Berkeley COMPSCI 268 - BotGraph - Large Scale Spamming Botnet Detection - D2727587

Home> Schools> University of California, Berkeley> Computer Science (COMPSCI) > COMPSCI 268> BotGraph - Large Scale Spamming Botnet Detection

DOC PREVIEW

Berkeley COMPSCI 268 - BotGraph - Large Scale Spamming Botnet Detection

School name University of California, Berkeley

Course Compsci 268- Computer Networks

Pages 26

This preview shows page 1-2-3-24-25-26 out of 26 pages.

Save

View full document

Premium Document

Do you want full access? Go Premium and unlock all 26 pages.

Access to all documents

Download any document

Ad free experience

Subscribe for instant access Get instant access

View full document

Premium Document

Do you want full access? Go Premium and unlock all 26 pages.

Access to all documents

Download any document

Ad free experience

Subscribe for instant access Get instant access

View full document

Premium Document

Do you want full access? Go Premium and unlock all 26 pages.

Access to all documents

Download any document

Ad free experience

Subscribe for instant access Get instant access

View full document

Premium Document

Do you want full access? Go Premium and unlock all 26 pages.

Access to all documents

Download any document

Ad free experience

Subscribe for instant access Get instant access

View full document

Premium Document

Do you want full access? Go Premium and unlock all 26 pages.

Access to all documents

Download any document

Ad free experience

Subscribe for instant access Get instant access

View full document

Premium Document

Do you want full access? Go Premium and unlock all 26 pages.

Access to all documents

Download any document

Ad free experience

Subscribe for instant access Get instant access

Premium Document

Do you want full access? Go Premium and unlock all 26 pages.

Access to all documents

Download any document

Ad free experience

Subscribe for instant access Get instant access

Unformatted text preview:

