tailieunhanh - Characterizing Botnets from Email Spam Records

The success of our attack hinges on accurate identifica- tion of keystroke events from the victim’s process. We fingerprint such an event with an ESP pattern of the sys- tem calls related to a keystroke. The focus on system calls here comes from the constraints on the informa- tion obtainable from a process: on one hand, a signifi- cant portion of the process’s execution time can be spent on system calls, particularly when I/O operations are involved; on the other hand, our approach collects the process’s information through system calls and therefore cannot achieve a very high sampling rate. As a result, the shadow program that logs ESP/EIP traces is much more. | Characterizing Botnets from Email Spam Records Li Zhuang John Dunagan Daniel R. Simon Helen J. Wang J. D. Tygar UC Berkeley Ivan Osipkov Geoff Hulten UC Berkeley Microsoft Research Abstract We develop new techniques to map botnet membership using traces of spam email. To group bots into botnets we look for multiple bots participating in the same spam email campaign. We have applied our technique against a trace of spam email from Hotmail Web mail services. In this trace we have successfully identified hundreds of botnets. We present new findings about botnet sizes and behavior while also confirming other researcher s observations derived by different methods 1 15 . 1 Introduction In recent years malware has become a widespread problem. Compromised machines on the Internet are generally referred to as bots and the set of bots controlled by a single entity is called a botnet. Botnet controllers use techniques such as IRC channels and customized peer-to-peer protocols to control and operate these bots. Botnets have multiple nefarious uses mounting DDoS attacks stealing user passwords and identities generating click fraud 9 and sending spam email 16 . There is anecdotal evidence that spam is a driving force in the economics of botnets a common strategy for monetizing botnets is sending spam email where spam is defined liberally to include traditional advertisement email messages as well as phishing email messages email messages with viruses and other unwanted email messages. In this paper we develop new techniques to map botnet membership and other characteristics of botnets using spam traces. Our primary data source is a large trace of spam email from Hotmail Web mail service. Using this trace we both identify individual bots and analyze botnet membership which bots belong to the same botnet . The primary indicator we use to guide assigning multiple bots to membership in a single botnet is participation in spam campaigns coordinated mass emailing of spam. The basic .

• Internet Marketing
• problem specific
• of different possible buildings
• Alcoholism
• Russian Mortality Crisis
• Current Concepts
• Epidemiology
• Reproductive epidemiology
• Modern epidemiology
• Nutritional epidemiology
• Environmental epidemiology
• Clinical epidemiology
• Veterinary epidemiology
• The development
• Veterinary medicine
• The scope of epidemiology
• Describing disease occurrence
• Comparative epidemiology
• Maintenance of infection
• Cancer epidemiology
• Molecular classification
• Genetic epidemiology
• Causal inference
• Cancer incidence
• Molecular epidemiology
• Late blight
• Review on molecular epidemiology
• Molecular epidemiology in relation
• Devastating late blight pathogen
• Fractures in dogs
• Clinical epidemiology of fractures in dogs
• Clinical epidemiology of fractures
• Showing fractures in dogs
• Lecture Introduction to Epidemiology
• Introduction to Epidemiology
• Infectious disease epidemiology
• Disease prevention and control
• Disease screening
• Epidemics investigation
• public health
• healthcare
• epidemiology principles
• analytic epidemiology
• Health Practice
• Principles of Epidemiology
• Ecologic studies
• Social epidemiology
• Using secondary data
• Improve study accuracy
• C ausal diagrams
• Design strategies
• Questionnaire in clinical epidemiology
• Survey sheet for medica
• Medical survey layout
• Medical questionnaire development
• Epidemiology of Dermatomycoses
• Infections Observed
• Humans and Animals
• Great Concern
• MRSA Epidemiology
• Emphasis on MLST
• Epidemiology in gynecological diseases
• Gynecological diseases
• Basic epidemiology
• Models of causation
• Environmental factors
• Childhood Obesity
• Epidemiology and Risk Factors
• Epidemiological
• Clinical Aspects
• Developing Country
• Early Infant
• Medical device regulation
• Medical device epidemiology
• Active surveillance
• Necessary conditions
• Medical device nomenclature
• Data sources
• effective surveillance
• Epidemiology Cluster
• Data Analysis
• Biology Cluster
• Carcinogenesis Cluster
• Prevention Cluster
• Descriptive Studies
• Disease Registers
• Cohort Studies
• Intervention Trials
• Epidemiological FieldWork
• Epidemiological Studies
• Population Based Studies
• Risk Factors
• Hepatocellular Carcinoma
• Surgical Treatment
• Liver Metastases
• Evidence based medicine
• Systematic reviews
• Health economics
• Health improvement
• Demonstrating association
• Observational studies
• Design considerations
• Clinical trials
• Statistical modeling
• Mathematical modeling
• Clinical gastroenterology
• The changing epidemiology of IBD
• The pathogenesis
• The mesalamine based therapies
• The adult patient
• Journal of Science and Technology
• Complex environment representation in epidemiology ABM
• Application on H5N1 propagation
• Individual based epidemiological model
• Climate change
• Climate change and epidemiology
• Human parasitosis in Egypt
• Future of such parasitic diseases
• Scenarios for climate change
• Ovine brucellosis
• Caprine brucellosis
• Serodiagnosis and epidemiology
• Brucellosis in sheep
• Goats and its serodiagnosis
• Infectious bursal disease
• Broiler chickens
• Broiler chickens in Haryana
• Retrospective study on epidemiology
• IBD outbreaks
• BMC Pediatrics
• Rotavirus causing diarrhea
• Children hospitals
• Enzyme Linked Immunosorbent Assay
• Decision making
• Lay epidemiology
• Risk evaluation
• Patient provider communication
• Vaccine safety concerns
• Heterologous immunity