Traffic shaping of spam botnets

Husna, Husain; Phithakkitnukoon, Santi and Dantu, Ram (2008). Traffic shaping of spam botnets. In: 5th IEEE Consumer Communications and Networking Conference (CCNC 2008), 10-12 January 2008, Las Vegas.

Full text available as:

Due to copyright restrictions, this file is not available for public download Click here to request a copy from the OU Author.

URL:	http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?tp=...
DOI (Digital Object Identifier) Link:	http://dx.doi.org/doi:10.1109/ccnc08.2007.181
Google Scholar:	Look up in Google Scholar

Abstract

Compromised computers, known as bots, are the major source of spamming. Detecting them can help greatly improve control of unwanted traffic. In this paper, we develop a traffic control mechanism to detect and delay the traffic of suspicious senders and bots. By delaying spammer's traffic, it has been reported that 90% of spam emails can be eliminated. In our proposed mechanism, we group spammers based on their behavior and transmission patterns. These patterns of spammers show high correlation between group members irrespective of geographic location, network ID, content, and kind of receivers. After identification of these botnet groups we applied traffic shaping techniques a pre-filtering analysis to avoid use of automated machines(bots) to spam a particular domain. Thus the source for majority of spam is blocked before reaching email servers. We also identify how randomly the botnets behave and how easy it is to capture a botnet behavior, based on Information theory. To our knowledge, there is no work reported on detecting and mitigating botnets based on their behavior and in particular transmission patterns.

Item Type:	Conference Item
Copyright Holders:	2008 IEEE
Funders:	National Science Foundation (NSF)
Extra Information:	ISBN: 978-1-4244-1456-7 pp.786 - 787
Academic Unit/Department:	Mathematics, Computing and Technology
Item ID:	35307
Depositing User:	Santi Phithakkitnukoon
Date Deposited:	13 Nov 2012 16:15
Last Modified:	14 Nov 2012 17:15
URI:	http://oro.open.ac.uk/id/eprint/35307

Actions (login may be required)

	View Item
RDF+XMLBibTeXRDF+N-TriplesJSONDublin CoreAtomOAI-ORE Resource Map (Atom Format)Simple MetadataReferMETSOAI-ORE Resource Map (RDF Format)HTML CitationASCII CitationMultiline CSVRefMan RIS Format (UTF-8)OpenURL ContextObjectEndNoteMODSOpenURL ContextObject in SpanMPEG-21 DIDLEP3 XMLRefMan RIS FormatRDF+N3Eprints Application Profile	Public: Report issue / request change