IDEAS home Printed from https://ideas.repec.org/a/sae/intdis/v11y2015i9p530250.html
   My bibliography  Save this article

Detection of Malware Propagation in Sensor Node and Botnet Group Clustering Based on E-mail Spam Analysis

Author

Listed:
  • Taejin Lee
  • Hesun Cho
  • Haeryong Park
  • Jin Kwak

Abstract

Cyber incidents are increasing continuously. More than 200,000 new malicious codes appear, with more than 30,000 malicious codes distributed each day on average. These cyber attacks are expanding gradually to the social infrastructure (nuclear energy, power, water, etc.) and smart sensor networks. This paper proposes a method of detecting malware propagation in sensor Node and botnet clustering automatically by analyzing e-mails. More than 80% of spam e-mails are generated by the Node infected with malicious code, using various methods to avoid filtering such as direct-to-MX, fake Received header, and open relay vulnerability. This paper proposes a scheme that detects those types accurately, including a clustering method that targets the URL included in the e-mail body, e-mail subject, attached file, and hosting server, to detect the botnet group infected with the same malicious code. The proposed method recorded about 85% zombie IP detection rate when spam e-mails distributed in a commercial environment were analyzed. When applied to the portal site that delivers 10 million e-mails, the proposed technology is expected to detect at least 150,000 zombie Nodes each day. If advanced measures are taken against the detected zombie Nodes, the spread of cyber attack damages can apparently be reduced.

Suggested Citation

  • Taejin Lee & Hesun Cho & Haeryong Park & Jin Kwak, 2015. "Detection of Malware Propagation in Sensor Node and Botnet Group Clustering Based on E-mail Spam Analysis," International Journal of Distributed Sensor Networks, , vol. 11(9), pages 530250-5302, September.
    • Handle: RePEc:sae:intdis:v:11:y:2015:i:9:p:530250
    DOI: 10.1155/2015/530250
    as

    Download full text from publisher

    File URL: https://journals.sagepub.com/doi/10.1155/2015/530250
    Download Restriction: no
    File URL: https://libkey.io/10.1155/2015/530250?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:sae:intdis:v:11:y:2015:i:9:p:530250. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: SAGE Publications (email available below). General contact details of provider: .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.