Mining botnets and their evolution patterns

Jaehoon Choi, Jaewoo Kang, Jinseung Lee, Chihwan Song, Qingsong Jin, Sunwon Lee, Jinsun Uh

Research output: Contribution to journalArticlepeer-review


The botnet is the network of compromised computers that have fallen under the control of hackers after being infected by malicious programs such as trojan viruses. The compromised machines are mobilized to perform various attacks including mass spamming, distributed denial of service (DDoS) and additional trojans. This is becoming one of the most serious threats to the Internet infrastructure at present. We introduce a method to uncover compromised machines and characterize their behaviors using large email logs. We report various spam campaign variants with different characteristics and introduce a statistical method to combine them. We also report the long-term evolution patterns of the spam campaigns.

Original languageEnglish
Pages (from-to)605-615
Number of pages11
JournalJournal of Computer Science and Technology
Issue number4
Publication statusPublished - 2013 Jul

Bibliographical note

Funding Information:
Regular Paper This work was supported by the National Research Foundation of Korea (NRF) funded by the Ministry of Education, Science and Technology (MEST) of Korea under Grant No. 2012R1A2A2A01014729. The preliminary version of the paper was published in the Proceedings of EDB2012. ∗Corresponding Author ①Weber T. Criminals ‘may overwhelm the web’. BBC NEWS, 2007., May 2013. ②Ward M. Tracking down hi-tech crime. BBC NEWS, 2007., ©2013 Springer Science + Business Media, LLC & Science Press, China


  • botnet
  • botnet evolution
  • botnet spamming

ASJC Scopus subject areas

  • Software
  • Theoretical Computer Science
  • Hardware and Architecture
  • Computer Science Applications
  • Computational Theory and Mathematics


Dive into the research topics of 'Mining botnets and their evolution patterns'. Together they form a unique fingerprint.

Cite this