Digital image processing
On network-aware clustering of Web clients
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
An investigation of geographic mapping techniques for internet hosts
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
An empirical study of spam traffic and the use of DNS black lists
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Remote Physical Device Fingerprinting
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Worm Origin Identification Using Random Moonwalks
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
A Multi-Resolution Approach forWorm Detection and Containment
DSN '06 Proceedings of the International Conference on Dependable Systems and Networks
Understanding the network-level behavior of spammers
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
An effective defense against email spam laundering
Proceedings of the 13th ACM conference on Computer and communications security
Geographic locality of IP prefixes
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Revealing botnet membership using DNSBL counter-intelligence
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Peering through the shroud: the effect of edge opacity on ip-based client identification
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
Identifying dynamic IP address blocks serendipitously through background scanning traffic
CoNEXT '07 Proceedings of the 2007 ACM CoNEXT conference
Characterizing botnets from email spam records
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Spamming botnets: signatures and characteristics
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Unconstrained endpoint profiling (googling the internet)
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Census and survey of the visible internet
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
Incorporating accountability into internet email
Proceedings of the 2009 ACM symposium on Applied Computing
Dynamics of Online Scam Hosting Infrastructure
PAM '09 Proceedings of the 10th International Conference on Passive and Active Network Measurement
Towards complete node enumeration in a peer-to-peer botnet
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
BotGraph: large scale spamming botnet detection
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
De-anonymizing the internet using unreliable IDs
Proceedings of the ACM SIGCOMM 2009 conference on Data communication
BotGAD: detecting botnets by capturing group activities in network traffic
Proceedings of the Fourth International ICST Conference on COMmunication System softWAre and middlewaRE
On dominant characteristics of residential broadband internet traffic
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Where's that phone?: geolocating IP addresses on 3G networks
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
SBotMiner: large scale search bot detection
Proceedings of the third ACM international conference on Web search and data mining
NSF: network-based spam filtering based on on-line blacklisting against spamming botnets
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
On the effectiveness of IP reputation for spam filtering
COMSNETS'10 Proceedings of the 2nd international conference on COMmunication systems and NETworks
Using whitelisting to mitigate DDoS attacks on critical internet sites
IEEE Communications Magazine
Understanding block-level address usage in the visible internet
Proceedings of the ACM SIGCOMM 2010 conference
Outsourcing home network security
Proceedings of the 2010 ACM SIGCOMM workshop on Home networks
Detection of spam hosts and spam bots using network flow traffic modeling
LEET'10 Proceedings of the 3rd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Detecting spammers with SNARE: spatio-temporal network-level automatic reputation engine
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Vanish: increasing data privacy with self-destructing data
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
How to tell an airport from a home: techniques and applications
Hotnets-IX Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks
Selecting representative IP addresses for internet topology studies
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
An analysis of rogue AV campaigns
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Conficker and beyond: a large-scale empirical study
Proceedings of the 26th Annual Computer Security Applications Conference
Spam mitigation using spatio-temporal reputations from blacklist history
Proceedings of the 26th Annual Computer Security Applications Conference
Sampling strategies for epidemic-style information dissemination
IEEE/ACM Transactions on Networking (TON)
On the stability of skype super nodes
TMA'11 Proceedings of the Third international conference on Traffic monitoring and analysis
NAT usage in residential broadband networks
PAM'11 Proceedings of the 12th international conference on Passive and active measurement
Estimating the number of users behind ip addresses for combating abusive traffic
Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining
Towards the effective temporal association mining of spam blacklists
Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference
Cirripede: circumvention infrastructure using router redirection with plausible deniability
Proceedings of the 18th ACM conference on Computer and communications security
RatBot: anti-enumeration peer-to-peer botnets
ISC'11 Proceedings of the 14th international conference on Information security
Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
Identifying botnets by capturing group activities in DNS traffic
Computer Networks: The International Journal of Computer and Telecommunications Networking
Cross-Analysis of botnet victims: new insights and implications
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Re-wiring activity of malicious networks
PAM'12 Proceedings of the 13th international conference on Passive and Active Measurement
Review: Analyzing well-known countermeasures against distributed denial of service attacks
Computer Communications
Optimal source-based filtering of malicious traffic
IEEE/ACM Transactions on Networking (TON)
Populated IP addresses: classification and applications
Proceedings of the 2012 ACM conference on Computer and communications security
Observing common spam in Twitter and email
Proceedings of the 2012 ACM conference on Internet measurement conference
Estimating the number of hosts corresponding to an address while preserving anonymity
NSS'12 Proceedings of the 6th international conference on Network and System Security
SpaDeS: Detecting spammers at the source network
Computer Networks: The International Journal of Computer and Telecommunications Networking
Measuring occurrence of DNSSEC validation
PAM'13 Proceedings of the 14th international conference on Passive and Active Measurement
Characterization of blacklists and tainted network traffic
PAM'13 Proceedings of the 14th international conference on Passive and Active Measurement
Internet nameserver IPv4 and IPv6 address relationships
Proceedings of the 2013 conference on Internet measurement conference
Mining groups of common interest: discovering topical communities with network flows
MLDM'13 Proceedings of the 9th international conference on Machine Learning and Data Mining in Pattern Recognition
Estimating the number of hosts corresponding to an intrusion alert while preserving privacy
Journal of Computer and System Sciences
Hi-index | 0.00 |
This paper introduces a novel algorithm, UDmap, to identify dynamically assigned IP addresses and analyze their dynamics pattern. UDmap is fully automatic, and relies only on application-level server logs. We applied UDmap to a month-long Hotmail user-login trace and identified a significant number of dynamic IP addresses - more than 102 million. This suggests that the fraction of IP addresses that are dynamic is by no means negligible. Using this information in combination with a three-month Hotmail email server log, we were able to establish that 95.6% of mail servers setup on the dynamic IP addresses in our trace sent out solely spam emails. Moreover, these mail servers sent out a large amount of spam - amounting to 42.2% of all spam emails received by Hotmail. These results highlight the importance of being able to accurately identify dynamic IP addresses for spam filtering. We expect similar benefits to arise for phishing site identification and botnet detection. To our knowledge, this is the first successful attempt to automatically identify and understand IP address dynamics.