Neighborhoods and bands: an analysis of the origins of spam

Despite the continuous efforts to mitigate spam, the volume of such messages continues to grow and identifying spammers is still a challenge. Spam traffic analysis is an important tool in this context, allowing network administrators to understand the behavior of spammers, both as they obfuscate mes...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	Journal of internet services and applications 2015-05, Vol.6 (1), p.1, Article 9
Hauptverfasser:	Fonseca, Osvaldo, Fazzion, Elverton, B Las-Casas, Pedro Henrique, Guedes, Dorgival, Meira, Wagner, Hoepers, Cristine, Steding-Jessen, Klaus, Chaves, Marcelo HP
Format:	Artikel
Sprache:	eng
Schlagworte:	Computer Applications Computer Communication Networks Computer Science Computer Systems Organization and Communication Networks Information Systems and Communication Service IT in Business Processor Architectures
Online-Zugang:	Volltext
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page
container_issue	1
container_start_page	1
container_title	Journal of internet services and applications
container_volume	6
creator	Fonseca, Osvaldo Fazzion, Elverton B Las-Casas, Pedro Henrique Guedes, Dorgival Meira, Wagner Hoepers, Cristine Steding-Jessen, Klaus Chaves, Marcelo HP
description	Despite the continuous efforts to mitigate spam, the volume of such messages continues to grow and identifying spammers is still a challenge. Spam traffic analysis is an important tool in this context, allowing network administrators to understand the behavior of spammers, both as they obfuscate messages and try to hide inside the network. This work adds to that body of information by analyzing the sources of spam to understand to what extent they explain the traffic observed. Our results show that, in many cases, an Autonomous System (AS) represents an interesting neighborhood to observe, with most ASes falling into four basic types: heavy and light senders, which tend to have many or very few spammer machines respectively, frequent small offenders, where spammer machines appear every now and then but disappear in a short time, and conniving ASes, where most machines do not send spam, but a few are heavy, continuous senders. Not only that, but also by grouping machines based on the campaigns that they send together, we define the notion of SpamBands . Those bands identify groups of machines that are probably controlled by the same spammer, and our findings show that they often span multiple ASes. The identification of AS neighborhood types and SpamBands may simplify the combat against spam, focusing efforts at the sources as a whole, possibly improving blacklists by grouping machines found in a same AS or SpamBands.
doi_str_mv	10.1186/s13174-015-0025-5
format	Article
fullrecord	<record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_1773060278</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>3984268811</sourcerecordid><originalsourceid>FETCH-LOGICAL-c359t-c48ef20ef2363b289d82b8e4d3fab2546b18dbf082705f926b871ac5e3d3347c3</originalsourceid><addsrcrecordid>eNp1UE1LAzEUDKJgqf0B3hY8R5OXzSarJylahaIXPYdkN-mutJua1x767027HrwI75uZ4TGEXHN2y7mu7pALrkrKuKSMgaTyjEzyvaYMhD4_zYqWGvQlmSH2LmMUA6jVhDy8-X7VuZi6GFss7NAWLhe8z2MOuz5gj0UMxa7zRUz9qh9OK27t5opcBLtGP_vtU_L5_PQxf6HL98Xr_HFJGyHrHW1K7QOwnKISDnTdanDal60I1oEsK8d16wLToJgMNVROK24b6UUrRKkaMSU3o-42xe-9x535ivuUf0PDlRKsYqB0RvER1aSImHww29RvbDoYzszRJjPaZLJN5miTkZkDIwczdlj59Ef5X9IP4dRo1g</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1773060278</pqid></control><display><type>article</type><title>Neighborhoods and bands: an analysis of the origins of spam</title><source>DOAJ Directory of Open Access Journals</source><source>Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals</source><source>Springer Nature OA Free Journals</source><creator>Fonseca, Osvaldo ; Fazzion, Elverton ; B Las-Casas, Pedro Henrique ; Guedes, Dorgival ; Meira, Wagner ; Hoepers, Cristine ; Steding-Jessen, Klaus ; Chaves, Marcelo HP</creator><creatorcontrib>Fonseca, Osvaldo ; Fazzion, Elverton ; B Las-Casas, Pedro