Presentation is loading. Please wait.

Presentation is loading. Please wait.

Spamming Botnets: Signatures and Characteristics Authors:Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten+, Ivan Osipkov+ Presenter: Chia-Li.

Published byJemima Berry Modified over 9 years ago

Similar presentations

Presentation on theme: "Spamming Botnets: Signatures and Characteristics Authors:Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten+, Ivan Osipkov+ Presenter: Chia-Li."— Presentation transcript:

1 Spamming Botnets: Signatures and Characteristics Authors:Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten+, Ivan Osipkov+ Presenter: Chia-Li Lin

2 2 References Y. Xie, F. Yu, K. Achan, R. Panigrahy, G. Hulten, and I. Osipkov. Spamming botnets: Signatures and characteristics. In SIGCOMM, 2008

3 3 Outline Introduction Spam Activity Trends AutoRE Structure Study Results Conclusion

4 4 Introduction Developed a spam signature generation framework called: AutoRE To detect botnet-based spam emails and botnet membership It outputs high quality regular expression signatures

5 5 Contribution Ability to detect frequent domain modifications In-depth analysis of identified spamming botnet characteristics and their activity trends

6 6 Two Observations First, spammers often add random, legitimate URLs to content  legitimate and very general (e.g.,http://www.w3.org) Second, customize polymorphic URLs

7 7 Multi-URL spam emails

8 8 Polymorphic URLs

9 9 AutoRE Automatically generating URL signatures to identify botnet-based spam campaigns Produces two outputs: a set of spam URL signatures  complete URL string (CU)  URL regular Expression (RE) a related list of botnet host IP addresses

10 10 Three modules AutoRE is comprised of the following three modules URL preprocessor Group selector RegEx generator  domain-specific  domain-agnostic

11 11 AutoRE Structure[1/2]

12 12 AutoRE Structure[2/2]

13 13 Suffix-array algorithm

14 14 keyword-based signature tree

15 15 Detailing and Generalization Detailing returns a domain specific regular expression using a keyword-based signature as input. Generalization returns a more general domain-agnostic regular expression by merging very similar domain- specific regular expressions

16 16 Generalization

17 17 Detect Results Using three months of sampled emails from Hotmail  November 2006, June 2007, July 2007 AutoRE successfully detected  7,721 spam campaigns  340,050 distinct botnet host IP addresses  spanning 5,916 ASes.

18 18 CU & RE Statistics

19 19

20 20 False positive rate

21 21 Conclutions This is the first successful attempt to automatically generate regular expression signatures The existence of botnet spam signatures and the feasibility of detecting botnet hosts using them

22 22 Questions

Download ppt "Spamming Botnets: Signatures and Characteristics Authors:Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten+, Ivan Osipkov+ Presenter: Chia-Li."

Similar presentations

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.
Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.
Network Security Highlights Nick Feamster Georgia Tech.

Network Security Highlights Nick Feamster Georgia Tech.
A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.

A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.
Reporter: Jing Chiu Advisor: Yuh-Jye Lee 2015/7/181Data Mining & Machine Learning Lab.

Reporter: Jing Chiu Advisor: Yuh-Jye Lee /7/181Data Mining & Machine Learning Lab.
Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces Roberto Perdisci, Igino Corona, David Dagon, Wenke Lee ACSAC.

Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces Roberto Perdisci, Igino Corona, David Dagon, Wenke Lee ACSAC.
RB-Seeker: Auto-detection of Redirection Botnet Presenter: Yi-Ren Yeh Authors: Xin Hu, Matthew Knysz, Kang G. Shin NDSS 2009 The slides is modified from.

RB-Seeker: Auto-detection of Redirection Botnet Presenter: Yi-Ren Yeh Authors: Xin Hu, Matthew Knysz, Kang G. Shin NDSS 2009 The slides is modified from.
Choosing and Defining a Research Problem Dr. U N Roy Associate Professor, NITTTR Chandigarh Mobile No: 09417581530 Dr U N Roy.

Choosing and Defining a Research Problem Dr. U N Roy Associate Professor, NITTTR Chandigarh Mobile No: Dr U N Roy.
IMF Mihály Andó IT-IS 6 November 2006. Mihály Andó 2 / 11 6 November 2006 What is IMF? ­ Intelligent Message Filter ­ provides server-side message filtering,

IMF Mihály Andó IT-IS 6 November Mihály Andó 2 / 11 6 November 2006 What is IMF? ­ Intelligent Message Filter ­ provides server-side message filtering,
Wide-scale Botnet Detection and Characterization Anestis Karasaridis, Brian Rexroad, David Hoeflin.

Wide-scale Botnet Detection and Characterization Anestis Karasaridis, Brian Rexroad, David Hoeflin.
Understanding the Network-Level Behavior of Spammers Anirudh Ramachandran Nick Feamster.

Understanding the Network-Level Behavior of Spammers Anirudh Ramachandran Nick Feamster.
1 BotGraph: Large Scale Spamming Botnet Detection Yao Zhao EECS Department Northwestern University.

1 BotGraph: Large Scale Spamming Botnet Detection Yao Zhao EECS Department Northwestern University.
Detecting Botnets Using Hidden Markov Models on Network Traces Wade Gobel Bio-Grid, Summer 2008.

Detecting Botnets Using Hidden Markov Models on Network Traces Wade Gobel Bio-Grid, Summer 2008.
Correlating Spam Activity with IP Address Characteristics Chris Wilcox, Christos Papadopoulos CSU John Heidemann USC/ISI IEEE Global Internet Symposium.

Correlating Spam Activity with IP Address Characteristics Chris Wilcox, Christos Papadopoulos CSU John Heidemann USC/ISI IEEE Global Internet Symposium.
BotGraph: Large Scale Spamming Botnet Detection Yao Zhao Yinglian Xie *, Fang Yu *, Qifa Ke *, Yuan Yu *, Yan Chen and Eliot Gillum ‡ EECS Department,

BotGraph: Large Scale Spamming Botnet Detection Yao Zhao Yinglian Xie *, Fang Yu *, Qifa Ke *, Yuan Yu *, Yan Chen and Eliot Gillum ‡ EECS Department,
1 Authors: Anirudh Ramachandran, Nick Feamster, and Santosh Vempala Publication: ACM Conference on Computer and Communications Security 2007 Presenter:

1 Authors: Anirudh Ramachandran, Nick Feamster, and Santosh Vempala Publication: ACM Conference on Computer and Communications Security 2007 Presenter:
23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.

23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.
Team Excel What is SPAM ?. Spam Offense Team Excel '‘a distinctive chopped pork shoulder and ham mixture'' Image Source:Appscout.com.

Team Excel What is SPAM ?. Spam Offense Team Excel '‘a distinctive chopped pork shoulder and ham mixture'' Image Source:Appscout.com.
Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine Shuang Hao, Nadeem Ahmed Syed, Nick Feamster, Alexander G. Gray,

Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine Shuang Hao, Nadeem Ahmed Syed, Nick Feamster, Alexander G. Gray,
S PAMMING B OTNETS : S IGNATURES AND C HARACTERISTICS Introduction of AutoRE Framework.

S PAMMING B OTNETS : S IGNATURES AND C HARACTERISTICS Introduction of AutoRE Framework.

Similar presentations

Ads by Google