0 1123 3 4 5 3 6 7 623 02 3 82 9 3 6 9 2 9 6 3 6 9 6 3 3 3A B02 200 1C BB 4 1 3 D E F 3 G32H F2 I J2 F K L F 202 3 M 00 I9 J2 F K 5 3 C 1 N OPQ 3 QO F QR S 11 TF H 0 1 234 F 0H L4 88U4V 2 W O0 1F 3A 00 3 F 4 N OP 3 QO F E2 X 1 20 F 56 7 8 F 5H2 I F YF2 3 0 23 1 20PF 3A23 AFZ 9 8 F FF2H 3 F2 3 0212 23 F 1 Q0 2 12 00 3 QR S 2F F 0 I 23A2H2A 0 3 A 5 3 A2 0 QR S 2F 0 F 0 3A23 0 A 5H25 F E 0F F25H 3A 0F 3 5H B3 23 23 00 3 F 0 5 3 12002 3 3 F A H 0 1 V P A 1 3 3 U IF 1 A B 6 Q 0 F P F O P 3 0 5 3F aA 35 I bcJ O P 3 F E2 0 E 0F F25H 23 E 1 3 F CD 6 6 B 6 7 6 E F 2E F G5HI 3F 5 3d 3 0IF2F 2F 3 F20I 00 02e O0 3A AF 12002 3F 3 A F 3A AF O2002 3F A F W FF b PV A 23 fg F E2 b P1 23 0 F J K L F B 7B 6 6 4 A 4 IF 1 Q 2 1 History based algorithm to detect aggressive signups EWMA based change detection Signup data ID IP time Aggressive signups Verification prune Sendmail data 2 Graph based algorithm to find correlations ID IP time Login data Graph generation Login graph Random graph based clustering 3 Parallel algorithm on DryadLINQ clusters Signup botnets ID time of recipients Verification prune Suspicious clusters Spamming botnets 5 4 Q FF2H 2 3 F A2 5 3 Number of Signup Accounts 25 Signup Count 20 EWMA Prediction 15 S 3 1 0 10 5 1 Jul 2 Jul 3 Jul 4 Jul 5 Jul 6 Jul 7 Jul 8 Jul 9 Jul Date 21 0 3A 2 3 4 b 12002 3 1 02 2 F 3 F 23 b 1 3 F 6 IF 1 Q 2 1 History based algorithm on Signup detection EWMA based change detection Signup data ID IP time Aggressive signups Verification prune Sendmail data 2 Graph based algorithm on login detection ID IP time Login data Graph generation Login graph Random graph based clustering 3 Parallelel Algorithm on DryadLinq clusters Signup botnets ID time of recipients Verification prune Suspicious clusters Spamming botnets 7 4 0 I Q 3 F OI F hOF H 5 3 O P 3 F E S 00 O 5H 0I 7 7 L B D 1 0 GF F aW AA FF F 23 3 Q E2 4X W FF2 31 3 P F F 8 4 0 I Q 3 F OI F hOF H 5 3 O P 3 F E S 00 O 5H 0I 7 7 L B D 1 0 GF F aW AA FF F 23 3 Q E2 4X W FF2 31 3 P F F 2S 0I F A2i 3 aWF FF Q F 9 GF P F D A X 1 20 3 BA E 2 j Q F F A aW AA FF F 3F2A A F E2 E 2 f I hOF H 5 3F M 7 N 6 66 6 6 4 6 7 6 a3 A OI 6 F 2 ASes User3 User1 4 ASes 5 ASes 3 ASes User4 User2 User5 1 AS User6 10 L 3A 1 U I L 3A 1 Y Z 3 A F 3A 2 3 A F F 3 A E2 O O202 I 3A H A k Y PfZ l U 1 a m f 3 E2 2 O O202 I 0 F 1 3 3 23 F F2e 0 FF 3 hY0 Z H 66 7 a f E2 2 O O202 I E200 3 23 2 3 1 3 3 E2 F2e A hY Z O 6 6 6 66 7 11 PO F A P F 4 5 3 P Q8 A 2 3 33 AP 1 3 3 F 1 F P F P R8 2 2 0 0 2 1 2A 35 I 23 F 42i 3 O P F F 1 I O 12n A 42 0 F n A A P F 0A B F2 H 02A 5 3 E2 F 5F5 F P S8 3 3 1 0P F F 4 3 5 3 0 n2 F 00 3 F F O S 02 5 3F g 12 X2 2 0 P Bn 5 3 Ukb 1st group 3rd group Q UkV Uk B 4 2nd group 13 IF 1 Q 2 1 History based algorithm on Signup detection EWMA based change detection Signup data ID IP time Aggressive signups Verification prune Sendmail data 2 Graph based algorithm on login detection ID IP time Login data Graph generation Login graph Random graph based clustering 3 Parallelel Algorithm on DryadLINQ clusters Signup botnets ID time of recipients Verification prune Suspicious clusters Spamming botnets 14 W 00 0 a1 0 1 3 5 3 3 4 I A aD BNJQPO F A 2 3 QO F 4 5 3 W 55 3 A OI aW 6 L B B 6 GF PGF 3F 5 3 UE 0 2 1F 3A 512e 5 3F 3 RTT9M STT9M 6 QUV 7 4 RWT 6 33 A 1 3 3 Bn 5 3 42H2A 3A 3o 3 N XUY 6 6 Z 67 3F 5 3 f 21 0 4 W 00 02F1 W 35 0 BA F 0 a4 OI aW YJ Z 3 35 0 A F YIDi IDj IPkZ YL A Z BA N 2 F 0 aW OI a4 2 YJ Z 0 0 A E 2 YL A Z W O0 1 Q 4 N 6 7 6 J 7 B 62 76 B 6 766 F 3F 5 3 b 0 5H 20 23 17 1 2F 3 UE Q0 2 1F J A f 21 0 3A F 0 O0 J A b h 512e A 0 E 2 f A F G502e p 23 3 5 3 02 I A 1 FF2 3 3A O A F 512e 5 3 18 4 5 3 L F 0 F 4 A F 2 5 3 UE A F F p 3 b q 3A p 3 b r U I F A 2 3 0 YaW a4 U21 Z 23 0 YaW a4 U21 Z J F F 3A b sV A 1 3 3A1 20 0 Ya4 51 j 2 2 3 FZ 19 4 5 3 2 3 QO F 20 4 5 3 OI GF P F 21 M 02A 5 3F J 3 0 S 1 0 A F H 2 …
View Full Document