연사: 김휘강 교수 (고려대)
일시: 2014.2.12(수), 오전 11시
장소: 301동 554호
Abstract:
In this lecture, I will introduce a spam analyzing system that clusters the spamming hosts, characterizes and visualizes the spammers’ behaviors, and detects malicious clusters. The proposed system integrates behavior profiling in IP address level, IP address based clustering, characterizing spammer clusters, examining the maliciousness of embedded URLs, and deriving visual signatures for future detection of malicious spammers. With this system, we can easily classify spamming hosts into botnet, worm, or individual spammers and derive their characteristics. We then design a clustering scheme to automatically classify the host IP addresses and to identify malicious groups according to known characteristics of each type of host. For rapid decision making in identifying botnets, we derive visual signa-tures using a parallel coordinates. We validate the proposed system using these spam email data collected by the spam trap system operated by the Korea Internet and Security Agency.