NSF: Network-based spam filtering based on on-line blacklisting against spamming botnets

Byungseung Kim; Hyogon Kim; Saewoong Bahk

doi:10.1109/GLOCOM.2009.5425683

NSF: Network-based spam filtering based on on-line blacklisting against spamming botnets

Byungseung Kim, Hyogon Kim, Saewoong Bahk

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Citation (Scopus)

Abstract

Although many anti-spam techniques have been developed, they have difficulty in detecting spams whose contents are altered to evade detection and in tracking spammers that are comprised of botnets. There have been a few works to resolve these limitations, but most of them are not appropriate to be deployed at a gateway for online detection. In this paper, we find network-based characteristics that spammers cannot easily distort. Based on the characteristics, we develop an algorithm applying the metrics to a large volume of traffic in real time. The scheme is efficient enough to run at the ingress point as it only needs to inspect the transport information contained in TCP/IP headers of SMTP connections.

Original language	English
Title of host publication	GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference
DOIs	https://doi.org/10.1109/GLOCOM.2009.5425683
Publication status	Published - 2009
Event	2009 IEEE Global Telecommunications Conference, GLOBECOM 2009 - Honolulu, HI, United States Duration: 2009 Nov 30 → 2009 Dec 4

Publication series

Name	GLOBECOM - IEEE Global Telecommunications Conference

Other

Other	2009 IEEE Global Telecommunications Conference, GLOBECOM 2009
Country/Territory	United States
City	Honolulu, HI
Period	09/11/30 → 09/12/4

ASJC Scopus subject areas

Electrical and Electronic Engineering

Access to Document

10.1109/GLOCOM.2009.5425683

Cite this

Kim, B, Kim, H & Bahk, S 2009, NSF: Network-based spam filtering based on on-line blacklisting against spamming botnets. in GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference., 5425683, GLOBECOM - IEEE Global Telecommunications Conference, 2009 IEEE Global Telecommunications Conference, GLOBECOM 2009, Honolulu, HI, United States, 09/11/30. https://doi.org/10.1109/GLOCOM.2009.5425683

@inproceedings{e18e5e6dce464bb8a783fa5b73adc235,

title = "NSF: Network-based spam filtering based on on-line blacklisting against spamming botnets",

abstract = "Although many anti-spam techniques have been developed, they have difficulty in detecting spams whose contents are altered to evade detection and in tracking spammers that are comprised of botnets. There have been a few works to resolve these limitations, but most of them are not appropriate to be deployed at a gateway for online detection. In this paper, we find network-based characteristics that spammers cannot easily distort. Based on the characteristics, we develop an algorithm applying the metrics to a large volume of traffic in real time. The scheme is efficient enough to run at the ingress point as it only needs to inspect the transport information contained in TCP/IP headers of SMTP connections.",

author = "Byungseung Kim and Hyogon Kim and Saewoong Bahk",

year = "2009",

doi = "10.1109/GLOCOM.2009.5425683",

language = "English",

isbn = "9781424441488",

series = "GLOBECOM - IEEE Global Telecommunications Conference",

booktitle = "GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference",

note = "2009 IEEE Global Telecommunications Conference, GLOBECOM 2009 ; Conference date: 30-11-2009 Through 04-12-2009",

}

TY - GEN

T1 - NSF

T2 - 2009 IEEE Global Telecommunications Conference, GLOBECOM 2009

AU - Kim, Byungseung

AU - Kim, Hyogon

AU - Bahk, Saewoong

PY - 2009

Y1 - 2009

N2 - Although many anti-spam techniques have been developed, they have difficulty in detecting spams whose contents are altered to evade detection and in tracking spammers that are comprised of botnets. There have been a few works to resolve these limitations, but most of them are not appropriate to be deployed at a gateway for online detection. In this paper, we find network-based characteristics that spammers cannot easily distort. Based on the characteristics, we develop an algorithm applying the metrics to a large volume of traffic in real time. The scheme is efficient enough to run at the ingress point as it only needs to inspect the transport information contained in TCP/IP headers of SMTP connections.

AB - Although many anti-spam techniques have been developed, they have difficulty in detecting spams whose contents are altered to evade detection and in tracking spammers that are comprised of botnets. There have been a few works to resolve these limitations, but most of them are not appropriate to be deployed at a gateway for online detection. In this paper, we find network-based characteristics that spammers cannot easily distort. Based on the characteristics, we develop an algorithm applying the metrics to a large volume of traffic in real time. The scheme is efficient enough to run at the ingress point as it only needs to inspect the transport information contained in TCP/IP headers of SMTP connections.

UR - http://www.scopus.com/inward/record.url?scp=77951541610&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77951541610&partnerID=8YFLogxK

U2 - 10.1109/GLOCOM.2009.5425683

DO - 10.1109/GLOCOM.2009.5425683

M3 - Conference contribution

AN - SCOPUS:77951541610

SN - 9781424441488

T3 - GLOBECOM - IEEE Global Telecommunications Conference

BT - GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference

Y2 - 30 November 2009 through 4 December 2009

ER -

NSF: Network-based spam filtering based on on-line blacklisting against spamming botnets

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this