Who is sending a spam email: Clustering and characterizing spamming hosts

Jiyoung Woo; Hyun Jae Kang; Ah Reum Kang; Hyukmin Kwon; Huy Kang Kim

doi:10.1007/978-3-319-12160-4_28

Who is sending a spam email: Clustering and characterizing spamming hosts

Jiyoung Woo, Hyun Jae Kang, Ah Reum Kang, Hyukmin Kwon, Huy Kang Kim

School of Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

In this work, we propose a spam analyzing system that clusters the spamming hosts, characterizes and visualizes the spammers’ behaviors, and detects malicious clusters. The proposed system integrates behavior profiling in IP address level, IP address based clustering, characterizing spammer clusters, examining the maliciousness of embedded URLs, and deriving visual signatures for future detection of malicious spammers. We classify spamming hosts into botnet, worm, or individual spammers and derive their characteristics. We then design a clustering scheme to automatically classify the host IP addresses and to identify malicious groups according to known characteristics of each type of host. For rapid decision making in identifying botnets, we derive visual signatures using a parallel coordinates. We validate the proposed system using these spam email data collected by the spam trap system operated by the Korea Internet and Security Agency.

Original language	English
Title of host publication	Information Security and Cryptology - ICISC 2013 - 16th International Conference, Revised Selected Papers
Editors	Hyang-Sook Lee, Dong-Guk Han
Publisher	Springer Verlag
Pages	469-482
Number of pages	14
ISBN (Electronic)	9783319121598
DOIs	https://doi.org/10.1007/978-3-319-12160-4_28
Publication status	Published - 2014
Event	10th IFIP WG 11.9 International Conference on Digital Forensics - Vienna, Austria Duration: 2014 Jan 8 → 2014 Jan 10

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	8565
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	10th IFIP WG 11.9 International Conference on Digital Forensics
Country/Territory	Austria
City	Vienna
Period	14/1/8 → 14/1/10

Keywords

Botnet
Clustering
Spam email
Spamming host
Visualization

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-319-12160-4_28

Cite this

Woo, J., Kang, H. J., Kang, A. R., Kwon, H., & Kim, H. K. (2014). Who is sending a spam email: Clustering and characterizing spamming hosts. In H-S. Lee, & D-G. Han (Eds.), Information Security and Cryptology - ICISC 2013 - 16th International Conference, Revised Selected Papers (pp. 469-482). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8565). Springer Verlag. https://doi.org/10.1007/978-3-319-12160-4_28

Who is sending a spam email: Clustering and characterizing spamming hosts. / Woo, Jiyoung; Kang, Hyun Jae; Kang, Ah Reum et al.
Information Security and Cryptology - ICISC 2013 - 16th International Conference, Revised Selected Papers. ed. / Hyang-Sook Lee; Dong-Guk Han. Springer Verlag, 2014. p. 469-482 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8565).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Woo, J, Kang, HJ, Kang, AR, Kwon, H & Kim, HK 2014, Who is sending a spam email: Clustering and characterizing spamming hosts. in H-S Lee & D-G Han (eds), Information Security and Cryptology - ICISC 2013 - 16th International Conference, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 8565, Springer Verlag, pp. 469-482, 10th IFIP WG 11.9 International Conference on Digital Forensics, Vienna, Austria, 14/1/8. https://doi.org/10.1007/978-3-319-12160-4_28

Woo J, Kang HJ, Kang AR, Kwon H, Kim HK. Who is sending a spam email: Clustering and characterizing spamming hosts. In Lee H-S, Han D-G, editors, Information Security and Cryptology - ICISC 2013 - 16th International Conference, Revised Selected Papers. Springer Verlag. 2014. p. 469-482. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-12160-4_28

Woo, Jiyoung ; Kang, Hyun Jae ; Kang, Ah Reum et al. / Who is sending a spam email : Clustering and characterizing spamming hosts. Information Security and Cryptology - ICISC 2013 - 16th International Conference, Revised Selected Papers. editor / Hyang-Sook Lee ; Dong-Guk Han. Springer Verlag, 2014. pp. 469-482 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{facfbbde457c4aaca3370dd84bd52cc3,

title = "Who is sending a spam email: Clustering and characterizing spamming hosts",

