EigenBot: foiling spamming botnets with matrix algebra

Authors:
Ching-Hao Mao;Chang-Cheng Lin;Jia-Yu (Tim) Pan;Kai-Chi Chang;Christos Faloutsos;Hahn-Ming Lee
Affiliations:
Institute for Info. Industry;Institute for Info. Industry;Google Inc.;Institute for Info. Industry;Carnegie Mellon University;Taiwan Tech
Venue:
Proceedings of the ACM SIGKDD Workshop on Intelligence and Security Informatics
Year:
2012

Citing 15
Cited 0

Glossary of Terms

Machine Learning - Special issue on applications of machine learning and the knowledge discovery process
Latent dirichlet allocation

The Journal of Machine Learning Research
Understanding the network-level behavior of spammers

Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Filtering spam with behavioral blacklisting

Proceedings of the 14th ACM conference on Computer and communications security
Connectivity structure of bipartite graphs via the KNC-plot

WSDM '08 Proceedings of the 2008 International Conference on Web Search and Data Mining
Exploiting network structure for proactive spam mitigation

SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Characterizing botnets from email spam records

LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Spamming botnets: signatures and characteristics

Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Nonnegative Matrix Factorization Based on Alternating Nonnegativity Constrained Least Squares and Active Set Method

SIAM Journal on Matrix Analysis and Applications
Botnet spam campaigns can be long lasting: evidence, implications, and analysis

Proceedings of the eleventh international joint conference on Measurement and modeling of computer systems
Studying spamming botnets using Botlab

NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Spam or ham?: characterizing and detecting fraudulent "not spam" reports in web mail systems

Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference
Detecting fraudulent personalities in networks of online auctioneers

PKDD'06 Proceedings of the 10th European conference on Principle and Practice of Knowledge Discovery in Databases
OddBall: spotting anomalies in weighted graphs

PAKDD'10 Proceedings of the 14th Pacific-Asia conference on Advances in Knowledge Discovery and Data Mining - Volume Part II
Fast and robust fixed-point algorithms for independent component analysis

IEEE Transactions on Neural Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present EigenBot, a spamming botnet clustering and tracking mechanism that identifies a botnet-based spamming email campaigns. EigenBot extracts the key concepts among the spam emails, despite the high dimensionality, and the noise in the input. We evaluated EigenBot using real spamming botnet data on the Internet: more than one million spam emails, collected during the period from May 2011 from Internet service providers (ISPs) in Taiwan. EigenBot successfully identified spamming botnet groups at a high true positive rate of 82%, thereby improving the detection rate of baseline approaches by 10 absolute percentage points. EigenBot is now employed by the Taiwanese government to support cyber spamming activity alleviation and has already reported 389 spamming sources to the National Communication Commission (the government regulatory agency in Taiwan) in 2011.