Proceedings ArticleDOI
How dynamic are IP addresses
Yinglian Xie,Fang Yu,Kannan Achan,Eliot C. Gillum,Moises Goldszmidt,Ted Wobber +5 more
- Vol. 37, Iss: 4, pp 301-312
Reads0
Chats0
TLDR
This paper introduces a novel algorithm, UDmap, to identify dynamically assigned IP addresses and analyze their dynamics pattern, which is the first successful attempt to automatically identify and understand IP address dynamics.Abstract:Ā
This paper introduces a novel algorithm, UDmap, to identify dynamically assigned IP addresses and analyze their dynamics pattern. UDmap is fully automatic, and relies only on application-level server logs. We applied UDmap to a month-long Hotmail user-login trace and identified a significant number of dynamic IP addresses - more than 102 million. This suggests that the fraction of IP addresses that are dynamic is by no means negligible. Using this information in combination with a three-month Hotmail email server log, we were able to establish that 95.6% of mail servers setup on the dynamic IP addresses in our trace sent out solely spam emails. Moreover, these mail servers sent out a large amount of spam - amounting to 42.2% of all spam emails received by Hotmail. These results highlight the importance of being able to accurately identify dynamic IP addresses for spam filtering. We expect similar benefits to arise for phishing site identification and botnet detection. To our knowledge, this is the first successful attempt to automatically identify and understand IP address dynamics.read more
Citations
More filters
Proceedings ArticleDOI
On dominant characteristics of residential broadband internet traffic
TL;DR: Observations from monitoring the network activity for more than 20,000 residential DSL customers in an urban area find that HTTP - not peer-to-peer - traffic dominates by a significant margin and that the DSL lines are frequently not the bottleneck in bulk-transfer performance.
Journal ArticleDOI
Spamming botnets: signatures and characteristics
TL;DR: An in-depth analysis of the identified botnets revealed several interesting findings regarding the degree of email obfuscation, properties of botnet IP addresses, sending patterns, and their correlation with network scanning traffic.
Proceedings Article
Vanish: increasing data privacy with self-destructing data
TL;DR: Vanish is presented, a system that meets this challenge through a novel integration of cryptographic techniques with global-scale, P2P, distributed hash tables (DHTs) and meets the privacy-preserving goals described above.
Proceedings Article
On Network-Aware Clustering of Web Clients
TL;DR: Clusters---a grouping of clients that are close together topologically and likely to be under common administrative control are introduced, using a ``network-aware" method, based on information available from BGP routing table snapshots.
Proceedings Article
BotGraph: large scale spamming botnet detection
TL;DR: A novel system called BotGraph is designed and implemented to detect a new type of botnet spamming attacks targeting major Web email providers and uncovers the correlations among botnet activities by constructing large user-user graphs and looking for tightly connected subgraph components.
References
More filters
Dynamic Host Configuration Protocol
TL;DR: Due to some errors introduced into RFC 1531 in the editorial process, this memo is reissued as RFC 1541.
Journal ArticleDOI
Remote physical device fingerprinting
TL;DR: Remote physical device fingerprinting is introduced, or fingerprinting a physical device, as opposed to an operating system or class of devices, remotely, and without the fingerprinted device's known cooperation, by exploiting small, microscopic deviations in device hardware: clock skews.
Journal ArticleDOI
Understanding the network-level behavior of spammers
TL;DR: It is found that most spam is being sent from a few regions of IP address space, and that spammers appear to be using transient "bots" that send only a few pieces of email over very short periods of time.
Proceedings ArticleDOI
An investigation of geographic mapping techniques for internet hosts
TL;DR: Whether it is possible to build an IP address to geographic location mapping service for Internet hosts to enable a large and interesting class of location-aware applications is asked and three distinct techniques for determining the geographic location of Internet hosts are presented and evaluated.
Journal ArticleDOI
On network-aware clustering of Web clients
TL;DR: A grouping of clients that are close together topologically and likely to be under common administrative control are introduced, using a ``network-aware" method, based on information available from BGP routing table snapshots.