Abstract | ||
---|---|---|
Unsolicited bulk email (spam) is used by cybercriminals to lure users into scams and to spread malware infections. Most of these unwanted messages are sent by spam botnets, which are networks of compromised machines under the control of a single (malicious) entity. Often, these botnets are rented out to particular groups to carry out spam campaigns, in which similar mail messages are sent to a large group of Internet users in a short amount of time. Tracking the bot-infected hosts that participate in spam campaigns, and attributing these hosts to spam botnets that are active on the Internet, are challenging but important tasks. In particular, this information can improve blacklist-based spam defenses and guide botnet mitigation efforts. In this paper, we present a novel technique to support the identification and tracking of bots that send spam. Our technique takes as input an initial set of IP addresses that are known to be associated with spam bots, and learns their spamming behavior. This initial set is then "magnified" by analyzing large-scale mail delivery logs to identify other hosts on the Internet whose behavior is similar to the behavior previously modeled. We implemented our technique in a tool, called BOTMAGNIFIER, and applied it to several data streams related to the delivery of email traffic. Our results show that it is possible to identify and track a substantial number of spam bots by using our magnification technique. We also perform attribution of the identified spam hosts and track the evolution and activity of well-known spamming botnets over time. Moreover, we show that our results can help to improve state-of-the-art spam blacklists. |
Year | Venue | Keywords |
---|---|---|
2011 | USENIX Security Symposium | novel technique,blacklist-based spam defenses,spam host,spam campaign,magnification technique,initial set,spam bots,well-known spamming botnets,state-of-the-art spam blacklist,spam botnets |
Field | DocType | Citations |
Social spam,World Wide Web,Internet privacy,Srizbi botnet,Botnet,Computer security,Computer science,Spam and Open Relay Blocking System,Spambot,Sping,Forum spam,Spamming | Conference | 22 |
PageRank | References | Authors |
0.72 | 29 | 5 |
Name | Order | Citations | PageRank |
---|---|---|---|
Gianluca Stringhini | 1 | 701 | 61.87 |
T HORSTEN HOLZ | 2 | 3532 | 232.93 |
Brett Stone-Gross | 3 | 521 | 28.74 |
Christopher Kruegel | 4 | 8799 | 516.05 |
Giovanni Vigna | 5 | 7121 | 507.72 |