Upload File

spamming botnets: signatures and characteristics authors:yinglian xie, fang yu, kannan achan, rina...

  • Home
  • Documents
  • Spamming Botnets: Signatures and Characteristics Authors:Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten+, Ivan Osipkov+ Presenter: Chia-Li
22
Spamming Botnets: Signatures and Characteristics Authors:Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten+, Ivan Osipkov+ Presenter: Chia-Li Lin

Upload: jemima-berry

Post on 05-Jan-2016

218 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Spamming Botnets: Signatures and Characteristics Authors:Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten+, Ivan Osipkov+ Presenter: Chia-Li

Spamming Botnets: Signatures and Characteristics     

Authors:Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten+, Ivan Osipkov+

Presenter: Chia-Li Lin

Page 2: Spamming Botnets: Signatures and Characteristics Authors:Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten+, Ivan Osipkov+ Presenter: Chia-Li

2

References

Y. Xie, F. Yu, K. Achan, R. Panigrahy, G. Hulten, and I. Osipkov. Spamming botnets: Signatures and characteristics. In SIGCOMM, 2008

Page 3: Spamming Botnets: Signatures and Characteristics Authors:Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten+, Ivan Osipkov+ Presenter: Chia-Li

3

Outline

IntroductionSpam Activity TrendsAutoRE StructureStudy ResultsConclusion

Page 4: Spamming Botnets: Signatures and Characteristics Authors:Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten+, Ivan Osipkov+ Presenter: Chia-Li

4

Introduction

Developed a spam signature generation framework called:

AutoRE

To detect botnet-based spam emails and botnet membership

It outputs high quality regular expression signatures

Page 5: Spamming Botnets: Signatures and Characteristics Authors:Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten+, Ivan Osipkov+ Presenter: Chia-Li

5

Contribution

Ability to detect frequent domain modifications

In-depth analysis of identified spamming botnet characteristics and their activity trends

Page 6: Spamming Botnets: Signatures and Characteristics Authors:Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten+, Ivan Osipkov+ Presenter: Chia-Li

6

Two Observations

First, spammers often add random, legitimate URLs to content

legitimate and very general (e.g.,http://www.w3.org)

Second, customize polymorphic URLs

Page 7: Spamming Botnets: Signatures and Characteristics Authors:Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten+, Ivan Osipkov+ Presenter: Chia-Li

7

Multi-URL spam emails

Page 8: Spamming Botnets: Signatures and Characteristics Authors:Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten+, Ivan Osipkov+ Presenter: Chia-Li

8

Polymorphic URLs

Page 9: Spamming Botnets: Signatures and Characteristics Authors:Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten+, Ivan Osipkov+ Presenter: Chia-Li

9

AutoRE

Automatically generating URL signatures to identify botnet-based spam campaigns

Produces two outputs:

a set of spam URL signatures complete URL string (CU) URL regular Expression (RE)

a related list of botnet host IP addresses

Page 10: Spamming Botnets: Signatures and Characteristics Authors:Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten+, Ivan Osipkov+ Presenter: Chia-Li

10

Three modules

AutoRE is comprised of the following three modules

URL preprocessor Group selector RegEx generator

domain-specific domain-agnostic

Page 11: Spamming Botnets: Signatures and Characteristics Authors:Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten+, Ivan Osipkov+ Presenter: Chia-Li

11

AutoRE Structure[1/2]

Page 12: Spamming Botnets: Signatures and Characteristics Authors:Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten+, Ivan Osipkov+ Presenter: Chia-Li

12

AutoRE Structure[2/2]

Page 13: Spamming Botnets: Signatures and Characteristics Authors:Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten+, Ivan Osipkov+ Presenter: Chia-Li

13

Suffix-array algorithm

Page 14: Spamming Botnets: Signatures and Characteristics Authors:Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten+, Ivan Osipkov+ Presenter: Chia-Li

14

keyword-based signature tree

Page 15: Spamming Botnets: Signatures and Characteristics Authors:Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten+, Ivan Osipkov+ Presenter: Chia-Li

15

Detailing and Generalization

Detailing returns a domain specific regular expression

using a keyword-based signature as input.

