Identifying IP Blocks with Spamming Bots by Spatial Distribution
In this letter, we develop a behavioral metric with which spamming botnets can be quickly identified with respect to their residing IP blocks. Our method aims at line-speed operation without deep inspection, so only TCP/IP header fields of the passing packets are examined. However, the proposed metr...
Gespeichert in:
| Veröffentlicht in: | IEICE Transactions on Communications 2010/08/01, Vol.E93.B(8), pp.2188-2190 |
|---|---|
| Hauptverfasser: | , , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 2190 |
|---|---|
| container_issue | 8 |
| container_start_page | 2188 |
| container_title | IEICE Transactions on Communications |
| container_volume | E93.B |
| creator | YUN, Sangki KIM, Byungseung BAHK, Saewoong KIM, Hyogon |
| description | In this letter, we develop a behavioral metric with which spamming botnets can be quickly identified with respect to their residing IP blocks. Our method aims at line-speed operation without deep inspection, so only TCP/IP header fields of the passing packets are examined. However, the proposed metric yields a high-quality receiver operating characteristics (ROC), with high detection rates and low false positive rates. |
| doi_str_mv | 10.1587/transcom.E93.B.2188 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_875046101</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>875046101</sourcerecordid><originalsourceid>FETCH-LOGICAL-c365t-8f612e00676438f0b2895b5775698defd6625ec9fe7bbf05562485e4c69e686b3</originalsourceid><addsrcrecordid>eNpdkDtPwzAYRS0EEqXwC1iyMSX4ETvOBoECFZVAAmbLcT-3LnkU2xXqv6dRoQPTla7uucNB6JLgjHBZXEevu2D6NpuULKsySqQ8QiNS5DwlLOfHaIRLIlLJiThFZyGsMCaSEjpCN9M5dNHZresWyfQ1qZrefIbk28Vl8rbWbTv0VR9DUm-HIjrdJPcuRO_qTXR9d45OrG4CXPzmGH08TN7vntLZy-P07naWGiZ4TKUVhALGohA5kxbXVJa85kXBRSnnYOdCUA6mtFDUtcWcC5pLDrkRJQgpajZGV_vfte-_NhCial0w0DS6g34TlCw4zgXBZLdk-6XxfQgerFp712q_VQSrQZf606V2ulSlBl076nlPrULUCzgw2kdnGvjPyEMO9GFlltor6NgP-9B7Iw</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>875046101</pqid></control><display><type>article</type><title>Identifying IP Blocks with Spamming Bots by Spatial Distribution</title><source>Alma/SFX Local Collection</source><creator>YUN, Sangki ; KIM, Byungseung ; BAHK, Saewoong ; KIM, Hyogon</creator><creatorcontrib>YUN, Sangki ; KIM, Byungseung ; BAHK, Saewoong ; KIM, Hyogon</creatorcontrib><description>In this letter, we develop a behavioral metric with which spamming botnets can be quickly identified with respect to their residing IP blocks. Our method aims at line-speed operation without deep inspection, so only TCP/IP header fields of the passing packets are examined. However, the proposed metric yields a high-quality receiver operating characteristics (ROC), with high detection rates and low false positive rates.</description><identifier>ISSN: 0916-8516</identifier><identifier>ISSN: 1745-1345</identifier><identifier>EISSN: 1745-1345</identifier><identifier>DOI: 10.1587/transcom.E93.B.2188</identifier><language>eng</language><publisher>The Institute of Electronics, Information and Communication Engineers</publisher><subject>botnet ; detection ; false positive ; Headers ; identification ; Inspection ; IP (Internet Protocol) ; Receivers ; Spamming ; Spatial distribution ; TCP (protocol) ; TCP/IP (protocol)</subject><ispartof>IEICE Transactions on Communications, 2010/08/01, Vol.E93.B(8), pp.2188-2190</ispartof><rights>2010 The Institute of Electronics, Information and Communication Engineers</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c365t-8f612e00676438f0b2895b5775698defd6625ec9fe7bbf05562485e4c69e686b3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,776,780,4009,27902,27903,27904</link.rule.ids></links><search><creatorcontrib>YUN, Sangki</creatorcontrib><creatorcontrib>KIM, Byungseung</creatorcontrib><creatorcontrib>BAHK, Saewoong</creatorcontrib><creatorcontrib>KIM, Hyogon</creatorcontrib><title>Identifying IP Blocks with Spamming Bots by Spatial Distribution</title><title>IEICE Transactions on Communications</title><addtitle>IEICE Trans. Commun.</addtitle><description>In this letter, we develop a behavioral metric with which spamming botnets can be quickly identified with respect to their residing IP blocks. Our method aims at line-speed operation without deep inspection, so only TCP/IP header fields of the passing packets are examined. However, the proposed metric yields a high-quality receiver operating characteristics (ROC), with high detection rates and low false positive rates.