DOCSLIB.ORG

An Improved Framework for Content-Based Spamdexing Detection

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
An Improved Framework for Content-Based Spamdexing Detection (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 11, No. 1, 2020 An Improved Framework for Content-based Spamdexing Detection Asim Shahzad1, Hairulnizam Mahdin*2, Nazri Mohd Nawi3 Faculty of Computer Science and Information Technology Universiti Tun Hussein Onn Malaysia Abstract—To the modern Search Engines (SEs), one of the deceive the SE in such a way that it delivers those search biggest threats to be considered is spamdexing. Nowadays results which are irrelevant and not beneficial to the web user. spammers are using a wide range of techniques for content The ultimate aim of web spammers is to increase their web generation, they are using content spam to fill the Search Engine page's rank in SERPs. Besides that, spamdexing also has an Result Pages (SERPs) with low-quality web pages. Generally, economic impact because web pages with higher rank can get spam web pages are insufficient, irrelevant and improper results huge free advertisements and huge web traffic volume. During for users. Many researchers from academia and industry are the past few years, researchers are working hard to develop working on spamdexing to identify the spam web pages. the new advanced techniques for identification of fraudulent However, so far not even a single universally efficient method is web pages but, spam techniques are evolving also, and web developed for identification of all spam web pages. We believe spammers are coming up with new spamming methods every that for tackling the content spam there must be improved day [4]. Research in the area of web spam detection and methods. This article is an attempt in that direction, where a prevention has become an arms race to fight an opponent who framework has been proposed for spam web pages identification. The framework uses Stop words, Keywords Density, Spam consistently practices more advanced techniques [4]. If one Keywords Database, Part of Speech (POS) ratio, and Copied can recognize and eliminate all spam web pages, then it is Content algorithms. For conducting the experiments and possible to build an efficient and robust Information Retrieval obtaining threshold values WEBSPAM-UK2006 and System (IRS). Efficient SEs are needed which can produce WEBSPAM-UK2007 datasets have been used. An excellent and promising and high-quality results according to the user search promising F-measure of 77.38% illustrates the effectiveness and query. The next task is to arrange retrieved pages by the applicability of proposed method. content or semantic similarity between retrieved web pages and the search query entered by the user. Finally, the arranged Keywords—Information retrieval; Web spam detection; content pages are presented to the user. There are many adverse spam; pos ratio; search spam; Keywords stuffing; machine effects of spamdexing on both search engine and end user [5]. generated content detection Spam web pages not only waste the time but also waste the storage space. As SE needs to store and index a huge number I. INTRODUCTION of web pages, so more storage space is required. Furthermore, Spamdexing or web spam is described as " an intentional when SE requires to search web pages on the bases of the act that is intended to trigger illegally favorable importance or user's query, it will search in the huge corpus and therefore relevance for some page, considering the web page's true more time is required. Due to this, it diminishes the significance" [1]. Studies by different researchers in the area effectiveness of the SE and reduces the trust of the end user on show that on Web at least twenty percent of hosts are spam SE [6]. [2]. Spamdexing is widely recognized as one of the most significant challenges to web SEs [3]. One of the important To get over the web spam attacks the improvement in anti- current problems of SEs is spamdexing because spamdexing web-spam methods is essential. All the techniques which can heavily reduces the quality of the search engine's results. be used to get an undeservedly high rank are kind of Many users get annoyed when they search for certain content spamdexing or web spam. Generally, there are three types of and ended up with irrelevant content because of web spam. spamdexing, Content Spam, Link Spam, and Cloaking. Due to the unprecedented growth of information on the World Cloaking is a spamdexing method in which the content offered Wide Web (WWW), the available size of textual data has to the end user is different from that presented to the SE spider become very huge to any end user. According to the most [7]. However, the most common types of spamdexing are recent survey by WorldWideWebSize, the web is consisting of content and link spam. Content spam is the one studied in this 5.39 billion1 pages. To the web corpus, thousands of pages are research work. Davison [8] defined the link spam as ― the being added every day and out of all these web pages several connections among various web pages that are present for a are either spam or duplicate web pages [3]. Web spammers are purpose other than merit. In link spam, web spammers are taking the benefits from internet users by dragging them to creating the link structure for taking the benefits from link- their web pages using several smart and creative spamming based ranking algorithms, for instance, PageRank, it will methods. The purpose of building a spam web page is to assign the higher rank to a web page if other highly ranked web pages are pointing to the web page with backlinks. 