Identifying IP Blocks with Spamming Bots by Spatial Distribution
نویسندگان
چکیده
In this letter, we develop a behavioral metric with which spamming botnets can be quickly identified with respect to their residing IP blocks. Our method aims at line-speed operation without deep inspection, so only TCP/IP header fields of the passing packets are examined. However, the proposed metric yields a high-quality receiver operating characteristics (ROC), with high detection rates and low false positive rates. key words: botnet, spamming, identification, detection, false positive
منابع مشابه
Spamming Botnets: Are we losing the war?∗
In this work, we examine the spamming activity of the IP space over time, and observe a worrisome phenomenon: spamming botnets are more widely and thinly spread in the IP space over the last four years. We find that (a), a previouslyunreported IP space (113.* 126.*) has become a major source of spamming activity, and (b), the spamming activity is more equally distributed among IP addresses. Thi...
متن کاملA Browser Malware Taxonomy
This restriction of IP space for mail solves one problem but it doesn’t solve others. On the one hand, it makes management of IPs scalable for machines that are bots. Today, most spam is sent from botnets. However, botnets do not always send out all of their spam directly – many bots compromise legitimate mail hosts or email accounts and send out spam that way, or create a throwaway account at ...
متن کاملAnalysis and Detection of Botnets and Encrypted Tunnels
A botnet is a collection of compromised systems. A botnet has a bot-master which identifies the vulnerable systems and compromises them by injecting a malware code and remotely controls all these compromised systems using Command-andControl Infrastructure. These compromised systems are bots. Thus, a botnet is a network of bots. These bots receive commands from bot-master to perform various mali...
متن کاملRevealing Botnet Membership Using DNSBL Counter-Intelligence
Botnets—networks of (typically compromised) machines—are often used for nefarious activities (e.g., spam, click fraud, denial-of-service attacks, etc.). Identifying members of botnets could help stem these attacks, but passively detecting botnet membership (i.e., without disrupting the operation of the botnet) proves to be difficult. This paper studies the effectiveness of monitoring lookups to...
متن کاملBOTMAGNIFIER: Locating Spambots on the Internet
Unsolicited bulk email (spam) is used by cybercriminals to lure users into scams and to spread malware infections. Most of these unwanted messages are sent by spam botnets, which are networks of compromised machines under the control of a single (malicious) entity. Often, these botnets are rented out to particular groups to carry out spam campaigns, in which similar mail messages are sent to a ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IEICE Transactions
دوره 93-B شماره
صفحات -
تاریخ انتشار 2010