Who is sending a spam email: Clustering and characterizing spamming hosts

Jiyoung Woo, Hyun Jae Kang, Ah Reum Kang, Hyukmin Kwon, Huy Kang Kim

Research output: Chapter in Book/Report/Conference proceedingConference contribution


In this work, we propose a spam analyzing system that clusters the spamming hosts, characterizes and visualizes the spammers’ behaviors, and detects malicious clusters. The proposed system integrates behavior profiling in IP address level, IP address based clustering, characterizing spammer clusters, examining the maliciousness of embedded URLs, and deriving visual signatures for future detection of malicious spammers. We classify spamming hosts into botnet, worm, or individual spammers and derive their characteristics. We then design a clustering scheme to automatically classify the host IP addresses and to identify malicious groups according to known characteristics of each type of host. For rapid decision making in identifying botnets, we derive visual signatures using a parallel coordinates. We validate the proposed system using these spam email data collected by the spam trap system operated by the Korea Internet and Security Agency.

Original languageEnglish
Title of host publicationInformation Security and Cryptology - ICISC 2013 - 16th International Conference, Revised Selected Papers
EditorsHyang-Sook Lee, Dong-Guk Han
PublisherSpringer Verlag
Number of pages14
ISBN (Electronic)9783319121598
Publication statusPublished - 2014
Event10th IFIP WG 11.9 International Conference on Digital Forensics - Vienna, Austria
Duration: 2014 Jan 82014 Jan 10

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other10th IFIP WG 11.9 International Conference on Digital Forensics


  • Botnet
  • Clustering
  • Spam email
  • Spamming host
  • Visualization

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)


Dive into the research topics of 'Who is sending a spam email: Clustering and characterizing spamming hosts'. Together they form a unique fingerprint.

Cite this