Keywords: SMTP flooding detection, spam, anomaly notification, Rwhois, IP route MIB
Received February 3, 2004; revised August 23 & November 23, 2004; accepted December 27, 2004.
Communicated by Chu-Sing Yang.
| Previous | [ 1] | [ 2] | [ 3] | [ 4] | [ 5] | [ 6] | [ 7] | [ 8] | [ 9] | [ 10] |
¡@
Su-Chiu Yang and Li-Ming Tseng
Department of Computer Science and Information Engineering
National Central University
Chungli, 320 Taiwan
E-mail: center7@cc.ncu.edu.tw
As all the traffic between the public Internet and the customer's desktop must be
interconnected through ISP's access network, this work thus makes use of the transportation
traffic log gathered from backbone router to develop SMTP flooding detection
system (SFDS), so that the most spam could be detected and stopped at the original
fan-out network. The system has been deployed over a TANet (Taiwan Academic Network)
backbone node for assisting network users grasping the abnormal SMTP sources
with suddenly increase email requests. The result indicates that there is a high proportion
of the notified spam could be detected in advance.
Received February 3, 2004; revised August 23 & November 23, 2004; accepted December 27, 2004.
Communicated by Chu-Sing Yang.