1 https://www.worldwidewebsize.com/ Content spam is consisting of all those methods in which web *Corresponding Author spammers are changing the logical view that an SE has over 409 | Page www.ijacsa.thesai.org (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 11, No. 1, 2020 the web page contents [1], it is the most common type of unlabeled samples, they used the semi-supervised learning, spamdexing [9]. This spamdexing technique is popular among and for creating the new features and reducing the TF-IDF the web spammers because of several SEs are using the content-based features they used the combinatorial feature information retrieval models (IRM) for instance, statistical fusion method. Empirical results prove the effectiveness of language model [10], vector space model [11], BM25 [12] and their method. probabilistic model which are applied to the web page's content for ranking the web page. Spammers try to utilize the The most fundamental work on content-based spamdexing vulnerabilities of these models for manipulating the content of detection algorithms is done by Fetterly et al [3], [21]–[23]. In target web page [13]. For instance, using important keywords [23] they suggest that using statistical analysis the spam web several times on a target web page and increasing the pages can be classified easily. Because generally, web keywords frequencies, copying the content from various good spammers are generating the spam web pages automatically web pages, using the machine-generated content on target web by adopting the phrase stitching and weaving methods [1], page, and putting all dictionary words on the page and then these spam pages are designed for SE spiders instead of real changing the color of text similar to the background color so human visitors, so these web pages show the abnormal users can not see the dictionary words on target page and only behavior. Researchers identified that there are a huge number visible to SEs spiders are some methods which web spammers of dashes, dots, and digits in the URL of spam web pages and are using for getting higher page rank in the SERPs [14]. the length of URL is also exceptional. During their research Generally, content spam can be divided into five subtypes work, they identify that out of 100 longest observed host- based on the structure of the page. These subtypes are Body names 80 were pointing to the adult contents, and 11 of them spam, Anchor text spam, Meta-tag spam, URL spam, and Title were referring to the financial credit related web pages. They spam. There are a number of spamming methods which are also observe that web pages themselves have the duplicating targeting the different algorithms used in SEs [15]. nature - spam web pages hosted by the same host almost contains the same content with very little variance in word The focus of this article is content spam detection, in this count. Another very fascinating finding of this research was work, a framework has been proposed to detect spam web they identified that spammers are changing the content on pages by using content-based techniques. In the proposed these spam pages very quickly. Specifically, they kept a close approach, stop words, keywords density, Keywords database, eye on content changing feature and observed the changes on part of speech (POS) ratio test, and copied content algorithms these spam pages for a specific host on weekly bases. They are used to detect the spam web pages. For the experimental come up with the results that 97.2% of the most active spam purpose, WEBSPAM- UK2007 and WEBSPAM-UK2006 hosts can be identified on the bases of this one feature only. datasets are used. The experimental results with an They proposed several other features in this research work all encouraging F-measure demonstrate the applicability and other features can be seen in the research article [23]. effectiveness of the proposed improved framework as compared to other already existing techniques. In another study conducted by them [21], [22], they worked on content duplication and identified that bigger II. LITERATURE REVIEW clusters with the identical content are actually spam.
Load more

Recommended publications
  • Search Engine Optimization: a Survey of Current Best Practices
    Grand Valley State University ScholarWorks@GVSU Technical Library School of Computing and Information Systems 2013 Search Engine Optimization: A Survey of Current Best Practices Niko Solihin Grand Valley Follow this and additional works at: https://scholarworks.gvsu.edu/cistechlib ScholarWorks Citation Solihin, Niko, "Search Engine Optimization: A Survey of Current Best Practices" (2013). Technical Library. 151. https://scholarworks.gvsu.edu/cistechlib/151 This Project is brought to you for free and open access by the School of Computing and Information Systems at ScholarWorks@GVSU. It has been accepted for inclusion in Technical Library by an authorized administrator of ScholarWorks@GVSU. For more information, please contact [email protected]. Search Engine Optimization: A Survey of Current Best Practices By Niko Solihin A project submitted in partial fulfillment of the requirements for the degree of Master of Science in Computer Information Systems at Grand Valley State University April, 2013 _______________________________________________________________________________ Your Professor Date Search Engine Optimization: A Survey of Current Best Practices Niko Solihin Grand Valley State University Grand Rapids, MI, USA [email protected] ABSTRACT 2. Build and maintain an index of sites’ keywords and With the rapid growth of information on the web, search links (indexing) engines have become the starting point of most web-related 3. Present search results based on reputation and rele- tasks. In order to reach more viewers, a website must im- vance to users’ keyword combinations (searching) prove its organic ranking in search engines. This paper intro- duces the concept of search engine optimization (SEO) and The primary goal is to e↵ectively present high-quality, pre- provides an architectural overview of the predominant search cise search results while efficiently handling a potentially engine, Google.
