Behavior analysis of Spam Botnets

Husna, Husain; Phithakkitnukoon, Santi; Palla, Srikanth and Dantu, Ram (2008). Behavior analysis of Spam Botnets. In: 3rd International Conference on Communication Systems Software and Middleware (COMSWARE 2008) , 6-10 January 2008, Bangalore, India.

Full text available as:

Due to copyright restrictions, this file is not available for public download Click here to request a copy from the OU Author.

DOI (Digital Object Identifier) Link:	http://dx.doi.org/doi:10.1109/COMSWA.2008.4554418
Google Scholar:	Look up in Google Scholar

Abstract

Compromised computers, known as bots, are the major source of spamming and their detection helps greatly improve control of unwanted traffic. In this work we investigate the behavior patterns of spammers based on their underlying similarities in spamming. To our knowledge, no work has been reported on identifying spam botnets based on spammerspsila temporal characteristics. Our study shows that the relationship among spammers demonstrates highly clustering structures based on features such as content length, time of arrival, frequency of email, active time, inter-arrival time, and content type. Although the dimensions of the collected feature set is low, we perform principal component analysis (PCA) on feature set to identify the features which account for the maximum variance in the spamming patterns. Further, we calculate the proximity between different spammers and classify them into various groups. Each group represents similar proximity. Spammers in the same group inherit similar patterns of spamming a domain. For classification into Botnet groups, we use clustering algorithms such as Hierarchical and K-means.We identify Botnet spammers into a particular group with a precision of 90%.

Item Type:	Conference Item
Copyright Holders:	2007 IEEE
Funders:	National Science Foundation (NSF)
Academic Unit/Department:	Mathematics, Computing and Technology
Related URLs:	http://ieeexplore.ieee.org/xpls/abs_all....
Item ID:	35306
Depositing User:	Santi Phithakkitnukoon
Date Deposited:	13 Nov 2012 16:11
Last Modified:	15 Nov 2012 22:54
URI:	http://oro.open.ac.uk/id/eprint/35306

Actions (login may be required)

	View Item
RDF+XMLBibTeXRDF+N-TriplesJSONDublin CoreAtomOAI-ORE Resource Map (Atom Format)Simple MetadataReferMETSOAI-ORE Resource Map (RDF Format)HTML CitationASCII CitationMultiline CSVRefMan RIS Format (UTF-8)OpenURL ContextObjectEndNoteMODSOpenURL ContextObject in SpanMPEG-21 DIDLEP3 XMLRefMan RIS FormatRDF+N3Eprints Application Profile	Public: Report issue / request change