Open Access
Subscription Access
Detecting Spam Bots by Sequential Analysis of Encrypted Traffic
Abstract
Detecting spam bots which send spam by encrypted protocols is difficult because the transmitted content cannot be inspected. In this work, we present a detection method based on the sequential analysis method, sequential probability ratio test (SPRT). This method can detect high-profile spam bots as soon as possible, and also low-profile spam bots if they exist, from encrypted email traffic observed in the intervals of both hours and days. The ratio of email deliveries and receptions, and the number of email deliveries in the intervals serve as the detection features. The experiments were conducted based on the encrypted email traffic from the campus of National Chung Cheng University from February to April 2014. The false-positive rates of the detection method are all under 10% after verification.
Keywords
Spam bot; Encrypted email traffic; Sequential analysis; Hypothesis testing
Citation Format:
Po-Ching Lin, Chi-Fang Chen, Pin-Ren Chiou, "Detecting Spam Bots by Sequential Analysis of Encrypted Traffic," Journal of Internet Technology, vol. 17, no. 6 , pp. 1279-1286, Nov. 2016.
Po-Ching Lin, Chi-Fang Chen, Pin-Ren Chiou, "Detecting Spam Bots by Sequential Analysis of Encrypted Traffic," Journal of Internet Technology, vol. 17, no. 6 , pp. 1279-1286, Nov. 2016.
Refbacks
- There are currently no refbacks.
Published by Executive Committee, Taiwan Academic Network, Ministry of Education, Taipei, Taiwan, R.O.C
JIT Editorial Office, Office of Library and Information Services, National Dong Hwa University
No. 1, Sec. 2, Da Hsueh Rd., Shoufeng, Hualien 974301, Taiwan, R.O.C.
Tel: +886-3-931-7314 E-mail: jit.editorial@gmail.com