    [Show full text]
  • The Internet and Drug Markets
    INSIGHTS EN ISSN THE INTERNET AND DRUG MARKETS 2314-9264 The internet and drug markets 21 The internet and drug markets EMCDDA project group Jane Mounteney, Alessandra Bo and Alberto Oteo 21 Legal notice This publication of the European Monitoring Centre for Drugs and Drug Addiction (EMCDDA) is protected by copyright. The EMCDDA accepts no responsibility or liability for any consequences arising from the use of the data contained in this document. The contents of this publication do not necessarily reflect the official opinions of the EMCDDA’s partners, any EU Member State or any agency or institution of the European Union. Europe Direct is a service to help you find answers to your questions about the European Union Freephone number (*): 00 800 6 7 8 9 10 11 (*) The information given is free, as are most calls (though some operators, phone boxes or hotels may charge you). More information on the European Union is available on the internet (http://europa.eu). Luxembourg: Publications Office of the European Union, 2016 ISBN: 978-92-9168-841-8 doi:10.2810/324608 © European Monitoring Centre for Drugs and Drug Addiction, 2016 Reproduction is authorised provided the source is acknowledged. This publication should be referenced as: European Monitoring Centre for Drugs and Drug Addiction (2016), The internet and drug markets, EMCDDA Insights 21, Publications Office of the European Union, Luxembourg. References to chapters in this publication should include, where relevant, references to the authors of each chapter, together with a reference to the wider publication. For example: Mounteney, J., Oteo, A. and Griffiths, P.
    [Show full text]
  • Adsense-Blackhat-Edition.Pdf
    AdSense.BlackHatEditionV.coinmc e Tan Vince Tan AdSense.BlackHatEdition.com i Copyright Notice All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical. Any unauthorized duplication, reproduction, or distribution is strictly prohibited and prosecutable by the full-extent of the law. Legal Notice While attempts have been made to verify the information contained within this publication, the author, publisher, and anyone associated with its creation, hereby assume absolutely no responsibility as it pertains to its contents and subject matter; nor with regards to it’s usage by the public or in any matters concerning potentially erroneous and/or contradictory information put forth by it. Furthermore, the reader agrees to assume all accountability for the usage of any information obtained from it; and heretofore, completely absolves Vince Tan, the publishers and any associates involved, of any liability for it whatsoever. Additional Notice: This book was obtained at http://AdSense.BlackHatEdition.com . For a limited time, when you register for free, you will be able to earn your way to get the latest updates of this ebook, placement on an invitation-only list to participate in exclusive pre-sales, web seminars, bonuses & giveaways, and be awarded a “special backdoor discount” that you will never find anywhere else! So if you haven’t yet, make sure to visit http://AdSense.BlackHatEdition.com and register now, before it’s too late! i Table of Contents Introduction
    [Show full text]
  • Fully Automatic Link Spam Detection∗ Work in Progress
    SpamRank – Fully Automatic Link Spam Detection∗ Work in progress András A. Benczúr1,2 Károly Csalogány1,2 Tamás Sarlós1,2 Máté Uher1 1 Computer and Automation Research Institute, Hungarian Academy of Sciences (MTA SZTAKI) 11 Lagymanyosi u., H–1111 Budapest, Hungary 2 Eötvös University, Budapest {benczur, cskaresz, stamas, umate}@ilab.sztaki.hu www.ilab.sztaki.hu/websearch Abstract Spammers intend to increase the PageRank of certain spam pages by creating a large number of links pointing to them. We propose a novel method based on the concept of personalized PageRank that detects pages with an undeserved high PageRank value without the need of any kind of white or blacklists or other means of human intervention. We assume that spammed pages have a biased distribution of pages that contribute to the undeserved high PageRank value. We define SpamRank by penalizing pages that originate a suspicious PageRank share and personalizing PageRank on the penalties. Our method is tested on a 31 M page crawl of the .de domain with a manually classified 1000-page stratified random sample with bias towards large PageRank values. 1 Introduction Identifying and preventing spam was cited as one of the top challenges in web search engines in a 2002 paper [24]. Amit Singhal, principal scientist of Google Inc. estimated that the search engine spam industry had a revenue potential of $4.5 billion in year 2004 if they had been able to completely fool all search engines on all commercially viable queries [36]. Due to the large and ever increasing financial gains resulting from high search engine ratings, it is no wonder that a significant amount of human and machine resources are devoted to artificially inflating the rankings of certain web pages.
