For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
Identifying IP Blocks with Spamming Bots by Spatial Distribution
Sangki YUN Byungseung KIM Saewoong BAHK Hyogon KIM
IEICE TRANSACTIONS on Communications
Publication Date: 2010/08/01
Online ISSN: 1745-1345
Print ISSN: 0916-8516
Type of Manuscript: LETTER
botnet, spamming, identification, detection, false positive,
Full Text: PDF>>
In this letter, we develop a behavioral metric with which spamming botnets can be quickly identified with respect to their residing IP blocks. Our method aims at line-speed operation without deep inspection, so only TCP/IP header fields of the passing packets are examined. However, the proposed metric yields a high-quality receiver operating characteristics (ROC), with high detection rates and low false positive rates.