Understanding Spamming Botnets: Behavior Analysis and Defense

View Statistics Email Alert RSS Feed

Information

Details

Project title

Code/計畫編號

NSC100-2221-E019-038

Translated Name/計畫中文名

垃圾郵件殭屍網路之行為分析與防禦

Project Coordinator/計畫主持人

Chun-Chao Yeh

Funding Organization/主管機關

National Science and Technology Council

Department/Unit

Department of Computer Science and Engineering

Website

https://www.grb.gov.tw/search/planDetail?id=2351294

Year

2011

Start date/計畫起

01-08-2011

Expected Completion/計畫迄

31-07-2012

Bugetid/研究經費

449千元

ResearchField/研究領域

資訊工程--硬體工程

垃圾郵件是每一網際網路使用者共同面臨的問題，如何有效解決垃圾郵件問題或降低其影響更是每一個ISP（internet service provider）所需面對的挑戰。新型態的spamming 手法例如利用botnet 發送spam 讓spammer 的行蹤更加難於掌握，其衍生的安全問題更與網際網路使用者息息相關。另外，從地域性的特質而言，由於垃圾郵件的攻擊過程中需要與使用者互動，例如引誘使用者去讀該郵件，或更進一步引誘使用者去開啟郵件的附件或郵件內容的網路連結(URL) 。因此，有效的垃圾郵件攻擊須與其攻擊對象的文化背景有所聯繫，例如文字的使用，熱門話題/人物/物件/商品，與經濟活動等。我們相信不同文化背景的地區其背後的垃圾郵件攻擊者(spammer)很可能不同，這點從我們過去的研究觀察也可以得到部分印證。儘管一些世界頂尖的研究團隊已有對spamming botnets 提出一些成果報告，面對日新月異與潛藏於各地的網際網路攻擊者，必須還有更多(質與量)與更廣(不同地區與文化背景)的研究觀察投入，才能有效的防堵。而台灣所面臨的垃圾郵件與安全問題，其潛藏可能的特殊性亦極需國內的研究人員做進一步的研究觀察。我們希望透過這個計畫的執行讓我們可以對該問題有更深的認識，掌握關鍵問題所在，並進一步發展預防/偵測/防禦等相關技術及因應措施。 In recent years, new spamming techniques such as sending spam messages through botnets make spam behaviors becoming more opaque and stealthy, and thus hard to detect. Moreover, spam activities nowadays have been shown to be highly interacted with other internet security threats. Spam is no longer just as simple as something like junk messages, but should be seriously concerned as internet security threats. Each spam message might be embedded with malicious binaries or links, which could make some damages to the email readers. How to effectively fight against spam (and spamming botnets) is essential to protect safe internet-surfing for all internet users. Meanwhile email activities, as a social communication tool, should be intimate to the culture of the social communities. Consequently spam, to some extent, presents some localization properties, for example the languages used and the products promoted. While different spammers might share similar spam propagation techniques, the targeted spam victims should be selective, to some extent. As a result, spam behaviors observed at different vantage points could be different. For example, our previous studies show most of the spam messages we collected in Taiwan were in Chinese, and the majority of the spam hosting machines of the collected spam messages were either located in a Chinese speaking countries (like China, or Taiwan) or with a DNS domain registered by Chinese (although the DNS registration information might be forged). While there are some initiated works conducted by other international researchers to deal with spamming botnet problems, still our research communities should invest more efforts, with different technologies and from different aspects, to effectively against spam and spamming botnets. Hopefully, we expect this research proposal can come up with some insights both for common issues of spam and spamming botnet attacks worldwide and for potentially unique features associated with Chinese spam and spamming botnet attacks observed locally in Taiwan.

Keyword(s)

垃圾郵件
殭屍網路
垃圾郵件活動行為分析
Spam
Botnet
Spam Campaign Analysis

DSpace CRIS

Understanding Spamming Botnets: Behavior Analysis and Defense

Details

Description