Identifying IP blocks with spamming bots by spatial distribution

Sangki Yun; Byungseung Kim; Saewoong Bahk; Hyogon Kim

doi:10.1587/transcom.E93.B.2188

Identifying IP blocks with spamming bots by spatial distribution

Sangki Yun, Byungseung Kim, Saewoong Bahk, Hyogon Kim

Research output: Contribution to journal › Article › peer-review

1 Citation (Scopus)

Abstract

In this letter, we develop a behavioral metric with which spamming botnets can be quickly identified with respect to their residing IP blocks. Our method aims at line-speed operation without deep inspection, so only TCP/IP header fields of the passing packets are examined. However, the proposed metric yields a high-quality receiver operating characteristics (ROC), with high detection rates and low false positive rates.

Original language	English
Pages (from-to)	2188-2190
Number of pages	3
Journal	IEICE Transactions on Communications
Volume	E93-B
Issue number	8
DOIs	https://doi.org/10.1587/transcom.E93.B.2188
Publication status	Published - 2010 Aug

Keywords

Botnet
Detection
False positive
Identification
Spamming

ASJC Scopus subject areas

Software
Computer Networks and Communications
Electrical and Electronic Engineering

Access to Document

10.1587/transcom.E93.B.2188

Cite this

@article{1b23486f8da2449ca3301ef0333a6f2e,

title = "Identifying IP blocks with spamming bots by spatial distribution",

abstract = "In this letter, we develop a behavioral metric with which spamming botnets can be quickly identified with respect to their residing IP blocks. Our method aims at line-speed operation without deep inspection, so only TCP/IP header fields of the passing packets are examined. However, the proposed metric yields a high-quality receiver operating characteristics (ROC), with high detection rates and low false positive rates.",

keywords = "Botnet, Detection, False positive, Identification, Spamming",

author = "Sangki Yun and Byungseung Kim and Saewoong Bahk and Hyogon Kim",

year = "2010",

month = aug,

doi = "10.1587/transcom.E93.B.2188",

language = "English",

volume = "E93-B",

pages = "2188--2190",

journal = "IEICE Transactions on Communications",

issn = "0916-8516",

publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",

number = "8",

}

TY - JOUR

T1 - Identifying IP blocks with spamming bots by spatial distribution

AU - Yun, Sangki

AU - Kim, Byungseung

AU - Bahk, Saewoong

AU - Kim, Hyogon

PY - 2010/8

Y1 - 2010/8

N2 - In this letter, we develop a behavioral metric with which spamming botnets can be quickly identified with respect to their residing IP blocks. Our method aims at line-speed operation without deep inspection, so only TCP/IP header fields of the passing packets are examined. However, the proposed metric yields a high-quality receiver operating characteristics (ROC), with high detection rates and low false positive rates.

AB - In this letter, we develop a behavioral metric with which spamming botnets can be quickly identified with respect to their residing IP blocks. Our method aims at line-speed operation without deep inspection, so only TCP/IP header fields of the passing packets are examined. However, the proposed metric yields a high-quality receiver operating characteristics (ROC), with high detection rates and low false positive rates.

KW - Botnet

KW - Detection

KW - False positive

KW - Identification

KW - Spamming

UR - http://www.scopus.com/inward/record.url?scp=77955406539&partnerID=8YFLogxK

U2 - 10.1587/transcom.E93.B.2188

DO - 10.1587/transcom.E93.B.2188

M3 - Article

AN - SCOPUS:77955406539

SN - 0916-8516

VL - E93-B

SP - 2188

EP - 2190

JO - IEICE Transactions on Communications

JF - IEICE Transactions on Communications

IS - 8

ER -

Identifying IP blocks with spamming bots by spatial distribution

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this