Identification and Characterization of Spammers from Honeypots
Abstract
Despite current strategies to minimize the impact of spams, it is necessary a continuous effort to understand in detail how spammers generate and distribute their messages in the network, to maintain and even improve the effectiveness of anti-spam mechanisms. This work proposes a methodology for characterization of spamming strategies based on the identification of spam campaigns – groups of messages that share the same goal and are generated according to the same template. To identify spam campaigns, we designed a data mining technique that detect message invariants and is able to deal with spam evolution. We implemented our campaign detection technique in a system called Spam Miner, which is being used by the Brazilian Internet Steering Committee (CGI.br) and is helping the organization to better understand how the Brazilian network infrastructure is abused by spammers.References
Goodman, J., Cormack, G. V., and Heckerman, D. (2007). Spam and the ongoing battle for the inbox. Comm. ACM, 50(2):24–33.
Guerra, P. H. C., Guedes, D., Jr., W. M., Hoepers, C., and Steding-Jessen, K. (2008a). Caracterização de estratégias de disseminação de spams. In 26o Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, Rio de Janeiro, RJ.
Guerra, P. H. C., Guedes, D., Jr., W. M., Hoepers, C., Steding-Jessen, K., and Chaves, M. H. (2009a). Caracterização de encadeamento de conexões para envio de spams. In 27o Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, Recife, PE.
Guerra, P. H. C., Guedes, D., Wagner Meira, J., Hoepers, C., Chaves, M. H. P. C., and Steding-Jessen, K. (2009b). Spamming chains: A new way of understanding spammer behavior. In Proceedings of the 6th Conference on e-mail and anti-spam (CEAS), Mountain View, CA.
Guerra, P. H. C., Pires, D., Guedes, D., Wagner Meira, J., Hoepers, C., and Steding-Jessen, K. (2008b). A campaign-based characterization of spamming strategies. In Proceedings of the 5th Conference on e-mail and anti-spam (CEAS), Mountain View, CA.
Guerra, P. H. C., Pires, D., Ribeiro, M. T., Guedes, D., Jr., W. M., Hoepers, C., Chaves, M. H. P. C., and Steding-Jessen, K. (2009c). Spam Miner: A platform for detecting and characterizing spam campaigns (demo paper). in: International conference on knowledge discovery and data mining. In Proceedings of the 15th ACM SIGKDD international conference on Knowledge discovery and data mining, Paris, França.
Hayes, B. (2003). Spam, spam, spam, lovely spam. American Scientist, 91(3):200–204.
Sipior, J. C., Ward, B. T., and Bonner, P. G. (2004). Should spam be on the menu? Commun. ACM, 47(6):59–63.
Spitzner, L. (2003). Honeypots: Catching the insider threat. In ACSAC ’03: Proceedings of the 19th Annual Computer Security Applications Conference, page 170, Washington, DC, USA. IEEE Computer Society.
Steding-Jessen, K., Vijaykumar, N. L., and Montes, A. (2008). Using low-interaction honeypots to study the abuse of open proxies to send spam. INFOCOMP Journal of Computer Science.
Stern, H. (2008). A survey of modern spam tools. Proceedings of the 5th Conference on Email and Anti-Spam (CEAS). Mountain View, CA.
Tan, P., Steinbach, M., and Kumar, V. (2005). Introduction to Data Mining, (First Edition). Addison-Wesley Longman Publishing Co.
Wang, Z., Josephson, W., Lv, Q., Charikar, M., and Li, K. (2007). Filtering image spam with near-duplicate detection. In Proc. of the Fourth Conference on Email and Anti-Spam (CEAS). Mountain View, CA.
Xie, Y., Yu, F., Achan, K., Panigrahy, R., Hulten, G., and Osipkov, I. (2008). Spamming botnets: signatures and characteristics. SIGCOMM Comput. Commun. Rev., 38(4):171–182.
Guerra, P. H. C., Guedes, D., Jr., W. M., Hoepers, C., and Steding-Jessen, K. (2008a). Caracterização de estratégias de disseminação de spams. In 26o Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, Rio de Janeiro, RJ.
Guerra, P. H. C., Guedes, D., Jr., W. M., Hoepers, C., Steding-Jessen, K., and Chaves, M. H. (2009a). Caracterização de encadeamento de conexões para envio de spams. In 27o Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, Recife, PE.
Guerra, P. H. C., Guedes, D., Wagner Meira, J., Hoepers, C., Chaves, M. H. P. C., and Steding-Jessen, K. (2009b). Spamming chains: A new way of understanding spammer behavior. In Proceedings of the 6th Conference on e-mail and anti-spam (CEAS), Mountain View, CA.
Guerra, P. H. C., Pires, D., Guedes, D., Wagner Meira, J., Hoepers, C., and Steding-Jessen, K. (2008b). A campaign-based characterization of spamming strategies. In Proceedings of the 5th Conference on e-mail and anti-spam (CEAS), Mountain View, CA.
Guerra, P. H. C., Pires, D., Ribeiro, M. T., Guedes, D., Jr., W. M., Hoepers, C., Chaves, M. H. P. C., and Steding-Jessen, K. (2009c). Spam Miner: A platform for detecting and characterizing spam campaigns (demo paper). in: International conference on knowledge discovery and data mining. In Proceedings of the 15th ACM SIGKDD international conference on Knowledge discovery and data mining, Paris, França.
Hayes, B. (2003). Spam, spam, spam, lovely spam. American Scientist, 91(3):200–204.
Sipior, J. C., Ward, B. T., and Bonner, P. G. (2004). Should spam be on the menu? Commun. ACM, 47(6):59–63.
Spitzner, L. (2003). Honeypots: Catching the insider threat. In ACSAC ’03: Proceedings of the 19th Annual Computer Security Applications Conference, page 170, Washington, DC, USA. IEEE Computer Society.
Steding-Jessen, K., Vijaykumar, N. L., and Montes, A. (2008). Using low-interaction honeypots to study the abuse of open proxies to send spam. INFOCOMP Journal of Computer Science.
Stern, H. (2008). A survey of modern spam tools. Proceedings of the 5th Conference on Email and Anti-Spam (CEAS). Mountain View, CA.
Tan, P., Steinbach, M., and Kumar, V. (2005). Introduction to Data Mining, (First Edition). Addison-Wesley Longman Publishing Co.
Wang, Z., Josephson, W., Lv, Q., Charikar, M., and Li, K. (2007). Filtering image spam with near-duplicate detection. In Proc. of the Fourth Conference on Email and Anti-Spam (CEAS). Mountain View, CA.
Xie, Y., Yu, F., Achan, K., Panigrahy, R., Hulten, G., and Osipkov, I. (2008). Spamming botnets: signatures and characteristics. SIGCOMM Comput. Commun. Rev., 38(4):171–182.
Published
2010-07-20
How to Cite
GUERRA, Pedro H. Calais; MEIRA JR., Wagner; GUEDES, Dorgival.
Identification and Characterization of Spammers from Honeypots. In: THESIS AND DISSERTATION CONTEST (CTD), 23. , 2010, Belo Horizonte/MG.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2010
.
p. 41-48.
ISSN 2763-8820.
