Finding Botnets Using Minimal Graph Clusterings
Peter Haider (University of Potsdam), Tobias Scheffer (University of, Potsdam)
TL;DR
This paper presents a novel minimal graph clustering approach to identify botnets from email spam traffic, focusing on clique detection and avoiding generative model assumptions.
Contribution
It introduces a minimal clustering method for botnet detection that directly models clustering distributions without relying on generative assumptions.
Findings
Successfully predicts spam campaigns for IP addresses.
Effective identification of botnet-related email message cliques.
Avoids errors from distributional assumptions in modeling.
Abstract
We study the problem of identifying botnets and the IP addresses which they comprise, based on the observation of a fraction of the global email spam traffic. Observed mailing campaigns constitute evidence for joint botnet membership, they are represented by cliques in the graph of all messages. No evidence against an association of nodes is ever available. We reduce the problem of identifying botnets to a problem of finding a minimal clustering of the graph of messages. We directly model the distribution of clusterings given the input graph; this avoids potential errors caused by distributional assumptions of a generative model. We report on a case study in which we evaluate the model by its ability to predict the spam campaign that a given IP address is going to participate in.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSpam and Phishing Detection · Network Security and Intrusion Detection · Complex Network Analysis Techniques