</description><subject>botnet</subject><subject>detection</subject><subject>false positive</subject><subject>Headers</subject><subject>identification</subject><subject>Inspection</subject><subject>IP (Internet Protocol)</subject><subject>Receivers</subject><subject>Spamming</subject><subject>Spatial distribution</subject><subject>TCP (protocol)</subject><subject>TCP/IP (protocol)</subject><issn>0916-8516</issn><issn>1745-1345</issn><issn>1745-1345</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2010</creationdate><recordtype>article</recordtype><recordid>eNpdkDtPwzAYRS0EEqXwC1iyMSX4ETvOBoECFZVAAmbLcT-3LnkU2xXqv6dRoQPTla7uucNB6JLgjHBZXEevu2D6NpuULKsySqQ8QiNS5DwlLOfHaIRLIlLJiThFZyGsMCaSEjpCN9M5dNHZresWyfQ1qZrefIbk28Vl8rbWbTv0VR9DUm-HIjrdJPcuRO_qTXR9d45OrG4CXPzmGH08TN7vntLZy-P07naWGiZ4TKUVhALGohA5kxbXVJa85kXBRSnnYOdCUA6mtFDUtcWcC5pLDrkRJQgpajZGV_vfte-_NhCial0w0DS6g34TlCw4zgXBZLdk-6XxfQgerFp712q_VQSrQZf606V2ulSlBl076nlPrULUCzgw2kdnGvjPyEMO9GFlltor6NgP-9B7Iw</recordid><startdate>2010</startdate><enddate>2010</enddate><creator>YUN, Sangki</creator><creator>KIM, Byungseung</creator><creator>BAHK, Saewoong</creator><creator>KIM, Hyogon</creator><general>The Institute of Electronics, Information and Communication Engineers</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SP</scope><scope>8FD</scope><scope>L7M</scope></search><sort><creationdate>2010</creationdate><title>Identifying IP Blocks with Spamming Bots by Spatial Distribution</title><author>YUN, Sangki ; KIM, Byungseung ; BAHK, Saewoong ; KIM, Hyogon</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c365t-8f612e00676438f0b2895b5775698defd6625ec9fe7bbf05562485e4c69e686b3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2010</creationdate><topic>botnet</topic><topic>detection</topic><topic>false positive</topic><topic>Headers</topic><topic>identification</topic><topic>Inspection</topic><topic>IP (Internet Protocol)</topic><topic>Receivers</topic><topic>Spamming</topic><topic>Spatial distribution</topic><topic>TCP (protocol)</topic><topic>TCP/IP (protocol)</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>YUN, Sangki</creatorcontrib><creatorcontrib>KIM, Byungseung</creatorcontrib><creatorcontrib>BAHK, Saewoong</creatorcontrib><creatorcontrib>KIM, Hyogon</creatorcontrib><collection>CrossRef</collection><collection>Electronics & Communications Abstracts</collection><collection>Technology Research Database</collection><collection>Advanced Technologies Database with Aerospace</collection><jtitle>IEICE Transactions on Communications</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>YUN, Sangki</au><au>KIM, Byungseung</au><au>BAHK, Saewoong</au><au>KIM, Hyogon</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Identifying IP Blocks with Spamming Bots by Spatial Distribution</atitle><jtitle>IEICE Transactions on Communications</jtitle><addtitle>IEICE Trans. Commun.</addtitle><date>2010</date><risdate>2010</risdate><volume>E93.B</volume><issue>8</issue><spage>2188</spage><epage>2190</epage><pages>2188-2190</pages><issn>0916-8516</issn><issn>1745-1345</issn><eissn>1745-1345</eissn><abstract>In this letter, we develop a behavioral metric with which spamming botnets can be quickly identified with respect to their residing IP blocks. Our method aims at line-speed operation without deep inspection, so only TCP/IP header fields of the passing packets are examined. However, the proposed metric yields a high-quality receiver operating characteristics (ROC), with high detection rates and low false positive rates.</abstract><pub>The Institute of Electronics, Information and Communication Engineers</pub><doi>10.1587/transcom.E93.B.2188</doi><tpages>3</tpages></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0916-8516 |
| ispartof | IEICE Transactions on Communications, 2010/08/01, Vol.E93.B(8), pp.2188-2190 |
| issn | 0916-8516 1745-1345 1745-1345 |
| language | eng |
| recordid | cdi_proquest_miscellaneous_875046101 |
| source | Alma/SFX Local Collection |
| subjects | botnet detection false positive Headers identification Inspection IP (Internet Protocol) Receivers Spamming Spatial distribution TCP (protocol) TCP/IP (protocol) |
| title | Identifying IP Blocks with Spamming Bots by Spatial Distribution |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-23T16%3A32%3A26IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Identifying%20IP%20Blocks%20with%20Spamming%20Bots%20by%20Spatial%20Distribution&rft.jtitle=IEICE%20Transactions%20on%20Communications&rft.au=YUN,%20Sangki&rft.date=2010&rft.volume=E93.B&rft.issue=8&rft.spage=2188&rft.epage=2190&rft.pages=2188-2190&rft.issn=0916-8516&rft.eissn=1745-1345&rft_id=info:doi/10.1587/transcom.E93.B.2188&rft_dat=%3Cproquest_cross%3E875046101%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=875046101&rft_id=info:pmid/&rfr_iscdi=true |