SpamBands: uma metodologia para identificação de fontes de spam agindo de forma orquestrada

Elverton Fazzion; Oswaldo Fonseca; Wagner Meira Jr.; Dorgival Guedes

Elverton Fazzion UFMG
Oswaldo Fonseca UFMG
Wagner Meira Jr. UFMG
Dorgival Guedes UFMG

Abstract

In 2012, estimates indicated that 68.8% of all e-mail traffic was spam, what suggests this is still a relevant problem. Recently, some works have focused on the analysis of spam’s traffic inside the network, analyzing the protocols used and the AS which originate the traffic. However, those works usually do not consider the relationships between the machines used to send spam. Such an analysis could reveal how different machines may be used by a single spammer to spread his messages, helping us to understand their behavior. To that end, this work proposes a methodology to cluster the machines used by spammers based on the concept of campaigns. The groups identified were characterized to identify different aspects of spam dissemination, suggesting the use of different orchestration strategies.

References

Almeida, H., Guedes, D., Meira, W., and Zaki, M. J. (2011). Is there a best quality metric for graph clusters? In Proceedings of the 2011 European Conference on Machine Learning and Knowledge Discovery in Databases - Volume Part I, pages 44–59, Athens, Greece.

Cormack, G. V. (2008). Email spam filtering: A systematic review. Found. Trends Inf. Retr., 1(4):335–455.

Crocker, D. (2006). Challenges in anti-spam efforts. The Internet Protocol Journal, 8(4).

Guerra, P. H. C., Pires, D. E. V., Guedes, D., Wagner Meira, J., Hoepers, C., and Steding-Jessen, K. (2008). A campaign-based characterization of spamming strategies. In Proceedings of the 5th Conference on e-mail and anti-spam (CEAS), Mountain View, CA.

Las-Casas, P. H. B., Guedes, D., Jr., W. M., Hoepers, C., Steding-Jessen, K., Chaves, M. H. P., Fonseca, O., Fazzion, E., and Moreira, R. E. A. (2013). Análise do tráfego de spam coletado ao redor do mundo. In Anais do Simp´osio Brasileiro de Redes de Computadores e Sistemas Distribu´ıdos (SBRC). SBC.

Moreira Moura, G. C., Sadre, R., and Pras, A. (2011). Internet bad neighborhoods: the spam case. In Festor, O. and Lupu, E., editors, 7th International Conference on Network and Services

Management (CNSM 2011), Paris, France, pages 1–8, USA. IEEE Communications Society.

Ramachandran, A. and Feamster, N. (2006). Understanding the network-level behavior of spammers. SIGCOMM Comput. Commun. Rev., 36(4):291–302.

Raywood, D. (2010). The botnet market and what you get for your money. SC Magazine UK.

Royal Pingdom (Visitado em 2014). The internet 2012 in numbers. Artigo na Web.

Sipior, J. C., Ward, B. T., and Bonner, P. G. (2004). Should spam be on the menu? Commun. ACM, 47(6):59–63.

Zhuang, L., Dunagan, J., Simon, D. R., Wang, H. J., Osipkov, I., and Tygar, J. D. (2008). Characterizing botnets from email spam records. In Monrose, F., editor, LEET. USENIX Association.