Weblog Spam and Adversarial Classification

Dr. Dave, author of the Spam Karma WordPress antispam plugin, has posted an interesting article about new weblog-spammer tactics:

These spams do not present most of the idiotic traits of their lower colleagues: they do not try cramming hundreds of URLs or inserting hundreds of easily spotted junk keywords in the comment content. Instead, they use only the dedicated name and homepage fields to sneak in spam URL and keywords. The comment content is often perfectly innocuous, sometimes even topical (by copying parts of another comment or a trackbacking post). All in all, these spams could easily be missed by a human moderator who wouldn’t look carefully at the contact name and URL.

(Thanks to Kelson Vibber for the pointer to this.)

In other words, he is noting what we noticed in email anti-spam; that what works well one year, is likely to degrade over time as the spammers attempt to evade it, and one has to keep working to keep up.

The best term for this appears to be adversarial classification. Anti-spam activities fall into this category, and it often means that classic text classification algorithms aren’t suitable — after all, the Reuters-21578 dataset never tried to evade your classifier ;)

In a similar vein, this MS research paper is interesting:

Previous work on adversarial classification has made the unrealistic assumption that the attacker has perfect knowledge of the classifier. …. We present efficient algorithms for reverse engineering linear classifiers with either continuous or Boolean features and demonstrate their effectiveness using real data from the domain of spam filtering.

It’s akin to John Graham-Cumming’s work looking into how a spammer could get past a bayesian filter “from the outside”, but with more techniques, and examining MS’ MaxEnt algorithm, too. PDF here, well worth a read.

(By the way, I’m in the process of moving house, so if you send me an email, it may take a while for me to reply. This situation is likely to prevail for the next few weeks, for what it’s worth — fun.)

This entry was posted in Uncategorized and tagged , , , , , , . Bookmark the permalink. Both comments and trackbacks are currently closed.


  1. Posted January 31, 2006 at 01:20 | Permalink

    I’ve been seeing this kind of comment spam appearing over the last few weeks. If you aren’t careful it’s very easy to think that it’s a genuine comment. The other differenciator, at least in my experience, is that they target more recent posts, whereas the “fire and forget” pharmaceutical junk seems to be focussed on much older posts. In my case this is very annoying as any spam comments will get “link love” as I have removed the “nofollow” tag from my comments, as most people making comments should get spidered

  2. Posted March 12, 2008 at 18:17 | Permalink

    An interesting fact in spam email as adversarial classification is that the better the spammers disguise the message to avoid detection, the harder is that users get the message and do the action. For instance, embedding an URL into an image will make more dificult for the user to click on it. The paper by Bowei Xi et al. discusses it.

    However, the better a comment spam is disguised, the better it works. This is because they are not intended for human readers, but for search engine bots and link-based ranking algorithms. I believe this is a fundamental difference.