Abstract

It is well known that spam bots mostly utilize compromised machines with certain address characteristics, such as dynamically allocated addresses, machines in specific geographic areas and IP ranges from AS' with more tolerant spam policies. Such machines tend to be less diligently administered and may exhibit less stability, more volatility, and shorter uptimes. However, few studies have attempted to quantify how such spam bot address characteristics compare with non-spamming hosts. Quantifying these characteristics may help provide important information for comprehensive spam mitigation. We use two large datasets, namely a commercial blacklist and an Internet-wide address visibility study to quanitify address characteristics of spam and non-spam networks. We find that spam networks exhibit significantly less availability and uptime, and higher volatility than non-spam networks. In addition, we conduct a …

Date

March 15, 2010

Authors

Chris Wilcox, Christos Papadopoulos, John Heidemann

Conference

2010 INFOCOM IEEE Conference on Computer Communications Workshops

Pages

1-6

Publisher

IEEE