Spampot: A Spam Capture System Based on Distributed Honeypot

Guo Junquan; Zhuge Jianwei; Sun Donghong; Duan Haixin

Journal of Computer Research and Development > 2014 > 51(5): 1071-1080.

Guo Junquan, Zhuge Jianwei, Sun Donghong, Duan Haixin. Spampot: A Spam Capture System Based on Distributed Honeypot[J]. Journal of Computer Research and Development, 2014, 51(5): 1071-1080.

Citation:

Guo Junquan, Zhuge Jianwei, Sun Donghong, Duan Haixin. Spampot: A Spam Capture System Based on Distributed Honeypot[J]. Journal of Computer Research and Development, 2014, 51(5): 1071-1080.

Citation:

Guo Junquan, Zhuge Jianwei, Sun Donghong, Duan Haixin. Spampot: A Spam Capture System Based on Distributed Honeypot[J]. Journal of Computer Research and Development, 2014, 51(5): 1071-1080.

PDF (2335 KB)

Spampot: A Spam Capture System Based on Distributed Honeypot

1(Department of Computer Science and Technology, Tsinghua University, Beijing 100084) 2(Institute of Network Science and Cyberspace, Tsinghua University, Beijing 100084)

More Information

Published Date: May 14, 2014

Graphical Abstract

Abstract

Abstract

Spampot is a spam capturing system based on distributed low-interaction honeypot. Based on the previous research on SMTP, HTTP proxy and SOCKS protocols, we designed a spam honeypot system integrated with open relay and open proxy services and built the repositories of spammers’ attack behaviors, new spam samples, spammers’ IP and their geographic locations, the URLs blacklist from spam. We also discussed some of our considerations when designing the system, including improving the attractiveness for spammers, avoiding being blacklisted by anti-spam organization, and reducing the impact of the honeypot system on the real network. Our experimental deployment in CERNET for 6 months showed that Spampot could attract spammers effectively without being blacklisted by well-known anti-spam organization in the Internet. During the 6 months period, Spampot captured bulks of spam samples and spammers’ attack traffic. Our analysis show that these spammers are mainly from Taiwan, China and Brazil while their main targets are Taiwan (such as yahoo.com.tw and hinet.com). We have also discovered some new spammer behaviors and some new technologies that the spammer used to escape the filtering of anti-spam system. What’s more, through cluster analysis on the spam samples, we have identified some cases in which botnets are used for large-scale spam campaign.
- distributed honeypot,
- spam,
- open relay,
- open proxy,
- spammer behavior

FullText(HTML)

References (0)

[1]	Shen Guohua, Zhang Wei, Huang Zhiqiu, Zhang Yulong, Jin Lantao, He Wenmin, Jia Zhe, Zhao Ziyue. Description-Logic-Based Feature Modeling and Verification[J]. Journal of Computer Research and Development, 2013, 50(7): 1501-1512.
[2]	Jia Cunxin, Hu Wei, Bai Wenyang, and Qu Yuzhong. SMap: Semantically Mapping Relational Database Schemas to OWL Ontologies[J]. Journal of Computer Research and Development, 2012, 49(10): 2241-2250.
[3]	Zhou Liping, Huang Houkuan, Qi Guilin, Qu Youli, Ji Qiu. An Algorithm for Calculating Minimal Unsatisfiability-Preserving Subsets of Ontology in DL-Lite[J]. Journal of Computer Research and Development, 2011, 48(12): 2334-2342.
[4]	Wang Zhuxiao, Hu Hong, Chen Limin, Shi Zhongzhi. Parallel Computation Techniques for Dynamic Description Logics Reasoning[J]. Journal of Computer Research and Development, 2011, 48(12): 2317-2325.
[5]	Wan Changlin, Shi Zhongzhi, Hu Hong, Zhang Dapeng. QoS-Aware Semantic Web Service Modeling and Discovery[J]. Journal of Computer Research and Development, 2011, 48(6): 1059-1066.
[6]	Liu Sipei, Liu Dayou, Qi Hong, and Guan Jinghua. Composing Semantic Web Service with Description Logic Rules[J]. Journal of Computer Research and Development, 2011, 48(5): 831-840.
[7]	Jiang Yuncheng, Tang Suqin, Wang Ju, Zhou Shengming. Computing Most Specific Concept in Description Logic with Transitive Roles and Existential Restrictions[J]. Journal of Computer Research and Development, 2009, 46(6): 979-987.
[8]	Jiang Yuncheng, Wang Ju, Zhou Shengming, Tang Yong. Hybrid Reasoning of Terminological Cycles in Description Logic εL[J]. Journal of Computer Research and Development, 2009, 46(1): 15-22.
[9]	Jiang Yuncheng, Tang Yong, Wang Ju, Shen Yuming. A Tableaux Decision Procedure for Fuzzy Description Logic FALNUI[J]. Journal of Computer Research and Development, 2007, 44(8): 1309-1316.
[10]	Jiang Yuncheng, Shi Zhongzhi, Tang Yong, Wang Ju. A Distributed Dynamic Description Logic[J]. Journal of Computer Research and Development, 2006, 43(9): 1603-1608.