Identifying IP Blocks with Spamming Bots by Spatial Distribution

Identifying IP Blocks with Spamming Bots by Spatial Distribution

In this letter, we develop a behavioral metric with which spamming botnets can be quickly identified with respect to their residing IP blocks. Our method aims at line-speed operation without deep inspection, so only TCP/IP header fields of the passing packets are examined. However, the proposed metr...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEICE Transactions on Communications 2010/08/01, Vol.E93.B(8), pp.2188-2190
Hauptverfasser: YUN, Sangki, KIM, Byungseung, BAHK, Saewoong, KIM, Hyogon
Format: Artikel
Sprache:eng
Schlagworte:
botnet
detection
false positive
Headers
identification
Inspection
IP (Internet Protocol)
Receivers
Spamming
Spatial distribution
TCP (protocol)
TCP/IP (protocol)
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In this letter, we develop a behavioral metric with which spamming botnets can be quickly identified with respect to their residing IP blocks. Our method aims at line-speed operation without deep inspection, so only TCP/IP header fields of the passing packets are examined. However, the proposed metric yields a high-quality receiver operating characteristics (ROC), with high detection rates and low false positive rates.
ISSN:0916-8516
1745-1345
1745-1345
DOI:10.1587/transcom.E93.B.2188