|
|
Type of Document Thesis Author Chen, Peng URN etd-10212008-091932 Title Detecting Spam Zombies By Monitoring Outgoing Messages Degree Master of Science Department Computer Science, Department of Advisory Committee
Advisor Name Title Zhenhai Duan Committee Chair Xin Yuan Committee Member Zhenghao Zhang Committee Member Keywords
- Spam Zombies
- Network
Date of Defense 2008-10-17 Availability unrestricted Abstract Compromised machines are one of the key security threats on the Internet; they are oftenused to launch various security attacks such as DDoS, spamming, and identity theft. In
this thesis we address this issue by investigating effective solutions to automatically identify
compromised machines in a network. Given that spamming provides a key economic incentive
for attackers to recruit the large number of compromised machines, we focus on the subset
of compromised machines that are involved in the spamming activities, commonly known
as spam zombies. We develop an effective spam zombie detection system named SPOT
by monitoring outgoing messages of a network. SPOT is designed based on a powerful
statistical tool called Sequential Probability Ratio Test, which has bounded false positive
and false negative error rates. Our evaluation studies based on a two-month email trace
collected in a large U.S. campus network show that SPOT is an effective and efficient system
in automatically detecting compromised machines in a network. For example, among the
440 internal IP addresses observed in the email trace, SPOT identifies 132 of them as being
associated with compromised machines. Out of the 132 IP addresses identified by SPOT,
126 can be either independently confirmed (110) or highly likely (16) to be compromised.
Moreover, only 7 internal IP addresses associated with compromised machines in the trace
are missed by SPOT.
Files
Filename Size Approximate Download Time (Hours:Minutes:Seconds)
28.8 Modem 56K Modem ISDN (64 Kb) ISDN (128 Kb) Higher-speed Access ChenPThesis.pdf 265.11 Kb 00:01:13 00:00:37 00:00:33 00:00:16 00:00:01