Download now Free registration required
This paper focuses on characterizing spamming botnets by leveraging both spam payload and spam server traffic properties. Towards this goal, it developed a spam signature generation framework called AutoRE to detect botnet-based spam emails and botnet membership. AutoRE does not require pre-classified training data or white lists. Moreover, it outputs high quality regular expression signatures that can detect botnet spam with a low false positive rate. Using a three-month sample of emails from Hotmail, AutoRE successfully identified 7,721 botnet-based spam campaigns together with 340,050 unique botnet host IP addresses.
- Format: PDF
- Size: 706.8 KB