Studying Spamming Botnets Using Botlab

DMCA

Studying Spamming Botnets Using Botlab

Cached

Download Links

by John P. John , Alexander Moshchuk , Steven D. Gribble , Arvind Krishnamurthy

Citations:

73 - 2 self

BibTeX

@MISC{John_studyingspamming,
    author = {John P. John and Alexander Moshchuk and Steven D. Gribble and Arvind Krishnamurthy},
    title = {Studying Spamming Botnets Using Botlab},
    year = {}
}

OpenURL

Abstract

In this paper we present Botlab, a platform that continually monitors and analyzes the behavior of spamoriented botnets. Botlab gathers multiple real-time streams of information about botnets taken from distinct perspectives. By combining and analyzing these streams, Botlab can produce accurate, timely, and comprehensive data about spam botnet behavior. Our prototype system integrates information about spam arriving at the University of Washington, outgoing spam generated by captive botnet nodes, and information gleaned from DNS about URLs found within these spam messages. We describe the design and implementation of Botlab, including the challenges we had to overcome, such as preventing captive nodes from causing harm or thwarting virtual machine detection. Next, we present the results of a detailed measurement study of the behavior of the most active spam botnets. We find that six botnets are responsible for 79 % of spam messages arriving at the UW campus. Finally, we present defensive tools that take advantage of the Botlab platform to improve spam filtering and protect users from harmful web sites advertised within botnet-generated spam.

Keyphrases

spam message protect user captive node spamoriented botnets defensive tool spam filtering prototype system virtual machine detection botlab gather multiple real-time stream active spam botnets captive botnet node distinct perspective detailed measurement study botnet-generated spam spam botnet behavior comprehensive data botlab platform spam arriving uw campus present botlab harmful web site

DMCA