Understanding the Network-Level Behavior of Spammers Best Student Paper, ACM Sigcomm 2006 Anirudh Ramachandran and Nick Feamster Ye Wang (sando)

Slides:



Advertisements
Similar presentations
Nick Feamster Georgia Tech
Advertisements

Revealing Botnet Membership Using DNSBL Counter-Intelligence Anirudh Ramachandran, Nick Feamster, David Dagon College of Computing, Georgia Tech.
Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.
Dynamics of Online Scam Hosting Infrastructure
11/20/09 ONR MURI Project Kick-Off 1 Network-Level Monitoring for Tracking Botnets Nick Feamster School of Computer Science Georgia Institute of Technology.
Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.
Understanding the Network- Level Behavior of Spammers Anirudh Ramachandran Nick Feamster Georgia Tech.
Spam and Botnets: Characterization and Mitigation Nick Feamster Anirudh Ramachandran David Dagon Georgia Tech.
Research Summary Nick Feamster. The Big Picture Improving Internet availability by making networks easier to operate Three approaches –From the ground.
Spamming with BGP Spectrum Agility Anirudh Ramachandran Nick Feamster Georgia Tech.
Spamming with BGP Spectrum Agility Anirudh Ramachandran Nick Feamster Georgia Tech.
Understanding the Network- Level Behavior of Spammers Anirudh Ramachandran Nick Feamster Georgia Tech.
Network-Based Spam Filtering Anirudh Ramachandran Nick Feamster Georgia Tech.
Network-Based Spam Filtering Nick Feamster Georgia Tech Joint work with Anirudh Ramachandran and Santosh Vempala.
Network Security Highlights Nick Feamster Georgia Tech.
1 Dynamics of Online Scam Hosting Infrastructure Maria Konte, Nick Feamster Georgia Tech Jaeyeon Jung Intel Research.
1 Network-Level Spam Detection Nick Feamster Georgia Tech.
Spam Sinkholing Nick Feamster. Introduction Goal: Identify bots (and botnets) by observing second-order effects –Observe application behavior thats likely.
Spamming with BGP Spectrum Agility Anirudh Ramachandran Nick Feamster Georgia Tech.
Network Operations Research Nick Feamster
Network-Based Spam Filtering Nick Feamster Georgia Tech with Anirudh Ramachandran, Nadeem Syed, Alex Gray, Sven Krasser, Santosh Vempala.
Network Security Highlights Nick Feamster Georgia Tech.
Zhiyun Qian, Z. Morley Mao (University of Michigan)
Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.
1 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Chris Fleizach, Geoffrey M. Voelker, Stefan Savage University.
Spam Sagar Vemuri slides courtesy: Anirudh Ramachandran Nick Feamster.
Understanding the Network-Level Behavior of Spammers Anirudh Ramachandran Nick Feamster.
1 Understanding Botnet Phenomenon MITP Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.
Network Security: Spam Nick Feamster Georgia Tech CS 6250 Joint work with Anirudh Ramachanrdan, Shuang Hao, Santosh Vempala, Alex Gray.
Accurate Real-Time Identification of IP Prefix Hijacking Z. Morley Mao Xin Hu 2007 IEEE Symposium on and Privacy Oakland, California 2007 IEEE Symposium.
Understanding the Network-Level Behavior of Spammers Mike Delahunty Bryan Lutz Kimberly Peng Kevin Kazmierski John Thykattil By Anirudh Ramachandran and.
The problems associated with operating an effective anti-spam blocklist system in an increasingly hostile environment. Robert Gallagher September 2004.
Correlating Spam Activity with IP Address Characteristics Chris Wilcox, Christos Papadopoulos CSU John Heidemann USC/ISI IEEE Global Internet Symposium.
Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.
1 Authors: Anirudh Ramachandran, Nick Feamster, and Santosh Vempala Publication: ACM Conference on Computer and Communications Security 2007 Presenter:
Can DNS Blacklists Keep Up With Bots? Anirudh Ramachandran, David Dagon, and Nick Feamster College of Computing, Georgia Tech.