Henrique ; Guedes, Dorgival ; Meira, Wagner ; Hoepers, Cristine ; Steding-Jessen, Klaus ; Chaves, Marcelo HP</creatorcontrib><description>Despite the continuous efforts to mitigate spam, the volume of such messages continues to grow and identifying spammers is still a challenge. Spam traffic analysis is an important tool in this context, allowing network administrators to understand the behavior of spammers, both as they obfuscate messages and try to hide inside the network. This work adds to that body of information by analyzing the sources of spam to understand to what extent they explain the traffic observed. Our results show that, in many cases, an Autonomous System (AS) represents an interesting neighborhood to observe, with most ASes falling into four basic types: heavy and light senders, which tend to have many or very few spammer machines respectively, frequent small offenders, where spammer machines appear every now and then but disappear in a short time, and conniving ASes, where most machines do not send spam, but a few are heavy, continuous senders. Not only that, but also by grouping machines based on the campaigns that they send together, we define the notion of SpamBands . Those bands identify groups of machines that are probably controlled by the same spammer, and our findings show that they often span multiple ASes. The identification of AS neighborhood types and SpamBands may simplify the combat against spam, focusing efforts at the sources as a whole, possibly improving blacklists by grouping machines found in a same AS or SpamBands.</description><identifier>ISSN: 1867-4828</identifier><identifier>EISSN: 1869-0238</identifier><identifier>DOI: 10.1186/s13174-015-0025-5</identifier><language>eng</language><publisher>London: Springer London</publisher><subject>Computer Applications ; Computer Communication Networks ; Computer Science ; Computer Systems Organization and Communication Networks ; Information Systems and Communication Service ; IT in Business ; Processor Architectures</subject><ispartof>Journal of internet services and applications, 2015-05, Vol.6 (1), p.1, Article 9</ispartof><rights>Fonsecaet al.; licensee Springer. 2015. This is an Open Access article distributed under the terms of the Creative Commons Attribution License ( ), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly credited.</rights><rights>The Author(s) 2015</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c359t-c48ef20ef2363b289d82b8e4d3fab2546b18dbf082705f926b871ac5e3d3347c3</citedby><cites>FETCH-LOGICAL-c359t-c48ef20ef2363b289d82b8e4d3fab2546b18dbf082705f926b871ac5e3d3347c3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://link.springer.com/content/pdf/10.1186/s13174-015-0025-5$$EPDF$$P50$$Gspringer$$Hfree_for_read</linktopdf><linktohtml>$$Uhttps://doi.org/10.1186/s13174-015-0025-5$$EHTML$$P50$$Gspringer$$Hfree_for_read</linktohtml><link.rule.ids>314,776,780,860,27901,27902,41096,42165,51551</link.rule.ids></links><search><creatorcontrib>Fonseca, Osvaldo</creatorcontrib><creatorcontrib>Fazzion, Elverton</creatorcontrib><creatorcontrib>B Las-Casas, Pedro Henrique</creatorcontrib><creatorcontrib>Guedes, Dorgival</creatorcontrib><creatorcontrib>Meira, Wagner</creatorcontrib><creatorcontrib>Hoepers, Cristine</creatorcontrib><creatorcontrib>Steding-Jessen, Klaus</creatorcontrib><creatorcontrib>Chaves, Marcelo HP</creatorcontrib><title>Neighborhoods and bands: an analysis of the origins of spam</title><title>Journal of internet services and applications</title><addtitle>J Internet Serv Appl</addtitle><description>Despite the continuous efforts to mitigate spam, the volume of such messages continues to grow and identifying spammers is still a challenge. Spam traffic analysis is an important tool in this context, allowing network administrators to understand the behavior of spammers, both as they obfuscate messages and try to hide inside the network. This work adds to that body of information by analyzing the sources of spam to understand to what extent they explain the traffic observed. Our results show that, in many