A Linguistics-Based Attack on Personalised Statistical E-mail Classifiers

We present a potential vulnerability of personalised anti-spam filters where an attacker sends carefully constructed e-mail messages with the goal of negatively affecting classifier accuracy. Words from the core of the English language are randomly "injected" into spam e-mails for the express purpose of manipulating the probability tables of a naive Bayesian classifier. This attack method is shown to be successful in reducing classifier accuracy within a laboratory environment. Barriers to a real-world implementation and potential countermeasures are discussed.