NSF: Network-based spam filtering based on on-line blacklisting against spamming botnets

Byungseung Kim, Hyogon Kim, Saewoong Bahk

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Although many anti-spam techniques have been developed, they have difficulty in detecting spams whose contents are altered to evade detection and in tracking spammers that are comprised of botnets. There have been a few works to resolve these limitations, but most of them are not appropriate to be deployed at a gateway for online detection. In this paper, we find network-based characteristics that spammers cannot easily distort. Based on the characteristics, we develop an algorithm applying the metrics to a large volume of traffic in real time. The scheme is efficient enough to run at the ingress point as it only needs to inspect the transport information contained in TCP/IP headers of SMTP connections.

Original languageEnglish
Title of host publicationGLOBECOM - IEEE Global Telecommunications Conference
DOIs
Publication statusPublished - 2009 Dec 1
Event2009 IEEE Global Telecommunications Conference, GLOBECOM 2009 - Honolulu, HI, United States
Duration: 2009 Nov 302009 Dec 4

Other

Other2009 IEEE Global Telecommunications Conference, GLOBECOM 2009
CountryUnited States
CityHonolulu, HI
Period09/11/3009/12/4

Fingerprint

Spamming
Botnet

ASJC Scopus subject areas

  • Electrical and Electronic Engineering

Cite this

Kim, B., Kim, H., & Bahk, S. (2009). NSF: Network-based spam filtering based on on-line blacklisting against spamming botnets. In GLOBECOM - IEEE Global Telecommunications Conference [5425683] https://doi.org/10.1109/GLOCOM.2009.5425683

NSF : Network-based spam filtering based on on-line blacklisting against spamming botnets. / Kim, Byungseung; Kim, Hyogon; Bahk, Saewoong.

GLOBECOM - IEEE Global Telecommunications Conference. 2009. 5425683.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Kim, B, Kim, H & Bahk, S 2009, NSF: Network-based spam filtering based on on-line blacklisting against spamming botnets. in GLOBECOM - IEEE Global Telecommunications Conference., 5425683, 2009 IEEE Global Telecommunications Conference, GLOBECOM 2009, Honolulu, HI, United States, 09/11/30. https://doi.org/10.1109/GLOCOM.2009.5425683
Kim, Byungseung ; Kim, Hyogon ; Bahk, Saewoong. / NSF : Network-based spam filtering based on on-line blacklisting against spamming botnets. GLOBECOM - IEEE Global Telecommunications Conference. 2009.
@inproceedings{e18e5e6dce464bb8a783fa5b73adc235,
title = "NSF: Network-based spam filtering based on on-line blacklisting against spamming botnets",
abstract = "Although many anti-spam techniques have been developed, they have difficulty in detecting spams whose contents are altered to evade detection and in tracking spammers that are comprised of botnets. There have been a few works to resolve these limitations, but most of them are not appropriate to be deployed at a gateway for online detection. In this paper, we find network-based characteristics that spammers cannot easily distort. Based on the characteristics, we develop an algorithm applying the metrics to a large volume of traffic in real time. The scheme is efficient enough to run at the ingress point as it only needs to inspect the transport information contained in TCP/IP headers of SMTP connections.",
author = "Byungseung Kim and Hyogon Kim and Saewoong Bahk",
year = "2009",
month = "12",
day = "1",
doi = "10.1109/GLOCOM.2009.5425683",
language = "English",
isbn = "9781424441488",
booktitle = "GLOBECOM - IEEE Global Telecommunications Conference",

}

TY - GEN

T1 - NSF

T2 - Network-based spam filtering based on on-line blacklisting against spamming botnets

AU - Kim, Byungseung

AU - Kim, Hyogon

AU - Bahk, Saewoong

PY - 2009/12/1

Y1 - 2009/12/1

N2 - Although many anti-spam techniques have been developed, they have difficulty in detecting spams whose contents are altered to evade detection and in tracking spammers that are comprised of botnets. There have been a few works to resolve these limitations, but most of them are not appropriate to be deployed at a gateway for online detection. In this paper, we find network-based characteristics that spammers cannot easily distort. Based on the characteristics, we develop an algorithm applying the metrics to a large volume of traffic in real time. The scheme is efficient enough to run at the ingress point as it only needs to inspect the transport information contained in TCP/IP headers of SMTP connections.

AB - Although many anti-spam techniques have been developed, they have difficulty in detecting spams whose contents are altered to evade detection and in tracking spammers that are comprised of botnets. There have been a few works to resolve these limitations, but most of them are not appropriate to be deployed at a gateway for online detection. In this paper, we find network-based characteristics that spammers cannot easily distort. Based on the characteristics, we develop an algorithm applying the metrics to a large volume of traffic in real time. The scheme is efficient enough to run at the ingress point as it only needs to inspect the transport information contained in TCP/IP headers of SMTP connections.

UR - http://www.scopus.com/inward/record.url?scp=77951541610&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77951541610&partnerID=8YFLogxK

U2 - 10.1109/GLOCOM.2009.5425683

DO - 10.1109/GLOCOM.2009.5425683

M3 - Conference contribution

AN - SCOPUS:77951541610

SN - 9781424441488

BT - GLOBECOM - IEEE Global Telecommunications Conference

ER -