SpamBands: uma metodologia para identificação de fontes de spam agindo de forma orquestrada
Abstract
In 2012, estimates indicated that 68.8% of all e-mail traffic was spam, what suggests this is still a relevant problem. Recently, some works have focused on the analysis of spam’s traffic inside the network, analyzing the protocols used and the AS which originate the traffic. However, those works usually do not consider the relationships between the machines used to send spam. Such an analysis could reveal how different machines may be used by a single spammer to spread his messages, helping us to understand their behavior. To that end, this work proposes a methodology to cluster the machines used by spammers based on the concept of spam campaigns. The groups identified were characterized to identify different aspects of the spam dissemination process, which suggest different orchestration strategies being used.
References
Cormack, G. V. (2008). Email spam filtering: A systematic review. Found. Trends Inf. Retr., 1(4):335–455.
Crocker, D. (2006). Challenges in anti-spam efforts. The Internet Protocol Journal, 8(4).
Guerra, P. H. C., Guedes, D., Jr., W. M., Hoepers, C., and Steding-Jessen, K. (2008a). Caracterização de estratégias de disseminação de spams. In Anais do Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC). SBC.
Guerra, P. H. C., Pires, D. E. V., Guedes, D., Wagner Meira, J., Hoepers, C., and Steding-Jessen, K. (2008b). A campaign-based characterization of spamming strategies. In Proceedings of the 5th Conference on e-mail and anti-spam (CEAS), Mountain View, CA.
Las-Casas, P. H. B., Guedes, D., Jr., W. M., Hoepers, C., Steding-Jessen, K., Chaves, M. H. P., Fonseca, O., Fazzion, E., and Moreira, R. E. A. (2013). Análise do tráfego de spam coletado ao redor do mundo. In Anais do Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC). SBC.
Moreira Moura, G. C., Sadre, R., and Pras, A. (2011). Internet bad neighborhoods: the spam case. In Festor, O. and Lupu, E., editors, 7th International Conference on Network and Services Management (CNSM 2011), Paris, France, pages 1–8, USA. IEEE Communications Society.
Ramachandran, A. and Feamster, N. (2006). Understanding the network-level behavior of spammers. SIGCOMM Comput. Commun. Rev., 36(4):291–302.
Raywood, D. (2010). The botnet market and what you get for your money. SC Magazine UK.
Royal Pingdom (Visitado em 2014). The internet 2012 in numbers. Artigo na Web. Sipior, J. C., Ward, B. T., and Bonner, P. G. (2004). Should spam be on the menu? Commun. ACM, 47(6):59–63.
Zhuang, L., Dunagan, J., Simon, D. R., Wang, H. J., Osipkov, I., and Tygar, J. D. (2008). Characterizing botnets from email spam records. In Monrose, F., editor, LEET. USENIX Association.