Generalization returns a more general domain-agnostic

regular expression by merging very similar domain-specific regular expressions

Page 16: Spamming Botnets: Signatures and Characteristics Authors:Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten+, Ivan Osipkov+ Presenter: Chia-Li

16

Generalization

Page 17: Spamming Botnets: Signatures and Characteristics Authors:Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten+, Ivan Osipkov+ Presenter: Chia-Li

17

Detect Results

Using three months of sampled emails from Hotmail

November 2006, June 2007, July 2007

AutoRE successfully detected

7,721 spam campaigns 340,050 distinct botnet host IP addresses spanning 5,916 ASes.

Page 18: Spamming Botnets: Signatures and Characteristics Authors:Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten+, Ivan Osipkov+ Presenter: Chia-Li

18

CU & RE Statistics

Page 19: Spamming Botnets: Signatures and Characteristics Authors:Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten+, Ivan Osipkov+ Presenter: Chia-Li

19

Page 20: Spamming Botnets: Signatures and Characteristics Authors:Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten+, Ivan Osipkov+ Presenter: Chia-Li

20

False positive rate

Page 21: Spamming Botnets: Signatures and Characteristics Authors:Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten+, Ivan Osipkov+ Presenter: Chia-Li

21

Conclutions

This is the first successful attempt to automatically generate regular expression signatures

The existence of botnet spam signatures and the feasibility of detecting botnet hosts using them

Page 22: Spamming Botnets: Signatures and Characteristics Authors:Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten+, Ivan Osipkov+ Presenter: Chia-Li

22

Questions


GETTING DEPRECIATION (ALMOST) RIGHT1 March, 2008econweb.umd.edu/~hulten/WebPageFiles/Getting... · GETTING DEPRECIATION (ALMOST) RIGHT1 Charles R. Hulten University of Maryland March,

1 Characterizing Botnet from Email Spam Records Presenter: Yi-Ren Yeh ( 葉倚任 ) Authors: L. Zhuang, J. Dunagan, D. R. Simon, H. J. Wang, I. Osipkov, G. Hulten,

An Improved Algorithm Finding Nearest Neighbor …theory.stanford.edu/~rinap/papers/kdtreelatin.pdfAn Improved Algorithm Finding Nearest Neighbor Using Kd-trees Rina Panigrahy Microsoft

Yinglian XieYinglian Xie Fang Yu, Kannan Achan, …web.eecs.umich.edu/~zmao/workshop/talks/Xie.pdfYinglian XieYinglian Xie Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten Ivan

Abhimanyu Das Sreenivas Gollapudi Ravi Kumar Rina ...Abhimanyu Das Sreenivas Gollapudi Ravi Kumar Rina Panigrahy Google Mountain View, CA April 9, 2019 ... 1 Introduction ... expansions

Charles Hulten University of Maryland, NBER & The Conference Board Janet Hao The Conference Board Kirsten Jaeger The Conference Board Intangible Capital

Rekenen in groep 1 en 2 Bijeenkomst 2 Karen van Hulten [email protected]

Refractory Hypoxemia Case Based Approach · Based Approach Dr Nalinikant Panigrahy MD , DNB Neonatology Consultant Neonatology. Case ... cyanosis Labile oxygenation Hypoxemia disproportional

Partitioning Orders in Online Shopping Servicesdebmalya/papers/cikm17-orderpartition.pdf · Durham, NC [email protected] Rina Panigrahy Google Mountain View, CA [email protected]

HEMUBO KINDERRAAD...Jaap Vork Foppe Schut Hemubo Tekstbijdragen Frauke van Hulten Vormgeving Hemubo Eindredactie Hemubo Adreswijzigingen, verandering van contactpersoon of anderszins

Kevin Hulten PDC Violations

Charles Hulten University of Maryland, NBER & The Conference Board Janet Hao The Conference Board

repository.unpas.ac.idrepository.unpas.ac.id/13871/8/BAB II.docx · Web viewSlavin 1975, DeVries, dan Hulten 1975 (Slavin,2010: 35 ) para siswa dalam kelompok kooperatif yang berhasil