Fighting Spam, Phishing and Online Scams at the Network Level Nick Feamster Georgia Tech with Anirudh Ramachandran, Shuang Hao, Nadeem Syed, Alex Gray,
Team Excel What is SPAM ?. Spam Offense Team Excel '‘a distinctive chopped pork shoulder and ham mixture'' Image Source:Appscout.com.
Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine Shuang Hao, Nadeem Ahmed Syed, Nick Feamster, Alexander G. Gray,
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
Revealing Botnet Membership Using DNSBL Counter-Intelligence David Dagon Anirudh Ramachandran, Nick Feamster, College of Computing,
Introduction to Honeypot, Botnet, and Security Measurement
Network-Level Spam and Scam Defenses Nick Feamster Georgia Tech with Anirudh Ramachandran, Shuang Hao, Maria Konte Alex Gray, Jaeyeon Jung, Santosh Vempala.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Speaker:Chiang Hong-Ren Botnet Detection by Monitoring Group Activities in DNS Traffic.
1 Characterizing Botnet from Spam Records Presenter: Yi-Ren Yeh ( 葉倚任 ) Authors: L. Zhuang, J. Dunagan, D. R. Simon, H. J. Wang, I. Osipkov, G. Hulten,
Report on “Spamming Botnets: Signatures and Characteristics ” Heyong Wang Department of Computer Science Iowa State University.
Botnet behavior and detection October RONOG Silviu Sofronie – a Head of Forensics.
Automatically Generating Models for Botnet Detection Presenter: 葉倚任 Authors: Peter Wurzinger, Leyla Bilge, Thorsten Holz, Jan Goebel, Christopher Kruegel,
1 Honeypot, Botnet, Security Measurement, Spam Cliff C. Zou CDA /01/07.
Spamscatter: Characterizing Internet Scam Hosting Infrastructure By D. Anderson, C. Fleizach, S. Savage, and G. Voelker Presented by Mishari Almishari.
Cross-Analysis of Botnet Victims: New Insights and Implication Seungwon Shin, Raymond Lin, Guofei Gu Presented by Bert Huang.
Spamming Botnets: Signatures and Characteristics Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten, and Ivan Osipkov. SIGCOMM, Presented.
Lecture 12 Page 1 CS 236, Spring 2008 Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite.
Understanding the Network-Level Behavior of Spammers Author: Anirudh Ramachandran, Nick Feamster SIGCOMM ’ 06, September 11-16, 2006, Pisa, Italy Presenter:
Walowdac:Analysis of a Peer-to-Peer Botnet 林佳宜 NTOU CSIE 11/19/
Understanding the network level behavior of spammers Published by :Anirudh Ramachandran, Nick Feamster Published in :ACMSIGCOMM 2006 Presented by: Bharat.
Exploiting Temporal Persistence to Detect Covert Botnet Channels Authors: Frederic Giroire, Jaideep Chandrashekar, Nina Taft… RAID 2009 Reporter: Jing.
Leveraging Delivery for Spam Mitigation.
Exploiting Network Structure for Proactive Spam Mitigation Shobha Venkataraman * Joint work with Subhabrata Sen §, Oliver Spatscheck §, Patrick Haffner.
Tracking Malicious Regions of the IP Address Space Dynamically.
SOS: An Architecture For Mitigating DDoS Attacks Authors: Angelos D. Keromytis, Vishal Misra, Dan Rubenstein. Published: ACM SIGCOMM 2002 Presenter: Jerome.
1 Modeling and Measuring Botnets David Dagon, Wenke Lee Georgia Institute of Technology Cliff C. Zou Univ. of Central Florida Funded by NSF CyberTrust.
Spamming Botnets: Signatures and Characteristics Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Microsoft Research, Silicon Valley Geoff Hulten,
1 Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine Speaker: Jun-Yi Zheng 2010/01/18.
Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna Proceedings.
The Internet Motion Sensor: A Distributed Blackhole Monitoring System Authors: Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, and David Watson.
Internet Worm propagation
Introduction to Internet Worm
Presentation transcript:

Understanding the Network-Level Behavior of Spammers Best Student Paper, ACM Sigcomm 2006 Anirudh Ramachandran and Nick Feamster Ye Wang (sando)

2 Content Motivation Data Collection Data Analysis Network-level Characteristics of Spammers Spam from Botnets Spam from Transient BGP Announcements Lessons for Better Spam Mitigation Conclusion & Discussion

3 Motivation Scalability, Security, Reliability, Operability keys of next generation Internet service Internet business model stands on them –then performance, increase services, applications large amount of funding tells this secret Security issue is tough Attackers always win! spam, botnet, DDoS, worm, probe, hijack, crack, phishing

4 Motivation Spam (and Mitigation) eat bandwidth, degrade service, complications direct, open relays, botnets, spectrum agility –content filter (large corpuses for training) –IP blacklist (IP-layer behavior is not clear) Target of this 18-month project characterize the network-level behavior of spammers –IP address, AS, country of spammers –IP-layer techniques of spammers: botnets, routing give some guideline for better mitigation

5 Data Collection Spam Traces a “sinkhole” corpus domain Aug. 5, 2005 – Jan. 6, ,000,000 spams collect network-level properties of spams –IP address of the relay –traceroute –passive “p0f” TCP fingerprint (indication of OS) –whether the relay in the DNS blacklists

6 Data Collection Legitimate Traces from a large service provider –*Nick is always welcome 700,000 legitimate s Botnet Command and Control Data a trace of hosts infected by W32/Bobax worm redirect DNS queries to the sinkhole running botnet command and control BGP Routing Measurements BGP monitor –just like our rumor-collector

7 Data Analysis Network-level Charateristics of Spammers Distribution across IP address space –Majority spam from a small fraction of IP –Spammers quite distributed

8 Data Analysis Network-level Charateristics of Spammers Distribution across ASes and by country –(spam and legitimate) 10% from 2 ASes; 36% from 20 Ases

9 Data Analysis Network-level Charateristics of Spammers The Effectiveness of Blacklists –80% relays in the blacklists

10 Data Analysis Spam from Botnets Bobax vs spammer distribution –4693/117,268 Bobax bots sent spam; but similar CDF of IP address for spamers and Bobax dones

11 Data Analysis Spam from Botnets OS of spamming hosts –4% not Windows; but sent 8% spam

12 Data Analysis Spam from Botnets Spamming Bot Activity Profile –65% single-shot bots; 75% sent less than two

13 Data Analysis Spam from Transient BGP Announcements BGP Spectrum Agility –hijack /8  send spam  withdraw –66./8 of AS21562, 82./8 of AS8717, (61./8 of AS4678)

14 Data Analysis Spam from Transient BGP Announcements How much spam from Spectrum Agility –1% spam from short-lived routes; but sometimes 10% Prevalence of BGP Spectrum Agility –Persistence != Volume –AS4788, AS4678

15 Lessons for Better Spam Mitigation 1.Spam filtering requires host identity 2.Detection based on aggregate behavior is better than single IP address 3.Securing the Internet routing infrastructure bolsters identity and traceability of s 4.Network-level properties incorporated into spam filters may be effective

16 Conclusion Methodology joint analysis of a unique combination of datasets strong hacking techniques –*only Nick can handle that easily measurement based study Contribution important results of spammers’ network-level behavior –network-level properties are less malleable –network-level properties may be observable at a early stage defense guidelines and lessons

17 Discussion We could learn much from this paper research motivation must be strong –significance of Routing Management, IVI, CGENI? employ diversified techniques to enrich the methodology arbitrary conclusion should be avoided Some questions the problem itself is far beyong being solved still some arguable data (botnets) in the paper spamming reveals in return the defect of service itself and the design of its business model (pay for spam?)

Thank You All big things in this world are done by people who are naïve and have an idea that is obviously impossible Frank Richards

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.