cases, an Autonomous System (AS) represents an interesting neighborhood to observe, with most ASes falling into four basic types: heavy and light senders, which tend to have many or very few spammer machines respectively, frequent small offenders, where spammer machines appear every now and then but disappear in a short time, and conniving ASes, where most machines do not send spam, but a few are heavy, continuous senders. Not only that, but also by grouping machines based on the campaigns that they send together, we define the notion of SpamBands . Those bands identify groups of machines that are probably controlled by the same spammer, and our findings show that they often span multiple ASes. The identification of AS neighborhood types and SpamBands may simplify the combat against spam, focusing efforts at the sources as a whole, possibly improving blacklists by grouping machines found in a same AS or SpamBands.</description><subject>Computer Applications</subject><subject>Computer Communication Networks</subject><subject>Computer Science</subject><subject>Computer Systems Organization and Communication Networks</subject><subject>Information Systems and Communication Service</subject><subject>IT in Business</subject><subject>Processor Architectures</subject><issn>1867-4828</issn><issn>1869-0238</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2015</creationdate><recordtype>article</recordtype><sourceid>C6C</sourceid><sourceid>BENPR</sourceid><recordid>eNp1UE1LAzEUDKJgqf0B3hY8R5OXzSarJylahaIXPYdkN-mutJua1x767027HrwI75uZ4TGEXHN2y7mu7pALrkrKuKSMgaTyjEzyvaYMhD4_zYqWGvQlmSH2LmMUA6jVhDy8-X7VuZi6GFss7NAWLhe8z2MOuz5gj0UMxa7zRUz9qh9OK27t5opcBLtGP_vtU_L5_PQxf6HL98Xr_HFJGyHrHW1K7QOwnKISDnTdanDal60I1oEsK8d16wLToJgMNVROK24b6UUrRKkaMSU3o-42xe-9x535ivuUf0PDlRKsYqB0RvER1aSImHww29RvbDoYzszRJjPaZLJN5miTkZkDIwczdlj59Ef5X9IP4dRo1g</recordid><startdate>20150511</startdate><enddate>20150511</enddate><creator>Fonseca, Osvaldo</creator><creator>Fazzion, Elverton</creator><creator>B Las-Casas, Pedro Henrique</creator><creator>Guedes, Dorgival</creator><creator>Meira, Wagner</creator><creator>Hoepers, Cristine</creator><creator>Steding-Jessen, Klaus</creator><creator>Chaves, Marcelo HP</creator><general>Springer London</general><general>Sociedade Brasileira de Computação</general><scope>C6C</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>3V.</scope><scope>7XB</scope><scope>8AL</scope><scope>8FE</scope><scope>8FG</scope><scope>8FK</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K7-</scope><scope>M0N</scope><scope>P5Z</scope><scope>P62</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>Q9U</scope></search><sort><creationdate>20150511</creationdate><title>Neighborhoods and bands: an analysis of the origins of spam</title><author>Fonseca, Osvaldo ; Fazzion, Elverton ; B Las-Casas, Pedro Henrique ; Guedes, Dorgival ; Meira, Wagner ; Hoepers, Cristine ; Steding-Jessen, Klaus ; Chaves, Marcelo HP</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c359t-c48ef20ef2363b289d82b8e4d3fab2546b18dbf082705f926b871ac5e3d3347c3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2015</creationdate><topic>Computer Applications</topic><topic>Computer Communication Networks</topic><topic>Computer Science</topic><topic>Computer Systems Organization and Communication Networks</topic><topic>Information Systems and Communication Service</topic><topic>IT in Business</topic><topic>Processor Architectures</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Fonseca, Osvaldo</creatorcontrib><creatorcontrib>Fazzion, Elverton</creatorcontrib><creatorcontrib>B Las-Casas, Pedro Henrique</creatorcontrib><creatorcontrib>Guedes, Dorgival</creatorcontrib><creatorcontrib>Meira, Wagner</creatorcontrib><creatorcontrib>Hoepers, Cristine</creatorcontrib><creatorcontrib>Steding-Jessen, Klaus</creatorcontrib><creatorcontrib>Chaves, Marcelo HP</creatorcontrib><collection>Springer Nature OA Free Journals</collection><collection>CrossRef</collection><collection>ProQuest Central (Corporate)</collection><collection>ProQuest Central (purchase pre-March 