02279nas a2200373 4500008004100000245003800041210003800079520122200117653003001339653001201369653003001381653002501411653002601436653001601462653002001478653001601498653001401514653002601528653002201554653002101576653002701597653002301624653000801647653003301655653001901688653002801707653002301735653002901758100001801787700002801805700002001833700001501853856003701868 2008 eng d00aBehavior analysis of spam botnets0 aBehavior analysis of spam botnets3 a
Compromised computers, known as bots, are the major source of spamming and their detection helps greatly improve control of unwanted traffic. In this work we investigate the behavior patterns of spammers based on their underlying similarities in spamming. To our knowledge, no work has been reported on identifying spam botnets based on spammerspsila temporal characteristics. Our study shows that the relationship among spammers demonstrates highly clustering structures based on features such as content length, time of arrival, frequency of email, active time, inter-arrival time, and content type. Although the dimensions of the collected feature set is low, we perform principal component analysis (PCA) on feature set to identify the features which account for the maximum variance in the spamming patterns. Further, we calculate the proximity between different spammers and classify them into various groups. Each group represents similar proximity. Spammers in the same group inherit similar patterns of spamming a domain. For classification into Botnet groups, we use clustering algorithms such as Hierarchical and K-means.We identify Botnet spammers into a particular group with a precision of 90%.
10abehavior pattern analysis10aBotnets10aClassification algorithms10aclustering algorithm10aClustering algorithms10aCorrelation10aElectronic mail10afeature set10aFiltering10ainformation filtering10ainvasive software10amaximum variance10apattern classification10apattern clustering10aPCA10aprincipal component analysis10aspam filtering10aTime frequency analysis10aunsolicited e-mail10aunwanted traffic control1 aHusna, Husain1 aPhithakkitnukoon, Santi1 aPalla, Srikanth1 aDantu, Ram uhttps://nsl.cse.unt.edu/node/200