Title :
An Empirical Study of Spam : Analyzing Spam Sending Systems and Malicious Web Servers
Author :
Song, Jungsuk ; Inque, Daisuke ; Eto, Masashi ; Kim, Hyung Chan ; Nakao, Koji
Author_Institution :
Inf. Security Res. Center, Nat. Inst. of Inf. & Commun. Technol. (NICT), Tokyo, Japan
Abstract :
Most recent spam emails are being sent by bots which often operate with others in the form of a botnet and in many cases, they contain URLs that navigate spam receivers to malicious Web servers for the purpose of carrying out various cyber attacks such as malware infection, phishing attacks, etc. In order to characterize the infrastructure of spam based attacks and identify botnets, previous research has been focused on clustering spam according to similarities based on email contents or URLs or their domain names. However, there is a fatal weakness in that the three criteria are easily influenced by changes in spam messages and trends. In this paper, we present a new spam clustering method based on IP addresses resolved from URLs within spam emails. By examining three weeks of spam gathered in our SMTP server, we observed that the accuracy of our clustering method is superior to that of domain name and URL based clustering methods, and we have obtained many useful results related to characteristics and clusters of spam that can be utilized for further analysis of spam based attacks.
Keywords :
IP networks; Internet; computer network security; file servers; pattern clustering; unsolicited e-mail; IP address; SMTP server; URL; botnet; cyber attack; malicious Web server; spam clustering method; spam email; spam sending system; Accuracy; Clustering methods; Electronic mail; IP networks; Web server; Web sites; clustering; malicious Web servers; spam; spam sending systems;
Conference_Titel :
Applications and the Internet (SAINT), 2010 10th IEEE/IPSJ International Symposium on
Conference_Location :
Seoul
Print_ISBN :
978-1-4244-7526-1
Electronic_ISBN :
978-0-7695-4107-5
DOI :
10.1109/SAINT.2010.20
