By Topic

Information Theoretic Approach for Characterizing Spam Botnets Based on Traffic Properties

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
K. Smith ; Sch. of Comput., DePaul Univ., Chicago, IL, USA ; E. Al-Shaer ; K. Elbadawi

In this paper, we present several novel identifying characteristics of spam-sending bots (or spambots) based on traffic statistics. We use the entropy to measure the distribution skewness for a number of traffic features including packet inter-departure time, email per recipients, rate of change in recipient list and destination domains, and inconsistency in email header information of the outgoing email traffic. We also show how we can measure the deviation in these features from benign emails traffic to decisively detect spambots. Our tool is developed to sit anonymously behind the mail server in a network, capturing SMTP data packets and analyzing the traffic while keeping all of the personal email data private and unrecoverable. Unlike content filtering, our technique is hard to evade and used to detect spam email close to the source. In addition, our technique uses online light weight calculations and can be efficiently deployed in the end-user or ISP devices as well. We evaluated our technique using about 6 million email records of real spambot traffic collected during June 2007 - June 2008. Our evaluation results show that our tool can detect spambots accurately and efficiently even with high traffic volume.

Published in:

2009 IEEE International Conference on Communications

Date of Conference:

14-18 June 2009