Data Mining & Information System Lab   Database & Information Systems Group
Mining the Global Network of Compromised Machines


  • Botnet is a network of compromised computers fallen under the control of hackers after infected by malicious programs such as trojan viruses.

  • While users are oblivious, they carry our malicious tasks such as mass spamming, large-scale DDoS, additional trojans, becoming one of the most serious threats to the internet infrastructure of today.

Goal of Project

  • Introduce a method to uncover such botnets, characterize their behaviors, and model their evolution patterns using email log records
Method & Results

  • Analyzed more than 12 billion email records collected from 7,370 different domains in Korea over a period of 14 months.

  • Introduced noble methods for indentifying spam campaigns, grouping campaign variants via behavioral characterization of the campaigns, and detecting evolution patterns of fast evolving botnets.

  • Discovered 51 million IPs used by the compromised machines from 230 nations, comprising 68% of IPs in the logs, and 9.6 billion spam mails originating from them, comprising 80% of emails in the logs.