 3. Average size of spam versus percentage of image spam[1]
Fig. 4. Average size of spam versus percentage of image and ZIP/RAR spam (2011-2012, per week)[2]

Image-based spam,[3][4] or image spam, is a kind of email spam where the textual spam message is embedded into images, that are then attached to spam emails.[5] Since most of the email clients will display the image file directly to the user, the spam message is conveyed as soon as the email is opened (there is no need to further open the attached image file).

Technique

The goal of image spam is clearly to circumvent the analysis of the email’s textual content performed by most spam filters[5] (e.g., SpamAssassin, RadicalSpam, Bogofilter, SpamBayes). Accordingly, for the same reason, together with the attached image, often spammers add some “bogus” text to the email, namely, a number of words that are most likely to appear in legitimate emails and not in spam. The earlier image spam emails contained spam images in which the text was clean and easily readable, as shown in Fig. 1.

Detection

Consequently, optical character recognition tools were used to extract the text embedded into spam images, which could be then processed together with the text in the email’s body by the spam filter, or, more generally, by more sophisticated text categorization techniques.[3][6] Further, signatures (e.g., MD5 hashing) were also generated to easily detected and block already known spam images. Spammers in turn reacted by applying some obfuscation techniques to spam images, similarly to CAPTCHAs, both to prevent the embedded text to be read by OCR tools, and to mislead signature-based detection. Some examples are shown in Fig. 2.

This raised the issue of improving image spam detection using computer vision and pattern recognition techniques.[3][4][7][8]

In particular, several authors investigated the possibility of recognizing image spam with obfuscated images by using generic low-level image features (like number of colours, prevalent colour coverage, image aspect ratio, text area), image metadata, etc.[7][8][9][10] (see[4] for a comprehensive survey). Notably, some authors also tried detecting the presence of text in attached images with artifacts denoting an adversarial attempt to obfuscate it.[11][12][13][14]

History

Image spam started in 2004 and peaked at the end of 2006, when over 50% of spam was image spam. In mid-2007, it started declining, and practically disappeared in 2008.[1] The reason behind this phenomenon is not easy to understand. The decline of image spam can probably be attributed both to the improvement of the proposed countermeasures (e.g., fast image spam detectors based on visual features), and to the higher requirements in terms of bandwidth of image spam that force spammers to send a smaller amount of spam over a given time interval. Both factors might have made image spam less convenient for spammers than other kinds of spam. Nevertheless, at the end of 2011 a rebirth of image spam was detected, and image spam reached 8% of all spam traffic, albeit for a small period.[2]

See also

References

  1. 1.0 1.1 IBM X-Force® 2010, Mid-Year Trend and Risk Report (August 2010).
  2. 2.0 2.1 IBM X-Force® 2012, Mid-Year Trend and Risk Report (September 2012).
  3. 3.0 3.1 3.2 Giorgio Fumera, Ignazio Pillai, Fabio Roli,"Spam filtering based on the analysis of text information embedded into images". http://jmlr.csail.mit.edu/papers/v7/fumera06a.html.  Journal of Machine Learning Research (special issue on Machine Learning in Computer Security), vol. 7, pp. 2699-2720, 12/2006.
  4. 4.0 4.1 4.2 Battista Biggio, Giorgio Fumera, Ignazio Pillai, Fabio Roli,Biggio, Battista; Fumera, Giorgio; Pillai, Ignazio; Roli, Fabio (2011). "A survey and experimental evaluation of image spam filtering techniques, Pattern Recognition Letters". Pattern Recognition Letters 32 (10): 1436–1446. doi:10.1016/j.patrec.2011.03.022.  Volume 32, Issue 10, 15 July 2011, Pages 1436-1446, ISSN 0167-8655.
  5. 5.0 5.1 Li, Siyuan; Li, Ruiguang; Xu, Yuan; Zhou, Hao; Yan, Hanbing; Xu, Bin; Zhang, Honggang (2018-09-01). "WAF‐Based Chinese Character Recognition for Spam Image Filtering" (in en). Chinese Journal of Electronics 27 (5): 1050–1055. doi:10.1049/cje.2018.06.014. ISSN 1022-4653. 
  6. "Bayes OCR Spam Assassin's Plugin". http://pralab.diee.unica.it/en/BayesOCR. 
  7. 7.0 7.1 Aradhye, H., Myers, G., Herson, J. A., 2005. Image analysis for efficient cat egorization of image-based spam e-mail. In: Proc. Int. Conf. on Document Analysis and Recognition, pp. 914–918.
  8. 8.0 8.1 Dredze, M., Gevaryahu, R., Elias-Bachrach, A., 2007. Learning fast classifiers for image spam. In: Proc. 4th Conf. on Email and Anti-Spam (CEAS)
  9. Wu, C.-T., Cheng, K.-T., Zhu, Q., Wu, Y.-L., 2005. Using visual features for anti-spam filtering. In: Proc. IEEE Int. Conf. on Image Processing, Vol. III.pp. 501–504.
  10. Liu, Q., Qin, Z., Cheng, H., Wan, M., 2010. Efficient modeling of spam images. In: Int. Symp. on Intelligent Information Technology and Security Informatics. IEEE Computer Society, pp. 663–666.
  11. "Fuzzy - OCR Spam Assassin's Plugin". http://wiki.apache.org/spamassassin/FuzzyOcrPlugin. 
  12. Battista Biggio, Giorgio Fumera, Ignazio Pillai, Fabio Roli , "Image Spam Filtering Using Visual Information", 14th Int. Conf. on Image Analysis and Processing (ICIAP 2007), Modena, Italy, IEEE Computer Society, pp. 105--110, 10/09/2007.
  13. Fabio Roli, Battista Biggio, Giorgio Fumera, Ignazio Pillai, Riccardo Satta , "Image Spam Filtering by Detection of Adversarial Obfuscated Text", Workshop on Neural Information Processing Systems (NIPS), Whistler, British Columbia, Canada, 08/12/2007.
  14. Battista Biggio, Giorgio Fumera, Ignazio Pillai, Fabio Roli , "Improving Image Spam Filtering Using Image Text Features", Fifth Conference on Email and Anti-Spam (CEAS 2008), Mountain View, CA, USA, 21/08/2008.