Visualizing geolocation of spam email

Asmah Muallem, Tennessee State University


Viruses and phishing scams, as a result of spam, are increasingly becoming numerous. Spontaneous methods used by spammers present a threat in spam prevention. Tools for spam identification and prevention are increasing but lack presentation fundamentals. A primary concern is lack of tools to effectively analyze spammer location information from online databases. A security visualization framework based on the integration of MaxMind and WhoIS databases; and the Google Maps API is developed in this thesis. The security visualization framework provides a central one stop location for visualizing spam email origination and activity. An extensible framework with the capability for additional resources for further analysis is developed. Reducing time spent by network analysts for spam analysis was the focus of this work. Requirements for the system and each subsystem were constructed along with the consideration of alternatives for each subsystem. Requirements were validated through the testing of the system. Requirements overall focused on system ease of use and time reduction in the spam analysis process. Development and implementation integrated MaxMind, Who IS, and raw real-time spam emails to provide a visualization of spam origination and spam activity using a Google Map, Google Map markers, info windows, and polygons. Three major subsystems were used for the implementation; 1) Data Acquisition Subsystem (collects spam emails for a period of time) 2) Database Design Subsystem (processes spam email, retrieves geographical information and Who IS information while analyzing and storing results) and 3) Visualization Subsystem (retrieves processed data from database and manipulates Google map controls to display visualization). Testing of the system identified spammer spatial patterns such as spammers distributing spam from one location and one registered ISP or host using different email addresses. Testing also identified locations were there was a variance in spam such as regions where multiple spam emails were distributed from. Extra time and more data can provide temporal patterns by spammers. A security visualization tool with a user friendly interactive interface integrating common databases was proven effective in determining patterns of spam activity. Providing one tool with multiple functionalities also reduces time spent by network analysts due to the simplicity of comprehending displayed spam activity data. ISPs can benefit from this tool by identifying spam activity initiated through their network and can take the appropriate law measures. Users can also benefit from this tool by visualizing spam activity from their email and take appropriate measures to prevent fraud, phishing scams, or viruses which can harm them.

Subject Area

Information science

Recommended Citation

Asmah Muallem, "Visualizing geolocation of spam email" (2012). ETD Collection for Tennessee State University. Paper AAI1533530.