Loading...
Please wait, while we are loading the content...
Similar Documents
Spamming Botnet Characterizing By Latent Intentions Discovery
| Content Provider | Semantic Scholar |
|---|---|
| Author | Mao, Ching-Hao Lin, Chang-Cheng Chang, Kai-Chi Chen, Pei-Te Faloutsos, Christos Lee, Hahn-Ming |
| Copyright Year | 2011 |
| Abstract | Spamming botnet has been widely used to send a considerable number of spam for evading the blacklist from information security communities and internet service provider(ISP). Spamming botnet makes the anti-spam be more difficult due to dispersed sending mechanism with large scale sending capability and non-obviously network statistics features (e.g., relatively low network traffics, dynamic network addresses and rapid changes of spam signatures). Because characterizing the spamming botnet behavior in straightforward way is difficult, finding the latent behavior of spamming botnet could block the source of spamming bot in dynamic way. In this poster, we focus on characterizing spamming botnets by leveraging both spam semantic intentions and spam delivering sources. From the observation of open relay simple mail transfer protocol (SMTP) servers, the activities of spamming botnet could be observed from the delivered spam semantic. Different groups of spamming bots would send the similar subjects of advertisement spam. Furthermore, we proposed a semantic graph analysis approach to dynamic differentiate the different intensions from the sources of spamming bots. The semantic graph analysis approach models the topic of each spam by extracting the tokens and modeling the spam topics from different sources of spamming bots. The topic model of each spam is a token feature vector that is estimated by latent dirichlet allocation (LDA) [1]. The combination of each spam topic model given by the same source could be regarded as the topic model of specified spamming bot. All of analyzed data could be captured from the open relay SMTP severs. According to constructed topic models of different sources of spamming bots, we leverage the independent component analysis(ICA) [2] used to find the latent behavior by decomposing the topic model of each spam into the both independent component vector and base vector. Based on the observed independent components, the density-based approach is applied to observe the distinct groups of spamming behavior. |
| File Format | PDF HTM / HTML |
| Alternate Webpage(s) | http://www.raid-symposium.org/raid2011/files/108.pdf |
| Language | English |
| Access Restriction | Open |
| Content Type | Text |
| Resource Type | Article |
