We use cookies to improve your experience with our site.

Indexed in:

SCIE, EI, Scopus, INSPEC, DBLP, CSCD, etc.

Submission System
(Author / Reviewer / Editor)
Advanced Search
Volume 28 Issue 4
July  2013
Turn off MathJax
Article Contents
Abstract
References
Related Articles
Jaehoon Choi, Jaewoo Kang, Jinseung Lee, Chihwan Song, Qingsong Jin, Sunwon Lee, Jinsun Uh. Mining Botnets and Their Evolution Patterns[J]. Journal of Computer Science and Technology, 2013, 28(4): 605-615. DOI: 10.1007/s11390-013-1361-1
Citation: Jaehoon Choi, Jaewoo Kang, Jinseung Lee, Chihwan Song, Qingsong Jin, Sunwon Lee, Jinsun Uh. Mining Botnets and Their Evolution Patterns[J]. Journal of Computer Science and Technology, 2013, 28(4): 605-615. DOI: 10.1007/s11390-013-1361-1
shu

Mining Botnets and Their Evolution Patterns

  • 1. Department of Computer Science and Engineering, Korea University, Seoul 136-701, Korea;
    2. Daou Technology Inc., 1002, Daechi-Dong, Gangnam-Gu, Seoul, Korea

Funds: This work was supported by the National Research Foundation of Korea (NRF) funded by the Ministry of Education, Science and Technology (MEST) of Korea under Grant No. 2012R1A2A2A01014729.
More Information
  • Received Date: September 09, 2012
  • Revised Date: May 02, 2013
  • Published Date: July 04, 2013
    Abstract
  • The botnet is the network of compromised computers that have fallen under the control of hackers after being infected by malicious programs such as trojan viruses. The compromised machines are mobilized to perform various attacks including mass spamming, distributed denial of service (DDoS) and additional trojans. This is becoming one of the most serious threats to the Internet infrastructure at present. We introduce a method to uncover compromised machines and characterize their behaviors using large email logs. We report various spam campaign variants with different characteristics and introduce a statistical method to combine them. We also report the long-term evolution patterns of the spam campaigns.
    • FullText(HTML)
    • References (22)
  • [1]
    Ramachandran A, Feamster N. Understanding the network-level behavior of spammers. ACM SIGCOMM ComputerCommunication Review, 2006, 36(4): 291-302.
    [2]
    Goebel J, Holz T. Rishi: Identify bot contaminated hosts byIRC nickname evaluation. In Proc. the 1st Workshop on HotTopics in Understanding Botnets, Apr. 2007.
    [3]
    Karasaridis A, Rexroad B, Hoeflin D. Wide-scale botnet de-tection and characterization. In Proc. the 1st Workshop onHot Topics in Understanding Botnets, Apr. 2007.
    [4]
    Spitzner L. The honeynet project: Trapping the hackers.IEEE Security and Privacy, 2003, 1(2): 15-23.
    [5]
    Vrable M, Ma J, Chen J et al. Scalability, fidelity, and con-tainment in the Potemkin virtual honeyfarm. ACM SIGOPSOperating Systems Review, 2005, 39(5): 148-162.
    [6]
    Cho C Y, Caballero J, Grier C et al. Insights from the inside:A view of botnet management from infiltration. In Proc. the3rd USENIX Workshop on Large-Scale Exploits and Emer-gent Threats (LEET), Apr. 2010.
    [7]
    Wang P, Sparks S, Zou C C. An advanced hybrid peer-to-peer botnet. IEEE Transactions on Dependable and SecureComputing, 2010, 7(2): 113-127.
    [8]
    Hu X, Knysz M, Shin K G. Rb-seeker: Auto-detection of redi-rection botnets. In Proc. Symp. Network and DistributedSystem Security, Feb. 2009.
    [9]
    Ramachandran A, Feamster N, Vempala S. Filtering spamwith behavioral blacklisting. In Proc. the 14th ACM Confer-ence on Computer and Communications Security, Oct. 2007,pp.342-351.
    [10]
    Duan Z, Chen P, Sanchez F, Dong Y, Stephenson M, BarkerJ. Detecting spam zombies by monitoring outgoing messages.In Proc. INFOCOM, Apr. 2009, pp.1764-1772.
    [11]
    John J P, Moshchuk A, Gribble S D, Krishnamurthy A.Studying spamming botnets using Botlab. In Proc. the 6thUSENIX Symposium on Networked Systems Design and Im-plementation, Apr. 2009, pp.291-306.
    [12]
    Zhao Y, Xie Y, Yu F et al. Botgraph: Large scale spammingbotnet detection. In Proc. the 6th USENIX Symposium onNetworked Systems Design and Implementation, Apr. 2009,pp.321-334.
    [13]
    Li F, Hsieh M H. An empirical study of clustering behaviorof spammers and group-based anti-spam strategies. In Proc.the 3rd Conference on Email and Anti-Spam, Jul. 2006.
    [14]
    Zhuang L, Dunagan J, Simon D R et al. Characterizing bot-nets from email spam records. In Proc. the 1st USENIXWorkshop on Large-Scale Exploits and Emergent Threats,Apr. 2008, Article No.2.
    [15]
    Xie Y, Yu F, Achan K et al. Spamming botnets: Signaturesand characteristics. ACM SIGCOMM Computer Communi-cation Review, 2008, 38(4): 171-182.
    [16]
    Gu G, Perdisci R, Zhang J, Lee W. BotMiner: Cluster-ing analysis of network traffic for protocol-and structure-independent botnet detection. In Proc. the 17th Conferenceon Security Symposium, Jul. 2008, pp.139-154.
    [17]
    Gu G, Porras P, Yegneswaran V, Fong M, Lee W. Bothunter:Detecting malware infection through IDS-driven dialog corre-lation. In Proc. the 16th USENIX Security Symposium onUSENIX Security Symposium, May 2007, Article No.12.
    [18]
    Gu G, Zhang J, Lee W. BotSniffer: Detecting botnet com-mand and control channels in network traffic. In Proc. the15th Annual Network and Distributed System Security Sym-posium, Feb. 2008.
    [19]
    Kanich C, Levchenko K, Enright B et al. The Heisenbot un-certainty problem: Challenges in separating bots from chaff.In Proc. the 1st USENIX Workshop on Large-Scale Exploitsand Emergent Threats, Apr. 2008, Article No. 10.
    [20]
    Rajab M A, Zarfoss J, Monrose F, Terzis A. My botnet isbigger than yours (maybe, better than yours): Why size esti-mates remain challenging. In Proc. the 1st Workshop on HotTopics in Understanding Botnets, Apr. 2007.
    [21]
    Rubner Y, Tomasi C, Guibas L J. A metric for distributionswith applications to image databases. In Proc. the 6th Inter-national Conference on Computer Vision, Jan. 1998, pp.59-66.
    [22]
    Choi J, Kang J, Lee J et al. Mining the global network ofcompromised machines. In Proc. the 4th International Con-ference on Emerging Databases-Technologies, Applications,and Theory, Aug. 2012.
    • Relative Articles

