Spam email automated analysis and classification are a challenging task, which is vital in the identification of botnet structures and cybercrime fighting. In this work, we propose an automated methodology and the resulting framework based on innovative categorical divisive clustering, used both for grouping and for classification of spam messages. In particular, the grouping is exploited to identify campaigns of similar spam emails, while the classification is used to label specific emails according to the goal of spammer (e.g., phishing, malware distribution, advertisement, etc.). This work introduces the CCTree algorithm, both as clustering algorithm and as classification algorithm, in two operative modes: batch and dynamic, to handle both large data sets and data streams. Afterward, the CCTree is applied to large sets of spam emails for campaign identification and labeling. The performance of the algorithm is reported for both clustering and classification, and a comparison between the batch and dynamic approaches is presented and discussed.

中文翻译：

---

数字垃圾处理：垃圾邮件分析的自动化框架

垃圾邮件的自动分析和分类是一项艰巨的任务，这对于识别僵尸网络结构和打击网络犯罪至关重要。在这项工作中，我们提出了一种自动化的方法，并基于创新的分类分裂聚类结果框架，将其用于垃圾邮件的分组和分类。特别地，利用该分组来识别类似垃圾邮件的活动，而根据垃圾邮件发送者的目标（例如，网络钓鱼，恶意软件分发，广告等），使用该分类来标记特定的电子邮件。这项工作以批处理和动态两种操作模式介绍了CCTree算法（作为聚类算法和分类算法），以批处理和动态两种方式处理大型数据集和数据流。之后，CCTree应用于大量垃圾邮件，以进行活动标识和标记。报告了聚类和分类算法的性能，并介绍和讨论了批处理和动态方法之间的比较。