Applying collaborative anti-spam techniques to anti-virus

Adam J. O'Donnell, Vipul Ved Prakash Cloudmark Inc.

One of the most effective techniques available for combating spam is the widespread application of collaborative filtering, where members of a community submit votes as to whether or not a piece of content is spam. The success of such a system is contingent upon the assumption that individual users can, with high accuracy, determine the difference between a piece of spam and a piece of legitimate mail. It is non-obvious that this assumption will also hold true for email-borne malware threats, whose sole indicator is often the presence of an attachment on a seemingly legitimate email.

In this paper we present data and analysis of our successes in applying a collaborative filter originally designed for anti-spam to the anti-virus problem. Our results from specific case studies will be discussed, including the CME-24 outbreak of early 2006. We show that not only is a collaborative filter effective for filtering viruses, the large number of participants allow the filter to begin acting on the virus within minutes of its initial sighting with an extremely low false positive rate.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.