abstract = "In this work, we propose a spam analyzing system that clusters the spamming hosts, characterizes and visualizes the spammers{\textquoteright} behaviors, and detects malicious clusters. The proposed system integrates behavior profiling in IP address level, IP address based clustering, characterizing spammer clusters, examining the maliciousness of embedded URLs, and deriving visual signatures for future detection of malicious spammers. We classify spamming hosts into botnet, worm, or individual spammers and derive their characteristics. We then design a clustering scheme to automatically classify the host IP addresses and to identify malicious groups according to known characteristics of each type of host. For rapid decision making in identifying botnets, we derive visual signatures using a parallel coordinates. We validate the proposed system using these spam email data collected by the spam trap system operated by the Korea Internet and Security Agency.",

keywords = "Botnet, Clustering, Spam email, Spamming host, Visualization",

author = "Jiyoung Woo and Kang, {Hyun Jae} and Kang, {Ah Reum} and Hyukmin Kwon and Kim, {Huy Kang}",

note = "Funding Information: This research was supported by the MKE (The Ministry of Knowledge Economy), Korea, under the ITRC (Information Technology Research Center) support program (NIPA-2013-H0301-13-1003) supervised by the NIPA (National IT Industry Promotion Agency). This research was supported by Korean Ministry of Environment as the Eco-Innovation project (Global Top project). (GT-SWS-11-02-007-3). Publisher Copyright: {\textcopyright} Springer International Publishing Switzerland 2014.; 10th IFIP WG 11.9 International Conference on Digital Forensics ; Conference date: 08-01-2014 Through 10-01-2014",

year = "2014",

doi = "10.1007/978-3-319-12160-4_28",

language = "English",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "469--482",

editor = "Hyang-Sook Lee and Dong-Guk Han",

booktitle = "Information Security and Cryptology - ICISC 2013 - 16th International Conference, Revised Selected Papers",

}

TY - GEN

T1 - Who is sending a spam email

T2 - 10th IFIP WG 11.9 International Conference on Digital Forensics

AU - Woo, Jiyoung

AU - Kang, Hyun Jae

AU - Kang, Ah Reum

AU - Kwon, Hyukmin

AU - Kim, Huy Kang

N1 - Funding Information: This research was supported by the MKE (The Ministry of Knowledge Economy), Korea, under the ITRC (Information Technology Research Center) support program (NIPA-2013-H0301-13-1003) supervised by the NIPA (National IT Industry Promotion Agency). This research was supported by Korean Ministry of Environment as the Eco-Innovation project (Global Top project). (GT-SWS-11-02-007-3). Publisher Copyright: © Springer International Publishing Switzerland 2014.

PY - 2014

Y1 - 2014

N2 - In this work, we propose a spam analyzing system that clusters the spamming hosts, characterizes and visualizes the spammers’ behaviors, and detects malicious clusters. The proposed system integrates behavior profiling in IP address level, IP address based clustering, characterizing spammer clusters, examining the maliciousness of embedded URLs, and deriving visual signatures for future detection of malicious spammers. We classify spamming hosts into botnet, worm, or individual spammers and derive their characteristics. We then design a clustering scheme to automatically classify the host IP addresses and to identify malicious groups according to known characteristics of each type of host. For rapid decision making in identifying botnets, we derive visual signatures using a parallel coordinates. We validate the proposed system using these spam email data collected by the spam trap system operated by the Korea Internet and Security Agency.

AB - In this work, we propose a spam analyzing system that clusters the spamming hosts, characterizes and visualizes the spammers’ behaviors, and detects malicious clusters. The proposed system integrates behavior profiling in IP address level, IP address based clustering, characterizing spammer clusters, examining the maliciousness of embedded URLs, and deriving visual signatures for future detection of malicious spammers. We classify spamming hosts into botnet, worm, or individual spammers and derive their characteristics. We then design a clustering scheme to automatically classify the host IP addresses and to identify malicious groups according to known characteristics of each type of host. For rapid decision making in identifying botnets, we derive visual signatures using a parallel coordinates. We validate the proposed system using these spam email data collected by the spam trap system operated by the Korea Internet and Security Agency.

KW - Botnet

KW - Clustering

KW - Spam email

KW - Spamming host

KW - Visualization

UR - http://www.scopus.com/inward/record.url?scp=84911167191&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-12160-4_28

DO - 10.1007/978-3-319-12160-4_28

M3 - Conference contribution

AN - SCOPUS:84911167191

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 469

EP - 482

BT - Information Security and Cryptology - ICISC 2013 - 16th International Conference, Revised Selected Papers

A2 - Lee, Hyang-Sook

A2 - Han, Dong-Guk

PB - Springer Verlag

Y2 - 8 January 2014 through 10 January 2014

ER -

Who is sending a spam email: Clustering and characterizing spamming hosts

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this