Understanding the network-level behavior of spammers-Reference-Cited by-同舟云学术

Understanding the network-level behavior of spammers

Published:2006-08-11 Issue:4 Volume:36 Page:291-302
ISSN:0146-4833
Container-title:ACM SIGCOMM Computer Communication Review
language:en
Short-container-title:SIGCOMM Comput. Commun. Rev.

Author:

Ramachandran Anirudh¹,Feamster Nick¹

Affiliation:

1. Georgia Tech

Abstract

This paper studies the network-level behavior of spammers, including: IP address ranges that send the most spam, common spamming modes (e.g., BGP route hijacking, bots), how persistent across time each spamming host is, and characteristics of spamming botnets. We try to answer these questions by analyzing a 17-month trace of over 10 million spam messages collected at an Internet "spam sinkhole", and by correlating this data with the results of IP-based blacklist lookups, passive TCP fingerprinting information, routing information, and botnet "command and control" traces.We find that most spam is being sent from a few regions of IP address space, and that spammers appear to be using transient "bots" that send only a few pieces of email over very short periods of time. Finally, a small, yet non-negligible, amount of spam is received from IP addresses that correspond to short-lived BGP routes, typically for hijacked prefixes. These trends suggest that developing algorithms to identify botnet membership, filtering email messages based on network-leve l properties (which are less variable than email content), and improving the security of the Internet routing infrastructure, may prove to be extremely effective for combating spam.

Publisher

Association for Computing Machinery (ACM)

Subject

Computer Networks and Communications,Software

Link

https://dl.acm.org/doi/pdf/10.1145/1151659.1159947

Reference30 articles.

1. CNN Technology News. Expert: Botnets No. 1 emerging Internet threat. http://www.cnn.com/2006/TECH/internet/01/31/furst/ Jan. 2006. CNN Technology News. Expert: Botnets No. 1 emerging Internet threat. http://www.cnn.com/2006/TECH/internet/01/31/furst/ Jan. 2006.

2. Description of coordinated spamming Feb. 2005. http://www.waltdnes.org/spam. Description of coordinated spamming Feb. 2005. http://www.waltdnes.org/spam.

3. J. Evers. Most spam still coming from the U.S. http://news.com.com/Most+spam+still+coming+from+the+U.S./2100-1029_3-6030758.html Jan. 2006. J. Evers. Most spam still coming from the U.S. http://news.com.com/Most+spam+still+coming+from+the+U.S./2100-1029_3-6030758.html Jan. 2006.

Cited by 110 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. TIPCE: A Longitudinal Threat Intelligence Platform Comprehensiveness Analysis;Proceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy;2024-06-19

2. The Resource Public Key Infrastructure (RPKI): A Survey on Measurements and Future Prospects;IEEE Transactions on Network and Service Management;2023

3. Stop, DROP, and ROA;Proceedings of the 22nd ACM Internet Measurement Conference;2022-10-25

4. Mind your MANRS;Proceedings of the 22nd ACM Internet Measurement Conference;2022-10-25

5. How (Not) to Deploy Cryptography on the Internet;Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy;2022-04-14