    [Show full text]
  • Clique-Attacks Detection in Web Search Engine for Spamdexing Using K-Clique Percolation Technique
    International Journal of Machine Learning and Computing, Vol. 2, No. 5, October 2012 Clique-Attacks Detection in Web Search Engine for Spamdexing using K-Clique Percolation Technique S. K. Jayanthi and S. Sasikala, Member, IACSIT Clique cluster groups the set of nodes that are completely Abstract—Search engines make the information retrieval connected to each other. Specifically if connections are added task easier for the users. Highly ranking position in the search between objects in the order of their distance from one engine query results brings great benefits for websites. Some another a cluster if formed when the objects forms a clique. If website owners interpret the link architecture to improve ranks. a web site is considered as a clique, then incoming and To handle the search engine spam problems, especially link farm spam, clique identification in the network structure would outgoing links analysis reveals the cliques existence in web. help a lot. This paper proposes a novel strategy to detect the It means strong interconnection between few websites with spam based on K-Clique Percolation method. Data collected mutual link interchange. It improves all websites rank, which from website and classified with NaiveBayes Classification participates in the clique cluster. In Fig. 2 one particular case algorithm. The suspicious spam sites are analyzed for of link spam, link farm spam is portrayed. That figure points clique-attacks. Observations and findings were given regarding one particular node (website) is pointed by so many nodes the spam. Performance of the system seems to be good in terms of accuracy. (websites), this structure gives higher rank for that website as per the PageRank algorithm.
    [Show full text]
  • Spamming Botnets: Signatures and Characteristics
    Spamming Botnets: Signatures and Characteristics Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten+,IvanOsipkov+ Microsoft Research, Silicon Valley +Microsoft Corporation {yxie,fangyu,kachan,rina,ghulten,ivano}@microsoft.com ABSTRACT botnet infection and their associated control process [4, 17, 6], little In this paper, we focus on characterizing spamming botnets by effort has been devoted to understanding the aggregate behaviors of leveraging both spam payload and spam server traffic properties. botnets from the perspective of large email servers that are popular Towards this goal, we developed a spam signature generation frame- targets of botnet spam attacks. work called AutoRE to detect botnet-based spam emails and botnet An important goal of this paper is to perform a large scale analy- membership. AutoRE does not require pre-classified training data sis of spamming botnet characteristics and identify trends that can or white lists. Moreover, it outputs high quality regular expression benefit future botnet detection and defense mechanisms. In our signatures that can detect botnet spam with a low false positive rate. analysis, we make use of an email dataset collected from a large Using a three-month sample of emails from Hotmail, AutoRE suc- email service provider, namely, MSN Hotmail. Our study not only cessfully identified 7,721 botnet-based spam campaigns together detects botnet membership across the Internet, but also tracks the with 340,050 unique botnet host IP addresses. sending behavior and the associated email content patterns that are Our in-depth analysis of the identified botnets revealed several directly observable from an email service provider. Information interesting findings regarding the degree of email obfuscation, prop- pertaining to botnet membership can be used to prevent future ne- erties of botnet IP addresses, sending patterns, and their correlation farious activities such as phishing and DDoS attacks.
