; Hand this in to: tdumitra@umiacs.umd.edu ; Required Readings @INPROCEEDINGS{ Spam_Value_Chain, title = {Click Trajectories: End-to-End Analysis of the Spam Value Chain}, author = {Kirill Levchenko and Andreas Pitsillidis and Neha Chachra and Brandon Enright and M{\'a}rk F{\'e}legyh{\'a}zi and Chris Grier and Tristan Halvorson and Chris Kanich and Christian Kreibich and He Liu and Damon McCoy and Nicholas Weaver and Vern Paxson and Geoffrey M. Voelker and Stefan Savage}, booktitle = {IEEE Symposium on Security and Privacy}, bibsource = {DBLP, http://dblp.uni-trier.de}, year = {2011}, pages = {431-446}, crossref = {DBLP:conf/sp/2011}, studentfirstname ="", studentlastname ="", summary = "", contribution1 ="", contribution2 ="", contribution3 ="", contribution4 ="", contribution5 ="", weakness1 = "", weakness2 = "", weakness3 = "", weakness4 = "", weakness5 = "", interesting = "high/med/low", opinions = "", } @INPROCEEDINGS{ Network_Level, title = {Understanding the network-level behavior of spammers}, author = {Anirudh Ramachandran and Nick Feamster}, booktitle = {SIGCOMM}, bibsource = {DBLP, http://dblp.uni-trier.de}, abstract = {This paper studies the network-level behavior of spammers, including: IP address ranges that send the most spam, common spamming modes (e.g., BGP route hijacking, bots), how persistent across time each spamming host is, and characteristics of spamming botnets. We try to answer these questions by analyzing a 17-month trace of over 10 million spam messages collected at an Internet spam sinkhole, and by correlating this data with the results of IP-based blacklist lookups, passive TCP fingerprinting information, routing information, and botnet command and control traces.We find that most spam is being sent from a few regions of IP address space, and that spammers appear to be using transient bots that send only a few pieces of email over very short periods of time. Finally, a small, yet non-negligible, amount of spam is received from IP addresses that correspond to short-lived BGP routes, typically for hijacked prefixes. These trends suggest that developing algorithms to identify botnet membership, filtering email messages based on network-level properties (which are less variable than email content), and improving the security of the Internet routing infrastructure, may prove to be extremely effective for combating spam.}, year = {2006}, pages = {291-302}, crossref = {DBLP:conf/sigcomm/2006}, studentfirstname ="", studentlastname ="", summary = "", contribution1 ="", contribution2 ="", contribution3 ="", contribution4 ="", contribution5 ="", weakness1 = "", weakness2 = "", weakness3 = "", weakness4 = "", weakness5 = "", interesting = "high/med/low", opinions = "", } ; BibTex cross-references (don't add anything here) @PROCEEDINGS{ DBLP:conf/sp/2011, title = {32nd IEEE Symposium on Security and Privacy, S{\&}P 2011, 22-25 May 2011, Berkeley, California, USA}, booktitle = {IEEE Symposium on Security and Privacy}, bibsource = {DBLP, http://dblp.uni-trier.de}, isbn = {978-1-4577-0147-4}, publisher = {IEEE Computer Society}, year = {2011}, } @PROCEEDINGS{ DBLP:conf/sigcomm/2006, title = {Proceedings of the ACM SIGCOMM 2006 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, Pisa, Italy, September 11-15, 2006}, booktitle = {SIGCOMM}, bibsource = {DBLP, http://dblp.uni-trier.de}, editor = {Luigi Rizzo and Thomas E. Anderson and Nick McKeown}, isbn = {1-59593-308-5}, publisher = {ACM}, year = {2006}, }