Graph based bot-user detection

Details Graph based bot-user detection Graph based bot-user detection

2008-10-10

2011-11-29

Hamza, Faruk (Department: 2442)

Electrical computers and digital processing systems: multicomput

Computer conferencing

Demand based messaging

C709S224000, C709S225000

Reexamination Certificate

active

08069210

ABSTRACT:
Computer implemented methods are disclosed for detecting bot-user groups that send spam email over a web-based email service. Embodiments of the present system employ a two-prong approach to detecting bot-user groups. The first prong employs a historical-based approach for detecting anomalous changes in user account information, such as aggressive bot-user signups. The second prong of the present system entails constructing a large user-user relationship graph, which identifies bot-user sub-graphs through finding tightly connected subgraph components.

REFERENCES:
patent: 7047232 (2006-05-01), Serrano
patent: 7219148 (2007-05-01), Rounthwaite et al.
patent: 7366764 (2008-04-01), Vollebregt
patent: 7548956 (2009-06-01), Aoki et al.
patent: 7630949 (2009-12-01), Duffield et al.
patent: 7809824 (2010-10-01), Wei et al.
patent: 2005/0021649 (2005-01-01), Goodman et al.
patent: 2005/0041789 (2005-02-01), Warren-Smith et al.
patent: 2006/0047769 (2006-03-01), Davis et al.
patent: 2006/0253584 (2006-11-01), Dixon
patent: 2007/0271381 (2007-11-01), Wholey
patent: 2008/0082658 (2008-04-01), Hsu et al.
patent: 2008/0140781 (2008-06-01), Bocharov et al.
patent: 2008/0177846 (2008-07-01), Feng
patent: 2009/0037546 (2009-02-01), Kirsch
patent: 2010/0082800 (2010-04-01), Wei et al.
patent: 2010/0161734 (2010-06-01), Wang
Thorsten Holz, Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm, Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, Article 9, 2008, USENIX Association, Berkeley, CA, USA.
Michael Isard, Dyrad: Distributed Data-Parallel Programs from Sequential Building Blocks, ACM SIGOPS Operating Systems Review, Jun. 2007, pp. 59-71, vol. 41-Issue 3, ACM, New York, NY, USA.
Chris Kanich, The Heisenbot Uncertainty Problem: Challenges in Separating Bots from Chaff, Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, Article 10, 2008, USENIX Association, Berkeley, CA, USA.
Balachander Krishnamurthy, Sketch Based Change Detection: Methods, Evaluation, and Applications, Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement, 2003, pp. 234-247, ACM, New York, NY, USA.
Christopher Olston, Pig Latin: A Not-so-Foreign Language for Data Processing, Proceedings of the 2008 ACM SIGMOD international conference on Management of data, 2008, pp. 1099-1110, ACM, New York, NY, USA.
Paul Bächer, Know Your Enemy: Tracking Botnets, Using Honeynets to Learn More About Bots, Honeynet Project and Research Alliance, last modified Mar. 13, 2005, http://www.honeynet.org/papers/bots/.
Moheeb Abu Rajab, A Multifaceted Approach to Understanding the Botnet Phenomenon, Proceedings of the 6th ACM SIGCOMM conference on Internet measurement, 2006, pp. 41-52, ACM, New York, NY, USA.
Anirudh Ramachandran, Filtering Spam with Behavioral Blacklisting, Proceedings of the 14th ACM conference on Computer and communications security, 2007, pp. 342-351, ACM, New York, NY, USA.
Yinglian Xie, Spamming Botnets: Signatures and Characteristics, Applications, Technologies, Architectures, and Protocols for Computer Communication Proceedings of the ACM SIGCOMM 2008 conference on Data communication, 2008, pp. 171-182, ACM, New York, NY, USA.
Hung-Chih Yang, Map-Reduce-Merge: Simplified Relational Data Processing on Large Clusters, International Conference on Management of Data Proceedings of the 2007 ACM SIGMOD international conference on Management of data, 2008, pp. 1029-1040, ACM, New York, NY, USA.
M. Tamer Özsu, Principles of Distributed Database Systems (2nd edition), 1999, p. 657, Prentice-Hall, Inc. Upper Saddle River, NJ, USA.