    [Show full text]
  • SEO Techniques for Various Applications - a Comparative Analyses and Evaluation
    IOSR Journal of Computer Engineering (IOSR-JCE) e-ISSN: 2278-0661,p-ISSN: 2278-8727 PP 20-24 www.iosrjournals.org SEO Techniques for various Applications - A Comparative Analyses and Evaluation Sandhya Dahake1, Dr. V. M. Thakare2 , Dr. Pradeep Butey3 1([email protected], G.H.R.I.T., Nagpur, RTM Nagpur University, India) 2([email protected] , P.G. Dept of Computer Science, SGB Amravati University, Amravati, India) 3([email protected], Head, Dept of Computer Science, Kamla Nehru College, Nagpur, India) Abstract : In this information times, the website management is becoming hot topic and search engine has more influence on website. So many website managers are trying o make efforts for Search Engine Optimization (SEO). In order to make search engine transfer information efficiently and accurately, to improve web search ranking different SEO techniques are used. The purpose of this paper is a comparative study of applications of SEO techniques used for increasing the page rank of undeserving websites. With the help of specific SEO techniques, SEO committed to optimize the website to increase the search engine ranking and web visits number and eventually to increase the ability of selling and publicity through the study of how search engines scrape internet page and index and confirm the ranking of the specific keyword. These technique combined page rank algorithm which helps to discover target page. Search Engine Optimization, as a kind of optimization techniques, which can promote website’s ranking in the search engine, also will get more and more attention. Therefore, the continuous technology improvement on network is also one of the focuses of search engine optimization.
    [Show full text]
  • Zambia and Spam
    ZAMNET COMMUNICATION SYSTEMS LTD (ZAMBIA) Spam – The Zambian Experience Submission to ITU WSIS Thematic meeting on countering Spam By: Annabel S Kangombe – Maseko June 2004 Table of Contents 1.0 Introduction 1 1.1 What is spam? 1 1.2 The nature of Spam 1 1.3 Statistics 2 2.0 Technical view 4 2.1 Main Sources of Spam 4 2.1.1 Harvesting 4 2.1.2 Dictionary Attacks 4 2.1.3 Open Relays 4 2.1.4 Email databases 4 2.1.5 Inadequacies in the SMTP protocol 4 2.2 Effects of Spam 5 2.3 The fight against spam 5 2.3.1 Blacklists 6 2.3.2 White lists 6 2.3.3 Dial‐up Lists (DUL) 6 2.3.4 Spam filtering programs 6 2.4 Challenges of fighting spam 7 3.0 Legal Framework 9 3.1 Laws against spam in Zambia 9 3.2 International Regulations or Laws 9 3.2.1 US State Laws 9 3.2.2 The USA’s CAN‐SPAM Act 10 4.0 The Way forward 11 4.1 A global effort 11 4.2 Collaboration between ISPs 11 4.3 Strengthening Anti‐spam regulation 11 4.4 User education 11 4.5 Source authentication 12 4.6 Rewriting the Internet Mail Exchange protocol 12 1.0 Introduction I get to the office in the morning, walk to my desk and switch on the computer. One of the first things I do after checking the status of the network devices is to check my email.
    [Show full text]
  • Copyrighted Material
    00929ftoc.qxd:00929ftoc 3/13/07 2:02 PM Page ix Contents Acknowledgments vii Introduction xvii Chapter 1: You: Programmer and Search Engine Marketer 1 Who Are You? 2 What Do You Need to Learn? 3 SEO and the Site Architecture 4 SEO Cannot Be an Afterthought 5 Communicating Architectural Decisions 5 Architectural Minutiae Can Make or Break You 5 Preparing Your Playground 6 Installing XAMPP 7 Preparing the Working Folder 8 Preparing the Database 11 Summary 12 Chapter 2: A Primer in Basic SEO 13 Introduction to SEO 13 Link Equity 14 Google PageRank 15 A Word on Usability and Accessibility 16 Search Engine Ranking Factors 17 On-Page Factors 17 Visible On-Page Factors 18 Invisible On-Page Factors 20 Time-Based Factors 21 External FactorsCOPYRIGHTED MATERIAL 22 Potential Search Engine Penalties 26 The Google “Sandbox Effect” 26 The Expired Domain Penalty 26 Duplicate Content Penalty 27 The Google Supplemental Index 27 Resources and Tools 28 Web Analytics 28 00929ftoc.qxd:00929ftoc 3/13/07 2:02 PM Page x Contents Market Research 29 Researching Keywords 32 Browser Plugins 33 Community Forums 33 Search Engine Blogs and Resources 34 Summary 35 Chapter 3: Provocative SE-Friendly URLs 37 Why Do URLs Matter? 38 Static URLs and Dynamic URLs 38 Static URLs 39 Dynamic URLs 39 URLs and CTR 40 URLs and Duplicate Content 41 URLs of the Real World 42 Example #1: Dynamic URLs 42 Example #2: Numeric Rewritten URLs 43 Example #3: Keyword-Rich Rewritten URLs 44 Maintaining URL Consistency 44 URL Rewriting 46 Installing mod_rewrite 48 Testing mod_rewrite 49 Introducing
    [Show full text]
  • Download PDF Document, 456 KB