2016)</collection><collection>Computing Database (Alumni Edition)</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni) (purchase pre-March 2016)</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Advanced Technologies & Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>Computer Science Database</collection><collection>Computing Database</collection><collection>Advanced Technologies & Aerospace Database</collection><collection>ProQuest Advanced Technologies & Aerospace Collection</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central Basic</collection><jtitle>Journal of internet services and applications</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Fonseca, Osvaldo</au><au>Fazzion, Elverton</au><au>B Las-Casas, Pedro Henrique</au><au>Guedes, Dorgival</au><au>Meira, Wagner</au><au>Hoepers, Cristine</au><au>Steding-Jessen, Klaus</au><au>Chaves, Marcelo HP</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Neighborhoods and bands: an analysis of the origins of spam</atitle><jtitle>Journal of internet services and applications</jtitle><stitle>J Internet Serv Appl</stitle><date>2015-05-11</date><risdate>2015</risdate><volume>6</volume><issue>1</issue><spage>1</spage><pages>1-</pages><artnum>9</artnum><issn>1867-4828</issn><eissn>1869-0238</eissn><abstract>Despite the continuous efforts to mitigate spam, the volume of such messages continues to grow and identifying spammers is still a challenge. Spam traffic analysis is an important tool in this context, allowing network administrators to understand the behavior of spammers, both as they obfuscate messages and try to hide inside the network. This work adds to that body of information by analyzing the sources of spam to understand to what extent they explain the traffic observed. Our results show that, in many cases, an Autonomous System (AS) represents an interesting neighborhood to observe, with most ASes falling into four basic types: heavy and light senders, which tend to have many or very few spammer machines respectively, frequent small offenders, where spammer machines appear every now and then but disappear in a short time, and conniving ASes, where most machines do not send spam, but a few are heavy, continuous senders. Not only that, but also by grouping machines based on the campaigns that they send together, we define the notion of SpamBands . Those bands identify groups of machines that are probably controlled by the same spammer, and our findings show that they often span multiple ASes. The identification of AS neighborhood types and SpamBands may simplify the combat against spam, focusing efforts at the sources as a whole, possibly improving blacklists by grouping machines found in a same AS or SpamBands.</abstract><cop>London</cop><pub>Springer London</pub><doi>10.1186/s13174-015-0025-5</doi><oa>free_for_read</oa></addata></record>
fulltext	fulltext
identifier	ISSN: 1867-4828
ispartof	Journal of internet services and applications, 2015-05, Vol.6 (1), p.1, Article 9
issn	1867-4828 1869-0238
language	eng
recordid	cdi_proquest_journals_1773060278
source	DOAJ Directory of Open Access Journals; Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals; Springer Nature OA Free Journals
subjects	Computer Applications Computer Communication Networks Computer Science Computer Systems Organization and Communication Networks Information Systems and Communication Service IT in Business Processor Architectures
title	Neighborhoods and bands: an analysis of the origins of spam
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-03T12%3A12%3A06IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Neighborhoods%20and%20bands:%20an%20analysis%20of%20the%20origins%20of%20spam&rft.jtitle=Journal%20of%20internet%20services%20and%20applications&rft.au=Fonseca,%20Osvaldo&rft.date=2015-05-11&rft.volume=6&rft.issue=1&rft.spage=1&rft.pages=1-&rft.artnum=9&rft.issn=1867-4828&rft.eissn=1869-0238&rft_id=info:doi/10.1186/s13174-015-0025-5&rft_dat=%3Cproquest_cross%3E3984268811%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1773060278&rft_id=info:pmid/&rfr_iscdi=true