Email Shape Analysis for Spam Botnet Detection

Sroufe, Paul; Phithakkitnukoon, Santi; Dantu, Ram; Cangussu, João W.

doi:10.1109/ccnc.2009.4784781

Cited by 13 publications

(9 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Sroufe et al [44] presented a mechanism which detects botnet by analyzing the shape of an Email. They have developed an Email Shape based Botnet Detector called EsBod which inputs spam Emails to a Shape Generator which results in extracting its skeleton.…”

Section: 13mentioning

confidence: 99%

“…The anomaly based detection techniques detect spamming bot activities based on several network behavior anomalies like unexpected network latencies, network traffic on unusual and unused ports, high volumes of traffic for a mid-class network or unusual system behaviors, anomalies in statistical features of Email spam and spam bots that could indicate the existence of spamming bots in the network. A number of approaches appeared in this context [44] [47][48][49][50][51][52][53][54].…”

Section: 13mentioning

confidence: 99%

See 1 more Smart Citation

A Comprehensive Study of Email Spam Botnet Detection

Khan

Muhaya

et al. 2015

IEEE Commun. Surv. Tutorials

View full text Add to dashboard Cite

The problem of Email spam has grown significantly over the past few years. It is not just a nuisance for users but also it is damaging for those who fall for scams and other attacks. This is due to the complexity intensification of Email spamming techniques which are advancing from traditional spamming (direct spamming) techniques to a more scalable, elusive and indirect approach of botnets for distributing Email spam messages. In this paper we first discuss the sources and architectures used by the spamming botnets for sending massive amount of email spam. Then we present detailed chronicles of spamming botnets which systematically describes the timeline of events and notable occurrences in the advancement of these spamming botnets. This paper also aims to represent a comprehensive analysis of particular Email spamming botnet detection techniques proposed in the literature. We attempt to categorize them according to both their nature of defense and method of detection, also revealing and comparing their advantages and disadvantages extensively. We also present a qualitative analysis of these techniques. Finally we summarize the future trends and challenges in detecting email spamming botnets.

show abstract

Section: 13mentioning

confidence: 99%

Section: 13mentioning

confidence: 99%

A Comprehensive Study of Email Spam Botnet Detection

Khan

Muhaya

et al. 2015

IEEE Commun. Surv. Tutorials

View full text Add to dashboard Cite

show abstract

“…Regarding attacker profiling from the viewpoint of botnet, Gu, G., M. Feily, et al conducted a study on analyzing the attack resources possessed by the same attacker by detecting botnets and analyzing the command and control channel [5,6]. H. Choi, P. Sroufe, et al performed research on the detection of the botnet group infected by the same malicious code by analyzing the spam bot that sends spam e-mails [7,8,9]. Regarding profiling from the viewpoint of the cyber-attacker, Watters studied cyber-attacker models from the viewpoint of social and economic relation [10], whereas Kapetanakis performed research on case-based reasoning using characteristics that can identify the attacker such as technical standard, purpose, anti-forensic, and grammatical error [11].…”

Section: Related Workmentioning

confidence: 99%

Cyber-attack group analysis method based on association of cyber-attack information

Son¹,

Kim²,

Lee³

2020

KSII TIIS

View full text Add to dashboard Cite

Cyber-attacks emerge in a more intelligent way, and various security technologies are applied to respond to such attacks. Still, more and more people agree that individual response to each intelligent infringement attack has a fundamental limit. Accordingly, the cyber threat intelligence analysis technology is drawing attention in analyzing the attacker group, interpreting the attack trend, and obtaining decision making information by collecting a large quantity of cyber-attack information and performing relation analysis. In this study, we proposed relation analysis factors and developed a system for establishing cyber threat intelligence, based on malicious code as a key means of cyber-attacks. As a result of collecting more than 36 million kinds of infringement information and conducting relation analysis, various implications that cannot be obtained by simple searches were derived. We expect actionable intelligence to be established in the true sense of the word if relation analysis logic is developed later.

show abstract

“…The proposed signature generation framework, called AutoRE, automatically generates regular expression signatures that detect botnet‐based spam with low false positive rates. Sroufe et al (2009) proposed a method for detecting botnet‐generated spam by extracting and analyzing the shape of the spam mail, such as lines and character count of each line, using a Gaussian kernel density estimator.…”

Section: Responses To the Botnet Threatsmentioning

confidence: 99%

Botnets: threats and responses

Jeong

Kim

et al. 2011

International Journal of Web Information Systems

View full text Add to dashboard Cite

PurposeA botnet is a network of computers on the internet infected with software robots (or bots). There are numerous botnets, and some of them control millions of computers. Cyber criminals use botnets to launch spam e‐mails and denial of service attacks; and commit click fraud and data theft. Governments use botnets for political purposes or to wage cyber warfare. The purpose of this paper is to review the botnet threats and the responses to the botnet threats.Design/methodology/approachThe paper describes how botnets are created and operated. Then, the paper discusses botnets in terms of architecture, attacking behaviors, communication protocols, observable botnet activities, rally mechanisms, and evasion techniques. Finally, the paper reviews state‐of‐the‐art techniques for detecting and counteracting botnets, and also legal responses to botnet threats.FindingsBotnets have become the platform for many online threats such as spam, denial of service attacks, phishing, data thefts, and online frauds. Security researchers must develop technology to detect and take down botnets, and governments must develop capacity to crack down on botmasters and botnets. Individual computer owners must diligently take measures to keep their computers from becoming members of botnets.Originality/valueThe paper provides a review of current status of botnets and a summary of up‐to‐date responses to botnets in both technical and legal aspects, which can be used as a stepping stone for further research.

show abstract

Email Shape Analysis for Spam Botnet Detection

Cited by 13 publications

References 3 publications

A Comprehensive Study of Email Spam Botnet Detection

A Comprehensive Study of Email Spam Botnet Detection

Cyber-attack group analysis method based on association of cyber-attack information

Botnets: threats and responses

Contact Info

Product

Resources

About