Example of getAffordances function used by spammer agent to explore the value of new capabilities (e.g. image spam) to avoid detection 

Contexts in source publication

Context 1

... an inventive problem solving technique, the spammer could use this pattern to evaluate specific alternative capabilities that would fit. Among the alternatives is the capability to convert text to images. Because text-only spam filters ignore the content of images, this method almost completely bypasses the filter. This can be described in the following pattern language syntax: We would expect that both d and r would significantly increase, dramatically increasing spammer profit π . In a simulation, the spammer agent would discover these implications by invoking the getAffordance and evaluateAffordance functions described previously in section 2. The following is a description of the inputs, outputs and relationships of getAffordance, shown in Figure 5 for this example. The performance dimension is d , the ratio of emails delivered to emails sent. The capability being queried is ‘evade filters’ which provide the affordance ‘avoid detection’. (These names refer back to the formal ontology used in this model. Computationally, they are simply object names that encapsulate the specifics of the contextual affordance algorithms.) The spammer agent provides a list of inputs, α , that describe the specific context of this capability. This includes the set of functions E , which are used to evade filters. These include combinations of email formats (e.g. plain text, HTML, CSS, image, JavaScript, etc.) and evasion methods (e.g. bad word obfuscation, good word insertion, tokenization avoidance, etc.). The other agent inputs describe the sophistication of the capability relative to other capabilities (i.e. ‘novelty’, ‘effectiveness’, ‘automation’) or describe the learning required to master the capability (i.e. ‘accumulated experience’, ‘testing resources’) ...

Context 2

... other input, describes from the defensive capability of spam filters, again specified in term of the email formats and evasion methods they cover, and their relative effectiveness for each combination. There are two outputs: the performance range function R and the learning function L , which are portrayed graphically in Figure 5. The performance range function can take one of two shapes, labeled by the shape parameter φ . Both function variations have a minimum d  , representing the entry-level performance with no experience, and a  maximum d , representing the highest level of performance when the capability is fully mastered by tuning and learning-by-doing. In this example, d is simply the mean of a Gaussian probability distribution, but it could include other parameters. The first function shape applies to all combinations of filter capabilities. The second function shape applies only to specific filter capabilities, as in the case of image spam. The whole idea behind the innovation of image spam is that it introduces a format not previously covered by spam filters, or not covered well. The learning function L is a function of time and has two shapes specified by λ – inverse negative exponential and sigmoid. The learning function specifies the rate that performance will improve from minimum to maximum given a constant investment in learning. Finally, the arrows show how the inputs influence the outputs. E influences the domain of the performance range function. ‘Novelty’, ...