Understanding the network-level behavior of spammers
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
A multifaceted approach to understanding the botnet phenomenon
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Spam and the ongoing battle for the inbox
Communications of the ACM - Spam and the ongoing battle for the inbox
Workload models of spam and legitimate e-mails
Performance Evaluation
HoneySpam: honeypots fighting spam at the source
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
NSDI'06 Proceedings of the 3rd conference on Networked Systems Design & Implementation - Volume 3
Filtering spam with behavioral blacklisting
Proceedings of the 14th ACM conference on Computer and communications security
My botnet is bigger than yours (maybe, better than yours): why size estimates remain challenging
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Spamscatter: characterizing internet scam hosting infrastructure
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Exploiting network structure for proactive spam mitigation
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Peering through the shroud: the effect of edge opacity on ip-based client identification
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
Dynamics of Online Scam Hosting Infrastructure
PAM '09 Proceedings of the 10th International Conference on Passive and Active Network Measurement
Botnet spam campaigns can be long lasting: evidence, implications, and analysis
Proceedings of the eleventh international joint conference on Measurement and modeling of computer systems
Studying spamming botnets using Botlab
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Towards Proactive Spam Filtering (Extended Abstract)
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Outsourcing home network security
Proceedings of the 2010 ACM SIGCOMM workshop on Home networks
Detecting spammers with SNARE: spatio-temporal network-level automatic reputation engine
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Fighting spam on the sender side: a lightweight approach
EUNICE'10 Proceedings of the 16th EUNICE/IFIP WG 6.6 conference on Networked services and applications: engineering, control and management
Filtering spam from bad neighborhoods
International Journal of Network Management
On collection of large-scale multi-purpose datasets on internet backbone links
Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security
Measurement and evaluation of a real world deployment of a challenge-response spam filter
Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
A survey of emerging approaches to spam filtering
ACM Computing Surveys (CSUR)
Internet bad neighborhoods: the spam case
Proceedings of the 7th International Conference on Network and Services Management
B@bel: leveraging email delivery for spam mitigation
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Taster's choice: a comparative analysis of spam feeds
Proceedings of the 2012 ACM conference on Internet measurement conference
Hi-index | 0.00 |
Understanding the spammer behavior is a critical step in the long-lasting battle against email spams. Previous studies have focused on setting up honeypots or email sinkholes containing destination mailboxes for spam collection. A spam trace collected this way offers the limited viewpoint from a single organizational domain and hence is short of reflecting the global behavior of spammers. In this paper, we present a spam analysis study using sinkholes based on open relays. A relay sinkhole offers a unique vantage point in spam collection: it has the broader view of spam originated from multiple spam origins destined to mailboxes belonging to multiple organizational domains. The trace collected using this methodology opens the door to study spammer behaviors that were difficult to do using spam collected from a single organization. Seeing the aggregate behavior of spammers allows us to systematically separate High-Volume Spammers (HVS, e.g. direct spammers) from Low-Volume Spammers (LVS, e.g. low-volume bots in a botnet). Such a separation in turn gives rise to the notion of "spam campaigns", which reveals how LVS appear to coordinate with each other to share the spamming workload among themselves. A detailed spam campaign analysis holds the promise of finally reverse engineering the workload distribution strategies by the LVS coordinator.