O-means : An Optimized Clustering Method for Analyzing Spam Based Attacks
スポンサーリンク
概要
- 論文の詳細を見る
In recent years, the number of spam emails has been dramatically increasing and spam is recognized as a serious internet threat. Most recent spam emails are being sent by bots which often operate with others in the form of a botnet, and skillful spammers try to conceal their activities from spam analyzers and spam detection technology. In addition, most spam messages contain URLs that lure spam receivers to malicious Web servers for the purpose of carrying out various cyber attacks such as malware infection, phishing attacks, etc. In order to cope with spam based attacks, there have been many efforts made towards the clustering of spam emails based on similarities between them. The spam clusters obtained from the clustering of spam emails can be used to identify the infrastructure of spam sending systems and malicious Web servers, and how they are grouped and correlate with each other, and to minimize the time needed for analyzing Web pages. Therefore, it is very important to improve the accuracy of the spam clustering as much as possible so as to analyze spam based attacks more accurately. In this paper, we present an optimized spam clustering method, called O-means, based on the K-means clustering method, which is one of the most widely used clustering methods. By examining three weeks of spam gathered in our SMTP server, we observed that the accuracy of the O-means clustering method is about 87% which is superior to the previous clustering methods. In addition, we define 12 statistical features to compare similarity between spam emails, and we determined a set of optimized features which makes the O-means clustering method more effective.
- (社)電子情報通信学会の論文
- 2011-01-01
著者
-
SONG Jungsuk
National Institute of Information and Communications Technology
-
INOUE Daisuke
National Institute of Information and Communications Technology
-
ETO Masashi
National Institute of Information and Communications Technology
-
KIM Hyung
National Institute of Information and Communications Technology
-
NAKAO Koji
National Institute of Information and Communications Technology
-
Inoue Daisuke
National Institute Of Information And Communicarions Technology
-
NAKAO Koji
the National Institute of Information and Communications Technology (NICT)
-
KIM Hyung
National Fusion Research Institute
関連論文
- 17-エチニルエストラジオール処理幼若ラットの子宮および膣におけるエストロゲン受容体ER-αとER-βの発現(毒性学)
- O-means: An Optimized Clustering Method for Analyzing Spam Based Attacks
- 招待講演 nicter: An Incident Analysis System for the Global Internet using Correlation between Network Monitoring and Malware Analysis
- 招待講演 nicter: An Incident Analysis System for the Global Internet using Correlation between Network Monitoring and Malware Analysis
- Fine-Grain Feature Extraction from Malware's Scan Behavior Based on Spectrum Analysis
- Malware Sandbox Analysis for Secure Observation of Vulnerability Exploitation
- Automated Malware Analysis System and Its Sandbox for Revealing Malware's Internal and External Activities
- Practical Correlation Analysis between Scan and Malware Profiles against Zero-Day Attacks Based on Darknet Monitoring
- Special Section on Information Theory and Its Applications
- Unsupervised Anomaly Detection Based on Clustering and Multiple One-Class SVM
- A Clustering Method for Improving Performance of Anomaly-Based Intrusion Detection System
- O-means : An Optimized Clustering Method for Analyzing Spam Based Attacks
- A Comparative Study of Unsupervised Anomaly Detection Techniques Using Honeypot Data
- P2P Network Traffic Analysis Using Data Mining Engines
- A Novel Malware Clustering Method Using Frequency of Function Call Traces in Parallel Threads
- An Empirical Evaluation of an Unpacking Method Implemented with Dynamic Binary Instrumentation
- Malware Sandbox Analysis with Efficient Observation of Herder's Behavior
- Malware Sandbox Analysis with Efficient Observation of Herder's Behavior
- Catching the Behavioral Differences between Multiple Executions for Malware Detection
- An Accurate Packer Identification Method Using Support Vector Machine
- Design and Implementation of Security for HIMALIS Architecture of Future Networks
- Cross-Cutting Ideas for a Fusion DEMO Plant with Current and Generation IV Nuclear Power Plants
- Towards Cost-Effective P2P Traffic Classification in Cloud Environment
- Catching the Behavioral Differences between Multiple Executions for Malware Detection