  • Related Articles

    [1]Dong Liu, Zhi-Lei Ren, Zhong-Tian Long, Guo-Jun Gao, He Jiang. Mining Design Pattern Use Scenarios and Related Design Pattern Pairs: A Case Study on Online Posts[J]. Journal of Computer Science and Technology, 2020, 35(5): 963-978. DOI: 10.1007/s11390-020-0407-4
    [2]Warunika Ranaweera, Parmit Chilana, Daniel Cohen-Or, Hao Zhang. ExquiMo:An Exquisite Corpse Tool for Collaborative 3D Shape Design[J]. Journal of Computer Science and Technology, 2017, 32(6): 1138-1149. DOI: 10.1007/s11390-017-1789-9
    [3]Xian Wu, Wei Fan, Jing Gao, Zi-Ming Feng, Yong Yu. Detecting Marionette Microblog Users for Improved Information Credibility[J]. Journal of Computer Science and Technology, 2015, 30(5): 1082-1096. DOI: 10.1007/s11390-015-1584-4
    [4]Yan-Fang Ma, Min Zhang. The Infinite Evolution Mechanism of ε-Bisimilarity[J]. Journal of Computer Science and Technology, 2013, 28(6): 1097-1105. DOI: 10.1007/s11390-013-1400-y
    [5]Joo Hyuk Jeon, Jihwan Song, Jeong Eun Kwon, Yoon Joon Lee, Man Ho Park, Myoung Ho Kim. An Efficient and Spam-Robust Proximity Measure Between Communication Entities[J]. Journal of Computer Science and Technology, 2013, 28(2): 394-400. DOI: 10.1007/s11390-013-1339-z
    [6]Jian-Yun Liu, Yu-Hang Zhao, Zhao-Xiang Zhang, Yun-Hong Wang, Xue-Mei Yuan, Lei Hu, Zhen-Jiang Dong. Spam Short Messages Detection via Mining Social Networks[J]. Journal of Computer Science and Technology, 2012, 27(3): 506-514. DOI: 10.1007/s11390-012-1239-7
    [7]Yu Zhang, Tong Yu. Mining Trust Relationships from Online Social Networks[J]. Journal of Computer Science and Technology, 2012, 27(3): 492-505. DOI: 10.1007/s11390-012-1238-8
    [8]Wei Du, Guo-Hua Cui, Wei Liu. An Uncertainty Enhanced Trust Evolution Strategy for e-Science[J]. Journal of Computer Science and Technology, 2010, 25(6): 1225-1236. DOI: 10.1007/s11390-010-1097-0
    [9]David Sankoff, Chunfang Zheng, Adriana Mu&ntildeoz, Zhenyu Yang, Zaky Adam, Robert Warren, Vicky Choi, Qian Zhu. Issues in the Reconstruction of Gene Order Evolution[J]. Journal of Computer Science and Technology, 2010, 25(1): 10-25.
    [10]Li-Gang Liu, Bo Zhang, Bai-Ning Guo, Heung-Yeung Shum. Polygonal Shape Blending with Topological Evolutions[J]. Journal of Computer Science and Technology, 2005, 20(1).
    • Supplements (0)

Catalog

    Get Citation
    PDF
    XML
    Article views (20) PDF downloads (2004) Cited by()
    Related

    Copyright ©2025 JCST, All Rights Reserved     京ICP备05002829号-1

    Institute of Computing Technology, Chinese Academy of Sciences
    P.O. Box 2704, Beijing 100190, P.R. China

    Tel.: 86-10-62610746 E-mail: jcst@ict.ac.cn

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return