Understanding BGP misconfiguration
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Code-Red: a case study on the spread and victims of an internet worm
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
Measuring the effects of internet path faults on reactive routing
SIGMETRICS '03 Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
An empirical study of spam traffic and the use of DNS black lists
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
An empirical study of "bogon" route advertisements
ACM SIGCOMM Computer Communication Review
Exploiting underlying structure for detailed reconstruction of an internet-scale event
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Inside the spam cartel
SybilGuard: defending against sybil attacks via social networks
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Internet-scale malware mitigation: combining intelligence of the control and data plane
Proceedings of the 4th ACM workshop on Recurring malcode
An effective defense against email spam laundering
Proceedings of the 13th ACM conference on Computer and communications security
Workload models of spam and legitimate e-mails
Performance Evaluation
DMTP: Controlling spam through message delivery differentiation
Computer Networks: The International Journal of Computer and Telecommunications Networking
A study of prefix hijacking and interception in the internet
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
A light-weight distributed scheme for detecting ip prefix hijacks in real-time
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Fishing for phishes: applying capture-recapture methods to estimate phishing populations
Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
Filtering spam with behavioral blacklisting
Proceedings of the 14th ACM conference on Computer and communications security
RepuScore: collaborative reputation management framework for email infrastructure
LISA'07 Proceedings of the 21st conference on Large Installation System Administration Conference
Spamscatter: characterizing internet scam hosting infrastructure
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Exploiting network structure for proactive spam mitigation
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
BotHunter: detecting malware infection through IDS-driven dialog correlation
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Identifying dynamic IP address blocks serendipitously through background scanning traffic
CoNEXT '07 Proceedings of the 2007 ACM CoNEXT conference
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Characterizing botnets from email spam records
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Peeking into spammer behavior from a unique vantage point
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Behind phishing: an examination of phisher modi operandi
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
SybilGuard: defending against sybil attacks via social networks
IEEE/ACM Transactions on Networking (TON)
Spamming botnets: signatures and characteristics
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
To filter or to authorize: network-layer DoS defense against multimillion-node botnets
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Rationality and traffic attraction: incentives for honest path announcements in bgp
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Ispy: detecting ip prefix hijacking on my own
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Accountable internet protocol (aip)
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Autonomous security for autonomous systems
Computer Networks: The International Journal of Computer and Telecommunications Networking
Traffic Aggregation for Malware Detection
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Fast monitoring of traffic subpopulations
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
Thwarting E-mail Spam Laundering
ACM Transactions on Information and System Security (TISSEC)
Structured Peer-to-Peer Overlay Networks: Ideal Botnets Command and Control Infrastructures?
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
SS'08 Proceedings of the 17th conference on Security symposium
Incorporating accountability into internet email
Proceedings of the 2009 ACM symposium on Applied Computing
Dynamics of Online Scam Hosting Infrastructure
PAM '09 Proceedings of the 10th International Conference on Passive and Active Network Measurement
Automating analysis of large-scale botnet probing events
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Botnet spam campaigns can be long lasting: evidence, implications, and analysis
Proceedings of the eleventh international joint conference on Measurement and modeling of computer systems
Studying spamming botnets using Botlab
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
BotGraph: large scale spamming botnet detection
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
NetReview: detecting when interdomain routing goes wrong
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Towards Proactive Spam Filtering (Extended Abstract)
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
De-anonymizing the internet using unreliable IDs
Proceedings of the ACM SIGCOMM 2009 conference on Data communication
A survey of learning-based techniques of email spam filtering
Artificial Intelligence Review
OpenLIDS: a lightweight intrusion detection system for wireless mesh networks
Proceedings of the 15th annual international conference on Mobile computing and networking
Anomaly-Based Detection of IRC Botnets by Means of One-Class Support Vector Classifiers
ICIAP '09 Proceedings of the 15th International Conference on Image Analysis and Processing
Symbiotic Data Mining for Personalized Spam Filtering
WI-IAT '09 Proceedings of the 2009 IEEE/WIC/ACM International Joint Conference on Web Intelligence and Intelligent Agent Technology - Volume 01
Your botnet is my botnet: analysis of a botnet takeover
Proceedings of the 16th ACM conference on Computer and communications security