    ENISA Position Paper No. 2 Reputation-based Systems: a security analysis Editors: Elisabetta Carrara and Giles Hogben, ENISA October 2007 Reputation-based Systems ENISA Position Papers represent expert opinion on topics ENISA considers to be important emerging risks or key security components. They are produced as the result of discussion among a group of experts who were selected for their knowledge in the area. The content was collected via wiki, mailing list and telephone conferences and edited by ENISA. This paper aims to provide a useful introduction to security issues affecting Reputation-based Systems by identifying a number of possible threats and attacks, highlighting the security requirements that should be fulfilled by these systems and providing recommendations for action and best practices to reduce the security risks to users. Examples are given from a number of providers throughout the paper. These should be taken as examples only and there is no intention to single out a specific provider for criticism or praise. The examples provided are not necessarily those most representative or important, nor is the aim of this paper to conduct any kind of market survey, as there might be other providers which are not mentioned here and nonetheless are equally or more representative of the market. Audience This paper is aimed at providers, designers, research and standardisation communities, government policy-makers and businesses. ENISA Position Paper No.2 Reputation-based Systems: a security analysis 1 Reputation-based Systems EXECUTIVE
    [Show full text]
  • Enisa Etl2020
    EN From January 2019 to April 2020 Spam ENISA Threat Landscape Overview The first spam message was sent in 1978 by a marketing manager to 393 people via ARPANET. It was an advertising campaign for a new product from the company he worked for, the Digital Equipment Corporation. For those first 393 spammed people it was as annoying as it would be today, regardless of the novelty of the idea.1 Receiving spam is an inconvenience, but it may also create an opportunity for a malicious actor to steal personal information or install malware.2 Spam consists of sending unsolicited messages in bulk. It is considered a cybersecurity threat when used as an attack vector to distribute or enable other threats. Another noteworthy aspect is how spam may sometimes be confused or misclassified as a phishing campaign. The main difference between the two is the fact that phishing is a targeted action using social engineering tactics, actively aiming to steal users’ data. In contrast spam is a tactic for sending unsolicited e-mails to a bulk list. Phishing campaigns can use spam tactics to distribute messages while spam can link the user to a compromised website to install malware and steal personal data. Spam campaigns, during these last 41 years have taken advantage of many popular global social and sports events such as UEFA Europa League Final, US Open, among others. Even so, nothing compared with the spam activity seen this year with the COVID-19 pandemic.8 2 __Findings 85%_of all e-mails exchanged in April 2019 were spam, a 15-month high1 14_million
    [Show full text]
  • Locating Spambots on the Internet
    BOTMAGNIFIER: Locating Spambots on the Internet Gianluca Stringhinix, Thorsten Holzz, Brett Stone-Grossx, Christopher Kruegelx, and Giovanni Vignax xUniversity of California, Santa Barbara z Ruhr-University Bochum fgianluca,bstone,chris,[email protected] [email protected] Abstract the world-wide email traffic [20], and a lucrative busi- Unsolicited bulk email (spam) is used by cyber- ness has emerged around them [12]. The content of spam criminals to lure users into scams and to spread mal- emails lures users into scams, promises to sell cheap ware infections. Most of these unwanted messages are goods and pharmaceutical products, and spreads mali- sent by spam botnets, which are networks of compro- cious software by distributing links to websites that per- mised machines under the control of a single (malicious) form drive-by download attacks [24]. entity. Often, these botnets are rented out to particular Recent studies indicate that, nowadays, about 85% of groups to carry out spam campaigns, in which similar the overall spam traffic on the Internet is sent with the mail messages are sent to a large group of Internet users help of spamming botnets [20,36]. Botnets are networks in a short amount of time. Tracking the bot-infected hosts of compromised machines under the direction of a sin- that participate in spam campaigns, and attributing these gle entity, the so-called botmaster. While different bot- hosts to spam botnets that are active on the Internet, are nets serve different, nefarious goals, one important pur- challenging but important tasks. In particular, this infor- pose of botnets is the distribution of spam emails.
    [Show full text]