|
|
|
S-GPS: Spammer Global Positioning System
Overview
Spamming has been a growing problem in the Internet. Despite the significant advances in anti-spam techniques, spam fighting remains an arms race with spamming activities are getting increasingly sophisticated to avoid detection. In particular, spammers often harvest a large pool of zombie or botnet hosts to send spam, both to increase the email capacity, and to defeat the commonly used blacklist-based approaches for filtering malicious hosts. Also, content based spam filtering systems, by design, readily offer a test bed for spammers to engineer content that can slip through the spam-filtering system.
UDMap: Usage-based Dynamic IP-address Map
We developed a novel method, called UDmap, to identify dynamically assigned IP addresses and analyze their dynamics pattern. UDmap is fully automatic, and relies only on application-level server logs that are already available today. We applied UDmap to a month-long Hotmail user-login trace and identified a large number of dynamic IP addresses -- more than 102 million.By correlating the inferred dynamic IP addresses with Hotmail’s email server log pertaining to three consecutive months, we were able to establish that 97% of mail servers setup on dynamic IPs sent out solely spam emails, likely controlled by zombies. Moreover, these mail servers sent out a large amount of spam -- counting towards over 42% of all spam emails to Hotmail. These results highlight the importance of being able to accurately identify dynamic IP addresses for spam filtering and we suspect of similar benefits for phishing site identification and Botnet detection.
Top 10 ASes with most number of dynamic IP addresses Yinglian Xie, Fang Yu, Kannan Achan, Eliot
Gillum, Moises Goldszmidt, and Ted Wobber Spamming Botnets: Signatures and Characteristics Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten, and Ivan Osipkov
Project Members
Interns
|