Trojan Now Uses Hotmail, Gmail as Spam Hosts,BitDefender, Aug. 8, 2007, http://www.bitdefender.com/NW544-world-Trojan-Now-Uses-Hotmail-Gmail-as-Spam-Hosts.html.
Rick Durrett, Random Graph Dynamics, Cambridge Series in Statistical and Probabilistic Mathematics, 2006, Cambridge University Press, New York, NY, USA.
Phil Porras, A Multi Perspective Analysis of the Storm (Peacomm) Worm, Oct. 10, 2007, Technical report, SRI Computer Science Laboratory, http://www.cyber-ta.org/pubs/StormWorm/SRITechnical-Report-10-01-Storm-Analysis.pdf.
Husain Husna, Behavior Analysis of Spam Botnets, Communications Systems Software and Middleware and Workshops, Jan. 2008, pp. 246-253, vol. 6, Issue 10, Comsware 2008.
Li Zhuang, Characterizing Botnets from Email Spam Records, Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, 2008, Article No. 2, USENIX Association, Berkeley, CA, USA.
Gary William Flake, Graph Clustering and Minimum Cut Trees, 2003, pp. 385-408, vol. 1, No. 4, Copyright A.K. Peters, LTD.http://www.nanog.org/mtg-0610/presenter-pdfs/feamster.pdf.
M. Patrick Collins, Hit-List Worm Detection and Bot Identification in Large Networks Using Protocol Graphs, Lecture Notes in Computer Science, 2007, pp. 276-295, Springer-Verlag, Germany.
David J. Malan, Rapid Detection of Botnets Through Collaborative Networks of Peers, Jun. 2007, 94 pages, Harvard University, Cambridge, MA, USA.
Anirudh Ramachandran, Revealing Botnet Membership Using DNSBL Counter-Intelligence, Proceedings of the 2nd Conference on Steps to Reducing Unwanted Traffic on the Internet, pp. 8-8, 2006, vol. 2, USENIX Association, Berkeley, CA, USA.
Nick Feamster, Revealing Botnet Membership Using DNSBL Counter-Intelligence, Powerpoint 13 pages, Georgia Tech, http://www.nanog.org/mtg-0610/presenter-pdfs/feamster.pdf.
Yuan Yu Project Manager, DryadLINQ, Microsoft Research, Copyright Microsoft 2008, http://research.microsoft.com/research/sv/DryadLINQ/.
Massive Parallel Processing, Wikipedia, the free encyclopedia, last modified Aug. 3, 2008, http://en.wikipedia.org/wikilMassive parallelism.
Message Passing Interface, http://www-unix.mcs.anl.gov/mpi/.
Moving Average, Wikipedia, the free encyclopedia, last modified Aug. 3, 2008, http://en.wikipedia.org/wikilMovingaverage.
Jack Dongarra project manager, Parallel Virtual Machine (PVM), last modified Apr. 3, 2007, http://www.csm.ornl.gov/pvm/.
Apache. Hadoop, Jul. 8, 2008, Copyright The Apache Software Foundation, http://lucene.apache.org/hadoop/.
Ken Chiang, A Case Study of the Rustock Rootkit and Spam Bot, Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets, 2007, pp. 10-10, USENIX Association, Berkeley, CA, USA.
Neil Daswani, The Anatomy of Clickbot.A, Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets, 2007, pp. 11-11, USENIX Association, Berkeley, CA, USA.
Jeffrey Dean, MapReduce: Simplified Data Processing on Large Clusters, Communications of the ACM, Jan. 2008, pp. 107-113, vol. 1-Issue 1, ACM New York, NY, USA.
Sanjay Ghemawat, The Google File System, ACM SIGOPS Operating Systems Review, Dec. 2003, pp. 29-43, vol. 37-Issue 5, ACM, New York, NY, USA.
Guofei Gu, BotMiner: Clustering Analysis of Network Traffic for Protocol-and-Structure-Independent Botnet Detection, Georgia Institute of Technology, http://www-static.cc.gatech.edu/˜guofei/paper/Gu—Security08—BotMiner.pdt.
Guofei Gu, BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic, Georgia Institute of Technology, http://www-static.cc.gatech.edu/˜guofei/paper/Gu—NDSS08—botSniffer.pdf.

Affiliated with

Also associated with

Rating

Graph based bot-user detection does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Graph based bot-user detection, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Graph based bot-user detection will most certainly appreciate the feedback.

Rate now

Comments { 0 }

Profile ID: LFUS-PAI-O-4280386