Elements of information theory
Elements of information theory
A case study of OSPF behavior in a large enterprise network
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Pattern Classification (2nd Edition)
Pattern Classification (2nd Edition)
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
An empirical study of spam traffic and the use of DNS black lists
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
An introduction to ROC analysis
Pattern Recognition Letters - Special issue: ROC analysis in pattern recognition
Understanding the network-level behavior of spammers
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Using uncleanliness to predict future botnet addresses
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Filtering spam with behavioral blacklisting
Proceedings of the 14th ACM conference on Computer and communications security
| Hi-index | 0.00 |
Although many anti-spam techniques have been developed, they have difficulty in detecting spams whose contents are altered to evade detection and in tracking spammers that are comprised of botnets. There have been a few works to resolve these limitations, but most of them are not appropriate to be deployed at a gateway for online detection. In this paper, we find network-based characteristics that spammers cannot easily distort. Based on the characteristics, we develop an algorithm applying the metrics to a large volume of traffic in real time. The scheme is efficient enough to run at the ingress point as it only needs to inspect the transport information contained in TCP/IP headers of SMTP connections.