Mining botnets and their evolution patterns

Jaehoon Choi; Jaewoo Kang; Jinseung Lee; Chihwan Song; Qingsong Jin; Sunwon Lee; Jinsun Uh

doi:10.1007/s11390-013-1361-1

Mining botnets and their evolution patterns

Jaehoon Choi, Jaewoo Kang, Jinseung Lee, Chihwan Song, Qingsong Jin, Sunwon Lee, Jinsun Uh

Department of Computer Science and Engineering

Research output: Contribution to journal › Article › peer-review

Abstract

The botnet is the network of compromised computers that have fallen under the control of hackers after being infected by malicious programs such as trojan viruses. The compromised machines are mobilized to perform various attacks including mass spamming, distributed denial of service (DDoS) and additional trojans. This is becoming one of the most serious threats to the Internet infrastructure at present. We introduce a method to uncover compromised machines and characterize their behaviors using large email logs. We report various spam campaign variants with different characteristics and introduce a statistical method to combine them. We also report the long-term evolution patterns of the spam campaigns.

Original language	English
Pages (from-to)	605-615
Number of pages	11
Journal	Journal of Computer Science and Technology
Volume	28
Issue number	4
DOIs	https://doi.org/10.1007/s11390-013-1361-1
Publication status	Published - 2013 Jul

Keywords

botnet
botnet evolution
botnet spamming

ASJC Scopus subject areas

Software
Theoretical Computer Science
Hardware and Architecture
Computer Science Applications
Computational Theory and Mathematics

Access to Document

10.1007/s11390-013-1361-1

Cite this

@article{7b88d1d813324e668afe1e33527f19ed,

title = "Mining botnets and their evolution patterns",

abstract = "The botnet is the network of compromised computers that have fallen under the control of hackers after being infected by malicious programs such as trojan viruses. The compromised machines are mobilized to perform various attacks including mass spamming, distributed denial of service (DDoS) and additional trojans. This is becoming one of the most serious threats to the Internet infrastructure at present. We introduce a method to uncover compromised machines and characterize their behaviors using large email logs. We report various spam campaign variants with different characteristics and introduce a statistical method to combine them. We also report the long-term evolution patterns of the spam campaigns.",

keywords = "botnet, botnet evolution, botnet spamming",

author = "Jaehoon Choi and Jaewoo Kang and Jinseung Lee and Chihwan Song and Qingsong Jin and Sunwon Lee and Jinsun Uh",

note = "Funding Information: Regular Paper This work was supported by the National Research Foundation of Korea (NRF) funded by the Ministry of Education, Science and Technology (MEST) of Korea under Grant No. 2012R1A2A2A01014729. The preliminary version of the paper was published in the Proceedings of EDB2012. ∗Corresponding Author ①Weber T. Criminals {\textquoteleft}may overwhelm the web{\textquoteright}. BBC NEWS, 2007. http://news.bbc.co.uk/2/hi/business/6298641.stm, May 2013. ②Ward M. Tracking down hi-tech crime. BBC NEWS, 2007. http://news.bbc.co.uk/2/hi/technology/5414502.stm, {\textcopyright}2013 Springer Science + Business Media, LLC & Science Press, China",

year = "2013",

month = jul,

doi = "10.1007/s11390-013-1361-1",

language = "English",

volume = "28",

pages = "605--615",

journal = "Journal of Computer Science and Technology",

issn = "1000-9000",

publisher = "Springer New York",

number = "4",

}

TY - JOUR

T1 - Mining botnets and their evolution patterns

AU - Choi, Jaehoon

AU - Kang, Jaewoo

AU - Lee, Jinseung

AU - Song, Chihwan

AU - Jin, Qingsong

AU - Lee, Sunwon

AU - Uh, Jinsun

N1 - Funding Information: Regular Paper This work was supported by the National Research Foundation of Korea (NRF) funded by the Ministry of Education, Science and Technology (MEST) of Korea under Grant No. 2012R1A2A2A01014729. The preliminary version of the paper was published in the Proceedings of EDB2012. ∗Corresponding Author ①Weber T. Criminals ‘may overwhelm the web’. BBC NEWS, 2007. http://news.bbc.co.uk/2/hi/business/6298641.stm, May 2013. ②Ward M. Tracking down hi-tech crime. BBC NEWS, 2007. http://news.bbc.co.uk/2/hi/technology/5414502.stm, ©2013 Springer Science + Business Media, LLC & Science Press, China

PY - 2013/7

Y1 - 2013/7

N2 - The botnet is the network of compromised computers that have fallen under the control of hackers after being infected by malicious programs such as trojan viruses. The compromised machines are mobilized to perform various attacks including mass spamming, distributed denial of service (DDoS) and additional trojans. This is becoming one of the most serious threats to the Internet infrastructure at present. We introduce a method to uncover compromised machines and characterize their behaviors using large email logs. We report various spam campaign variants with different characteristics and introduce a statistical method to combine them. We also report the long-term evolution patterns of the spam campaigns.

AB - The botnet is the network of compromised computers that have fallen under the control of hackers after being infected by malicious programs such as trojan viruses. The compromised machines are mobilized to perform various attacks including mass spamming, distributed denial of service (DDoS) and additional trojans. This is becoming one of the most serious threats to the Internet infrastructure at present. We introduce a method to uncover compromised machines and characterize their behaviors using large email logs. We report various spam campaign variants with different characteristics and introduce a statistical method to combine them. We also report the long-term evolution patterns of the spam campaigns.

KW - botnet

KW - botnet evolution

KW - botnet spamming

UR - http://www.scopus.com/inward/record.url?scp=84880049303&partnerID=8YFLogxK

U2 - 10.1007/s11390-013-1361-1

DO - 10.1007/s11390-013-1361-1

M3 - Article

AN - SCOPUS:84880049303

SN - 1000-9000

VL - 28

SP - 605

EP - 615

JO - Journal of Computer Science and Technology

JF - Journal of Computer Science and Technology

IS - 4

ER -

Mining botnets and their evolution patterns

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this