Pedro H. Calais Guerra,  Dorgival Olavo Guedes,  Wagner Meira Jr.,  Cristine Hoepers,  Klaus Steding-Jessen. 

To subsidize research on ways to identify and possibly block spam in its origin, avoiding network resources being consumed, we characterize some strategies that define spammers' behavior patterns. For that we use data collected from low-interaction honeypots, configured to emulate open relays and open proxies. After collecting data, we identified message groups that differ only due to text obfuscation, which correspond to a same original spam campaign. We then applied data mining techniques on those groups to find out how such groups use the network resources. The results show that it is possible to identify spammers with specific patterns on the way they abuse different ports in parallel and how they start spam campaigns from different origins at the same time.

http://www.lbd.dcc.ufmg.br:8080/colecoes/sbrc/2008/062.pdf

Processando consulta.