A Methodology for Analyzing Overall Flow of Spam-Based Attacks

  • Authors:

  • Jungsuk Song;Daisuke Inoue;Masashi Eto;Mio Suzuki;Satoshi Hayashi;Koji Nakao

  • Affiliations:

  • National Institute of Information and Communications Technology,;National Institute of Information and Communications Technology,;National Institute of Information and Communications Technology,;National Institute of Information and Communications Technology,;Symantec Japan Research Institute,;National Institute of Information and Communications Technology,

  • Venue:
  • ICONIP '09 Proceedings of the 16th International Conference on Neural Information Processing: Part II
  • Year:
  • 2009

Quantified Score

Hi-index 0.00

Visualization

Abstract

Over the last decade, unsolicited bulk e-mails, i.e., spams, have been dramatically increasing and they have been definitely recognized as a serious Internet threat. Especially, recent spams mostly caused by various malwares (e.g., bots, worms) often contain URLs that navigate spam receivers to malicious Web servers for the purpose of malware infection. In addition, malwares such as bots operate in cooperation with each other, and there are close links between malwares and malicious Web servers. In this paper, considering the need for further studies on the mitigation of recent spam-based attacks, we propose a methodology for analyzing their overall flow in order to investigate the active relationship among spams, malwares and malicious Web servers. Furthermore, we have evaluated our method using double bounce e-mails obtained from our own SMTP server. The experimental results show that the proposed method is highly effective to analyze the correlation between spams' sources and their eventual destinations.