Identifying IP Blocks with Spamming Bots by Spatial Distribution

Sangki YUN  Byungseung KIM  Saewoong BAHK  Hyogon KIM  

Publication
IEICE TRANSACTIONS on Communications   Vol.E93-B   No.8   pp.2188-2190
Publication Date: 2010/08/01
Online ISSN: 1745-1345
Print ISSN: 0916-8516
Type of Manuscript: LETTER
Category: Internet
Keyword: 
botnet,  spamming,  identification,  detection,  false positive,  

Full Text: PDF(143.1KB)
>>Buy this Article


Summary: 
In this letter, we develop a behavioral metric with which spamming botnets can be quickly identified with respect to their residing IP blocks. Our method aims at line-speed operation without deep inspection, so only TCP/IP header fields of the passing packets are examined. However, the proposed metric yields a high-quality receiver operating characteristics (ROC), with high detection rates and low false positive rates.