Dilys Thomas PODS 20061 Achieving Anonymity via Clustering G. Aggarwal, T. Feder, K. Kenthapadi, S. Khuller, R. Panigrahy, D. Thomas, A. Zhu

Based Investment Growth through Knowledge- Stimulating …econweb.umd.edu/~hulten/L11 oecd/Hulten Working Paper... · 2014-01-29 · DSTI/DOC(2013)2 3 STIMULATING ECONOMIC GROWTH

Making sense of the 2014 European Parliament elections Michiel van Hulten, Managing Director, VoteWatch Europe Eurocommerce, Brussels, 28 May 2014

Objective Agribusiness Management · Dr Shakti Ranjan Panigrahy is a veterinary graduate with a master degree in Agribusiness Management from Choudhury Charan Singh Haryana Agricultural

Original Research Article DOI - 10.26479/2018.0403.10 … · 2018-05-17 · Madhusmita Panigrahy1*, Sarla N2, Kishore CS Panigrahi1. ... *Corresponding Author: Dr. Madhusmita Panigrahy

DOES INFRASTRUCTURE INVESTMENT INCREASE TH …econweb.umd.edu/~hulten/WebPageFiles/Does Infrastructure Increas… · infrastructure gap that can be closed. However, under the circumstances

Spamming Botnets: Signatures and Characteristics Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten, and Ivan Osipkov. SIGCOMM, 2008. Presented

The Smallest Grammar Problem - CSweb.cs.ucla.edu/~sahai/work/web/2005 Publications... · Moses Charikar, Eric Lehman, Ding Liu, Rina Panigrahy, Manoj Prabhakaran, Amit Sahai, and

Spamming Botnets: Signatures and CharacteristicsSpamming Botnets: Signatures and Characteristics Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten+,IvanOsipkov+ Microsoft

STADSWERF OOSTENBURG - Roosen · Fotografie: Foppe Schut. Hillen & Roosen. Tekstbijdragen. Frauke van Hulten. Vormgeving. Hemubo Eindredactie. Hillen & Roosen Adreswijzigingen, verandering

Beyond Bloom Filters: Approximate Concurrent State Machines Michael Mitzenmacher Joint work with Flavio Bonomi, Rina Panigrahy, Sushil Singh, George Varghese

S.L.N MEDICAL COLLEGE & HOSPITAL, KORAPUT – Department … · 2019. 11. 11. · 2. Bijaya Kumar Panigrahy, Kaushik Mishra, Arakhita Swain, Saiprasanna Behera. A Cross-Sectional

De kijk op de woningmarkt door Aedes. Pieter van Hulten Senior accountmanager Aedes

How to be an “Adept” Toastmaster Deepak Panigrahy

A General Framework for Mining Massive Data Streams Geoff Hulten Advised by Pedro Domingos

Bijlmerbajes weer open HEMUBO TRANSFORMEERT ......Jaap Vork, Rijksvastgoedbedrijf Tekstbijdragen: Frauke van Hulten Vormgeving: Studio Claes Eindredactie: Hemubo Adreswijzigingen,

GETTING DEPRECIATION (ALMOST) RIGHT1 Charles R. Hulten

aiimsbhubaneswar.nic.in€¦ · Mr. Shiv Kumar Pankha Mrs. Jigyan Mishra Mrs. Niharika Pattanayak Mr. Gopa Ranjan Panigrahy Mr. Pawan Kumar Mishra Mr. Pathak Sachin Ganeshrao Mrs

Name And Designation: Dr. Asisa Kumar Panigrahy, Associate

DML 2016 - Mobile relationship therapy - vizeum, achtung! - Dimitry van Hulten, Daniel Sytsma

Combating Double-Spending Using Cooperative P2P Systems Author : Ivan Osipkov, Eugene Y. Vasserman, Nicholas Hopper, Yongdae Kim Source : International

Dated : 01/02/2019 - lspublicschooljk.com · pradipta kishore panigrahy contact number of grievance/complaint redressal officer 9848494979 email id of grievance/complaint redressal