基于DNS的大学垃圾邮件机器人检测

2008 First International Conference on Intelligent Networks and Intelligent Systems Pub Date : 2008-11-01 DOI:10.1109/ICINIS.2008.54

D.A.L. Romaa, S. Kubota, K. Sugitani, Y. Musashi

{"title":"基于DNS的大学垃圾邮件机器人检测","authors":"D.A.L. Romaa, S. Kubota, K. Sugitani, Y. Musashi","doi":"10.1109/ICINIS.2008.54","DOIUrl":null,"url":null,"abstract":"We carried out an entropy study on the DNS query traffic from the outside of a university campus network to the top domain DNS server when querying about reverse resolution on the PC room terminals through April 1st, 2007 to April 30th, 2008. The following interesting results are given: (1) In January 17th, 2008, the DNS query traffic is mainly dominated by several specific IP addresses as their query keywords. (2) We carried out forensic analysis on the PC room terminals in which IP addresses are found in the several specific keywords and it is concluded that the PCs become spam bots when inserting USB based key disk storage.","PeriodicalId":185739,"journal":{"name":"2008 First International Conference on Intelligent Networks and Intelligent Systems","volume":"250 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"20","resultStr":"{\"title\":\"DNS Based Spam Bots Detection in a University\",\"authors\":\"D.A.L. Romaa, S. Kubota, K. Sugitani, Y. Musashi\",\"doi\":\"10.1109/ICINIS.2008.54\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We carried out an entropy study on the DNS query traffic from the outside of a university campus network to the top domain DNS server when querying about reverse resolution on the PC room terminals through April 1st, 2007 to April 30th, 2008. The following interesting results are given: (1) In January 17th, 2008, the DNS query traffic is mainly dominated by several specific IP addresses as their query keywords. (2) We carried out forensic analysis on the PC room terminals in which IP addresses are found in the several specific keywords and it is concluded that the PCs become spam bots when inserting USB based key disk storage.\",\"PeriodicalId\":185739,\"journal\":{\"name\":\"2008 First International Conference on Intelligent Networks and Intelligent Systems\",\"volume\":\"250 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"20\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 First International Conference on Intelligent Networks and Intelligent Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICINIS.2008.54\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 First International Conference on Intelligent Networks and Intelligent Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICINIS.2008.54","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 20

摘要

对2007年4月1日至2008年4月30日，某高校校园网外部在机房终端上查询反向解析时，向顶级域DNS服务器的DNS查询流量进行了熵值研究。结果表明:(1)2008年1月17日，DNS查询流量主要被几个特定的IP地址作为查询关键字。(2)我们对在几个特定关键词中找到IP地址的机房终端进行了取证分析，得出PC在插入基于USB的密钥磁盘存储时成为垃圾邮件机器人的结论。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

DNS Based Spam Bots Detection in a University

We carried out an entropy study on the DNS query traffic from the outside of a university campus network to the top domain DNS server when querying about reverse resolution on the PC room terminals through April 1st, 2007 to April 30th, 2008. The following interesting results are given: (1) In January 17th, 2008, the DNS query traffic is mainly dominated by several specific IP addresses as their query keywords. (2) We carried out forensic analysis on the PC room terminals in which IP addresses are found in the several specific keywords and it is concluded that the PCs become spam bots when inserting USB based key disk storage.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2008 First International Conference on Intelligent Networks and Intelligent Systems

自引率

0.00%

发文量