In this thesis, we propose a novel spam zombie detection method by presenting a new real-time machine learning based spam filtering technique that uses the Spamhaus blacklist to learn SMTP transactional behaviour of spam zombies. Specifically our technique was implemented as a single layer perceptron plug-in that learns the behaviour of spam zombies and makes decisions as to whether an incoming source is likely to send spam or not. We also created and integrated a reverse DNS module into our design to prevent spammers from forging legitimate domains and making it difficult for them to overcome our technique. Our technique was deployed on a large corporate network, where we were able to demonstrate that our technique was able to generalize the Spamhaus list. In addition, this was accomplished without any increase in false positives. |