Abstract
Over the last decade, unsolicited bulk e-mails, i.e., spams, have been dramatically increasing and they have been definitely recognized as a serious Internet threat. Especially, recent spams mostly caused by various malwares (e.g., bots, worms) often contain URLs that navigate spam receivers to malicious Web servers for the purpose of malware infection. In addition, malwares such as bots operate in cooperation with each other, and there are close links between malwares and malicious Web servers. In this paper, considering the need for further studies on the mitigation of recent spam-based attacks, we propose a methodology for analyzing their overall flow in order to investigate the active relationship among spams, malwares and malicious Web servers. Furthermore, we have evaluated our method using double bounce e-mails obtained from our own SMTP server. The experimental results show that the proposed method is highly effective to analyze the correlation between spams’ sources and their eventual destinations.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Anderson, D.S., Fleizach, C., Savage, S., Voelker, G.M.: Spamscatter: characterizing Internet scam hosting infrastructure. In: Proceedings of the USENIX Security Symposium, Boston (2007)
Li, F., Hsieh, M.: An empirical study of clustering behavior of spammers and group based anti-spam strategies. In: Conference on Email and Anti-Spam 2006 (CEAS 2006), pp. 21–28 (2006)
Jennings, R.: The global economic impact of spam, 2005 report. Technical report, Ferris Research (2005)
Spira, J.: Spam e-mail and its impact on it spending and productivity. Technical report, Basex Inc. (2003)
Kreibich, C., Kanich, C., Levchenko, K., Enright, B., Voelker, G., Paxson, V., Savage, S.: Spamcraft: an inside look at spam campaign orchestration. In: Proceedings of the 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET 2009), Boston (2009)
Kawakoya, Y., Akiyama, M., Aoki, K., Itoh, M., Takakura, H.: Investigation of spam mail driven Web-based passive attack. IEICE Technical Report, ICSS2009-5, May 2008, 21–26 (2009)
Nakao, K., Inoue, D., Eto, M., Yoshioka, K.: Practical correlation analysis between scan and malware profiles against zero-day attacks based on darknet monitoring. IEICE Transactions on Information and Systems E92D(5), 787–798 (2009)
RFC 2821, http://www.ietf.org/rfc/rfc2821.txt
Hosihzawa, Y., Kawamorita, K., Tachikawa, T., Kamizono, M.: A Proposal for autonomous crawling client honeypot. IEICE Technical Report, IA2009-3, ICSS2009-11, June 2009, 13–17 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Song, J., Inoue, D., Eto, M., Suzuki, M., Hayashi, S., Nakao, K. (2009). A Methodology for Analyzing Overall Flow of Spam-Based Attacks. In: Leung, C.S., Lee, M., Chan, J.H. (eds) Neural Information Processing. ICONIP 2009. Lecture Notes in Computer Science, vol 5864. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10684-2_62
Download citation
DOI: https://doi.org/10.1007/978-3-642-10684-2_62
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10682-8
Online ISBN: 978-3-642-10684-2
eBook Packages: Computer ScienceComputer Science (R0)