0 1123 3 4 5 3 6 7 623 02 3 82 9 3 6 9 2 9 6 3 6 9 6 3 3 3A B02 200 1C BB 4 1 3 D E F 3 G32H F2 I J2 F K L F 202 3 M 00 I9 J2 F K 5 3 C 1 N OPQ 3 QO F QR S 11 TF H 0 1 234 F 0H L4 88U4V 2 W O0 1F 3A 00 3 F 4 N OP 3 QO F E2 X 1 20 F 56 7 8 F 5H2 I F YF2 3 0 23 1 20PF 3A23 AFZ 9 8 F FF2H 3 F2 3 0212 23 F 1 Q0 2 12 00 3 QR S 2F F 0 I 23A2H2A 0 3 A 5 3 A2 0 QR S 2F 0 F 0 3A23 0 A 5H25 F E 0F F25H 3A 0F 3 5H B3 23 23 00 3 F 0 5 3 12002 3 3 F A H 0 1 V P A 1 3 3 U IF 1 A B 6 Q 0 F P F O P 3 0 5 3F aA 35 I bcJ O P 3 F E2 0 E 0F F25H 23 E 1 3 F CD 6 6 B 6 7 6 E F 2E F G5HI 3F 5 3d 3 0IF2F 2F 3 F20I 00 02e O0 3A AF 12002 3F 3 A F 3A AF O2002 3F A F W FF b PV A 23 fg F E2 b P1 23 0 F J K L F B 7B 6 6 4 A 4 IF 1 Q 2 1 History based algorithm to detect aggressive signups EWMA based change detection Signup data ID IP time Aggressive signups Verification prune Sendmail data 2 Graph based algorithm to find correlations ID IP time Login data Graph generation Login graph Random graph based clustering 3 Parallel algorithm on DryadLINQ clusters Signup botnets ID time of recipients Verification prune Suspicious clusters Spamming botnets 5 4 Q FF2H 2 3 F A2 5 3 Number of Signup Accounts 25 Signup Count 20 EWMA Prediction 15 S 3 1 0 10 5 1 Jul 2 Jul 3 Jul 4 Jul 5 Jul 6 Jul 7 Jul 8 Jul 9 Jul Date 21 0 3A 2 3 4 b 12002 3 1 02 2 F 3 F 23 b 1 3 F 6 IF 1 Q 2 1 History based algorithm on Signup detection EWMA based change detection Signup data ID IP time Aggressive signups Verification prune Sendmail data 2 Graph based algorithm on login detection ID IP time Login data Graph generation Login graph Random graph based clustering 3 Parallelel Algorithm on DryadLinq clusters Signup botnets ID time of recipients Verification prune Suspicious clusters Spamming botnets 7 4 0 I Q 3 F OI F hOF H 5 3 O P 3 F E S 00 O 5H 0I 7 7 L B D 1 0 GF F aW AA FF F 23 3 Q E2 4X W FF2 31 3 P F F 8 4 0 I Q 3 F OI F hOF H 5 3 O P 3 F E S 00 O 5H 0I 7 7 L B D 1 0 GF F aW AA FF F 23 3 Q E2 4X W FF2 31 3 P F F 2S 0I F A2i 3 aWF FF Q F 9 GF P F D A X 1 20 3 BA E 2 j Q F F A aW AA FF F 3F2A A F E2 E 2 f I hOF H 5 3F M 7 N 6 66 6 6 4 6 7 6 a3 A OI 6 F 2 ASes User3 User1 4 ASes 5 ASes 3 ASes User4 User2 User5 1 AS User6 10 L 3A 1 U I L 3A 1 Y Z 3 A F 3A 2 3 A F F 3 A E2 O O202 I 3A H A k Y PfZ l U 1 a m f 3 E2 2 O O202 I 0 F 1 3 3 23 F F2e 0 FF 3 hY0 Z H 66 7 a f E2 2 O O202 I E200 3 23 2 3 1 3 3 E2 F2e A hY Z O 6 6 6 66 7 11 PO F A P F 4 5 3 P Q8 A 2 3 33 AP 1 3 3 F 1 F P F P R8 2 2 0 0 2 1 2A 35 I 23 F 42i 3 O P F F 1 I O 12n A 42 0 F n A A P F 0A B F2 H 02A 5 3 E2 F 5F5 F P S8 3 3 1 0P F F 4 3 5 3 0 n2 F 00 3 F F O S 02 5 3F g 12 X2 2 0 P Bn 5 3 Ukb 1st group 3rd group Q UkV Uk B 4 2nd group 13 IF 1 Q 2 1 History based algorithm on Signup detection EWMA based change detection Signup data ID IP time Aggressive signups Verification prune Sendmail data 2 Graph based algorithm on login detection ID IP time Login data Graph generation Login graph Random graph based clustering 3 Parallelel Algorithm on DryadLINQ clusters Signup botnets ID time of recipients Verification prune Suspicious clusters Spamming botnets 14 W 00 0 a1 0 1 3 5 3 3 4 I A aD BNJQPO F A 2 3 QO F 4 5 3 W 55 3 A OI aW 6 L B B 6 GF PGF 3F 5 3 UE 0 2 1F 3A 512e 5 3F 3 RTT9M STT9M 6 QUV 7 4 RWT 6 33 A 1 3 3 Bn 5 3 42H2A 3A 3o 3 N XUY 6 6 Z 67 3F 5 3 f 21 0 4 W 00 02F1 W 35 0 BA F 0 a4 OI aW YJ Z 3 35 0 A F YIDi IDj IPkZ YL A Z BA N 2 F 0 aW OI a4 2 YJ Z 0 0 A E 2 YL A Z W O0 1 Q 4 N 6 7 6 J 7 B 62 76 B 6 766 F 3F 5 3 b 0 5H 20 23 17 1 2F 3 UE Q0 2 1F J A f 21 0 3A F 0 O0 J A b h 512e A 0 E 2 f A F G502e p 23 3 5 3 02 I A 1 FF2 3 3A O A F 512e 5 3 18 4 5 3 L F 0 F 4 A F 2 5 3 UE A F F p 3 b q 3A p 3 b r U I F A 2 3 0 YaW a4 U21 Z 23 0 YaW a4 U21 Z J F F 3A b sV A 1 3 3A1 20 0 Ya4 51 j 2 2 3 FZ 19 4 5 3 2 3 QO F 20 4 5 3 OI GF P F 21 M 02A 5 3F J 3 0 S 1 0 A F H 2 …

View Full Document