P2P botnet detection using behavior clustering & statistical tests
Proceedings of the 2nd ACM workshop on Security and artificial intelligence
SBotMiner: large scale search bot detection
Proceedings of the third ACM international conference on Web search and data mining
ACM Transactions on Computer Systems (TOCS)
Region-based BGP announcement filtering for improved BGP security
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
WSKE: web server key enabled cookies
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Stealthy IP prefix hijacking: don't bite off more than you can chew
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
NSF: network-based spam filtering based on on-line blacklisting against spamming botnets
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Learning more about the underground economy: a case-study of keyloggers and dropzones
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Automatically generating models for botnet detection
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Information theoretic approach for characterizing spam botnets based on traffic properties
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Revealing social networks of spammers through spectral clustering
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
On the effectiveness of IP reputation for spam filtering
COMSNETS'10 Proceedings of the 2nd international conference on COMmunication systems and NETworks
Malicious hubs: detecting abnormally malicious autonomous systems
INFOCOM'10 Proceedings of the 29th conference on Information communications
A collaboration-based autonomous reputation system for email services
INFOCOM'10 Proceedings of the 29th conference on Information communications
Suppressing bot traffic with accurate human attestation
Proceedings of the first ACM asia-pacific workshop on Workshop on systems
Outsourcing home network security
Proceedings of the 2010 ACM SIGCOMM workshop on Home networks
Pretty good packet authentication
HotDep'08 Proceedings of the Fourth conference on Hot topics in system dependability
Spamcraft: an inside look at spam campaign orchestration
LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Detection of spam hosts and spam bots using network flow traffic modeling
LEET'10 Proceedings of the 3rd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Detecting spammers with SNARE: spatio-temporal network-level automatic reputation engine
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Locating prefix hijackers using LOCK
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
StrobeLight: lightweight availability mapping and anomaly detection
USENIX'09 Proceedings of the 2009 conference on USENIX Annual technical conference
Digging into HTTPS: flow-based classification of webmail traffic
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Spam email filtering using network-level properties
ICDM'10 Proceedings of the 10th industrial conference on Advances in data mining: applications and theoretical aspects
Collaborative, privacy-preserving data aggregation at scale
PETS'10 Proceedings of the 10th international conference on Privacy enhancing technologies
Evaluating Bluetooth as a medium for botnet command and control
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
Network prefix-level traffic profiling: Characterizing, modeling, and evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking
Filtering spam from bad neighborhoods
International Journal of Network Management
Conficker and beyond: a large-scale empirical study
Proceedings of the 26th Annual Computer Security Applications Conference
Spam mitigation using spatio-temporal reputations from blacklist history
Proceedings of the 26th Annual Computer Security Applications Conference
SocialFilter: introducing social trust to collaborative spam mitigation
CollSec'10 Proceedings of the 2010 international conference on Collaborative methods for security and privacy
SybilLimit: a near-optimal social network defense against sybil attacks
IEEE/ACM Transactions on Networking (TON)
iSPY: detecting IP prefix hijacking on my own
IEEE/ACM Transactions on Networking (TON)
Are BGP routers open to attack? an experiment
iNetSec'10 Proceedings of the 2010 IFIP WG 11.4 international conference on Open research problems in network security
Symbiotic filtering for spam email detection
Expert Systems with Applications: An International Journal
On collection of large-scale multi-purpose datasets on internet backbone links
Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security
An analysis of anonymity technology usage
TMA'11 Proceedings of the Third international conference on Traffic monitoring and analysis
Can network characteristics detect spam effectively in a stand-alone enterprise?
PAM'11 Proceedings of the 12th international conference on Passive and active measurement
Detecting malicious web links and identifying their attack types
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
An empirical study of behavioral characteristics of spammers: Findings and implications
Computer Communications
ICDCN'10 Proceedings of the 11th international conference on Distributed computing and networking
Wide-area routing dynamics of malicious networks
Proceedings of the ACM SIGCOMM 2011 conference
AS-TRUST: a trust quantification scheme for autonomous systems in BGP
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
No plan survives contact: experience with cybercrime measurement
CSET'11 Proceedings of the 4th conference on Cyber security experimentation and test
Measuring and analyzing search-redirection attacks in the illicit online prescription drug trade
SEC'11 Proceedings of the 20th USENIX conference on Security
BOTMAGNIFIER: locating spambots on the internet
SEC'11 Proceedings of the 20th USENIX conference on Security
Towards the effective temporal association mining of spam blacklists
Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference
Blocking spam by separating end-user machines from legitimate mail server machines
Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference
A strategic analysis of spam botnets operations
Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference
Trust extension as a mechanism for secure code execution on commodity computers
Trust extension as a mechanism for secure code execution on commodity computers
A survey of emerging approaches to spam filtering
ACM Computing Surveys (CSUR)
Internet bad neighborhoods: the spam case
Proceedings of the 7th International Conference on Network and Services Management
Towards modeling legitimate and unsolicited email traffic using social network properties
Proceedings of the Fifth Workshop on Social Network Systems
Abnormally malicious autonomous systems and their internet connectivity
IEEE/ACM Transactions on Networking (TON)
Understanding and combating link farming in the twitter social network
Proceedings of the 21st international conference on World Wide Web
Auto-learning of SMTP TCP transport-layer features for spam and abusive message detection
LISA'11 Proceedings of the 25th international conference on Large Installation System Administration
Re-wiring activity of malicious networks
PAM'12 Proceedings of the 13th international conference on Passive and Active Measurement
Optimal source-based filtering of malicious traffic
IEEE/ACM Transactions on Networking (TON)
EigenBot: foiling spamming botnets with matrix algebra
Proceedings of the ACM SIGKDD Workshop on Intelligence and Security Informatics
First insights from a mobile honeypot
Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communication
PharmaLeaks: understanding the business of online pharmaceutical affiliate programs
Security'12 Proceedings of the 21st USENIX conference on Security symposium
B@bel: leveraging email delivery for spam mitigation
Security'12 Proceedings of the 21st USENIX conference on Security symposium
First insights from a mobile honeypot
ACM SIGCOMM Computer Communication Review - Special october issue SIGCOMM '12
VisTracer: a visual analytics tool to investigate routing anomalies in traceroutes
Proceedings of the Ninth International Symposium on Visualization for Cyber Security
Robust detection of comment spam using entropy rate
Proceedings of the 5th ACM workshop on Security and artificial intelligence
Using trustworthy host-based information in the network
Proceedings of the seventh ACM workshop on Scalable trusted computing
Analysis of a "/0" stealth scan from a botnet
Proceedings of the 2012 ACM conference on Internet measurement conference
Concurrent prefix hijacks: occurrence and impacts
Proceedings of the 2012 ACM conference on Internet measurement conference
Crime scene investigation: SMS spam data analysis
Proceedings of the 2012 ACM conference on Internet measurement conference
Longtime behavior of harvesting spam bots
Proceedings of the 2012 ACM conference on Internet measurement conference
Observing common spam in Twitter and email
Proceedings of the 2012 ACM conference on Internet measurement conference
How to prevent AS hijacking attacks
Proceedings of the 2012 ACM conference on CoNEXT student workshop
Disclosure: detecting botnet command and control servers through large-scale NetFlow analysis
Proceedings of the 28th Annual Computer Security Applications Conference
BotMosaic: Collaborative network watermark for the detection of IRC-based botnets
Journal of Systems and Software
Detecting spammers via aggregated historical data set
NSS'12 Proceedings of the 6th international conference on Network and System Security
Computer Networks: The International Journal of Computer and Telecommunications Networking
Dissecting SpyEye - Understanding the design of third generation botnets
Computer Networks: The International Journal of Computer and Telecommunications Networking
Genetic-based real-time fast-flux service networks detection
Computer Networks: The International Journal of Computer and Telecommunications Networking
SpaDeS: Detecting spammers at the source network
Computer Networks: The International Journal of Computer and Telecommunications Networking
A forensic case study on as hijacking: the attacker's perspective
ACM SIGCOMM Computer Communication Review
Characterization of blacklists and tainted network traffic
PAM'13 Proceedings of the 14th international conference on Passive and Active Measurement
Sign what you really care about - Secure BGP AS-paths efficiently
Computer Networks: The International Journal of Computer and Telecommunications Networking
Resolvers Revealed: Characterizing DNS Resolvers and their Clients
ACM Transactions on Internet Technology (TOIT)
Beehive: large-scale log analysis for detecting suspicious activity in enterprise networks
Proceedings of the 29th Annual Computer Security Applications Conference
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.01 |
This paper studies the network-level behavior of spammers, including: IP address ranges that send the most spam, common spamming modes (e.g., BGP route hijacking, bots), how persistent across time each spamming host is, and characteristics of spamming botnets. We try to answer these questions by analyzing a 17-month trace of over 10 million spam messages collected at an Internet "spam sinkhole", and by correlating this data with the results of IP-based blacklist lookups, passive TCP fingerprinting information, routing information, and botnet "command and control" traces.We find that most spam is being sent from a few regions of IP address space, and that spammers appear to be using transient "bots" that send only a few pieces of email over very short periods of time. Finally, a small, yet non-negligible, amount of spam is received from IP addresses that correspond to short-lived BGP routes, typically for hijacked prefixes. These trends suggest that developing algorithms to identify botnet membership, filtering email messages based on network-level properties (which are less variable than email content), and improving the security of the Internet routing infrastructure, may prove to be extremely effective for combating spam.