论文信息 - A Behavior-Based Detection Approach to Mass-Mailing Host

A Behavior-Based Detection Approach to Mass-Mailing Host

Mass-mailing threats have made a serious impact on the Internet. These junk mails consume valuable network resources and possibly are used as carriers for virus/worms, trojans, phishing and DDoS attacks. Through an analysis of a number of mass-mailing spams collected from ISPs (Internet Service Provider), this paper is focused on fundamental mailing behaviors and mail header of mass-mailing spam, it also puts forward a new approach to detecting abnormal host by mining mailing traffic data using the theory of decision trees. The approach can suppress and stop distribution of mass-mailing threats on the Internet. The experiment to apply it to mailing traffic data captured at ISPs indicates that the accuracy rate can be 99% with this approach.

Wei Liu | Jian Zhang | Zhen-Hua Du

[1] Keisuke Ishibashi,et al. Detecting mass-mailing worm infected hosts by mining DNS traffic data , 2005, MineNet '05.

[2] Ke Wang,et al. Behavior-based modeling and its application to Email analysis , 2006, TOIT.

[3] Jonathan M. McCune,et al. A study of mass-mailing worms , 2004, WORM '04.

[4] Gary Robinson,et al. A statistical approach to the spam problem , 2003 .

[5] Qu Yingjie. Design and Analysis of Interconnection Network of Reconfigurable Cryptographic Processor , 2009, 2009 Second International Workshop on Computer Science and Engineering.

[6] Zhang Yao-long. Spam behavior recognition based on data mining in session layer , 2007 .